What client-data boundaries should a professional services firm set before using AI?

Why client-data boundaries come before AI adoption

Professional services firms should set client-data boundaries before using AI in client work because confidentiality, fiduciary duty, professional ethics, and regulatory oversight all sit on top of the normal technology risk. The Dan Cumberland Labs guidance makes that point clearly: a professional firm is deciding whether a useful tool can handle client information, work product, and professional judgement in a way the firm can defend.

The practical risk is simple. If a team member pastes client financials, legal facts, employee records, or draft advice into an unmanaged AI tool, the firm may have made a confidentiality decision without review, policy approval, or a record. The AI tool does not carry the duty to the client. The firm does.

The safest approach is a four-zone data rule

Use four zones: prohibited data, restricted data, approved data, and anonymised or synthetic data. Prohibited data should never enter public AI tools. Restricted data may only be used in approved firm systems with contract, retention, training-use, and access controls checked. Approved data can be used for lower-risk drafting or analysis where the firm has confirmed the tool and the workflow. Anonymised or synthetic data is preferred for testing prompts, building templates, and training staff.

Map your AI data-risk gaps

This structure gives staff a fast decision path. It also gives compliance and practice leaders something auditable: what data category was used, which tool was approved, who reviewed the output, and what evidence sits behind the decision.

What belongs in the prohibited and restricted zones

Prohibited data should include privileged legal material, confidential client facts, non-public financial data, live personal data, special category data, credentials, security information, trade secrets, and any information covered by a client instruction that bars external processing. If the firm would not send the material to an unknown contractor without a written agreement, it should not go into a public AI tool.

Restricted data covers material that may be usable in a controlled environment but still needs safeguards. Examples include client drafts, matter summaries, support tickets, claim narratives, board packs, financial models, due diligence notes, and regulated customer records. The boundary is not whether the data looks sensitive to the person using it. The boundary is whether the firm has a lawful basis, client permission where needed, contractual controls, and an accountable reviewer.

What the approved zone needs before use

An approved AI tool should have a named owner, permitted use cases, data classes allowed, retention settings, training and reuse settings, access controls, logging, review steps, and an incident route. The source guidance highlights a tools inventory and an acceptable use policy because a firm cannot govern tools it cannot see. Shadow AI is the failure mode: staff use personal or unmanaged tools because the approved route is unclear or too slow.

Set the governance model for approved AI use

Approval should also be role-specific. A marketing assistant summarising public research, a solicitor drafting client advice, and a finance team testing a cash-flow model do not carry the same data risk. The policy should say who may use which tool, for which purpose, with which data, and with what level of review.

How to turn the boundary into daily behaviour

Start with an inventory of tools already in use, including browser extensions, embedded AI features, meeting assistants, document add-ons, research tools, and public chat interfaces. Then create a short acceptable use policy that staff can actually follow. It should cover approved tools, prohibited data, verification requirements, disclosure triggers, supervision responsibilities, and incident reporting.

For professional services work, human review is not optional. AI output that reaches a client should be checked by a qualified person who can assess accuracy, context, privilege, confidentiality, and whether the answer fits the engagement. The review should be recorded enough to show who checked it, what was checked, and what changed before delivery.

What evidence should be kept

Keep a light record for each meaningful AI use case: business purpose, tool name, data class, client or matter boundary, reviewer, output destination, decision made, and any incident or exception. For higher-risk use cases, add vendor due diligence, DPIA or privacy assessment notes, prompt/output samples where appropriate, model or tool version, and review sign-off.

This does not need to become bureaucracy. The aim is a defensible receipt. If a client, regulator, insurer, or partner asks how AI was used, the firm should be able to explain the tool, the data boundary, the review step, and the accountable person.

Conclusion

Client-data boundaries make AI usable rather than risky. The best starting point is not a long policy in isolation. It is a visible data classification rule, a tools inventory, approved alternatives that are easy to use, and a review record that protects clients and the firm.

Build a practical AI implementation plan

FAQ

Can staff use public AI tools for client work?

Only for material the firm has classified as safe for that tool. Confidential, privileged, personal, or non-public client data should stay out unless the tool, contract, settings, and client permissions support that use.

Is anonymised data always safe?

No. Anonymisation must be real enough that the client or individual cannot be re-identified from context, details, or combined data. When in doubt, use synthetic examples instead.

Who should approve AI tools?

A named governance owner or small cross-functional group should approve tools, with input from practice leadership, compliance, legal, IT, and security where relevant.

What should be logged when AI supports client work?

Log the tool, purpose, data class, reviewer, output destination, key decision, and any exception. Higher-risk work needs fuller evidence, including vendor checks and privacy assessment notes.