ChatGPT Enterprise Security: What Legal Teams Need to Know

In 2023, two New York attorneys submitted a court filing in Mata v. Avianca that cited fabricated case law generated by ChatGPT. When the court pressed them on the nonexistent cases, they doubled down. Judge P. Kevin Castel sanctioned both lawyers, citing bad faith, ethical lapses, and reputational harm. The Second Circuit later delivered a scathing opinion in a related matter involving Michael Cohen, describing AI hallucinations as "career-ending disasters" that violate Model Rules 3.1, 3.3, and 8.4(c).

These cases involved AI output errors. But a potentially larger risk looms for legal teams: what happens to the confidential information you put in?

A mid-sized law firm adopted an AI tool to accelerate contract review. Six months later, they discovered that confidential client data had been uploaded to an unsecured platform and used to train a third-party AI model. The breach exposed privileged communications, triggered bar complaints and malpractice claims, and caused irreparable damage to client trust.

This is the legal team's AI dilemma. The productivity gains are real. Contract analysis, legal research, document drafting: AI can accelerate all of it. But every prompt containing client information creates potential exposure. And for attorneys, the stakes involve more than data security. They involve professional ethics, attorney-client privilege, and the fundamental duty of confidentiality.

The short version: If you need to redact sensitive documents before they reach AI systems, PaperVeil handles that layer. The rest of this article explains where it fits in the broader governance architecture.

What Legal Teams Actually Care About

Legal professionals evaluating AI tools focus on specific concerns that go beyond standard enterprise security:

Attorney-client privilege. Does using this tool constitute disclosure to a third party? Could it waive privilege? These aren't theoretical questions. Multiple bar associations have warned that inputting confidential client information into public AI platforms may constitute disclosure that waives privilege.

Model Rule 1.6 compliance. The duty of confidentiality requires lawyers to safeguard client information. If client data flows to a third party that retains it, uses it for training, or might expose it in future outputs, that duty may be breached.

Model Rule 1.1 competence. Comment 8 specifically mandates technological competence. Using AI without understanding its data handling constitutes incompetent practice.

Malpractice exposure. IBM's 2024 Cost of a Data Breach Report found that professional services organizations (including law firms) face an average breach cost of $5.08 million. Beyond financial costs, confidentiality breaches can result in bar complaints, malpractice claims, and loss of client relationships.

Court and regulatory requirements. Illinois, Texas, and other jurisdictions have standing orders requiring disclosure when documents have been AI-assisted. The EU AI Act, which began phased enforcement in February 2025, sets additional requirements for high-risk AI systems used in legal services.

ChatGPT Enterprise addresses some of these concerns. Understanding exactly what it does and doesn't do is essential for legal teams making deployment decisions.

ChatGPT Enterprise: The Legal Team's Technical Evaluation

Here's what legal teams need to know about ChatGPT Enterprise's security model:

Data Handling and Confidentiality

Training exclusion. By default, OpenAI does not use data from ChatGPT Enterprise (or Business, Edu, API) to train models. This is contractual, not just policy. For legal teams, this addresses the primary concern that client information could appear in future model outputs or be used in ways that violate confidentiality.

Retention controls. Organizations can configure how long OpenAI retains business data. For API access, zero data retention is available. For legal teams with strict confidentiality requirements, understanding exactly what's retained and for how long is essential.

Human review limitations. Content is not reviewed by human AI trainers unless the customer explicitly opts in. This addresses concerns about OpenAI personnel having access to potentially privileged communications.

Encryption and Data Protection

In transit and at rest. AES-256 encryption at rest, TLS 1.2+ in transit. These are standard enterprise requirements, meeting the technical safeguards that professional responsibility standards expect.

Enterprise Key Management. Customers can control their own encryption keys. This provides cryptographic enforcement of data access policies and addresses concerns about vendor access to sensitive information.

Data residency. Multiple regions available including United States, Europe, UK, Canada, and others. For firms with clients in specific jurisdictions or data localization requirements, this helps meet geographic restrictions.

Access and Administration

SAML SSO. Integrates with existing identity providers. Attorneys access ChatGPT through firm credentials with firm MFA policies enforced.

SCIM provisioning. Automated user lifecycle management. When someone leaves the firm, their ChatGPT access is automatically revoked. This prevents the orphaned account problem that creates access risks.

Role-based access. Different permissions for different roles. Paralegals, associates, and partners can have different access levels and capabilities.

Audit capabilities. Administrative actions are logged. The Compliance API provides audit trails for conversations, supporting the documentation requirements that legal teams need for compliance.

Compliance Certifications

SOC 2 Type II. Most recent report covers January through June 2025, verified by independent auditors.

ISO certifications. ISO 27001 (information security management), ISO 27017 (cloud security), ISO 27018 (PII protection in cloud), ISO 27701 (privacy information management).

These certifications demonstrate that OpenAI has implemented recognized security frameworks, but they don't specifically address legal professional responsibility requirements.

Where Enterprise Falls Short for Legal Teams

Having enterprise-grade security doesn't automatically mean the tool is appropriate for all legal work. Here are the gaps legal teams should understand:

Privilege Considerations Remain Unresolved

OpenAI CEO Sam Altman stated publicly that ChatGPT does not provide legal privilege and "we haven't figured that out yet." Enterprise improves security, but it doesn't transform OpenAI into a party protected by privilege.

The question is whether using Enterprise constitutes disclosure to a third party that could waive privilege. The training exclusion helps: data isn't being used beyond the current session in ways that might expose it. The encryption and access controls help: data is protected during processing.

