How to Draft an AI-Use and Confidentiality Policy for Law Firms in California Under the CCPA and State Bar Ethics Rules
California law firms should adopt a written AI-use and confidentiality policy that satisfies the CCPA/CPRA’s privacy requirements and the California Rules of Professional Conduct (especially duties of confidentiality and competence). With lawyers increasingly using generative AI for drafting, research, and intake, unmanaged tools can expose client secrets and personal information. This article explains how to draft a compliant, practical policy for California firms, with clause-by-clause guidance and examples.
Why California firms need an AI-use and confidentiality policy now
Generative AI tools are now embedded in common legal workflows—drafting correspondence, summarizing discovery, generating outlines, translating communications, creating intake scripts, and analyzing large document sets. In California, these benefits come with heightened risk because lawyers must protect client confidences while also handling “personal information” governed by the California Consumer Privacy Act as amended by the CPRA (collectively, “CCPA/CPRA”).
A written AI-use and confidentiality policy is the most practical way to (1) set firmwide rules for when and how AI may be used, (2) prevent inadvertent disclosure of privileged or confidential information, (3) impose security requirements on vendors and tools, (4) standardize disclosures and client consent practices where appropriate, and (5) document reasonable compliance efforts if an incident occurs.
Governing authorities: CCPA/CPRA and California State Bar ethics duties
CCPA/CPRA: what matters for law firms
Whether the CCPA/CPRA applies to a law firm depends on the firm’s status as a “business” under the statute’s thresholds and definitions, but many firms either qualify directly or interact with covered clients/vendors and handle regulated “personal information.” In addition, California has a broader ecosystem of privacy and security expectations (contractual, regulatory, and tort-based) that makes privacy-by-design a baseline best practice even when a particular statute’s thresholds are not met.
From an AI policy perspective, the key CCPA/CPRA concepts are:
- Personal information includes identifiers and information reasonably linked to an individual; AI prompts and uploaded documents can easily contain it.
- Sensitive personal information (e.g., government IDs, precise geolocation, health data, union membership, contents of communications in some contexts) triggers heightened scrutiny and limitations.
- Service provider/contractor relationships: if an AI vendor processes information on the firm’s behalf, the contract must restrict use, disclosure, and retention in ways consistent with CCPA/CPRA requirements.
- Purpose limitation and retention: collect/use only what’s reasonably necessary and keep it only as long as needed for disclosed purposes.
- Security: the statute and related California enforcement climate expect “reasonable security procedures and practices” appropriate to the nature of the information.
California ethics rules: confidentiality, competence, supervision
California attorneys must comply with the California Rules of Professional Conduct and related State Bar guidance. An AI policy should operationalize at least the following duties:
- Confidentiality: Lawyers must not reveal client confidential information without informed consent or other authorization. AI prompts, uploads, or vendor logs can become disclosures if not controlled.
- Competence: Competent representation includes understanding the benefits and risks of relevant technology. A policy helps demonstrate that the firm has assessed and managed AI risks rather than using tools blindly.
- Supervision: Partners and managers must ensure the firm has measures giving reasonable assurance that lawyers and staff comply with ethics rules. A written policy plus training and enforcement are core “measures.”
- Communication: In some matters, clients may need disclosure about material use of AI, especially where it affects confidentiality, cost, strategy, or the nature of the work performed.
Importantly, an AI policy should not be framed as “technology for technology’s sake.” It should be a compliance instrument: reduce confidentiality risk, protect client data, and standardize review so AI output is never treated as a substitute for legal judgment.
Step-by-step: how to draft the policy (with practical clause guidance)
1) Define the policy’s scope and objectives
Start with a short purpose statement that ties directly to ethics and privacy compliance. Define who must comply (partners, associates, contract attorneys, staff, interns) and what the policy covers (public generative AI tools, enterprise AI, legal research AI, eDiscovery AI, transcription/meeting assistants, translation tools, and any feature that “learns” from inputs).
Drafting tip: Include “client, prospective client, and third-party confidential information” to cover intake and pre-engagement communications.
