ChatGPT Enterprise Security: What Legal Teams Need to Know

In July 2025, OpenAI CEO Sam Altman made a statement that should concern every lawyer using ChatGPT. In a podcast interview, he acknowledged that ChatGPT does not provide legal privilege or "legal confidentiality" and added, "we haven't figured that out yet."

This admission came years after lawyers began using ChatGPT for everything from contract drafting to case research. According to the 2024 ABA Legal Technology Survey Report, 79% of lawyers used AI tools in their practice that year. But only 10% of firms had policies guiding that use.

The gap between adoption and governance creates real risk. When lawyers input client information into ChatGPT, even the Enterprise version, they're sharing confidential data with a third party under circumstances no court has definitively ruled on. The security features matter. But for legal teams, they're only part of the picture.

The short version: If you need to redact sensitive documents before they reach AI systems, PaperVeil handles that layer. The rest of this article explains where it fits in the broader governance architecture.

The Legal Team Perspective

Legal teams evaluating ChatGPT Enterprise face concerns that other departments don't share.

Privilege preservation. Attorney-client privilege protects confidential communications made for the purpose of obtaining legal advice. The protection can be waived by disclosure to third parties. When client information enters ChatGPT, it reaches OpenAI's systems. Whether this constitutes waiver remains legally unsettled.

Work product protection. The work product doctrine protects materials prepared in anticipation of litigation. AI-assisted legal analysis, strategy documents, and case preparation all potentially fall within this protection. But only if they don't lose protection through the AI processing itself.

Ethical obligations. ABA Model Rule 1.6 requires lawyers to make reasonable efforts to prevent unauthorized disclosure of client information. Rule 1.1 requires technological competence. Using AI tools without understanding their security implications may violate both rules.

Discovery exposure. ChatGPT interactions may be discoverable in litigation. Prompts revealing legal strategy, work product, or client confidences could be compelled through discovery requests. The lack of clear privilege protection means these records might not be shielded.

Malpractice liability. If client information is exposed through AI use, the lawyer may face malpractice claims. If AI-generated work product contains errors that weren't caught, liability follows. The security model directly affects professional responsibility.

These concerns don't mean legal teams can't use ChatGPT Enterprise. They mean legal teams need to understand exactly what protections exist and where gaps remain.

ChatGPT Enterprise Security Model

OpenAI built ChatGPT Enterprise specifically for organizational use. The security model differs significantly from consumer ChatGPT.

Data Handling

No training on your data. Enterprise customer data is explicitly excluded from model training. Your prompts and responses won't improve ChatGPT for other users. This addresses one of the primary concerns about consumer AI: that confidential information could influence outputs for others.

Data encryption. Data is encrypted at rest using AES-256 and in transit using TLS 1.2+. These are standard enterprise encryption levels that meet most organizational security requirements.

Shorter retention. Enterprise conversations are retained for up to 30 days for abuse monitoring, significantly shorter than consumer retention periods. Organizations can negotiate even shorter retention windows.

SOC 2 Type 2 compliance. OpenAI maintains SOC 2 Type 2 certification, demonstrating that independent auditors have verified their security controls operate effectively over time.

Administrative Controls

SSO integration. Enterprise supports single sign-on through SAML, allowing organizations to manage authentication through existing identity providers. This enables centralized access control and MFA enforcement.

Admin console. Administrators can manage users, monitor usage patterns, set permissions, and enforce organizational policies. Visibility into how the tool is being used helps with governance.

Domain verification. Organizations can verify their domain to ensure only authorized users access Enterprise features. This prevents unauthorized individuals from claiming organizational access.

Data residency options. For organizations with geographic data requirements, Enterprise offers data residency controls to ensure processing occurs in specified regions.

API Access

Organizations can access GPT-4 and other models through the API with additional controls:

Zero Data Retention (ZDR). API customers can configure zero-data-retention, meaning OpenAI doesn't retain prompts or completions beyond the immediate request. For legal teams processing client data, ZDR eliminates retention concerns entirely.

Custom fine-tuning. Organizations can fine-tune models on their own data without that data being used for broader training.

Where Enterprise Falls Short for Legal Teams

Despite substantial security improvements, ChatGPT Enterprise doesn't solve every legal team concern.

The Privilege Question

Enterprise security features don't create attorney-client privilege. OpenAI's terms and security controls can prevent data from being used for training or retained long-term. They cannot transform OpenAI into a party to the attorney-client relationship.

The legal analysis for privilege typically requires:

  1. A communication
  2. Made in confidence
  3. Between attorney and client (or their agents)
  4. For the purpose of obtaining legal advice

ChatGPT doesn't fit cleanly into "agent of the attorney" frameworks that courts use for secretaries, paralegals, or expert witnesses. No court has definitively ruled on the question, leaving genuine uncertainty.

The conservative legal position treats any client information entered into ChatGPT as potentially non-privileged. Enterprise security features reduce the practical risk of exposure but don't resolve the legal status.

Discovery Exposure

ChatGPT interactions generate records. Even with shorter retention periods, those records exist for some time. Litigation holds may require preservation of AI interactions. Discovery requests may seek ChatGPT usage related to a matter.

Enterprise audit logs create additional records that document usage. For compliance purposes, this is valuable. For discovery exposure, it means more potential evidence.

