TL;DR: Adopting AI does not lower a lawyer's duty of confidentiality - it adds a vendor you must vet. The essentials are encryption in transit and at rest, strict access controls with audit logging, a no-training-on-your-data commitment, clear hosting and residency, and an incident-response plan. SOC 2 and ISO 27001 are useful signals to ask vendors for - evidence to request and read, not boxes a logo ticks.
A law firm's stock-in-trade is confidential information, and the duty to protect it does not pause when the work moves into an AI tool. If anything, it sharpens: every document you upload now passes through a vendor's systems, so the vendor's security becomes part of your security. The good news is that the questions are knowable and the controls are standard. This guide walks through what actually protects client data in an AI workflow - encryption, access control, data handling, hosting, and incident response - and how to read the certifications vendors cite. It is general information, not legal advice.
Why is data security a professional duty, not just IT?
Data security is often treated as an IT concern, but for lawyers it is a professional-responsibility issue. Bar regulators expect competence in the technologies you use and reasonable steps to safeguard client information; the American Bar Association's guidance on the duty of confidentiality under Model Rule 1.6 is widely cited on this point. A breach is not just an operational failure - it can be an ethical and regulatory one, with notification duties attached. That is why choosing and configuring secure tools, and vetting vendors, is part of practising competently, not an afterthought delegated entirely to IT.
What does the confidentiality duty require with AI tools?
The duty of confidentiality requires reasonable efforts to prevent unauthorised access to or disclosure of client information. Applied to AI tools, that translates into concrete diligence: understand how a tool stores and secures data, who can access it, whether it is used to train models, and what happens if something goes wrong. Reasonable is contextual - more sensitive matters warrant more scrutiny - but the floor is that you cannot meet a confidentiality duty with a tool whose data practices you have not examined. For the broader picture, see our guide to legal AI data security and confidentiality; this post focuses on the security mechanics and vendor evaluation.
How does encryption protect data in transit and at rest?
Encryption is the baseline. Data in transit - moving between your browser and the vendor's servers - should be protected with current transport encryption so it cannot be intercepted. Data at rest - stored on the vendor's systems - should be encrypted so that a stolen disk or a misconfigured store does not expose readable files. Neither is exotic; both are table stakes for any serious provider. Ask a vendor to confirm encryption in transit and at rest in writing, and treat the absence of a clear answer as a red flag. Frameworks like the NIST Cybersecurity Framework are a useful reference point for what good looks like.
Encryption is necessary but not the whole story, because data has to be decrypted to be used. The harder questions are who holds the keys, how access to decrypted content is controlled, and whether the vendor's own staff can read your files in the clear. Ask how key management works, whether you can hold or rotate keys, and whether support engineers can access your documents during troubleshooting. Strong transport and storage encryption mean little if the data is wide open once it is inside the system, so treat encryption as one layer in a stack rather than a box to tick on its own.
Why do access controls and audit logging matter?
Encryption protects data from outsiders; access controls and audit logging protect it from misuse. Role-based access control (RBAC) ensures that only the people who need a file can open it, and that permissions follow the matter rather than being open by default. An audit trail records who did what and when, so access is accountable and an incident can be reconstructed. For a firm, these two features turn a tool from a black box into something you can govern - you can see and limit exposure, and you can prove it. Judicio provides role-based access with a full audit trail through projects and roles.
Why does no-training-on-your-data matter?
A distinctive AI-era question is whether a vendor uses your uploads to train or improve its models. If it does, your confidential documents could influence outputs beyond your matter - an unacceptable risk for privileged material. The protection is a clear, contractual no-training commitment. Judicio does not train its models on your data; the broader point is to insist any vendor states the same in writing rather than relying on a marketing phrase. This is one of the simplest and most important questions to ask, and the answer should be unambiguous.
Be alert, too, to the difference between a default and a guarantee. Some tools do not train on your data by default but reserve the right to change that, or treat consumer and enterprise tiers differently. What you want is a contractual commitment that applies to your account, in writing, rather than a setting that can be toggled or a policy page that can quietly change. The same scrutiny applies to any third-party models a vendor builds on: ask whether your content is ever sent to a sub-processor that might retain or train on it. If a vendor cannot put no-training in the agreement, treat the assurance as provisional.
