LawyerAILawyerAIIndependent Reviews
  • Search
  • Categories
  • Tag
  • Collection
  • Blog
  • Compare
  • Glossary
  • Solutions
  • Pricing
  • Submit
LawyerAILawyerAI
  1. Home
  2. ›
  3. Glossary
  4. ›
  5. Client Confidentiality (AI)

Client Confidentiality (AI)

The attorney's obligation under ABA Model Rule 1.6 to protect client information when using AI tools — covering vendor data handling investigation, training data opt-out requirements, DPA terms, and the specific risks of confidentiality breach through AI training corpora and subprocessor access.

Last reviewed: 2026/05/25

Definition

Why It Matters for Lawyers

How AI Tools Handle It

Frequently Asked Questions

Does entering client data into an AI tool violate confidentiality?
Entering client data into an AI tool does not automatically violate confidentiality, but it creates confidentiality risk that the attorney must proactively manage. ABA Model Rule 1.6 requires attorneys to make 'reasonable efforts' to prevent unauthorized disclosure of client information. The standard is reasonableness, not perfection. An attorney who has: investigated the vendor's data handling practices; confirmed no training on customer data; executed a DPA with appropriate confidentiality commitments; verified adequate security certifications; and ensured the submission is consistent with the representation's scope has likely made reasonable efforts. An attorney who submits client data to an AI tool without any investigation — or who uses a tool known to train on user data — has not made reasonable efforts and may have violated Rule 1.6.
What must a legal AI vendor DPA say to satisfy Rule 1.6?
A DPA satisfying Rule 1.6 must contain several specific provisions. First, a clear statement of purpose: the vendor processes data only to provide the contracted services, not for any other purpose. Second, a no-training commitment: the vendor will not use customer data to train or improve any AI model, without exception. Third, subprocessor control: the vendor lists all subprocessors that may access customer data and commits to binding those subprocessors to equivalent confidentiality obligations. Fourth, security standards: the vendor maintains security controls at a defined standard (e.g., consistent with SOC 2 Type II). Fifth, data deletion: on termination, all customer data (including data held by subprocessors) will be deleted or returned within a specified timeframe. Sixth, breach notification: the vendor will notify the firm within a defined period (48-72 hours) of any breach affecting customer data.
How do I know if an AI vendor is training on my client data?
Verifying that an AI vendor is not training on your client data requires more than reading their marketing — it requires contractual commitments and technical verification. Start with the DPA: it should explicitly prohibit training or fine-tuning any model on customer data. Next, review the vendor's technical documentation: does their architecture process each customer's data in isolated environments, or is it commingled? Look at the subprocessor list: if the vendor uses a third-party inference API provider (like OpenAI, Anthropic, or Cohere), verify that the API calls are made with data retention disabled — most inference API providers offer zero-retention API modes for enterprise customers. Finally, request the vendor's most recent SOC 2 Type II report and look for evidence that no-training controls are part of the audited scope.

Related Concepts

Security

Attorney-Client Privilege (AI Context)

How attorney-client privilege applies when AI tools process confidential legal communications, and risks of inadvertent waiver through AI vendor data handling.

Security

Zero Data Retention (ZDR)

An AI vendor commitment that customer inputs and outputs are not stored beyond the immediate processing session — the strongest available privacy assurance for sensitive legal queries.

Security

Data Processing Agreement (DPA)

A contract required by GDPR between a data controller and processor, governing how personal data may be handled, secured, and returned or deleted.

Security

GDPR Compliance (AI-Assisted)

Using AI tools to identify, manage, and document compliance obligations under the EU General Data Protection Regulation across organizational data practices.

Related Tools

  • Clio

    Practice management for 150K+ lawyers with native Manage AI for admin automation.

  • Harvey AI

    The most expensive legal AI in the market — Am Law 100 firms only.

  • CoCounsel Legal

    Thomson Reuters' GPT-backed legal research and drafting with Westlaw integration (relaunched as CoCounsel Legal, 2025).

Last reviewed: 2026/05/25. Definitions are written by the LawyerAI Editorial team. We do not accept affiliate commissions; Featured placement is clearly labeled and does not influence editorial content.

← All glossary terms
LawyerAILawyerAI

Independent Reviews

The independent directory of AI tools for lawyers — reviewed by methodology, not by ad budget.

