AI notetaking and transcription: risk management considerations and best practices
Nicola Anthony, risk manager at Lockton, outlines the potential dangers of AI-enabled notetaking and transcription — including breaches of accuracy, data privacy and communication law — and shares essential controls for safe use
AI-driven notetaking or transcription tools (‘AI notetakers’) are increasingly used by lawyers, clients, and others to transcribe meeting notes and generate meeting summaries. Notetakers may be embedded in video conferencing platforms, or utilised as a standalone application.
Although their accuracy is improving, AI notetaking tools remain imperfect. Below, we discuss risk management concerns arising from their use, followed by recommended best practices and strategies for their implementation.
1. Accuracy and proofreading risks
AI-generated transcripts or summaries may contain faults, including errors or misinterpretations. These may be due to the lack of human judgment which results in missed nuance, context, or tone, causing significant distortions. AI notetakers may even hallucinate to fill in unknowns or gaps (legal or industry-specific terms of art may be particularly susceptible). Notetaking tools may misidentify speakers, especially in multi-party meetings, leading to erroneous attributions. Adding to the problem, participants may not review or correct AI-generated notes. As a result, errors may become part of ‘the record’.
2. Data privacy and security
AI notetakers pose a threat to the privacy and security of confidential and privileged information. Many AI transcription services operate in the cloud, meaning that sensitive conversations may be stored on third-party servers. Depending on vendor terms, the data may be retained, analysed, used to train AI models, or even shared with affiliates or other third parties, imperilling confidentiality and implicating privacy concerns.
3. Discoverability
In some situations, AI transcripts may be discoverable in litigation, meaning that inaccuracies could be misconstrued by an adversary. Discovery demands may not only implicate record preservation issues but also trigger solicitor-client privilege and work-product immunity concerns. If otherwise privileged meeting notes are impudently shared or disclosed (for example, by a client representative sharing them with others in the organisation who don’t have a need to know), the privilege could be lost.
4. Interception of communications
AI notetakers may also breach laws regulating the interception of communications, as governed by the Investigatory Powers Act 2016. The Act makes it a criminal offence for a person to intentionally, and without lawful authority, intercept in the UK any communication during its transmission. If an AI notetaker is used without clear notice or consent, a lawyer or law firm may inadvertently violate these laws. The safest course is to obtain all participants’ explicit consent to recording before enabling any AI notetaker.
5. Regulatory and client compliance
Certain industries and categories of data are subject to specific regulations on the privacy and protection of information stored, transmitted, or disclosed (e.g. UK GDPR). Additionally, clients may have policies or outside counsel guidelines that restrict the storage, access, or disposal of information. The use of AI notetakers without proper precautions may breach regulatory or client requirements.
Best practices to mitigate risk
If lawyers use AI notetakers, they should do so thoughtfully. Lawyers and firms should consider the following recommended best practices and tips:
- Develop a policy and governance framework. This should set out when and how notetakers may be used, identify specific tools and applications for AI, and stipulate categories of communications where use is off-limits (e.g. privileged meetings, strategy sessions, depositions).
- Conduct robust vendor due diligence. Thoroughly vet vendors and review vendor terms, including whether transcripts are used for model training.
- Implement confidentiality safeguards. Be exceedingly cautious with (and consider prohibiting) the use of AI notetakers for external meetings, especially those where the attorney-client privilege or work-product doctrine may apply. Ensure that transcripts are labelled appropriately (for example, “confidential and privileged”) and reflect any corrections.
- Provide notice and secure consent. Identify and evaluate laws regarding recording, transcription, and privacy in relevant jurisdiction(s). Before recording, announce to all meeting participants that an AI notetaker will be used, and confirm and document their consent on the record. Consider asking other participants if they are using AI notetakers or other recording devices.
- Prioritise human oversight. Carefully review transcripts for accuracy and be alert for problems such as misattribution, misinterpretation, and fabrication. Document any necessary corrections or appropriate context to ensure the transcript accurately captures the meeting.
- Invest in training and awareness. Educate staff about the limitations and risks of AI notetaking tools, and best practices for maintaining confidentiality, privilege, and work-product protections.
- Ensure transparency with clients. Inform clients of AI notetaker use, and any relevant policies and protections in place. Consider engagement letter language disclosing potential notetaker use, explaining the benefits and risks, and permitting its use absent express client objection. If a client uses an AI notetaker for meetings relating to the representation, request a copy of the transcript for review.
For more information, reach out to Nicola Anthony, risk manager, Lockton.
Visit our Solicitors page for more information.
