By now, if you have been following the series, you would have moved past the initial phase of passive observation. You may have utilised Generative AI (GenAI) to synthesise internal memoranda, refine correspondence, or summarise non-contentious research. These low-risk applications are excellent for building technical literacy.
However, as we transition from experimental use to the integration of AI into substantive client workflows, we confront a foundational pillar of our profession: the duty of confidentiality. The question is no longer whether we should use AI, but how we do so while satisfying our stringent obligations under the Legal Profession (Professional Conduct) Rules 2015 (PCR) and the Personal Data Protection Act 2012 (PDPA).
This article provides a robust framework for navigating the data-privacy and client confidentiality landscape, ensuring that your adoption of technology remains a professional asset rather than a liability.
1. The Taxonomy of AI Data Handling
To manage risk effectively, a practitioner must distinguish between the technical architectures of various AI offerings. The professional implications differ significantly based on how a tool processes your inputs.
- Public Consumer Models (Open-Loop): Free versions of ubiquitous tools typically utilise user inputs to refine and “train” their underlying models. In these environments, data may be stored indefinitely and accessed by third-party reviewers. These tools are fundamentally incompatible with unredacted client work.
- Enterprise-Grade Solutions (Closed-Loop): Paid tiers (e.g., ChatGPT Enterprise, or Harvey AI) offer contractual assurances that user data is excluded from training sets. These solutions provide encryption and administrative controls. For the senior practitioner, these tools represent the standard for professional integration.
- Private or Self-Hosted Models: For firms with significant technical infrastructure, hosting models within a private cloud environment offers the zenith of confidentiality, ensuring that data never leaves the firm’s direct perimeter.
2. Calibrating the Anonymisation Principle
The “Anonymisation Principle”—stripping all identifiers before prompting—is the ultimate solution to avoiding loss of client’s personal data or confidential information. However, to do this in ALL situations when using GenAI tools will involve a lot of effort and is perhaps an overkill. As such, its application should be calibrated based on the security of the environment that the GenAI tool is being used.
A. The Absolute Mandate (Open-Loop Systems)
If you are using a public or “free” version of an AI tool, anonymisation is non-negotiable. You must employ:
- Descriptive Substitution: Referring to “Tan Construction Pte Ltd” as “a domestic contractor.”
- Identifier Stripping: Removing NRIC numbers, addresses, and specific financial figures.
B. The Proportional Approach (Enterprise/Closed-Loop Systems)
In a verified enterprise environment where the provider is contractually bound to data secrecy and non-training, strict anonymisation may be overly stringent and counter-productive to the tool’s utility (e.g., having to anonymise a 50-page contract when asking an AI to check cross-referencing). In these “closed” environments, the focus shifts from anonymisation to data minimisation:
- Contextual Relevance: Only input the specific clauses or facts necessary to resolve the query.
- Access Control: Ensuring only relevant members of the legal team have access to the enterprise account.
- Verification: Confirming that the vendor’s Data Processing Agreement (DPA) aligns with the PDPA’s requirements for “reasonable security arrangements” and meets our PCR obligations.
3. The Fragility of Legal Professional Privilege
Legal professional privilege is a substantive right under Singapore law, but it is not indestructible. The introduction of third-party AI intermediaries creates two distinct risks:
- Waiver through Disclosure: Disclosing privileged information to an AI tool that lacks sufficient confidentiality protections may be construed as a waiver of privilege. Unlike a communication with staff in a law office, a prompt to a public AI model may not enjoy the same protective umbrella.
- Discoverability of Prompts: Your instructions to an AI—such as “find the weaknesses in my client’s position”—could potentially be subject to discovery if the chain of confidentiality is broken.
The Professional Approach: Treat the AI as a junior assistant who is outside the “circle of privilege” unless you have verified that the contractual terms of the enterprise tool explicitly support the maintenance of professional secrecy.
4. Governance: Establishing a Firm-Wide AI Policy
A partner must lead by establishing a clear, written AI Policy. This document serves as both a defensive shield for Professional Indemnity (PI) purposes and a guide for staff. A sophisticated policy should address:
- Approved Tech Stack: A definitive list of “White-Listed” enterprise tools approved for client work.
- Usage Tiers: Explicitly stating which types of data can be entered into which tools (e.g., “Public AI: General research only; Enterprise AI: Case-specific drafting permitted”).
- Data Residency: Preference for tools that host data within Singapore or jurisdictions with comparable standards, aligning with the PDPA’s Transfer Limitation Obligation.
- Incident Protocol: A clear workflow for reporting and mitigating accidental data exposure.
5. The Singaporean Context: PDPA and the PCR
Singaporean practitioners must remain mindful of the Protection Obligation under Section 24 of the PDPA, which requires reasonable security arrangements to prevent unauthorised disclosure. Furthermore, the Law Society of Singapore continues to emphasise that technology does not dilute the solicitor’s ultimate accountability for client’s confidentiality.
Case Study: The Corporate Transaction Consider a solicitor advising on a cross-border M&A. When using AI to summarise a due diligence report:
- The Risk: Pasting the target company’s unredacted financial statements into a public LLM.
- The Mitigation: Using an enterprise-grade instance where the solicitor has confirmed that the “training” feature is disabled. Here, the solicitor may decide that full anonymisation is unnecessary for the tool to effectively perform the summary, provided the vendor meets the required security benchmarks.
6. Practical Exercise: Vendor Due Diligence
Select one AI tool you are currently considering for your practice. Dedicate 30 minutes to conducting a “Mini-Due Diligence” of the tool by answering the following:
- Does the Privacy Policy of the tool explicitly state that inputs are NOT used for model training?
- Is the data encrypted at rest and in transit?
- Where are the servers located, and does the vendor comply with the PDPA?
- Does the vendor provide a Data Processing Agreement (DPA)?
Disclaimer:
This article is intended for general information purposes only and does not constitute legal advice. Practitioners must exercise independent professional judgement when using AI tools and ensure compliance with all prevailing ethical guidelines and Practice Directions.
