Skip to main content
GuidesToolsAbout
Get Early Access
AI for Lawyers

Client Confidentiality and AI Tools: What Lawyers Need to Know Before They Type

Can you put client information into an AI tool? The answer depends on the tool, the account tier, and the contractual terms — not the tool's name. Here is the framework to get it right.

ModernLawOfficeJune 7, 20269 min read

The question attorneys ask most often about AI is not about capabilities or billing or malpractice. It is a simpler question: Can I put client information into this tool?

The honest answer is that it depends on the tool, the account tier, the contractual terms between you and the vendor, and whether you have taken steps to understand those terms. What it does not depend on is the tool's brand name or the fact that everyone else seems to be using it.

This guide gives you the framework for making that assessment — consistently, for any AI tool, before client information goes in.

Why the confidentiality question matters here

Rule 1.6 of the Model Rules of Professional Conduct prohibits a lawyer from revealing information relating to the representation of a client without the client's informed consent, unless an exception applies. This is not a new rule. What is new is how easy modern AI tools make it to inadvertently violate it.

When you type a client's name, matter details, or any information that could identify a client or their situation into an AI tool, you are transmitting that information to a third party — the vendor's servers, in a form subject to whatever the vendor's terms of service permit. If those terms permit the vendor to use your inputs for model training, for human review for safety purposes, or for other uses you have not consented to on behalf of your client, you may have disclosed confidential client information without authorization.

The risk is not theoretical. Multiple AI vendors' default terms of service permit them to use conversation data for training or to review it for safety or quality purposes. The default settings on a consumer account may be different from what you need for a professional use case. Understanding which settings apply to your account — before you type anything — is the professional obligation.

The account tier framework

The most useful way to think about this is not tool-by-tool but tier-by-tier. Every major AI vendor offers multiple account types with different data handling commitments. The tier determines the confidentiality protections — not the tool's name.

TierTypical exampleTraining on inputs?Human review possible?Client data appropriate?
Consumer / freeChatGPT free, Claude.ai freeOften yes, or default-opt-inOften yesNo
Professional / teamChatGPT Plus, Claude ProUsually not (confirm terms)Reduced but verifyProbably not without DPA
Business / enterpriseChatGPT Team, Claude for Work / EnterpriseNo (contractual)No (contractual)With DPA executed
On-premise / privateSelf-hosted models, Azure OpenAI private deploymentNo (never leaves your environment)NoYes, with proper controls

The tier descriptions above reflect how these account types are typically structured; vendor terms change and vary. Verify current terms on each vendor's privacy policy and data processing documentation before relying on any tier for confidential work. This table is a framework, not a compliance checklist.

Consumer / free tier: generally off-limits for client information

Free and consumer accounts are designed for general use. Most have default settings that permit the vendor to use your conversations to improve the model, and some allow human review of conversations for safety and quality purposes. These are not the settings under which you can share client information.

Do not use free-tier accounts with any information that could identify a client or their matter. This is not a judgment about the tool's quality — it is a function of the contractual terms that apply to that account level.

Professional / team tier: read the terms carefully

Paid professional accounts (individual subscriptions to tools like ChatGPT Plus or Claude Pro) often have more restrictive data handling terms than free tiers, but the specifics vary by vendor and change over time. Some vendors' paid individual plans still permit certain data uses that are incompatible with client confidentiality; others are more restrictive.

A professional plan is meaningfully better than a free account, but it is not automatically sufficient for client information. Read the current data handling documentation for any professional plan before you rely on it.

Business / enterprise tier: the right tier, with the right steps

Business and enterprise tiers are designed for organizational use and typically commit — contractually — that your inputs are not used for training, that human review is prohibited without your authorization, and that data retention is controlled or minimal. These are the commitments that make an AI tool viable for confidential work.

But the contractual commitment is not automatic. For most business or enterprise plans, confidentiality protection is delivered through a data processing agreement (DPA) — a contract between you and the vendor that formalizes the data handling commitments. The DPA must be executed; it does not take effect by default.

Before you use any business or enterprise tier for client information:

  1. Confirm the plan's current data handling commitments in the vendor's current documentation
  2. Locate and execute the available DPA
  3. Understand any data residency, access, or retention terms in the DPA that are relevant to your clients

On-premise / private deployment: the highest protection, highest cost

Self-hosted models or private cloud deployments (such as Azure OpenAI in your organization's private subscription) keep data entirely within your own environment or a contractually isolated one. Nothing is shared with the vendor for training, review, or any other purpose. This is the arrangement that eliminates the third-party transmission risk entirely.

