Risk Update

Conflicts, Clients, and Confidentiality Concerns — Attorney General-Client Conflict Concern, AI Note Taking Client Confidentiality Risks, Attorney Advertising Website Client Confidentiality Compliance Warning, Law Firm Data Breach Brings Continuing Ripples and Repercussions

Posted Dan Bressler

Goldman Sachs Says Some Clients’ Data May Have Been Exposed in Law Firm Data Breach” —

  • “Goldman Sachs Group Inc. warned investors in some of its alternative investment funds that their data may have been exposed in a breach at one of the bank’s law firms.”
  • “In a Dec. 19 letter, Goldman said it had been informed of a ‘cybersecurity incident’ by Fried Frank Harris Shriver & Jacobson LLP, which serves as outside counsel to many of its alternatives funds. The bank said it was working with the law firm ‘to better understand whether our data or our clients’ data may have been exposed.'”
  • “The letter was included in a proposed class lawsuit* filed Wednesday against Fried Frank by Andrew Sacks, an investor in Goldman’s Petershill Private Equity Seeding II Offshore Fund.”
  • “‘Goldman Sachs’ systems were not impacted by this incident and remain secure,’ a spokesperson for the bank said. ‘As always, we will continue to work to safeguard our clients and their data.'”
  • See also: Sacks v. Fried, Frank, Harris, Shriver & Jacobson LLP

Labour accuses shadow attorney-general of ‘conflict of interest’ over legal work for Roman Abramovich” —

  • “The [UK] Conservative shadow attorney-general David Wolfson, a Tory peer, has been accused of a ‘conflict of interest’ for being part of the legal team of sanctioned Russian billionaire Roman Abramovich.”
  • “Emily Thornberry, a Labour MP who did the same job as Lord Wolfson between 2021 and 2024, said it was a ‘really bad look’ to be acting on his behalf while also providing legal advice to the Conservatives.”
  • “‘There’s a conflict of interest between [Wolfson’s legal work] and his duty to give assistance to the Tory party to ensure that their policy on oligarchs and sanctions and Ukraine is as good as it can be and isn’t compromised,’ she said. ‘Given the history that the Tories have of closeness with Russian oligarchs, I think that it’s a really bad look.'”
  • “Earlier in December, the prime minister Sir Keir Starmer issued a licence to transfer £2.5bn of frozen assets from Abramovich’s sale of Chelsea Football Club to Ukraine, warning the Russian former owner that the UK government is prepared to take him to court if he fails to release the funds.”
  • “The UK imposed sanctions on Abramovich owing to his close links to Russian President Vladimir Putin after Russia’s full-scale invasion of Ukraine in 2022.”
  • “Wolfson is part of the legal team representing Abramovich in his court battle with the Jersey government over the release of billions in frozen assets and is not directly involved in any case relating to the Chelsea club.”
  • “But the Labour party has argued that the case in Jersey is delaying the release of the £2.5bn from the sale of the football club and that his work for Abramovich compromises his ability to advise the Tory party on anything relating to his frozen assets.”
  • “Justice minister Jake Richards earlier this week described the dual roles held by Wolfson as ‘indefensible’.”
  • “In a letter to Tory leader Kemi Badenoch, Richards questioned whether the shadow attorney-general had recused himself from party policy on Abramovich’s assets, warning that his advice to her was ‘clearly compromised’.”
  • “In its response, the Tory party said that ‘nothing in the Jersey proceedings is inconsistent with the intended donation of the Chelsea sale proceeds’, adding ‘that litigation has nothing to do with the donation of the Chelsea sale proceeds, and does not involve the UK government’.”
  • “Thornberry said it was arguable that Wolfson’s legal work ‘could have an effect on the state’s ability to be able to get the billions of pounds resulting from the sanctions’, adding that it is ‘supposed to be Tory party policy to be supportive of getting that money’.”
  • “She added that she did not believe shadow attorneys-general should practise law at the same time as advising political parties given that the advisory role is ‘a big job if you’re doing it properly . . . I don’t think it’s an honorary title’.”

Jeff Cunningham notes: “Per the ABA, almost half of US law firms post about case successes on their website” —

  • “But such publicity carries serious disciplinary, malpractice, and reputational risks. “
  • “Even accurate descriptions can be deemed misleading if they imply guaranteed or typical outcomes, omit material context, or create unjustified expectations about future results. From a claims perspective, these posts are frequently later cited by disappointed clients as evidence that the law firm promised or benchmarked a particular result. Confidentiality risks also arise when matters are described in enough detail to make clients or cases identifiable, particularly without documented, informed consent. “
  • “Publicizing victories can antagonize adversaries, competitors, or insurers and invite scrutiny if outcomes later change or are reversed. Many law firms further compound risk by relying on generic disclaimers or allowing legacy content to drift out of compliance with evolving advertising rules. “
  • “As a result, case-success content should be subject to centralized review, conservative framing, and periodic audits, rather than treated as routine marketing copy.”

