chevron-down Created with Sketch Beta.

ARTICLE

Generative AI for Lawyers Part 2: Maintaining Confidentiality

Jeanne M Huey

Generative AI for Lawyers Part 2: Maintaining Confidentiality
Cavan Images / Edith Drentwett via Getty Images

ABA Formal Op. 512 focuses on the risks of using generative AI (GAI) in legal practice, with a key concern being the confidentiality of client information. Under ABA Model Rule 1.6, lawyers are obligated to protect all client-related information, including preventing inadvertent or unauthorized access. ABA Model Rule 1.9(c) extends this duty to former clients, and ABA Model Rule 1.18(b) to prospective clients.

Unauthorized Disclosure of Confidential Information: What Is the Risk with GAI?

Self-learning GAI poses a higher risk to client confidentiality than other technology used in a modern law practice because it can retain and reuse input data (prompts), increasing the chance of inadvertent disclosure or cross-use in other cases. This is true whether the information is used within a firm’s closed system—where the stored data is only used internally—or outside the firm in an open system—where data is shared with external sources.

Why do lawyers need to be concerned about inputting confidential information into an internal firm or “closed” GAI system? The answer lies in the distinction between access to confidential information and the use of that information within a firm. While lawyers and staff typically have access to all of the firm’s clients’ confidential information, using that information to prompt the firm’s self-learning GAI system creates a real risk that one client’s information may be applied to other clients’ cases. This may result in a breach of the confidentiality obligations owed to the first client and could occur without either lawyer realizing that a violation has taken place.

This risk is not just hypothetical. Multiple ethics opinions, including Opinion 512 and those issued by the Florida Bar and Pennsylvania & Philadelphia Bars, emphasize that self-learning GAI tools may inadvertently cause the disclosure of client information even in a closed system used exclusively within a single law firm.

Informed Consent—A Prerequisite for Using Confidential Information with GAI

So, what can be done to avoid a violation of Model Rule 1.6 for unauthorized disclosure of confidential client information under these circumstances? Opinion 512 concludes that, due to the unique risks posed by self-learning GAI, lawyers should obtain “informed consent” from the client before using any information related to the representation in GAI prompts—even within a firm’s “closed system.”

The opinion is quick to note that informed consent cannot be accomplished by a boilerplate acknowledgment or notice clause in an engagement letter. Informed consent is a defined term in ABA Model Rule 1.0(e) and requires that the lawyer provide the client with “adequate information and explanation about the material risks of and reasonably available alternatives to” the proposed conduct.

Opinion 512 explains that “adequate information and explanation” under these conditions calls for a “meaningful dialogue” with the client that includes:

  • the lawyer’s best judgment about why the GAI tool is being used;
  • the extent of and specific information about the risks involved in disclosing client information;
  • particulars about the kinds of client information that will be disclosed;
  • the ways in which others might use the information against the client’s interests;
  • a clear explanation of the GAI tool’s benefits to the representation; and
  • the risk that later users or beneficiaries of the GAI tool will have access to information relating to the representation.

This list, from Opinion 512, makes it clear that any lawyer seeking informed consent must have more than a general awareness of GAI technology. They must, as ABA Model Rule 1.1 Comment 8 sets out, be competent in understanding the benefits and risks of that technology.

Obtaining informed consent here aligns with a lawyer’s duty to communicate effectively with their client about the work being undertaken in their case. Under ABA Model Rule 1.4, lawyers must inform clients about decisions affecting their representation, including the means proposed to achieve the client’s objectives. When using client confidential information in a self-learning GAI system is proposed, the client must be given enough information to make an informed decision about whether to permit it.

Finally, while “informed consent” does not require written consent, the best practice is to confirm the client’s consent either 1) in a writing by the client or 2) from the lawyer confirming the client’s oral consent. (See ABA Model Rule 1.0(b)).This approach helps protect the client’s interests and discharge the lawyer’s ethical duties, ensuring that trust and transparency remain intact throughout the representation.

In Part 3 of this series, we will explore how you can use self-learning GAI tools to benefit your client without disclosing information about the representation (confidential information) or obtaining informed consent.

    Author