Risk Update

Risk Reading — Law Firm v Client AI “Data War,” Canadian Call for Unified, Open Law Firm Cybersecurity Framework, Investors Irked at “Anti-foreign” Litigation Funding Efforts in United States

Posted Dan Bressler

Beyond Confidentiality: The AI Data War Between Law Firms and Clients” —

  • “As generative AI transforms the practice of law, an outstanding question remains around who owns and controls the data that fuels these systems. For decades, law firms and corporate legal departments have operated under well-defined boundaries of client confidentiality and work product protection. But as firms begin using AI tools that rely on data aggregation and fine-tuning, those boundaries blur. The value of legal data has shifted from evidentiary substance to strategic infrastructure. Understanding who can use it, and under what circumstances, is now a defining issue of the modern legal industry. “
  • “The Core Tension: Clients Own the Data and Firms Create the Work Product. At its simplest, data powering legal AI falls into two categories: ‘client’ data and law firm-generated data. Clients own their underlying information, such as contracts, discovery documents, communications, transaction details, and case files, and output/deliverables from outside counsel that clients have paid for. Law firms, on the other hand, may own derived work product such as drafts, research notes, and summaries, though those too may be governed by confidentiality and professional conduct rules. “
  • “This distinction matters because many law firm AI use cases like contract review, litigation analytics, due diligence, and e-discovery depend on training or otherwise using (e.g., for fine tuning) large language models (LLMs) and/or retrieval augmented generation (RAG) code with a mixture of both deliverables to the client and internal work product. “
  • “If a law firm builds or fine-tunes an AI model using client data, it could inadvertently violate client confidentiality or intellectual property rights unless expressly permitted.In contrast, in-house legal departments that sit closer to the data source often view that same dataset as a corporate asset. “
  • “They are more likely to want to use their data to train proprietary AI tools that enhance decision-making, risk prediction, or portfolio management. So, the questions emerge: can both the law firm and the client use the same data to train AI models? What happens if they both do? Is enforcement possible? Probable? The answers may depend less on technology and more on contract language. ”
    The Contractual Layer: What Provisions Matter “
  • “The key provisions that govern data use in AI are scattered across several types of documents. These typically include engagement letters, outside counsel guidelines (OCGs), vendor and cloud agreements, and AI pilot or development agreements. “
  • “Engagement letters and OCGs set baseline terms around confidentiality, data retention, and use of client information. Increasingly, OCGs include explicit prohibitions on uploading client data into AI systems that might use the data to train underlying models. ”
    “Vendor and cloud agreements determine whether data is stored in private environments, whether it leaves a specified jurisdiction, and whether it may be used to train or improve the provider’s services. AI pilot or development agreements typically define who owns derivative outputs and improvements. “
  • “Key clauses to watch include data ownership and license-back rights, use restrictions, and confidentiality and anonymization standards.”
  • “Law firms often assume that anonymization resolves the data ownership and usage concerns. After stripping identifiers or aggregating data, many believe the resulting dataset can be freely used for internal AI training. In reality, anonymization is a moving target and does not automatically remove client-sensitivity or eliminate contractual restrictions. Even when direct identifiers are removed, matters can remain re-identifiable, particularly when (1) the underlying dispute is public, (2) the dataset is small or unique, or (3) the fact patterns themselves function as identifiers. As a result, anonymized data does not guarantee firm ownership or unrestricted reuse unless the client agreement expressly allows it. “
  • “A better lens is data governance, where processing occurs within a firm-controlled or vendor segregated cloud instance under contractual guarantees that client data will not train external foundation models. It is crucial to note that most current enterprise-grade tools do not use inputs to improve their base models and maintain strict data-isolation controls. Firms must leverage security documentation (SOC 2 Type II, ISO 27001, DPAs, DPAs with model-training exclusions, and environment architecture diagrams) from vendors to dispel this persistent confidentiality concern. This distinction separates technical reality from common client fear. The safest path ultimately relies on consent and transparency, moving beyond reliance on de-identification alone. This means clearly documenting: (1) how data will be used, (2) where it is stored and processed, (3) whether it remains in a single-tenant or region-locked environment, and (4) confirming that no third-party model training or cross-matter data blending occurs. This governance-first approach substantially mitigates risk. “
  • “Even with clear rules, enforcement is tricky. How can a client verify that its data isn’t being used to train a firm’s internal or vendor model? And how can firms prevent well-intentioned employees from inadvertently breaching these boundaries through tool usage? “
  • “Policing this requires a combination of technical controls (segmented instances, audit logs, and data usage dashboards) and contractual accountability (attestations, audit rights, and breach remedies). “
  • “Firms should implement governance layers that track which datasets are used to fine-tune models, who authorized their use, and whether consent was obtained. From the client’s side, periodic audits or certifications, such as SOC 2 or ISO 27001 attestations, can provide assurance that their data remains quarantined from model improvement cycles. “

Law firms in Canada need to collaborate on a vendor-neutral cybersecurity framework” —

