Filter by Category

How to Draft an AI Acceptable Use Policy for California Law Firms to Reduce Confidentiality and Malpractice Risk

California law firms can cut AI-related confidentiality and malpractice exposure by adopting an AI Acceptable Use Policy built around 6 core controls: scope, approvals, vendor due diligence, client-data rules, supervision, and logging. California’s ethical duties of competence and confidentiality apply even when lawyers use generative AI tools. This article explains how to draft a compliant policy, with sample clauses and California-specific risk points.

Why California firms need an AI Acceptable Use Policy (AUP)

Generative AI has moved from “experiment” to “workflow” in many offices—drafting emails, summarizing records, generating outlines, translating, and brainstorming arguments. In California, however, the duties that govern those activities did not change when the tool changed. If a lawyer inputs client information into an AI system without safeguards, the firm can trigger confidentiality and privilege issues, create inaccurate work product, and increase malpractice exposure.

An AI Acceptable Use Policy (AUP) is the firm’s written, enforceable rulebook for how personnel may use AI in client and firm matters. A good AUP does three things: (1) constrains the highest-risk use cases, (2) establishes review and supervision requirements to preserve competence, and (3) creates operational evidence—training, approvals, logs—that the firm acted reasonably if a dispute arises.

California legal duties the policy must reflect

Confidentiality and the duty to protect client information

California lawyers have a stringent duty to maintain client confidences, including under Business and Professions Code section 6068(e). That obligation reaches beyond “privileged” information and includes confidential client information learned in the professional relationship. If an AI system stores prompts, uses inputs to improve models, or shares data with vendors, an uncontrolled prompt can become an unauthorized disclosure.

Competence, supervision, and reasonable diligence

The duty of competence (California Rules of Professional Conduct (CRPC) 1.1) requires lawyers to apply the learning and skill reasonably necessary for the representation. When AI is used to draft, summarize, cite-check, or analyze, competence includes understanding the tool’s limits and validating outputs. CRPC 5.1 and 5.3 (supervision of lawyers and nonlawyer assistants) also matter: AI functions like a powerful “assistant,” and the firm must implement measures to ensure work quality and compliance.

Communication and informed decision-making

CRPC 1.4 requires lawyers to keep clients reasonably informed and to explain matters to permit informed decisions. AUPs should address when AI use is routine and internal (often not requiring disclosure) versus when it implicates client instruction, billing practices, or heightened confidentiality risk that may warrant discussion or consent.

Fees, billing, and “efficiency dividends”

AI can reduce time spent on tasks. If a firm bills hourly, it must ensure time entries reflect actual work performed and that billing practices remain fair and not misleading. The AUP should prohibit “phantom time,” require accurate descriptions, and direct lawyers to follow engagement terms when AI accelerates work.

What an AI AUP should cover: the six-control framework

1) Scope: define what “AI” means and who the policy covers

Start with definitions that capture generative AI, AI-enabled research, transcription, e-discovery analytics, and built-in AI features in everyday tools (email, word processing, note-taking). Include everyone: partners, associates, contract attorneys, paralegals, assistants, and IT—plus any third-party vendors acting under the firm’s direction.

Sample clause (scope): “This Policy applies to all personnel and governs any use of artificial intelligence systems, including generative AI, machine-learning tools, and AI features embedded in software, when used for Firm business or any client matter.”

2) Approvals: categorize use cases by risk level

Most firms need a simple “traffic-light” approval structure that prevents ad hoc deployment:

Green (pre-approved): administrative writing without client data (e.g., internal training outlines, generic templates), grammar improvements, and brainstorming on non-client facts.

Yellow (conditional): summarizing discovery after redaction, drafting first-pass outlines, creating deposition question banks—only in approved tools and only with required human verification and logging.

Red (prohibited without written exception): inputting confidential client information into public consumer tools; allowing AI to send external communications automatically; generating legal advice without attorney review; using AI to create citations or authorities without independent verification.

Sample clause (risk tiers): “Users may not use non-approved AI Tools for any client matter. ‘Public AI Tools’ are prohibited for client confidential information absent written approval from the Firm’s AI Governance Lead and completion of a tool-specific risk assessment.”

