This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Asset 3
  • About
  • People
  • Capabilities
  • Insights
  • Careers
  • Public Interest
  • Inclusion
  • Contact us
    Contact us
  • Locations
    Locations
  • Search
    Search
  • About
    • About
    • Message From the CEO
    • Firm History
    • Alumni
    • Alumni
    • In Memoriam
  • People
  • Capabilities
    • Practices
    • Industries
    • Global Reach: The Law Firm Network
    • Bankruptcy & Restructuring
    • Brand & Reputation Management
    • Intellectual Property
    • Litigation & Dispute Resolution
    • Special Situations, Distressed Debt and Debt Trading
    • Transactions
    • Tax
    • White Collar Defense, Investigations & Compliance
    • Energy & Environmental
    • Entertainment & Media
    • Investment Management 
    • Life Sciences
    • Technology
    • Real Estate
    • Bankruptcy & Restructuring
    • Bankruptcy Litigation
    • Mass Torts Bankruptcy
    • Intellectual Property
    • Intellectual Property Litigation
    • Patents
    • Trademark, Copyright & Advertising
    • Patent Trial and Appeals Board (PTAB)
    • Litigation & Dispute Resolution
    • Civil Fraud Litigation
    • Employment Practices and Litigation
    • Government Contracts Litigation
    • Intellectual Property Litigation
    • Insurance Recovery
    • Litigation Funding
    • M&A and Private Equity Litigation
    • Real Estate Litigation
    • Patent Trial and Appeals Board (PTAB)
    • UK Tax Controversy & Litigation
    • Special Situations, Distressed Debt and Debt Trading
    • Distressed Debt & Claims Trading
    • Litigation Funding
    • Finance
    • Real Estate Special Situations
    • Transactions
    • Capital Markets
    • Cross-Border Transactions
    • Emerging Growth Companies & Venture Capital
    • Employment
    • Finance
    • Franchising
    • Mergers & Acquisitions
    • Tax
    • White Collar Defense, Investigations & Compliance
    • Economic Sanctions & Export Controls
    • Energy & Environmental
    • Energy
    • Energy Transition
    • Environmental
    • Entertainment & Media
    • Brand & Reputation Management
    • Intellectual Property
    • Sports
    • Investment Management
    • Fund Formation
    • Private Equity Transactions
    • Distressed Debt
    • Emerging Growth Companies & Venture Capital
    • Family-Owned & Closely Held Businesses
    • Private Equity Litigation
    • Life Sciences
    • BR BioAdvisory Services
    • Technology
    • Artificial Intelligence
    • Cybersecurity & Data Privacy
    • Digital Commerce
    • Fintech
    • Real Estate
    • Hospitality & Leisure
    • Distressed Real Estate
    • Real Estate Special Situations
    • Real Estate Litigation
    • Wireless Network Infrastructure
  • Insights
    • Client News
    • Firm News
    • Briefings
    • Events
  • Careers
    • Experienced Lawyers
    • U.S. Law Students
    • London Trainee Program
    • Business Professionals
    • Professional Development
  • Public Interest
    • Brown Rudnick Charitable Foundation
    • Pro Bono & Community Service
  • Inclusion
    • Inclusion
    • Women in Business Series
  • Contact Us
  • Location
  • Search
  • About
    • About
    • Message From the CEO
    • Firm History
    • Alumni
    • Alumni
    • In Memoriam
  • People
  • Capabilities
    • Practices
    • Industries
    • Global Reach: The Law Firm Network
    • Bankruptcy & Restructuring
    • Brand & Reputation Management
    • Intellectual Property
    • Litigation & Dispute Resolution
    • Special Situations, Distressed Debt and Debt Trading
    • Transactions
    • Tax
    • White Collar Defense, Investigations & Compliance
    • Energy & Environmental
    • Entertainment & Media
    • Investment Management 
    • Life Sciences
    • Technology
    • Real Estate
    • Bankruptcy & Restructuring
    • Bankruptcy Litigation
    • Mass Torts Bankruptcy
    • Intellectual Property
    • Intellectual Property Litigation
    • Patents
    • Trademark, Copyright & Advertising
    • Patent Trial and Appeals Board (PTAB)
    • Litigation & Dispute Resolution
    • Civil Fraud Litigation
    • Employment Practices and Litigation
    • Government Contracts Litigation
    • Intellectual Property Litigation
    • Insurance Recovery
    • Litigation Funding
    • M&A and Private Equity Litigation
    • Real Estate Litigation
    • Patent Trial and Appeals Board (PTAB)
    • UK Tax Controversy & Litigation
    • Special Situations, Distressed Debt and Debt Trading
    • Distressed Debt & Claims Trading
    • Litigation Funding
    • Finance
    • Real Estate Special Situations
    • Transactions
    • Capital Markets
    • Cross-Border Transactions
    • Emerging Growth Companies & Venture Capital
    • Employment
    • Finance
    • Franchising
    • Mergers & Acquisitions
    • Tax
    • White Collar Defense, Investigations & Compliance
    • Economic Sanctions & Export Controls
    • Energy & Environmental
    • Energy
    • Energy Transition
    • Environmental
    • Entertainment & Media
    • Brand & Reputation Management
    • Intellectual Property
    • Sports
    • Investment Management
    • Fund Formation
    • Private Equity Transactions
    • Distressed Debt
    • Emerging Growth Companies & Venture Capital
    • Family-Owned & Closely Held Businesses
    • Private Equity Litigation
    • Life Sciences
    • BR BioAdvisory Services
    • Technology
    • Artificial Intelligence
    • Cybersecurity & Data Privacy
    • Digital Commerce
    • Fintech
    • Real Estate
    • Hospitality & Leisure
    • Distressed Real Estate
    • Real Estate Special Situations
    • Real Estate Litigation
    • Wireless Network Infrastructure
  • Insights
    • Client News
    • Firm News
    • Briefings
    • Events
  • Careers
    • Experienced Lawyers
    • U.S. Law Students
    • London Trainee Program
    • Business Professionals
    • Professional Development
  • Public Interest
    • Brown Rudnick Charitable Foundation
    • Pro Bono & Community Service
  • Inclusion
    • Inclusion
    • Women in Business Series

