AI in NZ Law Firms: Navigating Client Data Protection and Ethical Use

New Zealand law firms are increasingly adopting generative AI, drawn by its potential to boost efficiency in tasks like drafting and document review. However, this rapid integration brings significant concerns regarding client data protection and ethical considerations. Recent incidents highlight the risks of over-reliance on AI, underscoring the need for careful implementation and robust guidelines.

• A significant majority of legal professionals express concern about protecting client data when using generative AI.
• While many use approved, secure AI tools, a gap exists for those lacking institutional guidance.
• Accuracy and ethical use remain paramount, requiring diligent verification of AI-generated content.
• Clear policies, training, and secure tools are crucial for responsible AI adoption.

Generative AI is revolutionising the legal sector, offering capabilities beyond traditional AI by creating new content. This includes drafting legal texts, summarising case law, and reviewing documents, thereby accelerating workflows for law firms of all sizes and in-house legal departments. However, this powerful tool is not a substitute for professional judgment.

High-profile cases have demonstrated the perils of unchecked AI use. Examples include a California attorney fined for submitting fake citations generated by ChatGPT and a consulting firm facing repercussions for an AI-assisted report containing fabricated footnotes. These incidents underscore the critical need for lawyers to meticulously review AI outputs to ensure accuracy and prevent "hallucinations" or errors.

Surveys indicate that a substantial percentage of legal professionals are worried about safeguarding client or sensitive data when using AI tools. While many rely on firm-approved platforms with integrated data protection measures, a notable portion lacks access to such resources, creating a barrier to safe adoption. This uneven access challenges confidentiality, regulatory compliance, and professional responsibility.

Organisations deploying AI, including those in New Zealand’s legal sector, must adhere to privacy obligations. This involves understanding how AI systems handle personal information, whether for internal use or external services. Key considerations include data bias, lack of transparency in AI decision-making, the risk of data breaches, and individuals losing control over their personal information. Generative AI, in particular, carries risks related to misuse, disinformation, and the potential for AI models to regurgitate sensitive training data.

To mitigate risks, law firms should adopt a proportionate, risk-based approach. This includes conducting thorough due diligence on AI products, implementing "privacy by design" principles, and performing Privacy Impact Assessments. Firms must ensure AI tools are appropriate for their intended uses, understand the data sources used for training, and assess potential security risks. Crucially, clear policies on AI usage, comprehensive employee training, and obtaining informed consent where necessary are vital. Transparency about AI use and ongoing monitoring of AI systems are also essential for maintaining trust and compliance.

Despite the challenges, the outlook for AI in law is cautiously optimistic. The key lies in leveraging AI’s benefits while upholding accuracy, ethics, and trust. By investing in training, clear guidance, and robust ethical frameworks, law firms can empower their professionals to use AI confidently, enhancing efficiency and access to legal services in a responsible manner.

• The Role of Generative AI in the Legal Profession
  | LLM GUIDE, LLM Guide.
• Guidance on privacy and the use of commercially available AI products, OAIC.
• Data Privacy Laws Protect Consumers, But They Can Apply to Your Employees, Too, Corporate Compliance Insights.
• Could your employees’ use of ChatGPT put you in breach of GDPR?, Computer Weekly.