How to Build an AI Governance Program for California Law Firms Under the CPRA, ABA Model Rules, and SOC 2 Requirements

How to Build an AI Governance Program for California Law Firms Under the CPRA, ABA Model Rules, and SOC 2 Requirements

California law firms can build a defensible AI governance program in 30–90 days by combining a written CPRA compliance layer, ABA ethics controls, and SOC 2-style security evidence. The CPRA raises stakes for vendor risk, sensitive personal information, and data minimization, while ABA Model Rules require competence, confidentiality, supervision, and candid communications. This article provides a practical blueprint—roles, policies, vendor due diligence, contracting, training, and audit-ready documentation.

California law firms adopting generative AI for drafting, research, eDiscovery, intake, marketing, and knowledge management face a single core governance problem: AI systems can move data fast, widely, and opaquely. A defensible AI governance program therefore needs to do three things at once: (1) comply with California privacy obligations (including CPRA concepts like sensitive personal information, service provider/contractor restrictions, and data minimization); (2) meet attorney professional duties under the ABA Model Rules (competence, confidentiality, supervision, and truthful communications); and (3) produce credible, repeatable security evidence that clients increasingly demand—often mapped to SOC 2’s Trust Services Criteria (TSC).

This article outlines a practical, audit-ready approach for California firms that want to use AI while reducing malpractice exposure, ethics complaints, privacy claims, and client offboarding risk.

1) Start with the governing framework: CPRA + ABA duties + SOC 2 evidence

CPRA (California Privacy Rights Act). The CPRA amended and expanded the CCPA. Even when a firm is not “selling” personal information, AI tools can create CPRA risk through: (i) collection and use beyond a disclosed purpose; (ii) unnecessary retention; (iii) disclosure to vendors that are not properly contracted as service providers/contractors; and (iv) handling of “sensitive personal information” (SPI) such as government IDs, precise geolocation, account credentials, health data, and other categories defined by statute.

ABA Model Rules (professional responsibility). AI governance must support at least four recurring ethics themes:

Rule 1.1 (Competence): lawyers must understand benefits and risks of relevant technology.

Rule 1.6 (Confidentiality): lawyers must take reasonable measures to prevent unauthorized disclosure/access to client information.

Rules 5.1 & 5.3 (Supervision): firms must supervise lawyers and nonlawyer assistance, including vendors and technology operations.

Rule 7.1 / 8.4 (communications/ misconduct): marketing claims and client communications about AI must not be false or misleading, and practices must avoid dishonest conduct.

SOC 2 (Trust Services Criteria). SOC 2 is not a law, but it is a market standard for proving controls over Security, Availability, Confidentiality, Processing Integrity, and Privacy. For law firms, aligning AI controls to SOC 2-style evidence (policies, approvals, logs, access reviews, incident response, vendor management) helps satisfy client audits and demonstrates “reasonable measures” under ethics and privacy expectations.

2) Define scope: what “AI” means at your firm (and where data flows)

Most AI governance programs fail because the firm cannot answer a basic question: Which AI systems touch which client data? Begin with an AI system inventory and data-flow mapping that covers:

  • Use cases: drafting pleadings, summarizing depositions, research, translation, intake chatbots, marketing content, document review, conflict checks, billing narratives.
  • Tools: public LLMs, embedded AI in Microsoft 365/Google Workspace, legal research platforms, eDiscovery AI, transcription tools, CRM chatbots, practice management AI features.
  • Data types: client confidences, SPI, employee data, opposing party data, minors’ data, medical info, financial account data.
  • Transfer points: browser plugins, API connectors, add-ins, “share” features, vendor support portals.
  • Model behavior: whether prompts/outputs are retained, used for training, or accessible to vendor staff.

Example: A litigation team pastes a draft settlement term sheet containing bank routing numbers and medical liens into a consumer-grade AI chatbot. That single action can create CPRA exposure (SPI handling and disclosure), Rule 1.6 risk (confidentiality), and a client security audit failure (no vendor due diligence, no retention controls).

3) Establish governance roles and decision rights

A workable AI program assigns responsibility clearly. A typical law-firm structure includes:

  • AI Governance Committee: Managing Partner (or designee), General Counsel/ethics partner, Privacy lead, IT/Security lead, and a practice-group representative.
  • AI System Owner: accountable for each tool’s configuration, approved uses, training, and vendor coordination.
  • Risk & Compliance Reviewer: reviews CPRA obligations, client contractual requirements, and ethics issues for each tool and use case.