Search People

Search by last name

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

see all people

Asset 3
  • LinkedIn
  • X (formerly known as Twitter)
  • Facebook
  • Instagram
  • Threads
  • YouTube
  • rss
  • Contact Us
  • Terms of Use
  • Privacy
  • Sitemap
  • LinkedIn
  • X (formerly known as Twitter)
  • Facebook
  • Instagram
  • Threads
  • YouTube
  • rss

© 2024 Brown Rudnick LLP. Attorney advertising.

All Rights Reserved.

All Posts Subscribe
print-logo
1/16/2025 3:41:25 PM | 4 minute read

AI and Confidentiality: Not Mutually Exclusive (But Be Smart, Too!)

26

Get in touch

Avatar
Erick Robinson
Partner

Get in touch

Avatar
Erick Robinson
Partner
featured image
26

Ever wondered how to harness the power of AI without accidentally spilling your client's secrets all over the internet? If you're a lawyer venturing into the world of artificial intelligence, this question isn't just academic—it's crucial.

In an era where ChatGPT can draft contracts and AI can analyze case law and documents faster than you can say "objection," the legal profession is on the brink of a technological revolution. But with great power comes great responsibility (and potential liability). Here are some hints to help you avoid being the lead story on "Above the Law" for all the wrong reasons.  Before launching into a complete analysis, I wanted to provide a practical perspective. If you aren't smart regarding AI, you can get into a lot of trouble as an attorney. The top ways are (1) not verifying the information is accurate, as AI can “hallucinate” facts such as making up fake case cites -- more on this in a future post, and (2) disclosing confidential information to the world (the topic of this post). 

The good news is that you don't have to get into trouble! Think of AI like a really smart junior associate. Just as no one should trust a first-year's work without review, the same is true of AI. So don't be reckless and have an AI chatbot write your entire brief without triple-checking everything. And don't assume that whatever you put into ChatGPT will be treated as confidential.

The good news is that the large language models (LLMs) and their chatbot interfaces (like ChatGPT, Gemini, Claude, and Grok) are increasingly allowing (paying and sometimes premium) users to safeguard confidentiality by walling off the inquiries from their training playground. Think of it like Google: if something is “free” then you are the product. Further, there are additional ways to safeguard information, including using a fully local LLM model. This requires some technical expertise but is very doable for those who wish to spend the time. Keep in mind that for speedy analysis, you may need to invest in a dedicated GPU-intense computer ranging from a couple of thousand dollars to over $50,000. You can also use SLM (the “S” is for small), which requires less brute power.

If confidentiality is paramount, as it is for attorneys in most cases, here are some ways to protect your data while also taking advantage of the power and efficiency of AI in legal practice.

When using Large Language Models (LLMs) or other AI in legal practice or any field where confidentiality is paramount, here are some surefire ways to protect sensitive information:

𝟭. 𝗗𝗮𝘁𝗮 𝗔𝗻𝗼𝗻𝘆𝗺𝗶𝘇𝗮𝘁𝗶𝗼𝗻

- Mask Personal Information: Before feeding data into an LLM, remove or mask any personal identifiers such as names, addresses, or specific dates. Use generic placeholders or pseudonyms to maintain the context while protecting individual identities.

- Generalization: Instead of using exact details, generalize data. For example, instead of "John Doe from 123 Elm St.," use "a client from a residential area."

𝟮. 𝗦𝗲𝗰𝘂𝗿𝗲 𝗗𝗮𝘁𝗮 𝗛𝗮𝗻𝗱𝗹𝗶𝗻𝗴

- Encryption: Use end-to-end encryption for data in transit and at rest. Ensure all LLM communications are encrypted, and data is stored securely.

- Private Clouds or On-Premise Solutions: Instead of public cloud services, consider using private cloud solutions or hosting the LLM on your own servers where you have full control over data security.

𝟯. 𝗔𝗰𝗰𝗲𝘀𝘀 𝗖𝗼𝗻𝘁𝗿𝗼𝗹

- Need-to-Know Basis: Restrict access to the LLM and the data it processes to only those who need it for their work. Implement strict access controls and authentication measures.