Work product protection may shield some AI interactions, but only if the work product doctrine applies. Mental impressions and legal theories shared with ChatGPT might lose protection if disclosure to OpenAI defeats the "in anticipation of litigation" requirement.

Vendor Relationship Complexity

Enterprise agreements involve terms negotiation, but OpenAI's core terms still govern significant aspects of the relationship:

  • Acceptable use policies
  • Content policies
  • Liability limitations
  • Indemnification provisions

Legal teams need to review these terms with the same diligence applied to any vendor handling sensitive data. The Enterprise agreement modifies some provisions but doesn't replace the underlying terms of service.

The Consumer Access Problem

Even with Enterprise deployed, lawyers may still use consumer ChatGPT:

  • Personal accounts on personal devices
  • Home use for "quick" work tasks
  • Consumer subscriptions that seem similar to Enterprise

Enterprise security means nothing if client data flows through consumer channels. The security perimeter requires controlling all AI access, not just Enterprise access.

Enterprise Controls for Legal Teams

To use ChatGPT Enterprise safely, legal teams need implementation beyond default configuration.

Access Management

Restrict by practice area. Not all legal work involves the same sensitivity. IP litigation involving trade secrets requires different controls than general corporate advisory. Configure access permissions by practice area or matter type.

Require approval for high-risk matters. Implement approval workflows before ChatGPT use on matters involving:

  • Pending litigation
  • Regulatory investigations
  • Highly confidential transactions
  • Trade secrets or competitive intelligence

Audit usage regularly. Review admin console logs to understand how attorneys and staff use ChatGPT. Identify patterns that suggest inappropriate use or policy violations.

Data Controls

Configure ZDR where possible. For API-based integrations, enable zero-data-retention to eliminate prompt storage entirely.

Implement DLP monitoring. Data loss prevention tools should monitor for client identifiers, matter numbers, and other sensitive patterns in AI interactions.

Block consumer AI access. Use network controls to prevent consumer ChatGPT access on organizational devices and networks. Enterprise deployment only works if it's the only option.

Policy Framework

Establish clear policies covering:

Permitted uses:

  • Legal research on public legal questions
  • Drafting templates without client specifics
  • Summarizing publicly available information
  • Brainstorming general legal approaches

Prohibited uses:

  • Client names or identifying information
  • Specific case facts or strategies
  • Privileged communications
  • Work product containing mental impressions
  • Any content from matters with litigation holds

Review requirements:

  • All AI-assisted work product must be reviewed for accuracy
  • Attorneys remain responsible for AI outputs
  • Hallucinations and errors must be caught before client delivery

Documentation requirements:

  • AI assistance should be disclosed as appropriate
  • Usage logs should be maintained for potential discovery response
  • Billing implications of AI use should be addressed

Vendor Assessment Questions

Before deploying ChatGPT Enterprise, legal teams should get answers to:

Security and compliance:

  • What third-party security certifications does OpenAI maintain?
  • How is our data isolated from other Enterprise customers?
  • What happens to our data if we terminate the agreement?
  • What are the incident notification procedures?

Legal exposure:

  • What representations does OpenAI make about privilege protection?
  • What indemnification is provided for data breaches?
  • What cooperation is provided for discovery requests?
  • What records does OpenAI maintain about our usage?

Operational:

  • What is the uptime SLA?
  • How are model updates communicated?
  • What support is available for security questions?
  • How are custom configurations maintained during updates?

Contractual:

  • Can we negotiate shorter retention periods?
  • What modifications to standard terms are available?
  • What audit rights do we have?
  • What are the termination provisions?

Document the answers. They become part of your reasonable precautions analysis if privilege questions arise later.

The Practical Path Forward

ChatGPT Enterprise can serve legal teams effectively when implemented correctly.

Use AI for non-privileged work. Research on legal topics, drafting templates, summarizing public documents. None of this requires client-specific information that creates privilege concerns.

Sanitize before processing. When AI assistance is valuable for client-specific work, remove identifying information first. "Draft a motion to compel for a breach of contract case where defendant failed to produce financial records" doesn't identify the client. The AI provides structure and language. You add the specifics.

Build internal review processes. Every AI-assisted deliverable needs human review. Not just for accuracy, but for inadvertent disclosure of information that shouldn't have been processed.

Document your approach. If privilege is ever contested, your ability to demonstrate reasonable precautions matters. Document your policies, your training, your technical controls, and your review processes.

Stay current. The legal landscape for AI privilege is evolving. Court decisions, bar opinions, and regulatory guidance will clarify questions that remain open today. Your policies need to adapt.

ChatGPT Enterprise provides security controls that address many organizational concerns. For legal teams, those controls are necessary but not sufficient. The unique position of lawyers as fiduciaries with privilege obligations requires additional layers of protection that technology alone cannot provide.

The attorneys who benefit from AI are those who understand both its capabilities and its limitations. ChatGPT Enterprise is a powerful tool. Using it safely requires understanding that enterprise security and legal privilege are different things, and planning accordingly.

PaperVeil lets you redact client-identifying information from documents before AI processing. Strip names, matter numbers, and privileged content automatically. Generate audit trails demonstrating your reasonable precautions. The protection layer that makes AI-assisted legal work actually defensible.