AI Data Privacy for Law Firms: How to Safely Use AI Without Exposing Client Data or Losing Attorney-Client Privilege

A federal court ruled earlier this year that using a consumer AI tool voided attorney-client privilege. Not because of a data breach, but in part because of the platform’s terms of service.

In United States v. Heppner, No. 25 Cr. 503 (S.D.N.Y.), the U.S. District Court judge found that a client’s interactions with Anthropic’s Claude were not protected by attorney-client privilege on several grounds, including that Anthropic’s privacy policy, which permitted data retention, model training, and disclosure to third parties including government authorities, eliminated any reasonable expectation of privacy. The case involved a non-lawyer, but the holding is one every legal professional should understand.

The decision confirmed what the legal community has long believed: that entering confidential information into an AI that uses it for training puts privilege at risk and, independently, exposes clients’ data.

Against that backdrop, it may surprise you to learn that 46% of legal professionals use generic, non-legal AI tools, according to the 2025 Legal Trends Report. 

That’s a trend worth investigating at your own firm, especially given the mounting regulatory pressure to ensure AI data privacy. U.S. state data privacy laws are multiplying, the EU AI Act is entering enforcement, and bar associations are issuing AI usage guidance at an accelerating pace. 

Let’s explore how your firm can navigate these challenges without giving up the many advantages of AI for lawyers or risking clients’ data privacy. You should know that responsible adoption is both essential and achievable.

Understanding AI data privacy in legal practice

For law firms, AI data privacy is a professional obligation with technical dimensions, not a single setting or feature.

In practice, it means that when you use AI tools, client information must be:

• Confidential
• Not retained or used for model training
• Protected by appropriate security controls

Those requirements don’t exist in a vacuum. AI use also requires complying with your ethical obligations under the Rules of Professional Conduct and staying current with a regulatory environment that is expanding rapidly, from state privacy laws to the EU AI Act. We’ll cover both in detail below. 

Meeting all of it takes multiple layers working together—technical controls, vendor agreements, firm policies, and lawyer judgment—applied consistently across the full AI data lifecycle: input, processing, output, and retention. 

Your systems must ensure privacy at each of these steps. 

The ethical obligations that govern AI data privacy

AI data privacy missteps carry consequences beyond regulatory fines, including bar complaints, malpractice exposure, and damage to client trust. Several Model Rules of Professional Conduct apply directly to how you use AI, and together they form the foundation of sound governance. Here’s how those familiar ethical rules apply to using AI.

• Rule 1.6 (Confidentiality of information)

Under Model Rule of Professional Conduct 1.6(c), you have the duty to make reasonable efforts to prevent unauthorized disclosure of, or access to, information relating to the representation of a client. One such reasonable effort is, before using an AI tool, understanding how it stores, processes, and shares information. That’s why ABA Formal Opinion 512 says lawyers must read and understand the terms of service of any AI tool they use and consult with experts, if needed, to clarify terms.

• Rule 1.1 (Competence)

Your ethical obligation to provide competent representation encompasses many things, including how you use the tools related to that representation. Just as you’re expected to know how to effectively use online legal research tools, you must also use AI tools in a way that improves the representation, rather than detracting from it. That means you must know AI’s benefits and risks as well as what happens to data you share with AI.

• Rules 5.1 and 5.3 (Supervision)

ABA Rule 5.1 requires supervising attorneys to make reasonable efforts to ensure that the attorneys they supervise are complying with the Rules of Professional Conduct, including the duty of competent representation. As such, supervising attorneys should take steps to ensure the attorneys they supervise use AI in a way that helps the client without compromising client data privacy.

Similarly, Rule 5.3 governs lawyers’ responsibilities for nonlawyer assistance, which the ABA has indicated can include AI tools and the vendors that provide them. Lawyers must take reasonable steps to ensure these tools and vendors operate in a manner consistent with the Rules of Professional Conduct. This means lawyers must ensure that vendors’ platforms aren’t retaining client information.

