Chapter BAI for legal basicsPage 4 of 8

AI for legal basics

Privilege, privacy, and confidentiality

Before sharing legal material with an AI system, determine whether the tool, purpose, data, access, and retention are authorized.

~16 minSafety and governance

Before you start

Why this matters

A manager asks you to summarize an email thread involving outside counsel, employee health information, a customer complaint, and an internal investigation. Before choosing a tool, list every data category and every person or organization whose interests may be affected. Now ask: do you need the names, full thread, attachments, and legal advice to complete the task? Write a minimized version of the request that reveals no real identities or matter details.

1Learn the idea

This lesson is educational and is not legal advice. Privilege, confidentiality, privacy, secrecy, and professional-responsibility rules differ by jurisdiction and circumstance. Follow organizational policy and obtain qualified advice for actual matters.

Read

Different protections, different questions

“Sensitive” is not one legal category. Several duties may overlap, but they are not interchangeable.

Confidentiality can arise from professional duties, contracts, employment obligations, court orders, policy, or the nature of the information. It may cover client information, business plans, trade secrets, investigations, negotiations, credentials, and security details.

Privacy and data protection concern information about people and the rules governing collection, use, access, transfer, retention, and deletion. Direct identifiers are not the only concern. A role, location, unusual event, and date may identify someone when combined.

Legal privilege may protect particular confidential communications or work product under applicable law. It is not a label that automatically covers every document involving a lawyer. Purpose, participants, distribution, jurisdiction, and later handling can matter.

Because the categories differ, an AI model should not decide that a document is privileged or that uploading it preserves protection. Those are legal and governance determinations for authorized people.

Read

Approve the system before the prompt

Do not paste restricted content into an unapproved tool to ask whether the content is safe to paste. Approval should address the actual product, account, configuration, integration, and use case—not merely the vendor name.

Relevant questions include:

  • Is the system approved for this classification of data?
  • Are prompts or outputs used for model training?
  • What are the retention and deletion terms?
  • Where is data processed and stored?
  • Which vendor personnel, subprocessors, plugins, or connected tools can access it?
  • Are access controls, encryption, audit logs, and contractual terms adequate?
  • Can users share links or export outputs?
  • Does the system retrieve external content or send data to other services?
  • What happens when an account, workspace, or contract ends?

A private-looking chat window does not answer these questions. Consumer and enterprise configurations may have materially different controls.

Read

Minimize before sharing

Once use is authorized, send only what the task requires. Start with a data map: source, owner, classification, purpose, necessary fields, permitted users, and retention period.

Minimization can include:

  1. removing irrelevant thread history and attachments;
  2. replacing names with stable placeholders;
  3. generalizing dates or amounts when precision is unnecessary;
  4. supplying a clause excerpt rather than an entire agreement;
  5. separating legal advice from operational facts;
  6. using a synthetic example to develop the prompt;
  7. processing content within an approved local or controlled environment.

Redaction is not magical. Hidden text, metadata, comments, tracked changes, filenames, and cross-document details may remain. A unique fact pattern can re-identify a person even after names are removed. Inspect the transformed file and consider whether the remaining combination is still sensitive.

Read

Control outputs too

Generated summaries and drafts can reproduce source secrets, infer allegations, combine details, or create new sensitive work product. Apply access controls and retention rules to outputs, logs, cached files, evaluation datasets, and screenshots. Do not assume generated text is less restricted than its source.

Limit who can see the result. Avoid copying privileged analysis into broadly accessible tickets or shared prompt libraries. If an output is sent outside the original group, review whether the new distribution changes confidentiality, privilege, privacy, or contractual obligations.

Maintain an audit trail appropriate to the matter: approved system, user, purpose, data classification, source identifiers, time, recipients, review, and deletion schedule. The record should support accountability without unnecessarily duplicating protected content.

Read

Stop and escalate

Pause when tool approval is unclear, classification conflicts, data belongs to another client or matter, a court order or legal hold may apply, cross-border transfer is uncertain, a person’s sensitive information is unnecessary, or the output would widen distribution.

Also pause when minimization destroys the context needed for accurate review. The answer is not to quietly restore all details. Ask an authorized owner to choose a controlled method, perform the work manually, or approve a narrower data set.

A useful pre-use statement is: “This task uses approved system X for purpose Y. Inputs are classified Z and minimized to fields A and B. Access is limited to roles C. Retention is D. Privilege and policy questions were reviewed by E.” If you cannot fill those fields, the workflow is not ready.

Checking tutor…