Professional Fiduciary Duty in the Age of AI

Picture this: You're a corporate lawyer racing against a deadline to draft a time sensitive legally binding document or a financial accountant analysing balance sheets for a merger deal.

Your client, a high profile family-owned business is on the brink of a major merger or acquisition. They share intricate details of their subsidiary assets, family disputes, and strategic vulnerabilities trusting you as their go to professional.

To reduce hours off the task, you input lots of confidential details into an AI platform for a summary, or maybe even the first draft.

In a data centre thousands of miles away: A polished draft is generated in seconds which would have taken hours, if not days if done manually.

But what if, unbeknownst to you, that AI company, which is hungry for data, absorbs every word, only to leak fragments of your client's secret data directly or indirectly, to a rival entity querying on a similar scenario or asking for a simulation of what their counterpart’s strategy may be?

This risk isn't hypothetical, it's the ticking bomb in every professional's workflow as we rush to embrace AI without questioning its risks.​

At the core of this crisis lies the principle of fiduciary duty. Across numerous professions Lawyers, doctors, accountants, bankers, therapists, practitioners are bound by an obligation of confidentiality.

This duty constitutes a relationship of trust, wherein the private concerns of clients are safeguarded with the utmost discretion, transforming personal disclosures into protected and sacred confidences.

Clients don't just share facts; they bare souls, from a doctor's medical diagnosis to an accountant unearthing a potential fraud trail.

Yet generative AI models, these cloud-based marvels operate more like sponges than safes, absorbing every strand of data available to improve their future outputs.

When you upload a patient's chart or a divorce settlement, the data travels to distant servers for processing, often fueling model improvements and training unless explicitly barred.

Consumer-grade tools, free and abundant, rarely guarantee zero retention; your client's pain morphs into data centre algorithms.

Professionals who engage with this are edging towards borderline malpractice, outsourcing a non-delegable duty to a machine that neither understands ethics nor swears oaths.​

The Hidden Dangers 

AI's magic stems from its learning prowess, but that's precisely its danger. Unlike a junior associate who forgets after filing, these models analyse patterns: Syntax, numbers, contexts into their vast neural webs. Feed in a psychiatric evaluation or tax return, and echoes linger.

The real horror? "Hallucinations," where AI confidently spits fabricated facts, blending one user's input into another's output. Imagine a forensic accountant inputting embezzlement ledger; weeks later, the same model serves up those exact figures to opposing entity asking about "common fraud pattern tactics by X."

Real-world precedents chill the spine: Tech engineers once fed proprietary code into public chatbots, only to watch it regurgitate in competitors' queries.

For fiduciaries, this isn't a quirky bug it's a disclosure event, piercing confidentiality with surgical precision. Professional regulating bodies, issue stark warnings: Professionals must audit AI tools, anonymize data, and supervise outputs. Yet in the heat of deadlines, many gloss over terms of service, mistaking "helpful assistant" for "sworn confidant."​

Layer on data protection laws, and the noose tightens. Regimes like the EU's GDPR, UK's Data Protection Act, or Bangladesh's evolving digital security frameworks cast professionals as "data controllers," liable for every byte processed by "processors" like AI vendors or cloud giants.

Principles of purpose limitation, minimization, and accountability demand risk assessments before any input. No pasting sensitive files into public interfaces without safeguards—cross-border contracts with ironclad disclaimers often leave you exposed.

A hallucinated leak in a court filing? Regulators dissect your competence: Did you foresee risks? Secure consents? Document impact assessments? Professional indemnity insurers balk, ethics boards sanction, and clients sue. The margin for error? Razor-thin.​

Untangling the Web of Accountability

When the vault cracks, who pays the price? You, the professional, sit at the apex. Fiduciary duty doesn't evaporate with "the AI did it" excuse. Just as you're liable for a paralegal's slip, you're the gatekeeper for tools you unleash.

AI companies hide behind beta disclaimers and "use at your own risk" & “AI can make mistakes, please double check” clauses; cloud hosts plead infrastructure neutrality. Shared liability glimmers misrepresented privacy could ensnare providers under consumer laws but enforcement falters across jurisdictions.

Multinational behemoths wield opaque terms, rendering litigation a fool's errand. Clients, the true victims, foot the emotional bill: shattered trust in their hour of need. We've danced this tango before with tech leaps: telephones, emails, the internet, each birthing new ethics. AI demands we rediscover human custodianship amid the code.​

As a corporate lawyer navigating Bangladesh's Company Act, where board governance and contract precision rule, AI tempts with sifting case law or drafting notices. Doctors in overcrowded clinics crave symptom triage; accountants chase audits faster. Geopolitics and political and economic uncertainty adds urgency: leaked strategies in tense regions invite exploitation. Efficiency seduces, but trust is eternal. One breached resolution could torch careers, families, futures.

Safeguards for a Secure Future

The ethical line? Bifurcate ruthlessly.

Anonymize without mercy: Strip identifiers, generalize before input: names, dates, figures out.

Use enterprise grade AI subscriptions: Paid enterprise grade AI tools have policies not to retain data after a certain number of days and delete them from their servers, minimizing the risk of information leaks via AI hallucinations.

Vet vendors, secure consents: Demand audited privacy warranties; inform clients explicitly of AI's role.

Embed human oversight: Triple-check outputs; no autopilot for deliverables.

Formalize assessments: Conduct and log data-protection impact checks, per regulatory mandates.

Build firm resilience: Train teams, craft incident plans, consult insurers early and at regular intervals.

Push for policy: Lobby for AI transparency: data flow disclosures, mandatory breach reports, crisp liabilities.

Policymakers must step up, crafting risk-based rules that foster innovation without fragility. In Bangladesh, aligning with global standards could safeguard our growing digital economy.​

AI isn't the villain -- it's a force multiplier, sifting volumes of case law or medical journals in blinks. But confidentiality isn't a relic to automate away; it's the profession's soul.

The client eyes you across the desk, not the screen. Efficiency kneels to trust; betray it, and no algorithm absolves. Guard that human bond fiercely: Our future depends on it.

Shafqat Aziz is a barrister (Lincoln’s Inn) and an accredited Civil-Commercial Mediator (ADR-ODR International).