• Rule 3.3 (Candor to the Tribunal)

If a lawyer fails to verify the accuracy of AI content in a court submission and later discovers that such content was inaccurate, they have a duty to correct the mistake. Likewise, a lawyer cannot represent to a court that a communication is privileged if they know that AI has destroyed the communication’s privilege.

When you develop or update your AI governance policy, you can incorporate your firm’s guidance on what practices will support compliance with each of these ethical obligations.

What zero data retention is (and what it doesn’t cover)

Those ethical obligations make clear what any AI tool you use must be able to demonstrate. The most significant technical feature to understand for meeting that standard is zero data retention (ZDR).

With ZDR, no record of the content of your interaction is retained by the vendor. Your input is processed, a response is returned, and the data is discarded. For lawyers, that removes the foundation for the kind of privacy exposure at issue in Heppner. When a vendor retains nothing, there is nothing to disclose. But ZDR has limits that are worth understanding before treating it as a complete solution.

For example, ZDR doesn’t protect data in transit. That is, after you enter your data and click send, your data could be intercepted as it travels from your computer to the AI, which is why encryption is also essential. ZDR also doesn’t control what happens at the endpoint. Once your AI generates an output, a lawyer could copy it into an insecure location. Nor does ZDR create an audit trail. You need a separate documentation process for that.

Given its limits, ZDR is essential but not sufficient. It’s one critical layer of a broader privacy system, not a magic shield. Firms also need encryption, access controls, approved tool policies, and documentation practices to close the gaps that ZDR leaves open. 

Consumer AI vs. legal-specific AI: The data privacy gap

Technical features like ZDR only matter if the tool itself is built for legal work. The terms of service governing how a tool handles your data matter just as much as any individual feature, and so does whether it was designed with legal compliance requirements in mind from the start. That’s where the difference between consumer and legal-specific AI tools becomes clear, and consequential. The tool you choose is the first privacy decision you make.

Even a paid subscription to a consumer AI tool doesn’t eliminate the risks of using consumer AI. The terms of service for most consumer tools permit data retention, model training on user inputs, and sharing of data with third parties, sometimes with an option to turn training off, but not always. The exposure isn’t theoretical. Last year, a federal court ordered an AI service provider to indefinitely hold user data, including data that users had already deleted.

The Heppner ruling made clear what that exposure means in practice for lawyers and their clients. The court didn’t rule that using AI waived privilege. It ruled that using a tool whose terms of service undermined confidentiality waived privilege and lacked work-product protections. The terms alone were enough. The tool choice is what created the risk.

Legal-specific AI tools are built around a different set of commitments. Designed from the ground up to meet the confidentiality requirements of legal practice, legal-specific solutions like Clio Work operate under ZDR agreements, carrying SOC 2 Type 2 certification, encrypting data in transit and at rest, enforcing role-based access controls, and explicitly prohibiting using client data for model training.

Taken together, those protections allow lawyers to use AI for sensitive client work—legal research, contract analysis, summarization of client communications—without the privilege and confidentiality exposure that comes with consumer tools.

That doesn’t mean consumer AI has no place in a law firm. For general factual or scientific research, administrative tasks, and any work that doesn’t touch client data, consumer tools can be used with appropriate caution. The line is client information. Once that’s involved, the tool needs to be built to protect it.

How to evaluate AI tools for data privacy

With the right questions, evaluating an AI tool’s data privacy credentials is more straightforward than it might seem. The checklist below gives firms a practical framework for vetting any AI tool before adoption, going beyond feature claims to the contractual and architectural commitments that determine whether client data is protected.

