An articling student summarizes a client's confidential settlement position in ChatGPT to draft a memo faster. A paralegal uploads a draft NDA to check the indemnity language. Neither thinks of it as sending client data anywhere — it feels like using a smarter search box. But the moment that prompt is submitted, the content becomes subject to the provider's terms of use, which can grant broad rights to retain, process, and train on it. It cannot be recalled. And the lawyer whose name is on the file owns the consequence.
The duty of technological competence is often discussed as if it were about knowing how to run a document-management system. It is more demanding than that. Understanding the technology you use means understanding what happens to a client's information when it passes through a tool — including the free consumer AI tools your staff already reach for whether or not your firm has a policy about them.
Competence now includes knowing where the data goes
Canadian law societies have folded technological competence into the broader duties every lawyer already carries: confidentiality and solicitor-client privilege. CPATA holds patent and trademark agents to parallel standards. The obligation is not to be an engineer. It is to make informed decisions about the tools that touch client information — which means being able to answer a basic question: if I put this into that tool, who else can see it, and can I get it back?
For public AI tools, the honest answer is uncomfortable. Once a prompt is submitted, control is gone. It may be retained, reviewed by the provider's sub-processors, or used to improve the model. A U.S. court in U.S. v. Heppner (S.D.N.Y., Feb 2026) held that documents created with a public generative-AI tool were not protected by attorney-client privilege. In Trinidad v. OpenAI (N.D. Cal., Jan 2026), a trade-secret claim failed because developing the alleged secrets through ChatGPT counted as voluntary disclosure — the secrecy that made them protectable was already gone. These are early decisions in another jurisdiction, and they are signals rather than settled law. But the direction is clear enough that a competent lawyer cannot treat a public AI tool as a private notepad.
The jurisdictional wrinkle matters too. What counts as sensitive client data in Canada is not identical to the U.S. definition. A firm with cross-border clients cannot assume one global standard protects them everywhere.
The exposure is the same across every practice
There is a temptation to treat this as a litigation problem, or a corporate problem, and to assume other practice areas are lower risk. They are not. Family, immigration, real estate, corporate, and litigation lawyers all do legal research, document review, contract and NDA drafting, and diligence — and all of it involves client information that carries confidentiality and privilege obligations. The exposure follows the data, not the practice area.
What makes this hard to manage is that the people creating the exposure are often the most junior. The rules of professional conduct treat an AI system much like a junior lawyer: whatever an intern, articling student, or assistant produces, the supervising lawyer signs it and bears the risk. Cyberhaven's 2025 data found that 82.8% of legal documents entered into AI tools went to non-corporate accounts — personal logins, outside any firm oversight. Gartner's 2026 survey reported that 88% of employees with enterprise AI access also use personal AI tools for work. A firm policy that says "don't use ChatGPT" does not touch the personal account someone opens on their own laptop.
To be precise about the risk we are describing: this is about disclosure of confidential client data, not about the fabricated-citation stories that dominate headlines. Verifying that a case citation is real is a separate problem. The quieter, more common failure is the one where privileged or confidential information leaves the firm's control the instant a prompt is sent — and no one notices, because the tool returns a helpful answer and the work gets done faster.
Demonstrable diligence is the point, not a ban
Banning the tools does not work; it drives usage onto personal accounts where the firm has no visibility at all. The more defensible posture is governance: knowing where AI is being used, keeping client data out of the prompts that leave the firm, and turning each near-miss into a moment of instruction so people get measurably better at safe use.
This also maps to how discipline and liability actually play out. Penalties are often reduced when a lawyer can show they took adequate steps to prevent the harm. A record that sensitive data was caught before a prompt was submitted is evidence of reasonable safeguards — framed directionally, not as a guarantee of any outcome. And there is an upside beyond defence: firms increasingly disclose their AI use to clients and seek consent. Being able to tell a client "we run a control that keeps your data out of public AI tools" is a trust signal, not just a shield.
The control has to act before submission, because after submission there is nothing left to control. This is the principle Sanitized AI is built on: catch confidential and privileged content in a prompt and redact or block it before it reaches the AI tool, and explain to the person, in plain language, what was flagged and why — so the next prompt is safer.
The question to ask this quarter
Do you know which AI tools your staff — including students and assistants — are using on client files, and whether client data is leaving the firm inside those prompts? If you cannot answer that, your duty of technological competence has a gap in exactly the place a discipline panel would look first. Start by making that usage visible, then by keeping client data out of the prompt box.
If you want to see what that looks like for your firm, request a demo or intake with our team.