3) Vendor due diligence and contracting: treat AI as a data processor

Your AUP should require vendor review before any AI tool is used for firm or client work. The review should be conducted by a designated AI Governance Lead (often a partner) with IT/security input. Key requirements include:

Data use and retention: confirm whether prompts/outputs are stored, for how long, and whether they are used for model training. Prefer enterprise offerings that contractually disable training on firm data.

Confidentiality and security controls: encryption in transit/at rest, access controls, audit logs, incident response, and breach notification timelines.

Subprocessors: identify downstream vendors and require flow-down protections.

Location and transfer: where data is processed and stored; cross-border transfer implications.

Indemnity and limitation of liability: avoid contracts that disclaim everything while you assume all risk.

Sample clause (vendor gate): “No AI Tool may be used for client work unless (a) the Vendor has executed the Firm’s AI/Data Processing Addendum, (b) training on Firm data is disabled by contract and configuration, and (c) the tool is added to the Firm’s Approved AI Tools List.”

4) Client data rules: a “minimum necessary” and redaction standard

The heart of malpractice and confidentiality risk is what gets entered into the tool. Your AUP should spell out clear rules that attorneys and staff can apply quickly:

Prohibit: names, contact details, account numbers, medical info, trade secrets, nonpublic strategy, privileged communications, and any unique facts that would identify a client or matter—unless the tool is approved for confidential use and the task cannot be done with less data.

Require redaction/anonymization: replace names with roles (“Client,” “Witness A”), remove identifiers, and summarize facts at a higher level when possible.

Outputs are not privileged automatically: remind users that privilege depends on circumstances and that disclosure to a third party can waive it. The policy should emphasize using tools in a way that avoids unnecessary third-party dissemination.

Example: Instead of pasting a full demand letter into a consumer chatbot to “improve tone,” a lawyer can paste a redacted excerpt without client identifiers—or use an approved enterprise tool with contractual confidentiality protections and no training on inputs.

5) Human verification and supervision: “AI is a draft, not an authority”

Many generative AI errors are not obvious: fabricated citations, misstated standards, incorrect summaries, and confident but wrong factual inferences. To align with competence and supervision duties, the AUP should require:

Independent legal verification: no AI-generated legal authorities may be cited unless the attorney retrieves and reads the underlying source from a reliable database.

Factual verification: AI summaries must be checked against the record (transcripts, exhibits, discovery responses) before being used in filings or advice.

Work-product review: a licensed attorney must review AI-assisted drafting before sending to a client, court, opposing counsel, or third party.

Sample clause (verification): “AI Output may be used only as a preliminary draft. The responsible attorney must verify all legal citations, quotations, procedural rules, and material facts against primary sources before reliance, filing, or communication.”

6) Logging, recordkeeping, and incident response

If a dispute arises—an alleged disclosure, a bad filing, or a billing challenge—the firm will be judged on reasonableness. Logging helps show governance and enables internal improvement.

Your AUP should require, for client-matter use:

Tool identification: which AI tool/version was used.

Purpose: e.g., “summarize deposition transcript,” “draft outline,” “generate interrogatory topics.”

Data handling: whether redaction was performed and what categories of data were included.

Review: who verified and how (case law checked, transcript cross-check).

Also include an incident response pathway: what to do if someone accidentally pasted confidential information into a prohibited tool (immediate report to IT/security and the AI Governance Lead, preservation of evidence, and evaluation of client notification obligations).

Key provisions to include (with practical drafting tips)

Approved tools list and configuration standards

Make “approved tool” status concrete. Include a maintained list (appendix or intranet page) and require configuration settings: disabling training, enabling SSO/MFA, limiting sharing, and turning on audit logs where available.

Prompting rules and prohibited prompts

List examples personnel can recognize:

Prohibited: “Here is my client’s medical record—summarize it,” in a public tool; “Draft a motion using the attached settlement email chain” without an approved secure environment.

Allowed with safeguards: “Create a checklist of issues to spot in a California wage-and-hour complaint” (no client facts); “Summarize this transcript excerpt” (redacted, approved tool, verify).