• Zero data retention: Confirm that the vendor has ZDR agreements in place with its LLM providers and is operating through API endpoints that support those commitments, not just claiming ZDR as a policy position.
• No model training on client data: Ask directly whether any client-facing input is ever used to retrain, fine-tune, or otherwise improve the underlying model, and get that answer in writing.
• Security certifications: SOC 2 Type 2 is the baseline. Also look for ISO 27001 certification, TLS encryption for data in transit, AES-256 encryption at rest, and mandatory multi-factor authentication.
• Data residency: Establish where client data is stored and processed, and whether the vendor can restrict processing to a region that satisfies your applicable legal obligations, whether GDPR, PIPEDA, or a state privacy statute.
• Access controls: Evaluate whether the vendor enforces role-based permissions, least-privilege principles, and maintains audit logs showing who accessed which data and when.
• Breach notification: Understand what the vendor is contractually required to do if a breach occurs, including the notification timeline and what information they’re obligated to provide to the firm.
• Architectural compliance review: Go beyond the privacy policy and assess whether the tool is actually built to meet current regulatory requirements, including training data transparency, AI-generated content labeling, and data minimization by design.
• Terms of service review: ABA Opinion 512 treats reviewing vendor terms as a professional obligation. Pay particular attention to clauses governing data ownership, retention periods, third-party sharing, and any rights the vendor claims over client inputs.

What security certifications should legal AI tools have?

SOC 2 Type 2 is the benchmark for legal AI. Also look for ISO 27001, encryption in transit and at rest, multi-factor authentication, data residency options, and contractual zero-data retention agreements with underlying LLM providers.

The regulatory landscape for AI data privacy: What’s changing in 2026 and beyond

In addition to choosing confidential AI solutions for law firms, lawyers should monitor regulatory developments to ensure that both their tools and their practices achieve data privacy compliance. Here are some key recent developments:

• ABA Formal Opinion 512 (2024): This opinion examines how lawyers’ ethical obligations inform how they use AI. It’s a great starting point for developing your firm’s AI governance policy.
• State bar guidance flurry: The state bars in California, Florida, Pennsylvania, Kentucky, New York, Oregon, Washington, and other states have issued formal ethics opinions regarding AI use. While the ABA opinion serves as a “national baseline,” state bar directives include more prescriptive rules on client disclosure, technical verification, and interactions with AI. In general, the trend is toward more data protection requirements for lawyers, not fewer.
• EU AI Act (entering enforcement 2025–2026): Lawyers practicing in the EU should take note that the Act classifies many common legal AI tools, such as those used for document review, legal research, and contract analysis, as “high-risk” systems. The Act requires that lawyers ensure staff AI literacy, maintain strict human oversight of outputs, and comply with rigorous transparency and data governance standards to avoid heavy fines.
• U.S. state privacy laws expanding: Indiana, Kentucky, and Rhode Island privacy laws took effect January 1, 2026, requiring law firms that collect personal data from residents of those states to respond to consumer requests to access, correct, or delete that data and to honor opt-outs from its sale. California and Texas AI-specific laws are also in effect. Firms with multi-state client bases now need jurisdiction-by-jurisdiction compliance protocols rather than a single firm-wide policy.

Privacy regulation is shifting from a disclosure model, where compliance meant telling users what you did with their data, to an infrastructure model, where regulators dictate how AI tools must be built from the ground up. For lawyers evaluating AI vendors, that shift means vetting a privacy policy is no longer enough. The due diligence question is now whether the tool’s underlying architecture actually meets regulatory requirements.

Practice the future of law today

With Clio Work, you go beyond generic chatbots and use AI that understands the context of your matters and delivers precise, cited legal research, analysis, and drafting that moves your cases forward.

Discover Clio Work

Building a data privacy workflow for your firm

Data privacy compliance requires firm-wide systems that can keep pace with a rapidly changing legal and technology landscape. A lightweight, repeatable workflow gives every member of your team clear guidance on how to handle AI tools responsibly.