- User Permissions: Define clear roles and permissions within your team. Not everyone should have the same level of access to sensitive information.

𝟰. 𝗖𝘂𝘀𝘁𝗼𝗺𝗶𝘇𝗲𝗱 𝗼𝗿 𝗖𝗹𝗼𝘀𝗲𝗱 𝗠𝗼𝗱𝗲𝗹𝘀

- Private Models: If possible, use or develop custom LLMs trained on your specific datasets that do not connect to external networks or APIs. This reduces the risk of data leakage through third-party services.

- Air-Gapped Systems: For extremely sensitive data, consider using an LLM in an air-gapped environment, where the system is not connected to the internet, thus preventing remote access or external threats.

𝟱. 𝗔𝘂𝗱𝗶𝘁 𝗮𝗻𝗱 𝗠𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴

- Regular Security Audits: Conduct regular audits to check for vulnerabilities in your LLM usage. This includes software updates, patch management, and security configurations.

- Monitoring Usage: Log and monitor all interactions with the LLM. This can help detect any unusual activities or potential breaches.

𝟲. 𝗟𝗲𝗴𝗮𝗹 𝗮𝗻𝗱 𝗘𝘁𝗵𝗶𝗰𝗮𝗹 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴

- Educate Staff: Ensure all team members understand the importance of confidentiality and how it applies to AI tools. Training should cover both the technical use of LLMs and the ethical handling of data.

- Policy Development: Create and enforce clear policies regarding the use of LLMs, detailing what data can be used, how it should be anonymized, and under what conditions it can be processed.

𝟳. 𝗗𝗮𝘁𝗮 𝗠𝗶𝗻𝗶𝗺𝗶𝘇𝗮𝘁𝗶𝗼𝗻

- Use Only Necessary Data: Feed the LLM only the data necessary for the task at hand. Less data means less risk if there's a security compromise.

𝟴. 𝗢𝘂𝘁𝗽𝘂𝘁 𝗦𝗮𝗻𝗶𝘁𝗶𝘇𝗮𝘁𝗶𝗼𝗻

- Review Outputs: Before using or sharing outputs from an LLM, review them for any accidental disclosures of sensitive information. Implement a process where human eyes check AI-generated content.

𝟵. 𝗡𝗼𝗻-𝗗𝗶𝘀𝗰𝗹𝗼𝘀𝘂𝗿𝗲 𝗔𝗴𝗿𝗲𝗲𝗺𝗲𝗻𝘁𝘀 (𝗡𝗗𝗔𝘀)

- With Vendors: If you're using a third-party LLM service, ensure there are NDAs in place that legally bind them to maintain confidentiality. Check your user agreements!

𝟭𝟬. 𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗲 𝗣𝗹𝗮𝗻

Preparedness: Develop a clear incident response plan for data breaches that details the steps to take if confidentiality is compromised, including notification procedures, damage control, and legal steps.

𝗖𝗼𝗻𝗰𝗹𝘂𝘀𝗶𝗼𝗻

By integrating these practices, you can significantly enhance the confidentiality of data when using LLMs, aligning technological innovation with the ethical and legal standards required in handling sensitive information. Remember, the integrity of confidentiality is not just about preventing breaches but also about building trust with clients and maintaining the ethical standards of your profession.

 

Tags

trade secrets, litigation & arbitration, intellectual property, intellectual property litigation, patents, litigation & dispute resolution, artificial intelligence, cybersecurity & data privacy, digital commerce, technology

Get in touch

Avatar
Erick Robinson
Partner

Get in touch

Avatar
Erick Robinson
Partner
[2025] UKUT 00124 (TCC) George Mantides Limited v HMRC: Further Ammunition for HMRC in Its Battle Against Self-Employment in Healthcare?
5/1/2025 2:34:46 PM

[2025] UKUT 00124 (TCC) George Mantides Limited v HMRC: Further Ammunition for HMRC in Its Battle Against Self-Employment in Healthcare?

By Matthew Sharp
One of the unusual aspects of the First-tier Tribunal (“FTT”) decision in Mantides (which was the subject of this appeal to the Upper...
38
38

Latest Insights

Fourth Circuit Holds That Short-Seller Report Does Not Establish Loss Causation for Securities Claims
4/9/2025 5:32:36 PM

Fourth Circuit Holds That Short-Seller Report Does Not Establish Loss Causation for Securities Claims

By Jonathan Richman
3
3
New PTAB Ruling Highlights Critical IPR Petition Requirements: Consistency Between PTAB and District Court Proceedings
3/24/2025 6:05:50 PM

New PTAB Ruling Highlights Critical IPR Petition Requirements: Consistency Between PTAB and District Court Proceedings

By Erick Robinson
7
7
Artificial Intelligence, Real Risks: How Insurance Companies Can Provide Coverage in Response to AI Washing
3/21/2025 1:20:49 PM

Artificial Intelligence, Real Risks: How Insurance Companies Can Provide Coverage in Response to AI Washing

By Darion Alexander Daniel Healy
6
6