For most solo and small firm attorneys, private deployment is neither practical nor cost-justified. But it is an option for practices with significant confidentiality requirements — certain regulated industries, particularly sensitive practice areas, or clients who have asked for AI controls more stringent than enterprise tier provides.

What a data processing agreement (DPA) does and does not do

A DPA is a contract that governs how a vendor handles your data. In the AI context, a DPA for a business or enterprise account typically specifies:

  • That the vendor will not use your inputs to train AI models
  • That human review of your data is prohibited without your authorization (with defined exceptions, such as mandatory legal compliance)
  • Data retention periods and deletion commitments
  • Security controls (encryption in transit and at rest, access controls, incident notification)
  • Data residency (where your data is processed and stored)

A DPA does not guarantee that the vendor's platform is breach-proof. It shifts certain contractual obligations and creates rights in the event of a violation — but it does not eliminate the risk that the vendor's systems could be compromised. For that reason, the DPA tier reduces the ethical confidentiality risk without eliminating all data security risk.

Tip

Even on an enterprise tier with a DPA, minimize what you share. Many AI-assisted legal tasks can be accomplished by describing the legal question without naming the client, anonymizing factual details, or working from a document you have redacted. The best confidentiality practice is to share only what the task actually requires.

The practical decision process

Before you use any AI tool with client information:

Step 1: Identify the account tier. What account level are you using? Free, professional, business, or enterprise?

Step 2: Read the current data handling terms. Not a summary — the vendor's current privacy policy and data handling documentation. Vendor terms change; what was true when you signed up may not be true now.

Step 3: Confirm training and review commitments. Does this tier commit, contractually, that your inputs are not used for training? Is human review restricted?

Step 4: Execute any required DPA. If the tier requires a DPA for confidentiality protection, execute it before client information goes in. Not after.

Step 5: Apply the minimum-necessary principle. Even on a compliant tier, share only what the task requires. Redact, anonymize, or abstract where the task permits it.

Step 6: Document your assessment. Keep a record of which tools you use for client work, at which tier, under which DPA. This is the documentation that demonstrates compliance with Rule 1.6 if a question ever arises.

A client can consent to disclosure — including disclosure to an AI vendor — under Rule 1.6. But informed consent means the client understands what they are agreeing to: specifically, that their matter information may be processed by a named vendor's AI system under stated terms.

Blanket engagement letter language ("we may use technology tools in our representation") is unlikely to constitute informed consent to AI processing. If you want to rely on client consent rather than vendor confidentiality protections, the consent should be specific enough that the client understands what they are consenting to.

In practice, the better path for most practices is to use a compliant account tier and DPA so that client consent is not required in the first place — rather than obtaining consent as a workaround for using a less protective account.

Connecting this to ABA Formal Opinion 512

ABA Formal Opinion 512 directly addresses the confidentiality question. The opinion requires lawyers to investigate how a tool uses inputs before sharing client information — and to determine whether the tool's data handling is consistent with their duty of confidentiality under Rule 1.6.

The opinion makes clear that this is not a box to check once at the outset. Vendor terms change, account configurations change, and your obligations are ongoing. For the full text of Opinion 512's analysis and its other professional responsibility implications, see ABA Formal Opinion 512 explained.

Writing this into your practice

The confidentiality assessment is not a one-time event. It is a standing policy question that belongs in your AI use framework:

  • Which tools are approved for use with client information, at which tier, under which DPA?
  • What is the process when a new tool is introduced?
  • What do you do if a vendor changes its terms?

See writing your law firm's AI use policy for a template framework that covers these questions. Even as a solo, a one-page policy that answers these questions creates clarity for your own practice and creates a record of compliance if a question ever arises.

Related reading: ABA Formal Opinion 512 explained | Writing your law firm's AI use policy | AI for law firms

The Solo Practice Brief

One practical thing for your practice, every week

A short weekly email for solo and small-firm attorneys — one concrete way to run your practice better. Free, no sales pitch, unsubscribe anytime.

The Solo Practice Brief

One practical thing for your practice, every week

A short weekly email for solo and small-firm attorneys — one concrete way to run your practice better. Free, no sales pitch, unsubscribe anytime.