On January 22, 2024, the Florida Bar adopted ethics guidelines for the use of generative artificial intelligence (AI). The guidance states that lawyers can use AI, but only if they can guarantee compliance with ethical obligations. 

The guidance includes the following requirements:

• Lawyers must take reasonable steps to protect the confidentiality of client information

• Lawyers must develop policies to oversee the use of generative AI

• Lawyers must ensure fees and costs are reasonable

• Lawyers must comply with applicable ethics and advertising regulations

• Lawyers must obtain client consent before using third-party AI technologies that involve the disclosure of confidential information

• Lawyers must avoid frivolous claims and contentions

• Lawyers must be candid to the tribunal

• Lawyers must make statements truthful to others

• Lawyers must avoid clearly excessive fees and costs

• Lawyers must comply with restrictions on advertising for legal services 

The guidance also states that supervisory lawyers are responsible for reviewing and being responsible for AI work products similar to non-lawyers.

How can Attorneys Maintain Client Confidentiality?

Using “closed” AI systems can be a strategy to enhance client confidentiality. Closed AI systems refer to artificial intelligence models and applications that are deployed locally within an organization's infrastructure, as opposed to relying on external services which are usually cloud services. Here are some ways in which closed AI systems can contribute to maintaining client confidentiality:

1. Data Stay on Premises:

   • With closed AI systems, sensitive client data remains within the organization's premises, reducing the risk of exposure to external entities. This can provide greater control over data handling and minimize the reliance on external service providers.

2. Reduced External Access Points:

   • Closed AI systems typically have fewer external access points compared to cloud-based solutions. This can reduce the attack surface and potential vulnerabilities that could be exploited by unauthorized individuals.

3. Enhanced Control Over Access:

   • Organizations can have more granular control over who has access to the AI system and the data it processes. Strict access controls can be implemented to ensure that only authorized personnel can interact with the system and access client information.

4. Custom Security Measures:

   • Organizations can implement customized security measures tailored to their specific needs and the nature of legal practice. This might include encryption, secure networking protocols, and other measures designed to protect client confidentiality.

5. Offline Processing:

   • Closed AI systems can operate offline, limiting the need for constant internet connectivity. This can be beneficial in situations where maintaining a secure and isolated environment is a priority.

6. Compliance with Local Regulations:

   • Using closed AI systems may help address concerns related to data sovereignty and compliance with local data protection regulations. Organizations can have more direct control over ensuring compliance with legal and ethical standards.

7. Mitigation of Third-Party Risks:

   • By relying on closed systems, legal practitioners can reduce their dependence on external service providers, minimizing the risks associated with third-party data handling. This may be particularly important when dealing with highly sensitive legal information.

8. Customization for Legal Processes:

   • Closed AI systems can be more easily customized to specific legal workflows and processes. This allows organizations to tailor the AI tools to meet the unique requirements of legal practice while maintaining confidentiality.

9. Limited Data Exposure:

   • Closed systems often involve less data sharing with external entities. This can reduce the exposure of client information to potential breaches or unauthorized access points.

It's important to note that while closed AI systems can enhance confidentiality, they also come with their own set of challenges, including potential limitations in scalability, resource requirements, and the need for in-house expertise to manage and maintain the systems.

Legal professionals should carefully evaluate the benefits and trade-offs associated with closed AI systems, considering factors such as the sensitivity of client data, regulatory requirements, and the organization's overall security posture. Additionally, staying informed about advancements in AI technology and security best practices is crucial for effectively managing client confidentiality in a rapidly evolving technological landscape.