In June 2023, Judge P. Kevin Castel had a problem. Two lawyers from Levidow, Levidow & Oberman had filed a brief in Mata v. Avianca that cited six cases as supporting precedent. There was just one issue: none of the cases existed.
Varghese v. China Southern Airlines. Shaboon v. Egyptair. Petersen v. Iran Air. Martinez v. Delta Airlines. Estate of Durden v. KLM Royal Dutch Airlines. Miller v. United Airlines. All fabricated. All generated by ChatGPT. All submitted to a federal court as real legal authority.
Judge Castel sanctioned both lawyers with a $5,000 fine and ordered them to send apology letters to every judge falsely identified as the author of the fake opinions. The incident made national headlines as the first known case of attorneys sanctioned for AI misuse.
But here's the thing: the hallucination problem isn't the real risk for lawyers using ChatGPT. Hallucinations are embarrassing and can get you sanctioned. The bigger risk is privilege waiver. And that risk exists every single time you paste client information into a consumer AI tool.
The short version: If you need to redact sensitive documents before they reach AI systems, PaperVeil handles that layer. The rest of this article explains where it fits in the broader governance architecture.
What "Safe" Actually Means for Lawyers
For most industries, "safe" AI usage means protecting sensitive data from unauthorized access or misuse. For lawyers, the stakes are higher and more specific. You're not just protecting data. You're protecting a legal privilege that, once waived, cannot be restored.
Attorney-client privilege is foundational to legal practice. It's what allows clients to be fully candid with their lawyers. The privilege attaches to communications made in confidence between a client and attorney for the purpose of obtaining legal advice. And here's the critical part: "voluntary disclosure of privileged information to a third party generally effectuates a complete waiver of the privilege." That's black letter law.
Model Rule 1.6 codifies this duty. A lawyer must keep confidential all information relating to the representation of a client, regardless of its source. Rule 1.6(c) goes further: lawyers must make "reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to" client information.
When you paste a privileged communication into ChatGPT, you're transmitting it to OpenAI's servers. OpenAI is a third party. Under traditional privilege analysis, that's disclosure. And disclosure means waiver.
The Data You're Putting at Risk
Legal work generates an extraordinary volume of sensitive information. Understanding what's at risk clarifies why consumer AI tools are dangerous for lawyers.
Privileged communications include everything from initial client consultations to litigation strategy discussions. These are the conversations your clients expect will never be disclosed. They're protected precisely because that protection enables candor.
Work product encompasses your legal analysis, mental impressions, and case theories. Work product protection is distinct from privilege, but it's equally critical to effective representation.
Client PII includes names, addresses, Social Security numbers, financial information, and other identifying data. This is protected by various data protection laws, but for lawyers, it's also encompassed by the duty of confidentiality.
Case strategy reveals how you plan to approach litigation, settlement discussions, and negotiations. Exposing this to opposing counsel would be malpractice.
Settlement discussions and litigation hold materials often contain admissions or strategic calculations your client would never want disclosed.
All of this becomes vulnerable the moment you paste it into a consumer AI interface.
How ChatGPT Actually Handles Data
OpenAI offers multiple tiers of service with dramatically different data handling practices.
Consumer tiers (Free, Plus, Pro) have no Business Associate Agreement available. Data may be used to train future models unless you opt out. Even with the training toggle disabled, conversations are still transmitted to OpenAI's servers and retained. OpenAI's privacy policy states it collects personal information from inputs, uploads, and feedback. Conversations may be reviewed by human AI trainers.
ChatGPT Enterprise and ChatGPT for Business operate differently. OpenAI does not use your data for training. Enterprise customers get SOC 2 Type 2 certification, AES-256 encryption at rest, TLS 1.2+ encryption in transit, data residency options in 10+ regions, audit logs, and the ability to execute a Data Processing Agreement.
The API offers similar protections for enterprise customers, including Zero Data Retention options for those who need it.
The gap between tiers is stark. According to the Clio Legal Trends Report 2025, 79% of legal professionals now use AI tools. But most aren't using enterprise tiers with appropriate protections. They're using consumer interfaces that log conversations, may use data for training, and offer no contractual protections for confidentiality.
Where ChatGPT Falls Short for Legal Use
The ABA addressed this directly in Formal Opinion 512, released in July 2024. It's the ABA's first ethics guidance on generative AI, and it makes several things clear.
Model Rule 1.6 applies to AI tool usage. Lawyers must keep client information confidential and make reasonable efforts to prevent unauthorized disclosure. Using a consumer AI tool that logs conversations and may use data for training does not meet this standard.
Informed consent is required for "self-learning" AI tools. The opinion specifically calls out tools like ChatGPT that learn from user inputs. Before entering any client information into such a tool, you need informed consent from the client. Not boilerplate engagement letter language. Actual informed consent that explains the specific risks.
