How to Draft an AI Use & Confidentiality Policy for Your Law Firm in California (2026 Compliance Checklist)

How to Draft an AI Use & Confidentiality Policy for Your Law Firm in California (2026 Compliance Checklist)

California law firms should adopt an AI Use & Confidentiality Policy with at least 12 core controls—covering client consent, privilege protection, vendor security, and employee training—to stay defensible in 2026. With rapid adoption of generative AI in legal practice, unmanaged prompts and third‑party tools can expose confidential client information and create malpractice risk. This article provides a California-focused compliance checklist, sample clauses, and implementation steps attorneys can use immediately.

Why California firms need an AI Use & Confidentiality Policy (not just “guidelines”)

In 2026, “we told people to be careful” is not a defensible position when a lawyer pastes client facts into a public generative AI tool, an intake team uploads records to an unvetted transcription app, or a vendor uses your uploads to train its model. For California firms, the risk profile is amplified by strict duties of confidentiality, competence, supervision, and safeguarding client property—plus expanding privacy and cybersecurity expectations.

An AI Use & Confidentiality Policy should be a firmwide, enforceable document that: (1) defines approved use cases; (2) prohibits high-risk handling of client information; (3) requires security controls and vendor vetting; and (4) creates auditable procedures. Think of it as the AI counterpart to your information security policy, written in plain English for lawyers and staff.

What California rules and standards should your policy align with?

Your policy should be drafted to harmonize with (at minimum) these California-focused obligations and commonly cited standards:

1) California Rules of Professional Conduct (CRPC)

Confidentiality (CRPC 1.6) requires a lawyer not to reveal information protected by Business & Professions Code section 6068(e)(1) without informed consent or other exception. AI tools can “reveal” information if prompts, files, or outputs are accessible to vendors, subcontractors, or other users.

Competence (CRPC 1.1) includes understanding the benefits and risks of relevant technology. Using AI for legal tasks without understanding hallucinations, model limitations, or data retention can create competence issues.

Supervision (CRPC 5.1 & 5.3) requires oversight of lawyers and nonlawyers. If paralegals or assistants use AI to draft filings or summarize discovery, the firm must implement guardrails and review.

2) California privacy and security expectations

Even where the firm is not a “business” under the CCPA/CPRA, California clients increasingly demand CCPA-style controls in engagement letters and outside counsel guidelines. Your policy should be compatible with privacy-by-design practices: data minimization, purpose limitation, retention controls, and vendor contractual restrictions.

3) Court and client expectations

Courts have sanctioned improper AI use (e.g., citing fabricated authorities). Sophisticated clients increasingly require written AI policies, vendor lists, and evidence of training. A concise, auditable policy can reduce friction in RFPs, audits, and incident response.

2026 Compliance Checklist: 12 required sections for an AI Use & Confidentiality Policy

Below is a practical checklist you can use as the table of contents for your policy. For each item, include a “what,” “who,” “how,” and “records to keep.”

1) Scope, definitions, and tool classification

Define “AI Tool” broadly: generative chat, drafting assistants, e-discovery analytics, transcription, translation, research summarizers, OCR with ML, and “agent” workflows. Classify tools into tiers such as:

Tier 1 (Public/consumer AI): tools that may store prompts, use them for training, or lack enterprise controls. Generally prohibited for client data.

Tier 2 (Approved enterprise AI): contractually restricted from training on your data, with admin controls, SSO, and audit logs.

Tier 3 (On-prem/private models): highest control; still requires guardrails for accuracy and privilege.

2) Permitted vs. prohibited use cases (make it specific)

Spell out examples. Ambiguity invites policy violations.

Permitted (with conditions): brainstorming outlines using non-client hypotheticals; summarizing public statutes/regulations; reformatting your own text; generating checklists; translating non-confidential content.

Permitted (client-related, only in approved tools): summarizing deposition transcripts; drafting discovery requests; issue-spotting on briefs—only with attorney review and citation verification.