What should you know about hosting and data residency?
Where your data physically lives matters for both security and law. Hosting on a major cloud provider brings mature physical and infrastructure security; Judicio, for example, hosts on Google Cloud Platform. Data residency - the region where data is stored - can also carry legal weight under regimes like GDPR, so for some matters you will want to know, and perhaps constrain, the hosting location. Ask where data is stored, whether you can choose a region, and what sub-processors are involved. Hosting on reputable infrastructure is necessary but not sufficient; the surrounding controls still matter.
What do SOC 2 and ISO 27001 actually mean?
Vendors often cite security certifications, and they are useful - if you know what they mean and ask to see them. They are independent signals that controls exist and have been assessed, not guarantees that nothing can go wrong. Ask which a vendor holds, request the underlying report or certificate and its scope, and read it. The point is to treat a certification as evidence to examine, not a logo to trust.
| Standard | What it is | What to ask for |
|---|---|---|
| SOC 2 | An attestation report on security controls (Type II covers a period) | The current report, usually under NDA |
| ISO 27001 | A certifiable information-security management standard | The certificate and its scope statement |
| Penetration test | An independent test of system defences | A recent summary of findings and remediation |
What should you ask an AI vendor about security?
A short, written set of questions separates tools fit for confidential work from those that are not. Keep the answers on file as part of your diligence.
| Question | Why it matters |
|---|---|
| Do you train models on our data? | Determines whether your data feeds a model |
| Is data encrypted in transit and at rest? | Baseline protection for confidential material |
| How is access controlled and logged? | Limits and records who can see client data |
| Where is data hosted? | Affects residency and jurisdiction |
| What certifications or audits can you share? | Independent evidence of controls |
| What is your breach-notification process? | You need prompt notice to meet your duties |
| Will you sign a data processing agreement? | Sets contractual data-protection terms |
What should an incident-response plan cover?
Even with strong controls, incidents happen, so a plan matters. Internally, you need a way to detect a suspected breach, assess its scope, contain it, document it, and notify - clients, regulators, or affected individuals - where required, often on tight deadlines. From your vendor, you need a commitment to prompt breach notification so you can meet your own obligations; a tool that would leave you unaware of a breach undermines your ability to comply. Confirm the vendor's notification process and timing before you adopt it, and fold it into your own incident-response runbook.
It is worth rehearsing the plan rather than filing it away. A short tabletop exercise - walking through who is called, who assesses the scope, and who notifies whom within what window - exposes the gaps that only appear under pressure. Knowing in advance how you would learn of a vendor-side breach, and how quickly the vendor commits to telling you, is often the difference between meeting a notification deadline and missing it. Keep the written diligence answers from your vendor review attached to the runbook, so the people handling an incident are not rediscovering the vendor's commitments mid-crisis.
Where does Judicio fit?
Judicio is designed to be assessed, not taken on faith. It does not train on your data, hosts on Google Cloud Platform, and provides role-based access with a full audit trail, with files kept in one controlled File Library rather than scattered across tools. What it does not do is ask you to accept claims blind: as with any vendor, you should request Judicio's data processing agreement and the security documentation relevant to your requirements, and confirm the controls match your obligations. If your matters demand specific certifications or contractual terms, ask for them and evaluate the answers - that diligence is exactly what a confidentiality duty calls for.
How do you get started?
Turn this into a one-page vendor checklist: encryption in transit and at rest, RBAC and audit logging, no training on your data, clear hosting and residency, certifications you can read, a DPA, and a breach-notification commitment. Run every AI and cloud tool through it, and keep the answers on file.
You can put Judicio through that checklist on your own work with a 7-day free trial - 500 credits, no credit card required - and request its security documentation as part of the review. Professional access is $200 per month for 5,000 credits, and you can contact us with diligence questions. For the regulatory frame around this, see GDPR for law firms and, where privilege is the concern, attorney-client privilege and AI. Teams handling health information should also read HIPAA for legal teams. This article is general information, not legal advice.
