Legal hold compliance has always been a balancing act for corporate legal teams. Between juggling tight deadlines, tracking down custodians, and navigating sprawling data environments, it’s not exactly a walk in the park. Now, throw generative AI (GenAI) into the mix, and suddenly that balancing act feels more like a high-wire circus act—with no net.
A legal operations professional recently shared an eye-opening story with me: they discovered an attorney was using a free version of ChatGPT to rewrite emails for outside counsel. It came up in water cooler conversation, but as they were speaking the realization hit both of them that privilege could be compromised and that those prompts and content could be discoverable, and therefore subject to a legal hold.
The truth is, as amazing as GenAI can be for boosting productivity, it also introduces compliance hurdles. Here’s why.
Why GenAI is making legal holds tricky
1. Data everywhere (and nowhere)
GenAI tools create content in ways we’ve never had to deal with before. Imagine emails, documents, chat transcripts, code snippets, and marketing copy, all generated and stored in different systems. Finding what’s relevant when litigation arises feels like playing hide-and-seek in a digital jungle.
For instance, if an employee uses GenAI to create a PowerPoint presentation, the legal hold must include the GenAI tool itself, which may lack the preservation or export capabilities required for discovery.
2. The ephemeral nature of AI outputs
Some GenAI outputs, like temporary text suggestions or images, disappear as soon as they’re used. This creates a big question: how do you preserve something that might not even exist by the time you issue a legal hold?
3. Privacy and security headaches
GenAI doesn’t just generate content—it processes data, too. Sometimes, that data includes sensitive personal information. So when legal holds bump into privacy laws like GDPR or CCPA, legal teams are stuck figuring out how to comply with both without stepping on any regulatory landmines.
How many times have you asked for GenAI help for work-related questions in a Google search or ChatGPT prompt that’s linked to a personal account on your phone? That has the potential of mixing personal private information in with relevant work-related data.
4. Relying on AI vendors
Many companies use external GenAI platforms, meaning the data lives in systems outside their direct control. The convenience of using GenAI to boost productivity is counter-balanced by the risk of not knowing where your data is being stored or how to access for any discovery.
How legal teams are fighting back
So, how are corporate legal departments managing this GenAI-induced chaos? A mix of creativity, technology, and, frankly, a lot of coffee.
1. Strong data governance frameworks
Legal, IT, and compliance teams are coming together to create clear policies about how GenAI tools should be used and how the data they generate should be stored. Think of it as building a roadmap before heading into unfamiliar terrain.
If you know my story, I was at an information governance company for 5 years where machine learning was used to organize and categorize data. GenAI has the potential to help with even better data organization, but requires these new tools to be vetted and incorporated into the InfoGov framework to ensure the data can be securely stored, accessed and remediated as necessary.
2. Smarter tools for smarter challenges
Legal departments are turning to AI to tackle AI. Advanced ediscovery tools can now handle unstructured data like GenAI outputs and automate parts of the legal hold process.
DISCO came out with Cecilia a couple years back to put guardrails on the power of GenAI for document review. And the skills Cecilia now employs, allow for even more productivity boost during discovery.
3. Training teams to spot red flags
Companies are rolling out training programs to help employees understand why AI-generated content needs to be handled carefully. Policies and continuous education are critical to ensuring the responsible use of GenAI aligns with organizational goals.
4. Updating vendor contracts
Legal teams are making sure AI vendors agree to preserve data and provide access when needed. No more surprises when discovery requests come knocking.
4. Clear guidelines for AI usage
Some companies are restricting the use of certain GenAI tools in high-risk situations, like client communications or regulatory filings. Others are just making sure everyone knows the rules upfront: if you’re using GenAI, document it properly.
Most companies are seeking guidance from peer companies, outside counsel, and looking for case law to develop to ensure their guidelines encompass the ever changing landscape.
The way forward
Yes, GenAI is shaking things up, but it’s not all doom and gloom. Legal departments are finding creative ways to adapt, and the lessons learned today will set the stage for smoother operations tomorrow.
At the end of the day, it’s all about balance—embracing the benefits of GenAI while staying compliant. And if nothing else, we’ll all have plenty of war stories to swap at the next legal tech conference.
Ready to future-proof your legal operations? Book a demo with one of our experts to learn how our cutting-edge solutions can help your team tackle the challenges of legal holds and GenAI.
How’s your team handling the rise of GenAI? I’d love to hear your thoughts (or your own “scramble” stories). Let’s compare notes! Connect with me on LinkedIn.