X (Twitter)
Tools
  • Search
  • Categories
  • Tag
  • Collection
Resources
  • Blog
  • Compare
  • Glossary
  • Solutions
  • Pricing
  • Submit
  • Suggest a Tool
  • Newsletter
Company
  • About Us
  • Studio
Legal
  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Refund Policy
  • Editorial Independence
  • Sitemap
Editorially independent. Methodology open and versioned.
© 2026LawyerAI Editorial

Client confidentiality in the artificial intelligence context is the application of the attorney's professional obligation to protect client information — codified in ABA Model Rule 1.6 and its state equivalents — to the specific risks that arise when client data is processed by AI tools. The Rule prohibits attorneys from "reveal[ing] information relating to the representation of a client" without the client's informed consent, and Rule 1.6(c) adds that attorneys must "make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client."

The key phrase is "reasonable efforts." The Rule does not require perfection — it requires that attorneys make proactive, informed, documented efforts to prevent unauthorized disclosure. When AI tools are involved, these reasonable efforts must specifically address the confidentiality risks that AI systems create, which are qualitatively different from the confidentiality risks of traditional document storage.

The specific AI confidentiality risks that attorneys must address include:

Training data exposure. AI vendors that train or fine-tune their models on customer data embed client information — potentially permanently — in model weights. This information cannot be deleted once the model has been trained on it. If a vendor uses client documents in model training without adequate legal authorization, this constitutes both a violation of the client's confidentiality and a potential GDPR or CCPA violation.

Subprocessor access. Most AI platforms rely on third-party subprocessors — cloud infrastructure providers, inference API providers, analytics tools. Each subprocessor represents an additional party with access to client data. The DPA chain must ensure that each subprocessor is bound by equivalent confidentiality obligations.

Inference logging. Some AI inference infrastructure logs the inputs and outputs of API calls as part of normal operations — for debugging, safety monitoring, or other purposes. If client data appears in inference inputs, these logs may contain client-confidential information. Attorneys should confirm that the vendor's inference infrastructure operates in a zero-retention or minimal-retention mode for their data.

Breach exposure. A breach at the AI vendor or any of its subprocessors may expose client data. While breaches are not preventable with certainty, reasonable efforts to prevent them include selecting vendors with robust security controls and appropriate certifications.

Inadequate deletion. If client data remains in vendor systems after the attorney-client relationship ends or after the vendor contract terminates, the attorney's confidentiality obligation continues but their control over the data does not. Clear data deletion commitments and timelines in the DPA address this risk.

Client confidentiality is not just a professional obligation — it is the foundation of the attorney-client relationship. Clients disclose sensitive, often embarrassing, commercially valuable, or legally significant information to their attorneys precisely because the law guarantees that this information will not be disclosed without their consent. Violations of this guarantee damage not just the individual attorney-client relationship but the public's trust in the legal profession.

In the AI context, the confidentiality stakes are high because the failure modes are novel and the harms can be difficult to detect or remediate. Traditional confidentiality breaches — a lost briefcase, a misdirected fax, an overheard conversation — were typically visible events with identifiable causes. AI confidentiality breaches may be invisible: client information embedded in a model's training data cannot be seen or extracted; subprocessor data access may not generate visible logs accessible to the client or attorney; inference logs may exist without the attorney's knowledge.

Multiple bar associations have addressed AI confidentiality specifically. California's State Bar issued Practical Guidance for the Use of Generative AI (2024), including a specific section on confidentiality obligations. New York's NYSBA issued a report with AI ethics recommendations. ABA Formal Opinion 512 (2023) identified confidentiality as one of the five core professional responsibility obligations implicated by generative AI use. These authorities consistently require attorneys to investigate vendor data handling practices before entrusting client data to any AI system.

The GDPR layer adds regulatory consequences for EU-connected matters. Law firms processing EU client personal data through AI tools must comply with GDPR Article 28 (DPA requirements) and Article 5 (data protection principles) — requirements that largely parallel the professional responsibility confidentiality analysis but with regulatory enforcement consequences including substantial fines.

How It Works

Pre-use investigation. Before submitting any client data to an AI tool, the attorney (or the firm's AI governance process) must investigate the vendor's data handling practices. The investigation must cover: whether the vendor trains on customer data (and whether this can be contractually prohibited); who the vendor's subprocessors are and what access they have to customer data; where data is stored and processed; what security certifications the vendor holds; and what the vendor's data deletion practices are.

