Data Security in Legal AI: What Law Firms Should Expect

When a law firm adopts an AI tool for client intake, it is entrusting a third-party system with some of the most sensitive information in any industry: names, contact details, case descriptions, financial situations, and sometimes deeply personal circumstances. The ethical obligations that govern attorney-client relationships extend to the tools firms use to collect and store this data.

The Unique Security Requirements of Legal Data

Legal data isn't just personally identifiable information (PII) — it's potentially privileged information. The ABA's Model Rule 1.6 requires lawyers to make "reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client." This obligation applies to digital tools just as it applies to physical file cabinets.

ABA Formal Opinion 477R (2017) specifically addresses the duty of confidentiality when using technology. It requires lawyers to understand the nature of the technology being used, the sensitivity of the information, and the legal protection afforded to the information.

Encryption: The Foundation

Any AI tool handling legal data should implement encryption at two levels:

• Encryption in transit (TLS): All data moving between the client's browser and the server must be encrypted using TLS 1.2 or higher. This prevents interception during transmission.
• Encryption at rest: Data stored in databases should be encrypted. The gold standard is field-level encryption using AES-256-GCM, where individual fields (names, emails, phone numbers) are encrypted with separate keys rather than relying on whole-disk encryption alone.

Field-level encryption is particularly important because it protects data even if the database itself is compromised — an attacker with access to raw database records would see encrypted ciphertext, not readable PII.

Multi-Tenant Data Isolation

Most legal AI tools serve multiple law firms from the same platform. This multi-tenant architecture is standard for SaaS, but it introduces a critical question: how is data separated between firms?

The strongest approach is query-level isolation, where every database query includes a firm identifier as a mandatory filter. This means the application is architecturally incapable of returning data from one firm to another, regardless of bugs or misconfigured access controls. This is different from — and more secure than — relying solely on user permissions to control access.

AI-Specific Considerations

AI tools introduce additional security considerations that traditional software does not:

• Training data boundaries: Conversation data sent to AI language models should never be used to train or fine-tune those models. The vendor should have explicit agreements with their AI provider that customer data is not used for training.
• Prompt injection prevention: The AI system must be hardened against prompt injection attacks, where a malicious user attempts to manipulate the AI into revealing system prompts, other users' data, or confidential information.
• Output guardrails: The AI should be constrained to only provide information from the firm's approved knowledge base. It should never fabricate case law, make up statistics, or provide legal advice.
• PII detection and redaction: Before any data is sent to external AI services, PII should be detected and either encrypted or redacted to minimize exposure.

Compliance Requirements to Verify

When evaluating an AI tool, law firms should ask these specific questions:

1. How is PII encrypted at rest? Is it field-level or whole-disk only?
2. Is my firm's data isolated from other firms at the database query level?
3. Is conversation data used to train AI models?
4. Where is data stored geographically? Is it in the US, EU, or both?
5. What is the data retention policy? Can I configure it?
6. Can I export all my data in a standard format?
7. Is there a complete audit log of who accessed what data and when?
8. What happens to my data if I cancel the service?

The Standard Law Firms Should Demand

The bar for legal technology security should be higher than general business software. Firms should expect AES-256-GCM encryption at rest, TLS in transit, strict multi-tenant isolation, no AI training on customer data, configurable retention periods, full data export capability, and comprehensive audit logging. These aren't aspirational features — they're the minimum standard for any tool handling attorney-client information.