Eavesdropping by Algorithm: Legal Risks of AI Meeting Assistants” —

  • “What many users do not fully appreciate is that these tools introduce a third party into conversations historically governed by strict privacy and confidentiality rules, a shift that carries profound consequences for attorney–client privilege, wiretap compliance, compliance with privacy laws, Pennsylvania’s Right to Know Law (RTKL), and discovery exposure.”
  • “Imagine sitting down for a virtual meeting where sensitive legal matters are being discussed and internal strategy decisions are unfolding, with everyone assuming the conversation is confidential and limited to the people on the call. Only later does someone in the meeting realize that a small ‘note-taker’ icon was glowing in the corner of the screen, an artificial intelligence tool was present, recording and transcribing every word that was said. In that moment, the participants realize that what they assumed was a confidential discussion may indeed, not be so private.”
  • “These are the exact events that resulted in the filing of a nationwide class action in August 2025. In Brewer v. Otter.ai, plaintiffs allege that Otter.ai’s ‘Notetaker’ and ‘OtterPilot’ tools unlawfully intercepted and recorded private video-conference meetings without obtaining consent from all participants. The complaint claims the AI assistant joins calls as an autonomous participant, transmits conversations to Otter’s servers for transcription, records even non-account holders, provides little or no participant notice, and shifts responsibility for consent onto meeting hosts. Plaintiffs further allege Otter retained recordings indefinitely and used captured communications to train its AI models, including voices of individuals who were unaware they were being recorded. The lawsuit asserts federal wiretap and computer-access violations, multiple California privacy law violations, and common-law claims for intrusion and conversion, casting AI notetakers not as neutral productivity tools but as unauthorized third-party surveillance operating inside private meetings.”
  • “AI meeting assistants offer numerous benefits, including allowing participants who would otherwise be taking notes to stay fully engaged, automatically generating meeting summaries and action items, producing uniform and unbiased notes for all participants, and even identifying speakers by their voices. But what many users do not fully appreciate is that these tools introduce a third party into conversations historically governed by strict privacy and confidentiality rules, a shift that carries profound consequences for attorney–client privilege, wiretap compliance, compliance with privacy laws, Pennsylvania’s Right to Know Law (RTKL), and discovery exposure.”
  • “However, the privilege can be waived through voluntary disclosure to third parties, and AI transcription tools are owned by third parties. These AI meeting assistant tools typically route audio and text through third-party servers or cloud-based servers, and even if no employee actively ‘listens,’ the vendors often retain access rights under their terms of service, storage practices, or model-training procedures to the information disclosed. As people increasingly rely on these tools to summarize privileged meetings, process attorney emails, or analyze legal memoranda, they are placing sensitive communications into systems operated by outside vendors, and consequently, could be waiving attorney-client privilege. Additionally, many of these vendors may log inputs, retain data, or use uploaded content to improve their AI models. Introducing an AI platform into a legal discussion under these conditions can undermine the confidentiality required for privilege to attach and may severely weaken any later claim that the communications were intended to remain private.”
  • “Several AI meeting platforms acknowledge, often buried in privacy policies, that recorded conversations may be retained and used to train speech-recognition and generative AI models. What begins as a routine business meeting can therefore become a permanent training dataset outside the control of the speakers. Although vendors describe this data as ‘de-identified,’ true anonymization is difficult: voices, speech patterns, job titles, project references, geographic markers, and health or employment details can readily link recordings back to individuals. Once content enters training pipelines, deletion is usually impractical, converting what participants assumed was a fleeting exchange into a lasting data asset.”
  • “The practice runs afoul of many privacy laws. HIPAA severely restricts disclosures tied to patient health information and limits even permitted disclosures to the minimum necessary required to achieve the intended purpose of the disclosure. The GDPR requires narrow purpose limitation, data minimization, and enforceable rights of access and deletion, standards difficult to reconcile with open-ended AI training uses. California’s consumer privacy laws further heighten risk by granting individuals rights to transparency, restrictions on data processing, and challenges to undisclosed secondary uses such as model training. As a result, a single unnoticed recording can escalate from a brief compliance lapse into ongoing multi-regulatory exposure, with regulatory, litigation, and class-action consequences.”
  • “For similar reasons as those enunciated above with respect to the RTKL, discovery risk also increases dramatically when meetings are recorded by default because AI transcripts differ fundamentally from traditional human notes. While handwritten or typed summaries are selective, imperfect, and often discarded, AI-generated transcripts are permanent, detailed, searchable, and time-stamped, making them powerful litigation targets. In lawsuits, opposing counsel can demand production of entire datasets documenting years of internal corporate communications, combing transcripts for statements taken out of context or distorted by transcription errors to use in depositions and motion practice. What begins as a tool meant to improve productivity can, in practice, create vast new discovery burden and sharply increase litigation costs.”
  • “Collectively, these risks reveal a sobering reality, that AI notetakers convert private human speech into portable, persistent data assets that can trigger legal ramifications far more complex than most organizations realize. The rise of AI meeting assistants is not simply a question of workplace efficiency, it is a fundamental shift in how conversations are captured, stored and regulated.”