Skip to content
Law Society of Scotland
Search
Find a Solicitor
Contact us
About us
Sign in
Search
Find a Solicitor
Contact us
About us
Sign in
  • For members

    • For members

    • CPD & Training

    • Membership and fees

    • Rules and guidance

    • Regulation and compliance

    • Journal

    • Business support

    • Career growth

    • Member benefits

    • Professional support

    • Lawscot Wellbeing

    • Lawscot Sustainability

  • News and events

    • News and events

    • Law Society news

    • Blogs & opinions

    • CPD & Training

    • Events

  • Qualifying and education

    • Qualifying and education

    • Qualifying as a Scottish solicitor

    • Career support and advice

    • Our work with schools

    • Lawscot Foundation

    • Funding your education

    • Social mobility

  • Research and policy

    • Research and policy

    • Research

    • Influencing the law and policy

    • Equality and diversity

    • Our international work

    • Legal Services Review

    • Meet the Policy team

  • For the public

    • For the public

    • What solicitors can do for you

    • Making a complaint

    • Client protection

    • Find a Solicitor

    • Frequently asked questions

    • Your Scottish solicitor

  • About us

    • About us

    • Contact us

    • Who we are

    • Our strategy, reports and plans

    • Help and advice

    • Our standards

    • Work with us

    • Our logo and branding

    • Equality and diversity

  1. Home
  2. News and events
  3. Legal news
  4. Lawyer warns of data breach risk from ChatGPT

Lawyer warns of data breach risk from ChatGPT

3rd April 2023 | information technology | Data protection , IT and intellectual property

Data breach experts are increasingly concerned about the risks from confidential client data being input into artificial intelligence systems such as ChatGPT, according to a legal director at a law firm with a specialism in data breaches.

ChatGPT’s recent advent in assisting businesses including legal firms with administrative tasks and improving efficiency has caused a huge increase in users. However, Richard Forrest of Hayes Connor has issued a warning after a recent investigation by Cyberhaven revealed that sensitive data make up 11% of what employees submit to ChatGPT.

Likewise, confidentiality agreements with clients may be at risk, as sensitive information may be entered by employees into the chatbot, as could trade secrets, including codes and business plans, putting employees potentially in breach of their contracts.

Several large-scale companies, including JP Morgan, Amazon, and Accenture, have now restricted the use of ChatGPT by employees.

Mr Forrest urges all businesses who use ChatGPT to implement various measures to ensure employees are remaining GDPR compliant. He suggests:  

  • Assume that anything you enter could later be accessible in the public domain.
  • Don’t input software code or internal data.
  • Revise confidentiality agreements to include the use of AI.
  • Create an explicit clause in employee contracts.
  • Hold sufficient company training on the use of AI.
  • Create a company policy and an employee user guide.

“ChatGPT, and other similar large language models (LLMs), are still very much in their infancy stages”, Mr Forrest commented. “This means businesses incorporating the chatbot into work processes are in uncharted territory in terms of GDPR compliance.

“Businesses that use ChatGPT without proper training and caution may unknowingly expose themselves to GDPR data breaches, resulting in significant fines, reputational damage, and legal action taken against them. As such, usage as a workplace tool without sufficient training and regulatory measures is ill-advised.”

Add To Favorites

Additional

  • News and events

In this section

  • Law Society news
  • CPD & Training
  • Blogs & opinions
  • Events
  • 75th Anniversary

Categories

  • civil litigation
  • criminal law
  • employment
  • obituary
  • careers
  • practice management
  • law society of scotland
  • government-administration
  • welfare/benefits
  • family-child law
  • reparation
  • professional regulation
  • property (non-commercial)
  • insolvency
  • consumer
  • human rights
  • mental health-adult incapacity
  • planning/environment
  • europe
  • information technology
  • immigration
  • education-training
  • executries
  • corporate
  • commercial property
  • agriculture-crofting
  • dispute resolution
  • risk management
  • intellectual property
  • client relations
  • tax
  • licensing
  • banking-financial services
  • trusts-asset management
  • reviews
  • opinion
  • For the public
  • Research and policy
  • Regulation
  • Journal online news
  • interview

News Archive

  • 2023
  • 2022
  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2014
  • 2013

Related articles

  • ICO issues guidance on workplace monitoring
  • Deepfake scam warning in wake of Lewis advert
  • Susskind seeks National Institute for Legal Innovation
  • English law works for digital assets, Commission reports
Law Society of Scotland
Atria One, 144 Morrison Street
Edinburgh
EH3 8EX
If you’re looking for a solicitor, visit FindaSolicitor.scot
T: +44(0) 131 226 7411
E: lawscot@lawscot.org.uk
About us
  • Contact us
  • Who we are
  • Strategy reports plans
  • Help and advice
  • Our standards
  • Work with us
Useful links
  • Find a Solicitor
  • Sign in
  • CPD & Training
  • Rules and guidance
  • Website terms and conditions
Law Society of Scotland | © 2025
Made by Gecko Agency Limited