Generative AI and law firm information governance

Generative AI and law information governance

This paper covers the use of artificial intelligence (AI), and in particular, Generative AI in law firms. Whereas AI usage is similar across industries, law firms have some unique characteristics because much of the data belongs to the clients and there is an extra obligation to keep it safe and private. This paper covers both unique and non-unique challenges of AI as it pertains to information governance (IG) in the legal community. It begins with a brief definition of AI, followed by benefits to the legal community, information governance-specific considerations, policy considerations, general advice, and guidance.

What is generative AI and why are we talking about it?

Google's Bard and OpenAI's ChatGPT-4 are two generative AI models that have generated much interest. ChatGPT-4 is based on GPT-4, a foundational model for generative AI. GPT-4 is a large-scale machine learning system that can be fine-tuned for specific tasks. The concept for generative AI has been around since the late 50s, tracing back to the foundations of machine learning and statistical modeling.

Generative AI is a powerful tool with many potential benefits. It can be used for text generation, translation, writing, question answering, code generation, creative writing, chatbots, and virtual assistants. It can also serve as a knowledge concierge, write poetry, songs, jokes and play games. However, there are some concerns about its accuracy (Hallucinations), confidentiality, potential for bias, and misuse.

What are some benefits to the legal industry?

What are some key IG considerations?

• Generative AI models use neural networks to identify patterns and structures in existing data to generate new content. This may involve confidential data, so it is important to understand the tools, risks, and benefits before using them. Some new tools are addressing confidentiality issues, but you should still understand how your data is used.
• Validating the output of generative AI can be challenging, as the source of the answers is often difficult to trace. This is similar to the challenges faced when Wikipedia was first introduced, as all information on the site needed to be verified. Attorneys should be mindful of this when relying on generative AI for legal research and guidance unless AI is built into trusted systems such as Lexis.
• Using AI may incur additional software licensing costs. AI-enabled software costs are expected to increase by 60%, so you will need to find ways to recoup these costs. Additionally, hardware and storage costs of AI-hosting providers are increasing exponentially. Those costs will need to be recouped in some way.
• Another important consideration is balancing privacy rules and regulations with system capabilities. Currently, there is no way to remove data from the system. This has led to concerns about ethical issues, IP usage, bias, and consent. As a result, many firms are taking a conservative approach to using generative AI technologies. Some firms have banned the use of their data, while others have not yet adopted the technology. As the technology evolves, so too will the restrictions and usage guidelines around it… A good resource that offers insight into the early views on regulation between the EU and the US can be found HERE.
• It is helpful to understand your organization’s risk tolerance related to AI. Topics that have generated significant discussion include when and how to cite AI as a source and whether your firm needs to capture questions and on-going prompt history. While this may seem cumbersome or counter-intuitive to such a tool, your firm’s risk leaders will likely be considering the impact of not having this audit data for litigation, disciplinary matters and other legal purposes.
• Clients are starting to issue requirements around AI usage guidelines and/or restrictions where their data is involved. Audit and assessment questions will quickly start to include AI usage queries, as will cyber insurance renewal applications.

To read other reports written by the Law Firm Information Governance Symposium, please visit: symposium.ironmountain.com