• Create an approved tools list: Classify AI tools by data sensitivity. Use green for tools approved for client data, yellow for non-sensitive use only, and red for prohibited tools so every team member knows the boundaries before they start working.
• Establish data input rules: Define explicitly what may and may not be entered into AI tools, with the strictest protections reserved for sensitive identifiers, privileged communications, and confidential financial information.
• Implement a vendor vetting process: Run every prospective AI tool through the evaluation checklist above before adoption, and treat vendor review as a standard procurement step rather than an afterthought.
• Document AI usage: Maintain records of which tools were used, on which matters, for which tasks, and how outputs were reviewed and verified. This documentation is your audit trail if questions arise later.
• Train your team: Data privacy obligations extend beyond the lawyers. Paralegals, administrative staff, and anyone else with access to AI tools need to understand the firm’s rules and the reasoning behind them.
• Review and update regularly: Privacy laws evolve, vendor terms change, and AI capabilities shift quickly. Build in a quarterly review of your AI policy and approved tools list to ensure your protocols stay current.

A workflow like this won’t eliminate risk entirely, but it creates the kind of documented, consistent practice that demonstrates competence and diligence if your firm’s AI use is ever called into question.

Common AI data privacy concerns

If you’re not ready to build a full workflow yet, you’re not alone. Here are four concerns that come up often, and how to think through them.

“This all sounds complicated, and we’re a small firm without IT resources.” Start with one decision: Choose a legal-specific AI tool with privacy protections (ZDR, SOC 2 Type 2, no model training) that are built in. That single choice eliminates the biggest risk. Then build a simple approved tools list and data input policy from there.

“We’ve been using ChatGPT and nothing bad has happened.” The Heppner ruling showed that privilege risk exists, even absent any breach. The terms of service were enough to destroy confidentiality. The risk isn’t that something will go wrong. It’s that you can’t prove your data is protected if asked.

“Zero data retention means we lose useful AI context and history.” That’s a real trade-off. ZDR addresses vendor-side risk, but firms should build their own documentation practices for AI usage. Document AI use within your own secure systems.

“Given the risks with AI, isn’t it safer to avoid using it altogether?” Avoiding AI may be a violation of lawyers’ ethical duty to provide competent representation, according to at least one observer. While concerns about the technology are valid, thoughtful adoption ultimately serves both the firm’s and the client’s best interests. When implemented correctly, AI can enhance accuracy, efficiency, and service quality. Getting it right is more accessible than many assume with the right tools and guidance.

None of these concerns is a reason to avoid privacy-first AI adoption. Start simply, build incrementally, and choose tools that do the heavy lifting for you.

Privacy built into the platform, not bolted on

Not all AI tools approach privacy the same way. General-purpose tools built for broad consumer use may offer privacy features, but those features are typically layered on after the fact. They’re designed to satisfy policy requirements, not the confidentiality obligations that govern legal practice. The stronger foundation is a tool built for legal work from the start.

Clio’s AI tools, including Manage AI and Clio Work, are designed with that baseline in mind. Client data is never used to train or improve underlying models, zero data retention agreements are in place, and the platform meets SOC 2 Type 2, PCI DSS, and data residency standards. 

For firms using Clio Work alongside Clio Manage, data doesn’t need to be copied and pasted between systems to get AI assistance. It stays within a single secure environment. That reduces the number of exposure points a firm has to manage and simplifies the compliance picture considerably. And for firms that do need to bring client information into the platform, Clio’s security architecture ensures it stays protected.

With Clio, compliance is built into how the product works.

Privacy-first AI use is the best policy for lawyers

Firms that treat data privacy as a foundational requirement aren’t only checking a compliance box. They’re building the kind of client trust that sustains long-term relationships, protecting their reputation against the growing risk of a high-profile breach or disciplinary action, and positioning themselves to adapt as the regulatory landscape continues to tighten.

For most firms, the path forward is simpler than it seems. Choose the right tools, set clear expectations for how they’re used, and build the habit of reviewing both as rules and tools evolve. None of that requires a large IT team or a complete overhaul of how your firm operates. It requires starting with the right foundation and building consistently from there.

Explore more AI for Lawyers guides to build practical, privacy-first AI workflows step by step and gain practical guidance on the ethics of AI use and disclosure obligations.