Legal Industry & Attorney-Client Privilege

Protecting attorney-client privilege, work product, and confidential client information when using LLMs in legal practice

Attorneys have heightened ethical obligations to protect client confidences, preserve attorney-client privilege, and maintain competence in technology. Using LLMs with client information requires careful analysis of privilege waiver risks, confidentiality breaches, and compliance with professional conduct rules. Multiple state bars have issued opinions on AI usage, and the stakes for getting it wrong include malpractice liability, disciplinary actions, and waiver of privilege.

⚖️ Critical Risk: Privilege Waiver

Disclosing privileged communications to third parties can waive attorney-client privilege and work product protection. If client communications sent to LLM vendors are deemed disclosures to third parties without adequate safeguards, privilege may be lost - potentially exposing sensitive strategy, advice, and communications in litigation.

Attorney-Client Privilege & Work Product

Two separate protections exist for legal communications and materials:

Attorney-Client Privilege

Purpose: Protects confidential communications between attorney and client for the purpose of seeking or providing legal advice.

Requirements:

Communication between attorney and client (or agents)
Made in confidence (no third parties present)
For the purpose of obtaining legal advice
Not waived by subsequent disclosure

Examples: Client emails to attorney asking legal questions, attorney advice memos to client, communications about litigation strategy.

Work Product Doctrine

Purpose: Protects materials prepared in anticipation of litigation from discovery (broader than privilege).

Two Tiers:

Fact Work Product: Documents prepared in anticipation of litigation; discoverable only if substantial need + hardship
Opinion Work Product: Attorney's mental impressions, strategies, legal theories; nearly absolute protection

Examples: Witness interview notes, litigation research memos, trial strategy outlines, attorney's thoughts on case strengths/weaknesses.

⚠️ How Privilege Can Be Waived

Voluntary disclosure to a third party generally waives attorney-client privilege. Key questions for LLM usage:

Is the LLM vendor a "third party" or an agent of the law firm?
Does the vendor agreement include confidentiality obligations sufficient to preserve privilege?
Does the vendor promise not to use data for training, which could expose it to other users?
Has the client consented to the disclosure (if required)?

ABA Model Rules & LLM Usage

The ABA Model Rules of Professional Conduct govern attorney behavior. Most states have adopted these rules (with variations):

Rule 1.1 - Competence

Requirement: "A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation."

Comment 8 (2012 Amendment): Competence includes "keep[ing] abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology."

LLM Implication: Lawyers must understand how LLMs work, their limitations (hallucinations, outdated information), and risks (privilege waiver, data exposure). Simply using AI without understanding it may violate competence duties.

Rule 1.6 - Confidentiality of Information

Requirement: "A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent..."

Comment 18: Discusses lawyers' duty to "act competently to safeguard information relating to the representation" against unauthorized access.

LLM Implication: Sending client information to LLM vendors may constitute "revealing" information unless: (1) client gives informed consent, OR (2) vendor is considered an agent with confidentiality obligations, OR (3) information is anonymized/de-identified sufficiently.

Rule 1.6(c) - Reasonable Efforts to Prevent Disclosure

Requirement: "A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client."

LLM Implication: Reasonable efforts include: (1) vetting LLM vendor security (SOC 2, encryption), (2) using zero-retention configurations, (3) training staff on what data can/cannot be sent to LLMs, (4) monitoring for breaches.

Rule 5.3 - Responsibilities Regarding Nonlawyer Assistants

Requirement: Lawyers must ensure that nonlawyers (paralegals, vendors) act compatibly with the lawyer's professional obligations.

LLM Implication: If LLM vendor is considered a "nonlawyer assistant," lawyer must ensure vendor complies with confidentiality and privilege obligations. This requires contractual protections and due diligence.

State Bar Guidance on AI & LLMs

Multiple state bars have issued ethics opinions on AI usage. While not binding in all jurisdictions, they provide guidance:

Key Themes Across State Bar Opinions

1. Competence Required

Lawyers must understand AI tools sufficiently to evaluate their reliability, limitations, and risks. Blindly accepting AI outputs violates competence duties.