The privilege analysis is unfavorable. Inputting confidential client information into public AI platforms may constitute disclosure to a third party. This can result in privilege waiver, particularly if the platform's terms of service allow the provider to retain or use the data.
State bars have reinforced these requirements. Florida's Opinion 24-1 (January 2024) requires informed consent before using third-party AI with confidential information. Texas Opinion 705 (February 2025) warns of the risks of inputting sensitive client details into AI systems and recommends thorough vetting of AI tools for confidentiality safeguards. North Carolina's 2024 Formal Ethics Opinion requires lawyers to ensure information remains secure from unauthorized access or inadvertent disclosure.
And here's the uncomfortable reality: 53% of law firms have no AI policy at all, according to industry surveys. Their lawyers are using ChatGPT with client data right now, with no guidance and no safeguards.
The Professional Services Risk Premium
IBM's 2024 Cost of a Data Breach Report puts the average breach cost for professional services at $5.08 million. That's higher than most industries. The ABA's 2023 Legal Technology Survey found that 30% of law firms have experienced a security breach.
These aren't abstract risks. They're statistical realities. And they're getting worse as AI adoption accelerates without corresponding investment in governance.
The 2025 ABA Technology Survey showed AI adoption in legal tripled from 11% in 2023 to 30% in 2024. Clio's research shows 79% of legal professionals using AI in some capacity. But Embroker's survey found 41% of lawyers are concerned about data privacy related to AI adoption.
They should be concerned. The tools most lawyers are using weren't designed for confidential legal information.
Making It Safe: The Redaction Approach
The core problem is that you're sending identifiable, privileged information to a third party. The solution is to stop doing that.
If you strip client identifiers from documents before they reach ChatGPT, you're not disclosing privileged information. You're using an AI tool on anonymized data. There's no privilege to waive because there's no privileged information being transmitted.
This is the redaction-first approach, and it works regardless of which AI tool you use.
Before:
"John Smith retained our firm regarding the dispute with Acme Corporation. Per our call on January 15, he confirmed that the contract was signed under duress. His Social Security number is 123-45-6789 and he can be reached at [email protected]."
After:
"[CLIENT] retained our firm regarding the dispute with [COMPANY]. Per our call on [DATE], he confirmed that the contract was signed under duress. His Social Security number is [REDACTED] and he can be reached at [REDACTED]."
ChatGPT can now help you draft a response, analyze the legal issues, or summarize the matter. It never sees the privileged information. Your duty of confidentiality is preserved.
Practical Implementation for Law Firms
Here's how to implement safe AI usage in a legal practice.
Step 1: Block consumer ChatGPT at the network level. If attorneys can access chatgpt.com, some will paste privileged information into it. Human nature. Block the consumer interface entirely. Make the approved workflow the only option.
Step 2: Deploy a redaction layer. You need software that reliably strips identifying information before any AI processing. This means Named Entity Recognition for names, organizations, and locations. Pattern matching for structured identifiers like Social Security numbers, phone numbers, and email addresses. Support for PDFs (the format of most legal documents). And audit logging that proves what was redacted and when.
Step 3: Choose an enterprise AI option if you need identifiable data. ChatGPT Enterprise offers the contractual protections lawyers need: no training on your data, encryption, audit logs, and the ability to sign a Data Processing Agreement. The API with a BAA is another option. But enterprise tools aren't cheap, and they still don't eliminate privilege concerns entirely.
Step 4: Create an AI usage policy. More than half of law firms have no AI policy. That's negligence in 2026. Your policy should specify which tools are approved, what data can and cannot be entered, who is responsible for compliance, and what the consequences are for violations.
Step 5: Train your staff. According to research, 73% of employees stop risky behavior when they receive real-time alerts. Training works, but it has to be ongoing. Include specific scenarios, not just abstract rules.
Step 6: Document everything. When the bar investigates (and they will, eventually, for someone), you need documentation showing what controls were in place and how they were enforced.
The Bottom Line
Is ChatGPT safe for lawyers? Consumer ChatGPT (Free, Plus, Pro) is definitively not safe for any use involving client information. Every time you paste privileged content into a consumer AI interface, you're creating privilege waiver risk.
ChatGPT Enterprise, with appropriate contractual protections, can support safer workflows. But even enterprise tools require careful implementation to maintain confidentiality.
For most law firms, the practical answer is the redaction approach: strip client identifiers before any AI processing. This preserves privilege, maintains confidentiality, and lets you use AI's productivity benefits without the compliance exposure.
The 79% of legal professionals using AI aren't going to stop. The question is whether they'll do it safely or become the next Mata v. Avianca headline. The tools to do it safely exist. The question is whether firms will implement them before the bar comes calling.
PaperVeil lets you redact sensitive information from documents before they touch any AI system. Detect and remove privileged content, client identifiers, and confidential data automatically. Generate audit trails that prove compliance. The redaction layer that makes AI document processing actually safe for legal practice.