A UK solicitor is under investigation for allegedly violating client confidentiality and waiving legal privilege after they confessed to uploading their clients’ confidential documents to ChatGPT.
This is in line with a warning issued by the Upper Tribunal that the use of open AI tools in such a manner may violate client confidentiality and waive legal privilege. This is a concern for the legal profession regarding the misuse of AI.
In a decision heard in November, but only published recently, the judgment said: “Legal professionals are obliged to ensure that legal arguments which are presented to the First-tier Tribunal or Upper Tribunal are factually and legally accurate. Those who cite false cases fail to comply with that professional obligation and waste the time of the Tribunal.”
It added that any solicitor or legal practitioner who delegates their work to another fee-earner is responsible for supervising that work and ensuring it is accurate. It added that supervisors must ensure that they are aware of the dangers of using GenAI tools for legal research and drafting.
“Failures to do so, or to undertake appropriate checks on the drafting of fee-earners, is likely to result in a referral to the Solicitors Regulation Authority (SRA) or other professional body. A supervisor who fails to ensure that the work of a more junior fee-earner does not contain false cases or citations is likely to be more culpable than a lawyer who fails to ensure that his own work is free from such “hallucinations”.
The Upper Tribunal said it cannot afford to have its scarce resources diverted by representatives who put false information before the Tribunal.
The judges in the First-tier Tribunal and Upper Tribunal are specialist judges, familiar with the law they are expected to apply. In the event that an unfamiliar authority is cited in the written or oral representations before the judge, they would likely want to search for the authority, consider it, before reaching a decision in the case before them.
The citation of authorities that do not exist is like putting the judge on a “fool’s errand.” Time spent doing so is time spent at the expense of other judicial business, not in the interests of justice.
“Uploading confidential documents into an open-source AI tool, such as ChatGPT, is to place this information on the internet in the public domain, and thus to breach client confidentiality and waive legal privilege, and any such conduct might itself warrant referral to the SRA and should, in any event, be referred to the Information Commissioner’s Office,” the judgment said.
Tim Ward, CEO and co-founder at Redflags, said: “This judgment shows the real risk isn’t ‘AI’ in the abstract: it’s untrained staff using consumer tools outside an organisation’s regulatory and security perimeter. In legal and other regulated sectors, AI should be treated like any high-risk technology, supported by clear policies, approved tools, and targeted security awareness so employees understand what they can use, where, and with which data.”
Ward added that businesses should also focus on “reinforcing secure behaviours in the moment, helping staff recognise and avoid risky AI interactions before they create compliance or data-protection issues.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.