Document decision rights: who can approve a new AI vendor, who can approve a new high-risk use case (e.g., intake chatbot), and who can halt use if an incident occurs.

4) Write the minimum viable policy set (and make it enforceable)

Clients and regulators care less about aspirational statements and more about enforceable rules. At minimum, adopt:

4.1 AI Acceptable Use Policy (AUP)

Include: prohibited inputs (client confidences unless approved tool + safeguards), required disclaimers (AI can be wrong), and human review mandates for legal advice, citations, and filings.

4.2 Data Classification & Handling Standard

Define categories (Public, Internal, Confidential, Client Confidential, SPI). Specify whether each category may be used with: (i) public AI tools; (ii) enterprise AI with contractual protections; (iii) on-prem/private models.

4.3 AI Output Quality & Citation Verification Standard

Require cite-checking and source retrieval for research outputs; require redlining or attorney review for any client-facing document. Address hallucination risk explicitly.

4.4 Vendor Risk Management Policy

Require security questionnaires, SOC 2 reports (when available), penetration test summaries, subprocessors list, and breach notification terms.

4.5 Incident Response Addendum for AI

Define AI-specific incidents: prompt leakage, unauthorized model training on firm data, exposure via plugins, misdirected outputs, or access token compromise.

Enforcement tip: Pair policy with technical controls (e.g., blocking unapproved AI domains, disabling risky browser extensions, DLP rules for SPI) and training attestations.

5) CPRA alignment: operationalize privacy concepts in AI workflows

Even if some law firms qualify for exemptions in certain contexts, clients increasingly demand CPRA-grade privacy practices contractually. Implement the following CPRA-aligned controls:

5.1 Purpose limitation & data minimization

For each AI use case, document: (i) the purpose (e.g., “summarize deposition transcript for internal work product”); (ii) the minimum data needed; and (iii) prohibited fields (e.g., SSNs, driver’s license numbers) unless essential and approved.

5.2 Sensitive personal information (SPI) rules

Create a “SPI checklist” for prompts and uploads. If SPI is involved, require an approved enterprise tool with: encryption, no training on firm data (or strict opt-out), retention limits, and access controls.

5.3 Service provider/contractor contracting posture

Where a vendor processes personal information, structure the relationship to restrict the vendor’s use of data to providing services. In practical terms, contracting should address:

  • no independent use of data (including model training) except as expressly allowed;
  • confidentiality and limited personnel access;
  • subprocessor controls and notice;
  • deletion/return on request and at termination;
  • security standards and audit cooperation.

5.4 Retention schedules for AI inputs/outputs

Set retention periods based on matter type and client requirements. Ensure the vendor can support deletion and that internal logs do not retain sensitive prompts longer than necessary.

6) ABA Model Rules: bake ethics into the AI lifecycle

6.1 Competence: train to the use case, not the buzzword

Competence is operational when training is specific: “how to verify citations,” “how to avoid uploading client confidences,” “how to use approved matter-specific workspaces,” and “how to document AI assistance in the file when appropriate.” Provide short, role-based modules for partners, associates, staff, and marketing.

6.2 Confidentiality: “reasonable measures” in an AI context

Reasonable measures typically include: MFA, encryption, access controls, least privilege, secure configuration, DLP, and vendor contractual limits. For AI, add: prompt hygiene rules, disabling model training where possible, and restricting plugins/connectors that can pull data from client repositories.

6.3 Supervision: treat AI like a junior timekeeper with zero judgment

Implement review rules: AI may draft, but a lawyer must review for accuracy, completeness, tone, and legal sufficiency. For filings, require a pre-filing checklist that includes verification of authorities and quotations.

6.4 Communications: disclose responsibly when AI is material

Not every internal AI use requires disclosure, but avoid misleading claims to clients (e.g., “our AI guarantees outcomes” or “eliminates errors”). Consider a client-facing AI statement describing: permitted uses, confidentiality protections, and any client opt-out process.

7) Map controls to SOC 2-style requirements (even if you are not pursuing SOC 2)

Many institutional clients request SOC 2 reports or equivalent assurances. You can meet the expectation

Scroll to Top