2) Create a clear AI tool classification system
A policy is only enforceable if it tells users which tools they may use. Build a simple classification table such as:
- Approved tools (e.g., firm-managed enterprise AI with contractual protections, admin controls, and logging).
- Restricted tools (allowed only for non-confidential drafting or with de-identification and partner approval).
- Prohibited tools (any AI that trains on inputs by default, lacks contractual restrictions, or cannot provide adequate security/retention assurances).
Assign ownership: designate an AI Governance Lead (often the managing partner, GC, or IT/security lead) responsible for maintaining the approved list and reviewing new tools.
3) Set “no confidential data” default rules for public AI
The most protective baseline rule for consumer/public AI tools is: do not input any client confidential information or personal information unless the tool is specifically approved and configured for legal use.
Your policy should define what counts as confidential or identifying information in prompts and uploads, including:
- Client names, adversary names, witnesses, and judges associated with a matter
- Facts that would allow re-identification (unique dates, locations, transaction details)
- Documents, transcripts, medical records, financial statements, discovery responses
- Authentication data, account numbers, access links, metadata
Example policy rule: “Users must treat AI prompts and attached files as disclosures to a third party unless the tool is firm-approved under a written agreement and configured to prevent model training on firm data.”
4) Include de-identification and “prompt hygiene” requirements
Firms often want to allow AI for first drafts or issue spotting. If you permit limited use, define a minimum de-identification standard:
- Remove names and replace with neutral labels (e.g., “Client A,” “Vendor B”).
- Generalize dates and locations where possible (“mid-2024,” “Northern California”).
- Strip signatures, letterheads, file numbers, and metadata.
- Do not include unique fact patterns that would reasonably identify the client.
Also require “prompt hygiene” rules: no copying entire documents into consumer tools; summarize manually before using AI; and keep prompts narrowly tailored.
5) Address attorney work product, citations, and hallucination controls
Any AI-use policy should explicitly state that AI output is not authoritative and must be verified. Include:
- Human review mandate: a licensed attorney must review all AI-assisted legal analysis and filings.
- Citation verification: all citations and quotations must be checked against primary sources.
- No fabricated authorities: prohibit submitting AI-generated citations without independent confirmation.
- Client-facing content: require attorney approval before AI-assisted client advice is sent.
Specific example: If an associate uses AI to draft a motion outline, the policy should require the associate to retrieve and read each cited case, confirm the holding, and ensure the case is good law before inclusion in any draft filed or shared with a client.
6) Build a CCPA/CPRA-aligned vendor due diligence and contracting section
If the firm uses enterprise AI, transcription bots, or document intelligence platforms, your policy should require a procurement checklist and written contract controls. At minimum, require:
- Data use limitations: vendor may use data only to provide services, not to train models for other customers (unless expressly approved with informed client consent where needed).
- Confidentiality obligations covering attorney-client and work product sensitivity.
- Security controls: encryption in transit/at rest, access controls, MFA, vulnerability management.
- Subprocessor transparency: disclosure and flow-down obligations.
- Retention/deletion: defined retention periods; deletion on request; no indefinite log retention.
- Incident response: prompt breach notification and cooperation obligations.
- Audit rights or at least security attestations (SOC 2 Type II, ISO 27001, etc.).
In CCPA/CPRA terms, the contract should be structured to support a “service provider” or “contractor” role where applicable—restricting the vendor from “selling” or “sharing” personal information and limiting processing to specified business purposes.
7) Add a “client communication and consent” framework
Not every AI use requires client consent, but your policy should tell attorneys when to consider disclosure. Include triggers such as:
- Uploading client documents to any third-party AI system (even if enterprise) where confidentiality risk is non-trivial.
- Using AI to make material strategic recommendations (e.g., settlement valuation) where tool limitations could affect advice.
- Using AI in ways that meaningfully affect billing, delegation, or the nature of work performed.
Provide approved language for engagement letters or matter-specific disclosures. For example: a clause stating the firm may





