Prohibited: inputting client confidential information into Tier 1 tools; asking AI to provide legal advice directly to a client; generating citations without manual verification; using AI to make final strategic decisions; bypassing DLP controls.

3) Client confidentiality and “no client data in public AI” rule

Use an explicit bright-line rule: no client confidential information (including names, unique facts, documents, metadata, and privileged communications) may be entered into non-approved AI tools.

Define “client confidential information” to include any information related to the representation, regardless of public availability, if its selection/compilation would reveal strategy or work product.

4) Privilege and work-product protection procedures

AI can complicate privilege claims when third parties store or process inputs. Your policy should require:

Need-to-know minimization: only the minimum excerpt needed for the task.

De-identification: redact names, dates, deal terms, and unique facts whenever possible.

Privilege labeling: clearly label AI-processed documents as “Attorney-Client Privileged / Attorney Work Product” in your DMS where appropriate.

Human review: AI output is never treated as final legal work without attorney verification.

5) Accuracy, citation, and “hallucination” controls

Require a documented verification workflow:

  • All cases/statutes must be confirmed in authoritative sources (e.g., Westlaw/Lexis or official repositories).
  • AI-generated quotations must be checked against the original.
  • AI summaries of evidence must be cross-checked with the record.

Include a mandatory disclaimer in internal use: “AI output may be inaccurate; do not rely without independent verification.”

6) Vendor due diligence and contracting requirements

Your policy should require a standardized security and legal review before any AI tool is approved, including:

  • Data ownership and use: vendor may not train models on firm/client data.
  • Retention: short retention by default; admin-configurable deletion.
  • Security: encryption in transit/at rest; SOC 2 Type II (or equivalent); incident response SLAs.
  • Subprocessors: disclosed and contractually bound.
  • Audit rights: at least reasonable documentation and security attestations.

Example clause concept: “Provider shall not use Customer Data to develop or train any machine learning models, except to provide the Services to Customer, and shall delete Customer Data within X days of request or termination.”

7) Access controls, logging, and device management

Require enterprise controls where available:

  • SSO/MFA for AI tools
  • Role-based access (limit who can upload files)
  • Centralized logging (who accessed, uploaded, exported)
  • Prohibit personal accounts for firm work

Pair this with device rules: firm-managed devices for AI tasks involving client data; restrictions on browser plugins that capture page content.

8) Data handling: uploads, downloads, retention, and DLP

Include operational rules that staff can follow:

  • No uploading entire client files “for convenience.” Use targeted excerpts.
  • Store AI outputs in the matter DMS, not in vendor chat history.
  • Define retention: how long AI prompts/outputs may remain in the tool.
  • Enable DLP where feasible (blocking SSNs, bank data, health info).

9) Client consent and engagement letter alignment

Decide when to obtain client consent and document it. Many firms adopt a tiered approach:

No consent needed for purely administrative, non-confidential uses (e.g., formatting an internal checklist with no client data).

Informed consent recommended/required where client confidential information is processed by third-party AI vendors, or where the client’s outside counsel guidelines demand disclosure.

Practice tip: add an engagement letter provision that discloses limited AI use, confirms attorney supervision, and explains safeguards (no training, security controls, verification). Keep the language accurate—overpromising creates risk.

10) Training, supervision, and role-specific playbooks

Mandate onboarding and annual refreshers. Provide role-based rules:

  • Attorneys: verification, privilege, client communication boundaries.
  • Paralegals/legal assistants: allowed drafting tasks; escalation triggers.
  • Intake/marketing: prohibition on entering prospective client details into public AI; scripts for consent.
  • IT/admin: approved tool list, configuration baselines, logging.

11) Incident response: AI-related breaches and reporting

Define “AI Incident” (e.g., misdirected upload, prompt containing confidential info to public AI, vendor breach, unauthorized plugin capturing data). Require:

  • Immediate reporting to a designated AI/Security lead
  • Preservation of logs and screenshots
  • Rapid containment (revoke tokens, delete conversations, disable accounts)
Scroll to Top