OpenAI states that for ChatGPT Plus, Pro, and Free plans on a personal workspace, data sharing is enabled by default, though users can opt out. By contrast, OpenAI states that ChatGPT Business, ChatGPT Enterprise, ChatGPT Edu, and API offerings do not use inputs and outputs to train models by default.

That distinction matters.

A lawyer using a personal paid account may think, “I have premium AI.” But from a governance standpoint, the firm may still have no centralized control, no matter-level logging, no approved retention policy, no SSO enforcement, no admin visibility, and no way to prove the tool complied with client instructions or a protective order.

Legal-specific AI tools can be a better fit because they are designed around legal workflows, legal content, and law-firm expectations. But law firms still need to review the terms.

Clio says its AI maintains the same security standards as the rest of its platform, that data is not used to train AI models, and that data remains within secure region-specific infrastructure.

LexisNexis says it never uses customer data to train its AI models and describes encryption, MFA, audits, and SOC compliance as part of its security approach.

Thomson Reuters states that CoCounsel does not use customer content or prompts to train or enhance CoCounsel or third-party LLMs, and that retention can be configured at the organization level.

Those are the kinds of representations law firms should look for. But marketing language is not enough. The firm should verify the contract, data processing addendum, confidentiality language, model-training restrictions, deletion rights, subprocessor list, security certifications, and feature-level limitations.

Microsoft says Microsoft 365 Copilot prompts, responses, and data accessed through Microsoft Graph are not used to train foundation LLMs. Microsoft also states that Copilot only surfaces organizational data the user already has permission to view.

That second point is both a feature and a warning.

Copilot respects permissions. But if the firm’s SharePoint, OneDrive, Teams, or email permissions are too broad, Copilot may reveal information to users who technically have access but should not see it.

In other words, AI may not create the permission problem. It may expose it.

Before rolling out Copilot broadly, firms should clean up permissions, apply sensitivity labels, review external sharing, configure DLP, enable audit logging, and test what different roles can retrieve.

A practical AI policy should not simply say “AI is allowed” or “AI is banned.” It should define permitted, controlled, and prohibited uses.

Before a law firm approves AI for client-related work, it should answer:

AI can summarize. It can draft. It can compare. It can brainstorm. It can help attorneys find structure faster.

But it cannot carry the lawyer’s professional responsibility.

The California State Bar’s 2026 guidance states that lawyers remain responsible for reviewing and approving AI outputs, decisions, advice, and filings. It also warns that the duty of candor to the tribunal cannot be delegated to AI and that legal analysis and citations must be reviewed and verified before submission to a court.

That means every AI-assisted legal output needs attorney review.

Not a quick glance.

A real review.

Paid AI can be useful. Enterprise AI can be safer. Legal AI can be better aligned with legal practice. But none of those labels automatically protects privilege, confidentiality, HIPAA, or work product.

The safe question is:

“What data are we putting into which tool, under what contract, with what controls, for what purpose, and with what human review?”

That is AI governance.