advanta

HomeGlossaryRegulation

Risk Class

Regulation

P4

Client confidentiality breach

Audience

GC / CLORisk & ComplianceLegal OperationsCIO / CISO

DEFINITION

Risk class 7 of the Risk Taxonomy 2026: information protected by attorney-client privilege or matter confidentiality reaches a model provider, a vendor's broader infrastructure, another customer, or a vendor employee through an AI system in a way that compromises privilege or breaches the function's confidentiality obligations to clients — distinct from data leakage in that it covers specifically privileged or contractually confidential matter content with downstream legal consequences. Addressed by data handling and governance posture — the function must maintain matter-level and client-level AI policy mapping, vendor approval workflows that consider client-specific consent, and matter intake processes that surface AI restrictions before tooling is deployed.

Detailed Explanation

Class 7 – Privilege-Specific Confidentiality Risk (Risk Taxonomy 2026)

Definition

Class 7 covers risks where AI use creates exposure of client-confidential or privileged information through:

  • Prompt-context leakage (e.g., past conversation or document context resurfacing in other outputs)
  • Retraining on privileged material (model or embedding store updated with privileged content in a way that can affect other matters or clients)
  • Cross-engagement contamination in vendor systems (data from one client/matter influencing responses for another)
  • Sub-processor disclosure beyond the agreed engagement scope

Class 7 is the privilege-specific subset of Class 2 (Data leakage). The underlying mechanics resemble general data leakage, but the consequences are sharper (waiver of privilege, sanctions, disqualification, reputational harm) and mitigation requirements are tighter (privilege-preserving architecture, stricter vendor controls, and publication-block handling).

Required Mitigations

Mitigation for Class 7 requires:

  1. Privilege-Preserving Architecture (DAT-01)
    • Segregated data planes for privileged vs. non-privileged content.
    • No training, fine-tuning, or long-lived memory on privileged material unless explicitly designed as a matter-scoped, access-controlled store.
    • Strong identity, access management, and logging tied to matter/client identifiers.
  2. Vendor Data Protection Obligations (DAT-03)
    • Contractual guarantees that vendor models and systems do not use privileged data for cross-customer training.
    • Explicit controls on sub-processors and data residency.
    • Right to audit or obtain independent assurance (e.g., SOC 2, ISO 27001) with AI- and training-specific controls.
  3. Client Disclosure and Consent (CLI-01)
    • Engagement-letter language that discloses AI use where applicable, including:
      • Whether third-party AI vendors are used.
      • How privileged data is isolated, stored, and protected.
      • Any circumstances under which data may leave firm-controlled environments.
    • Where required, client consent for specific AI workflows (e.g., large-scale document review using external LLMs).
  4. Tier 4 Capability – Privilege-Handling Testing (VEN-03)
    • For Tier 4 AI capabilities, POC scenarios must explicitly test privilege handling under privilege-mixed content (documents or prompts containing both privileged and non-privileged material).
    • Test cases include:
      • Ensuring no bleed-over of privileged content into non-privileged workspaces or other matters.
      • Verifying that redaction, summarization, and classification workflows preserve privilege markings and do not strip or misapply them.
      • Confirming that vendor logs, telemetry, and caches do not expose privileged content outside the agreed scope.

Relationship to Other Classes and Governance

  • Overlap with Class 8 (Professional Conduct)
    • Failure to supervise AI tools and vendors handling privileged data can constitute a Rule 5.3 supervision failure.
    • Lawyers remain responsible for ensuring that AI use does not compromise confidentiality or privilege.
  • Evidence Register Handling (GOV-13)
    • In the Evidence Register, Class 7 cells are treated as publication-block-grade.
    • This means:
      • Evidence and incident records involving Class 7 are highly restricted, not available for general training, demos, or knowledge-base publication.
      • Any reuse of Class 7 incident data (e.g., for training staff or improving controls) must be carefully anonymized and scoped to avoid secondary leakage.

Practical Positioning and Usage

  • When to classify as Class 7 vs. Class 2
    • Use Class 7 when the data at risk is client-privileged or work-product and exposure could affect privilege, ethical duties, or court-facing obligations.
    • Use Class 2 only when the data is sensitive but not privileged (e.g., internal firm operations data, non-privileged client business data).
  • Examples of Class 7 Scenarios
    • Uploading a privileged litigation memo to a general-purpose LLM that retains it for model improvement.
    • A vendor’s multi-tenant vector database allowing embeddings from one client’s matter to influence retrieval for another client.
    • An AI drafting tool that surfaces snippets from a prior privileged brief in a new, unrelated client’s document.
    • Logging or monitoring systems at a sub-processor storing full privileged prompts in plaintext beyond the agreed engagement scope.
  • Design Implications
    • Default to matter-scoped, non-training, non-sharing configurations for any AI system that may touch privileged content.
    • Treat prompt logs, caches, and embeddings as part of the privileged record when they contain or derive from privileged material.
    • Ensure governance alignment: DAT-01, DAT-03, CLI-01, VEN-03, and GOV-13 must be implemented coherently to manage Class 7 risk end-to-end.

Class 7 is not just another data leakage category; it is the privilege-focused subset of Class 2 with elevated ethical, legal, and governance stakes. Any AI workflow that can touch privileged material must be architected, contracted, and tested specifically for privilege preservation, and incidents must be handled as publication-block-grade in the Evidence Register.

image pending

Diagram showing Class 7 as a subset of Class 2 with links to DAT-01, DAT-03, CLI-01, VEN-03, and GOV-13 controls.

Positioning of Class 7 within the Risk Taxonomy: a privilege-specific subset of Class 2 (Data leakage), intersecting with Class 8 (Professional conduct), and governed by DAT-01, DAT-03, CLI-01, VEN-03, and GOV-13.

Quick Facts

Term Type

Risk Class

Category

Regulation

Related Pillar

P4 · Governance

Governance

Methodology
v2026.1

Explore Glossary

← All Terms