7 Client confidentiality

Using GenAI in professional services requires heightened attention to client confidentiality. Legal professionals, for instance, must ensure that no client data – however anonymised – is processed by AI systems without thorough oversight. Terms of service for AI tools often state whether providers retain or use input data, and unclear terms should prompt firms to seek written assurances (The Law Society, 2023).

Confidentiality obligations for solicitors under the Solicitors Regulation Authority guidelines for example (SRA, 2019), persist regardless of how advanced the tools are. Firms may need to obtain explicit client consent before entering their data into GenAI systems, particularly where sensitive legal or personal information is concerned. Failure to do so can lead to potential regulatory breaches, or to non-compliance with data protection regulations. Even seemingly generic data can carry implications when combined with other inputs or used in profiling.

Organisations must document data flows, ensure compliance with data minimisation principles, and regularly audit vendor practices. The responsible use of GenAI is not just about legal compliance but maintaining professional integrity and client trust. It is important for organisations to take proactive measures to reduce the potential for any misuse of data, and to limit unauthorised disclosures wherever possible.