  • “What am I doing about it? What could we do about it? And who is actually doing anything right now? These were the questions I kept asking myself in the summer of 2025. I was working inside one of the world’s largest law firms, assessing our cybersecurity practices against well-known information security frameworks. The deeper we went, the clearer it became that the legal sector is not where it needs to be. Not because people don’t care or leadership isn’t paying attention, but because almost every firm is trying to solve this problem on its own.”
  • “That is the core issue. Cybersecurity in law is still treated as a firm-specific project, when in reality it affects the entire profession.”
  • “Firms don’t work in isolation. We work together on matters. We exchange sensitive files with opposing counsel. We rely on shared platforms, vendors, and cloud infrastructure. If one firm is hit, clients don’t say, ‘Oh well, that was just that firm.’ They question how legal data is protected holistically. That is where the real risk lies.”
  • “Most firms I’ve spoken to are acting: buying tools, tightening policies, hiring consultants, conducting training, and commissioning assessments. But they are doing all of this in silos. There is no shared baseline. No commonly accepted definition of what ‘good’ looks like for a Canadian law firm – or, frankly, for any law firm.”
  • “According to 2024 IBISWorld data, Canada has roughly 35,000 law firms of varying sizes. They hold highly sensitive client data but typically lack cybersecurity teams, threat intelligence functions, and security engineers. They are data-rich and resource-poor – and attackers are aware of this.”
  • “The risk is not theoretical. In 2024, a Florida law firm faced a class action after a breach exposed client information. The firm reportedly settled for US$8.5 million, becoming one more example in a growing list of law firms targeted by ransomware and data theft.”
  • “Meanwhile, Canadian law firms are increasingly interdependent. We share clients, documents, systems – and, critically, risks. A compromise in one environment can easily spread to another, particularly in a digitized and interconnected ecosystem.”
  • “This leads to a simple question: if we are all connected, why are we defending ourselves separately?”
  • “We do have organizations in the legal technology space. ILTA exists. The Canadian Bar Association has groups. Provincial law societies publish guidance. But none of these bodies solves the collaboration problem.”
  • “ILTA, for example, is excellent but paywalled and primarily serves medium and large firms that can afford the fees. No single group reaches the thousands of small and mid-sized firms that make up the majority of Canada’s legal market. And none provides truly actionable, operational ‘knowledge and skills’ that firms can plug into their day-to-day work.”
  • “Instead, we end up with scattered pockets of collaboration, mostly among well-resourced firms, while the majority are left to fend for themselves. That divide is precisely where the collective risk sits – and where bad actors thrive.”
  • “Confidentiality is the foundation of the profession. But it does not stop at one firm’s firewall.”
  • “If one firm in a multi-firm matter is breached, everyone is exposed. If one firm transmits compromised files through a shared DMS or client portal, everyone is exposed. If a small firm working on a high-stakes matter is compromised, the fallout can affect clients, courts, regulators – even governments.”
  • “Clients already understand this. Many in-house legal teams now assess the cybersecurity posture of external counsel before engaging them. Insurers are tightening their requirements, and audits are becoming more frequent. Firms of every size, including solo practitioners, are expected to have reasonable safeguards and a working incident response plan.”
  • “The pressure is here. The risk is real. The only question is whether the profession responds collectively or continues to duplicate effort and go it alone.”

Investors Lament ‘Anti-Foreign’ Litigation Funding Push in US” —

  • “Federal legislation targeting foreigners who invest in US lawsuits is raising concerns among international financiers. The bill by Rep. Ben Cline (R-Va.) bans sovereign wealth funds from backing US litigation, potentially disrupting operations of funders such as Fortress Investment Group, Burford Capital, Omni Bridgeway, Ares Management Corp., Ellington Management Group and BlackRock Inc.”
  • “Funders that lack sovereign wealth backing would also be affected. The Cline bill requires overseas investors to disclose their roles in US lawsuits, which the funders say could delay court proceedings as defendants seek information about them in discovery.”
  • “The emphasis on foreign funders is an approach by the US Chamber of Commerce and other opponents of litigation finance to stymie the nascent industry. The legislation has sparked an intense lobbying campaign in the new year, with a pro-industry lobbying group forming after the House Judiciary Committee voted 15-11 in November to recommend the bill.”
  • “The practice of investing in lawsuits with the hope of winning proceeds from successful cases has become popular for financiers, who seek returns uncorrelated to the stock market. The litigation funding market is expected to grow to around $50 billion by the mid-2030s from nearly $21 billion last year, according to a report from boutique asset management firm Katch Investment Group.”
  • “The threat of US legislation has forced some foreign fund managers to reassess their growth strategies. ‘This lack of certainty and safety it is not helping anybody to feel happy about investing in the USA,’ said Ignacio Delgado, the general counsel for Loopa Finance, formerly known as Qanlex, which doesn’t currently fund US litigation and primarily operates in Latin America and Europe.”
  • “The US Treasury Department’s Office of Foreign Assets Control already restricts investment from countries of concern such as Iran and Russia, ‘so why do you need more law?’ asked Susan Dunn, founder of UK-based Harbour Litigation Funding.”
  • “‘There’s so much anti-foreign that’s going on in the US at the moment,’ said Dunn, who also chairs the Association of Litigation Funders of England and Wales. From US lawmakers’ perspective, ‘it’s like if I use the ‘foreign’ word then that’ll get me’ bill passage.”
    Cline’s Momentum”
  • “Cline’s proposal is the second version of legislation that singles out foreign funding. After the House panel passage it is the farthest along of three federal bills attempting to regulate litigation finance. The Chamber and other industry opponents have pressed for regulation because they say litigation finance results in frivolous lawsuits that raise the cost of doing business.”