But conservative interpretations of privilege may still view any transmission to a third party's systems as problematic. Legal teams should consult with their ethics counsel and consider their jurisdiction's guidance.

Client Consent May Be Required

ABA Formal Opinion 512 and multiple state bar opinions indicate that attorneys may need client consent before using AI tools to perform services related to representation. The specifics vary by jurisdiction, but the principle is clear: clients should know if their matters are being processed through AI systems.

This isn't a technology limitation. It's an ethical requirement that exists regardless of how secure the technology is.

Content Logging Creates Discovery Exposure

ChatGPT logs conversations for operational purposes. Even with Enterprise protections, those logs exist somewhere. In litigation, opposing counsel may seek discovery of communications about the matter, including AI-assisted work product.

The work product doctrine may protect some materials, but the existence of logged AI conversations creates a surface area that didn't exist with traditional research and drafting methods.

No Data Classification Enforcement

Enterprise provides the same interface for all content. There's no technical mechanism preventing an attorney from pasting a privileged settlement communication into a prompt. Policies and training are the only controls.

For firms with strict matter segregation requirements or ethical walls, this lack of technical enforcement creates risk.

Enterprise Controls Legal Teams Should Implement

Beyond what ChatGPT Enterprise provides natively, legal teams should implement additional safeguards:

Acceptable Use Policies

Document which types of work are appropriate for AI assistance and which are prohibited:

Lower risk (with precautions):

  • Legal research on general topics
  • Drafting standardized documents without client-specific facts
  • Summarizing publicly available materials
  • Brainstorming case strategy without names or specifics
  • Improving document clarity and organization

Higher risk (requires additional controls):

  • Analyzing client-specific contracts or agreements
  • Drafting communications that reference case facts
  • Reviewing discovery materials
  • Work involving highly sensitive matters

Prohibited:

  • Direct input of privileged communications
  • Matters with exceptional confidentiality requirements
  • Work for clients who have not consented to AI use
  • Any matter with ethical wall implications

Pre-Processing Workflows

For higher-risk work, implement a redaction step before AI processing:

Before redaction:

"Review this settlement agreement between Acme Corp and XYZ Industries regarding the $4.5M patent dispute. Focus on the indemnification provisions in sections 7.2 and 8.1."

After redaction:

"Review this settlement agreement between [PARTY A] and [PARTY B] regarding a [DOLLAR AMOUNT] intellectual property dispute. Focus on the indemnification provisions in sections 7.2 and 8.1."

The AI provides analysis and identifies issues. The attorney applies insights to the actual matter in a controlled environment.

Client Consent Documentation

Develop a standard disclosure for clients about AI tool usage:

  • Identify which AI tools are used and for what purposes
  • Explain the security measures in place
  • Note that AI outputs are reviewed by licensed attorneys
  • Obtain documented consent, whether through engagement letters or separate acknowledgment

Training and Competence

Model Rule 1.1 requires technological competence. Attorneys using AI should understand:

  • How the tool handles data (training, retention, access)
  • The limitations of AI outputs (hallucinations, errors)
  • Ethical obligations that apply to AI use
  • Firm policies on appropriate use cases
  • How to verify AI-generated content

Document training completion for compliance purposes.

Vendor Assessment Questions for Legal Teams

Before deploying ChatGPT Enterprise, legal teams should verify:

Confidentiality protections:

  • Confirm training exclusion is contractual, not just policy
  • Understand exactly what data is logged and retained
  • Verify who at OpenAI can access conversation content
  • Clarify what happens to data if the contract terminates

Privilege considerations:

  • Review the Data Processing Agreement for privilege-relevant terms
  • Understand subpoena response procedures
  • Clarify what records OpenAI maintains that could be discovered

Professional responsibility:

  • Verify certifications and audit reports
  • Confirm encryption meets professional responsibility standards
  • Understand breach notification timelines and procedures
  • Review incident response capabilities

Contractual protections:

  • Evaluate liability limitations for data breaches
  • Understand indemnification provisions
  • Review audit rights and compliance verification
  • Clarify data export and deletion capabilities

The Legal Team's Decision Framework

ChatGPT Enterprise provides meaningful security improvements over consumer AI:

  • Contractual training exclusion protects against data reuse
  • Encryption meets enterprise security standards
  • Access controls integrate with firm identity systems
  • Audit capabilities support compliance documentation
  • Certifications demonstrate security framework implementation

But Enterprise doesn't solve every legal team concern:

  • Privilege questions remain jurisdiction-specific and unresolved
  • Client consent requirements exist regardless of security
  • Content logging creates discovery surface area
  • No technical enforcement of data classification

For legal teams, the path forward typically involves:

  1. Firm-wide policy defining approved use cases and prohibited activities
  2. Client consent documentation and disclosure
  3. Pre-processing workflows that redact client-specific information for sensitive work
  4. Training ensuring all attorneys understand their competence obligations
  5. Ongoing monitoring of AI ethics guidance and regulatory developments

AI can genuinely improve legal productivity. Contract analysis that took hours can happen in minutes. Research that required associates can be accelerated dramatically. But the efficiency gains only matter if they don't come with malpractice exposure, bar complaints, or loss of client trust.

The firms getting this right treat AI as a powerful tool that requires appropriate safeguards, not a black box that handles confidential information without controls.

PaperVeil provides the pre-processing layer legal teams need. Automatically detect and redact client names, case numbers, financial terms, and other confidential information before documents reach any AI system. Maintain audit trails that demonstrate due diligence. The confidentiality layer that makes AI genuinely safe for legal work.