AI notetakers and videoconference transcribers are increasingly common and accurate tools for lawyers to memorialize meetings without the need for a participant to take contemporaneous notes. While enticing, AI notetakers and transcribers are too often used (such as by a lawyer, the lawyer’s employee, opposing counsel, the client, an expert, etc.) without lawyers first ensuring that doing so complies with cybersecurity, privacy, ethics, and other requirements. There are four key factors that lawyers must address before using AI notetakers and transcribers: (1) consent; (2) security; (3) confidentiality and privilege; and (4) client file retention.
Consent. Wiretap statutes in New Hampshire, Massachusetts, and nine other states require consent from every participant in an audio communication to lawfully record the conversation. Since AI notetakers and transcribers record audio, use of them must comply with the wiretap statute of each participant’s state. A violation of a wiretap statute can result in criminal and civil liability, exclusion of evidence, ethics violations, and conflicts between lawyer and client.
Similarly, privacy laws in New Hampshire and twenty other states (and many foreign countries, including the European Union and Canada) require consent before collecting and using sensitive personal information. That includes information about race, national origin, religious beliefs, political affiliation, sexual orientation, children, health, biometrics, and geolocation. Because the content of some meetings captures such information, and because the recording of a person’s face or voice itself could reveal some such information, requiring all-participant consent before using an AI notetaker or transcriber ensures compliance with privacy laws.
Videoconference platforms often have a setting to deliver a request for consent before a meeting can be recorded. However, AI notetakers and transcribers often do not, even when embedded in a videoconference application. While developers of videoconference platforms and AI notetakers and transcribers hopefully will fix that soon, until then consent must be obtained through other means, such as when a meeting invitation is accepted or orally at the start of a meeting.
Security. Cybersecurity and ethics rules require lawyers to implement reasonable measures to ensure the safety of certain data, including client information. That includes ensuring that lawyers possess or have appropriate control over that data, only authorized individuals can access and use the data, and sensitive information is encrypted. When an unlicensed AI notetaker or transcriber is used, the meeting recording and output from the technology are often retained in the AI’s own cloud environment and used by developers to further train the AI engine.
To ensure appropriate security, lawyers should purchase a licensed AI application and ensure that meeting recordings and AI outputs are retained on their own devices or AI cloud instance, are used to train the AI only for their use of it and are encrypted during transmission and at rest. Lawyers also should structure their relationships with AI providers pursuant to appropriate data processing agreements, in order to ensure compliance with cybersecurity, privacy, and ethics requirements and outline the parties’ respective roles and liabilities.
Confidentiality and Privilege. Ethics rules require lawyers to maintain the confidentiality of client information and preserve the attorney-client communication and attorney work-product privileges. To comply with these obligations, lawyers must ensure that the inputs and outputs of AI notetakers and transcribers are retained on their own devices or clouds and are not disclosed to a third-party, such as through the licensing of an AI notetaker or transcriber discussed above. Similarly, lawyers should ensure that their publicly posted privacy policies disclose their use of AI, and that they disclose and obtain consent to use AI in client engagement letters, expert agreements, protocols with opposing counsel, etc.
File Retention: Lawyers must maintain client files and produce a complete file to the client if requested. The inputs and output of AI notetakers and transcribers associated with a client matter are elements of the client file. Lawyers therefore must ensure that that data is retained within or otherwise associated with the correct client file in their electronic records management systems and is capable of being readily produced with the other contents of a client file.
AI notetakers and transcribers are exciting new tools with the potential to generate real value for lawyers. However, just like any other technology, before using an AI notetaker or transcriber, lawyers must ensure that their use of it will comply with all applicable cybersecurity, privacy, ethics, and other regulations.