2. Verify AI Outputs

Lawyers must independently verify legal research, citations, and factual claims generated by AI. Several high-profile cases involved sanctions for citing fake cases from ChatGPT.

3. Confidentiality Safeguards

Before inputting client information into AI tools, lawyers must: (a) review vendor terms of service, (b) ensure data isn't used for training, (c) assess data security, (d) consider client consent.

4. Disclosure to Clients

Some opinions suggest lawyers should inform clients if AI is used for substantive work (not settled law, but prudent practice).

5. Billing Considerations

Billing for AI-generated work must be reasonable. Cannot bill full associate hours for work completed primarily by AI with minimal review.

Notable State Bar Opinions

California Formal Opinion 2023-500 (Nov 2023): Lawyers may use AI, but must: (1) competently understand the technology, (2) maintain confidentiality, (3) avoid unauthorized practice, (4) charge reasonable fees, (5) supervise AI use.
New York County Lawyers' Assoc. Ethics Op. 748 (July 2024): Emphasized duty to verify AI research outputs; noted risks of hallucinations and outdated information.
Florida Bar Advisory Opinion 24-1 (May 2024): Lawyers must understand AI limitations and verify outputs; competence requires staying current with technology.
Pennsylvania Bar Ethics Op. 2024-100: Discussed need to review vendor agreements and ensure client data isn't used for model training.

Vetting LLM Vendors for Legal Practice

Before using an LLM service with client information, law firms should evaluate vendors on these criteria:

✅ 1. Contractual Protections

Essential contract terms:

Confidentiality Clause: Vendor agrees to maintain confidentiality of all inputs
No Training Clause: Explicit prohibition on using law firm data to train or improve models
Zero Retention: Data deleted after processing; not stored long-term
Data Ownership: Law firm retains all rights to prompts and outputs
Subprocessor Disclosure: Vendor discloses any third parties with access to data

✅ 2. Security & Compliance

Required security measures:

SOC 2 Type II: Independent audit of security controls
Encryption: Data encrypted in transit (TLS 1.2+) and at rest
Access Controls: Multi-factor authentication, role-based access
Incident Response: Breach notification procedures and timeline
Data Residency: Specify where data is processed (US, EU, etc.)

✅ 3. Terms of Service Review

Red flags to watch for in consumer/free-tier services:

❌ "We may use your inputs to improve our services" (data used for training)
❌ "We reserve the right to review conversations for safety" (human review risk)
❌ No mention of confidentiality or data protection
❌ Broad license to use, modify, or share your content
❌ No commitment to delete data upon request

✅ 4. Privilege-Preserving Configurations

Ensure LLM usage doesn't waive privilege:

Agent Relationship: Vendor agrees to act as agent of law firm, bound by same confidentiality duties
Isolated Processing: Data processed in isolation, not commingled with other customers' data
No Third-Party Access: Only authorized vendor personnel can access firm data
Audit Trail: Logging of who accessed data and when

✅ Vendors Suitable for Legal Practice

These enterprise-tier services offer contractual protections suitable for law firms:

Legal-Specific AI Tools: CoCounsel (Thomson Reuters), Harvey AI, Lexis+ AI, Westlaw Precision (all designed for legal use with privilege protections)
Azure OpenAI Service: Enterprise plan with no training on customer data; DPA available
Anthropic Claude Pro/Enterprise: No training on customer data; SOC 2 Type II
AWS Bedrock: No training on inputs; enterprise controls; BAAs available
Google Vertex AI: Enterprise tier with data residency and zero retention options

❌ NOT Suitable for Privileged Information

These services should NOT be used with client confidences or privileged information:

ChatGPT free tier (data may be used for training)
Claude.ai free tier (unless upgraded to Pro with appropriate settings)
Gemini consumer interface (google.com, not Workspace)
Any service where terms allow training on user data
Services without SOC 2 or equivalent security certification

Metadata & Inadvertent Disclosure Risks

LLMs present unique inadvertent disclosure risks that lawyers must manage:

⚠️ Risk 1: Metadata in Document Analysis

When uploading documents to LLMs for analysis (PDFs, Word docs), metadata can include:

Author names, firm name, client name
Document creation and edit dates
Comments, tracked changes, redline history
Previous versions embedded in the file
File paths revealing internal directory structures

Solution: Strip metadata before uploading documents to LLMs, or use text-only extracts.