This investigation should result in documented findings — a vendor risk assessment or AI diligence questionnaire — that is maintained in the firm's AI governance records. The documentation is the attorney's evidence of reasonable efforts if a confidentiality issue later arises.

DPA review and negotiation. Every AI vendor that will receive client data must execute a DPA that meets the professional responsibility and regulatory confidentiality standards. The DPA must: prohibit training on customer data; identify and bind subprocessors; specify data deletion timelines; commit to security standards; and include breach notification obligations. Attorneys should not assume that vendor standard DPA terms satisfy these requirements — many standard DPAs are drafted to minimize vendor obligations and must be negotiated to meet attorney confidentiality standards.

Tools like CoCounsel and Harvey AI have specifically invested in DPA terms that address attorney confidentiality obligations — including zero-training commitments, subprocessor controls, and data deletion provisions. Reviewing their standard enterprise DPA terms is a useful benchmark for what attorney-grade confidentiality commitments look like.

Scope limitation. Even where a vendor has adequate confidentiality protections, attorneys should submit only the client data necessary for the specific AI task — the data minimization principle applies as a confidentiality-reinforcing practice. Client identifying information should be omitted where not necessary for the AI's function. Anonymization or pseudonymization of documents before AI submission reduces confidentiality risk from any residual vendor exposure.

Ongoing monitoring. Vendor data handling practices can change. A no-training commitment made in 2023 may be revised in the vendor's terms of service update in 2025. AI vendor acquisitions may bring new data handling practices. Ongoing monitoring — reviewing vendor communications, monitoring DPA updates, requesting current SOC 2 reports annually — maintains the reasonable efforts standard throughout the vendor relationship.

Matter-specific protocols. Certain matters involve particularly sensitive client information — criminal defense, whistleblower matters, M&A prior to announcement, government investigations, health information. For these matters, attorneys should apply heightened confidentiality protocols: stricter vendor selection criteria, additional anonymization before AI submission, restricted access to AI-generated work product, and enhanced documentation of confidentiality measures.

Key Considerations for Law Firms

Engagement letter disclosure. Proactively disclosing AI tool use in the engagement letter — and obtaining client consent to that use — is becoming standard practice and provides a clear contractual basis for AI-assisted work. The disclosure should describe, at an appropriate level of generality, what AI tools may be used, what safeguards are in place, and what data may be processed. Client consent to AI-assisted work reduces but does not eliminate confidentiality obligations.

The "impliedly authorized" exception has limits. Rule 1.6 permits disclosure of client information that is "impliedly authorized" to carry out the representation. Using a confidential cloud document storage service to store client files is likely impliedly authorized as a normal incident of modern legal practice. Using a novel AI tool with unclear data handling practices may not be impliedly authorized — it may require explicit client consent. The boundary between impliedly authorized AI use and AI use requiring explicit consent is an area of ongoing bar opinion development.

Educate all attorneys, not just partners. Confidentiality obligations apply to every attorney who handles client data. Junior associates, who may be most likely to use AI tools for research and drafting, need specific training on the confidentiality implications of AI tool use. The firm's AI governance training should include clear guidance on which tools are approved for which data types, and what to do when uncertain.

Monitor the vendor's inference API provider. If the AI tool uses a third-party inference API provider (e.g., the AI platform sends your documents to GPT-4 via OpenAI's API), the inference provider's data retention practices are part of the firm's confidentiality risk profile. Most major inference API providers offer zero-retention API modes for enterprise customers — the AI vendor should be using these modes for customer data. Confirm this in the DPA or vendor technical documentation.

Limitations and Risks

Training data cannot be deleted from deployed models. If client data has been used in model training, the resulting model contains patterns derived from that data that cannot be deleted without retraining the model. Discovering that a vendor has trained on client data after the fact may provide grounds for contract termination and legal claims against the vendor, but it does not reverse the training. Pre-use investigation and contractual prohibition of training are therefore preventive controls, not remedial ones.

Technical verification of no-training claims is difficult. An attorney cannot independently verify that a vendor is not training on their data — they depend on the vendor's representation and the SOC 2 audit. This is an inherent limitation of the third-party service relationship. Contractual representations create legal accountability but do not provide technical certainty.

State bar requirements vary. The specific requirements for AI tool use consistent with confidentiality obligations vary by jurisdiction. California's practical guidance and New York's recommendations are more specific than some other states' guidance. Attorneys practicing in multiple jurisdictions must satisfy the requirements of each.