⚠️ Risk 2: Prompt History & Chat Logs

Some LLM interfaces store conversation history accessible to other users with shared accounts or through search features:

Shared team accounts where colleagues can view each other's prompts
Vendor employees reviewing conversations for quality/safety
Cloud syncing of chat history across devices
Accidental public sharing of conversation links

Solution: Use enterprise accounts with separate user access; disable chat history; use API access instead of web interface.

⚠️ Risk 3: Training Data Contamination

If LLM vendor uses your data for training, privileged information could later appear in responses to other users:

Model "memorizes" unique phrases or case details from your prompts
Other users could inadvertently trigger recall of your client information
Privilege arguably waived if confidential info becomes part of model accessible to third parties

Solution: Only use vendors with explicit "no training" guarantees; verify in contract.

Safe LLM Use Cases for Law Firms

Law firms can safely use LLMs for many tasks, with appropriate safeguards:

✅ General Legal Research

Researching legal principles, statutes, and case law on general topics (not case-specific).

Safeguard: Verify all citations independently; don't reveal client facts

✅ Document Drafting Templates

Generate initial drafts of common documents (NDAs, engagement letters, generic motions).

Safeguard: Use anonymized facts; remove all client identifiers before inputting

✅ Deposition/Brief Outline Creation

Generate outlines or question lists for depositions and briefs based on public legal principles.

Safeguard: Don't include case-specific facts, witness names, or confidential strategy

✅ Client Communication Drafting

Draft initial versions of client emails or letters on routine matters.

Safeguard: Use vendor with no-training guarantee; review for accuracy and tone

✅ Contract Review (Public Documents)

Analyze publicly available contracts to identify standard clauses and market terms.

Safeguard: Only use public contracts; not confidential client agreements

✅ Internal Training Materials

Create training modules, CLEs, or practice group updates on legal developments.

Safeguard: Use public information only; no client examples without anonymization

❌ High-Risk Use Cases

These use cases should ONLY be done with legal-specific AI tools designed to preserve privilege:

eDiscovery Review: Reviewing client documents for privilege, relevance, or responsiveness (use Relativity AI, Everlaw, or similar)
Case-Specific Research: Researching legal issues for a specific client matter with identifying facts (use CoCounsel, Lexis+ AI, Westlaw Precision)
Litigation Strategy Development: Analyzing strengths/weaknesses, settlement valuations, trial tactics (use legal-specific tools with privilege protections)
Client Document Analysis: Reviewing contracts, pleadings, or discovery for specific clients (use Harvey AI, CoCounsel, or similar)

Best Practices for Attorneys Using LLMs

DO

Verify all AI-generated legal research, citations, and case law independently before relying on it
Use legal-specific AI tools (CoCounsel, Harvey AI, Lexis+ AI) for privileged client work
Review vendor terms to ensure no training on your data and confidentiality protections exist
Obtain client consent if transmitting confidential information to LLM vendors
Anonymize client information before using general-purpose LLMs for research or drafting
Maintain records of AI usage for potential disclosure in litigation or malpractice claims

DON'T

Input privileged client communications into free/consumer LLM services (ChatGPT free, etc.)
Cite AI-generated cases or statutes without independently verifying they exist and are accurately quoted
Upload client documents without stripping metadata (author, edit history, comments)
Bill full attorney hours for work primarily completed by AI with minimal review
Assume AI legal research is current; models have knowledge cutoffs and may miss recent cases
Use AI without understanding its limitations (hallucinations, bias, outdated training data)

Need Help Implementing AI in Your Law Firm?

We can help you navigate attorney-client privilege, confidentiality obligations, and ethical rules to safely leverage LLMs while protecting your clients.

Schedule a Consultation