Artificial intelligence-driven notetaking or transcription tools (“AI notetakers”) are increasingly used to transcribe meeting notes and generate meeting summaries. Below, we discuss risk management concerns arising from their use, followed by recommended best practices and strategies for their implementation.
1. Accuracy and proofreading risks
AI-generated transcripts or summaries may contain errors or misinterpretations. Some errors may be due to the lack of human judgment (e.g. missing nuance or context, such as failing to detect sarcasm, tone, or the inflection of a sentence). AI notetakers may even “hallucinate” to fill in unknowns or gaps (industry-specific terms of art may be particularly susceptible). Notetaking tools may misidentify speakers, especially in multi-party meetings, leading to erroneous attributions.
2. Data privacy and security
AI notetakers pose a threat to the privacy and security of confidential and privileged information. Many AI transcription services operate in the cloud, meaning that sensitive conversations may be stored on third-party servers. Depending on vendor terms, the data may be retained, analysed, used to train AI models, or even shared with affiliates or other third parties, imperilling confidentiality, and creating privacy concerns.
3. Discoverability
As AI notetaker use increases, so too will related discovery requests in litigation or regulatory proceedings. Those demands not only raise record preservation issues but may also trigger concerns around legal or professional privilege and confidentiality protections. If otherwise protected meeting notes are inadvertently shared or disclosed, those protections could be lost. Given their duty to safeguard confidential and privileged information, professionals should be cautious before allowing AI notetakers to record or summarise sensitive discussions.
4. Interception of communications
AI notetakers may also breach laws regulating the interception of communications (opens a new window). In the UK, this is governed by the Investigatory Powers Act 2016. The Act makes it a criminal offence to intercept a private communication without appropriate authority or consent.
If an AI notetaker is used without clear notice or consent, a firm may inadvertently violate these laws. The safest course is to obtain all participants’ explicit consent before enabling any AI notetaker.
5. Regulatory and client compliance
Certain industries and categories of data are subject to specific regulations governing the privacy and protection of information stored, transmitted or disclosed (e.g. UK GDPR). Additionally, clients may have contractual requirements or internal policies that restrict the storage, access, or handling of information.
Best practices to mitigate risk
If organisations use AI notetakers, they should do so thoughtfully. Consider the following recommended practices:
Policy and governance framework – Develop a firm policy governing when and how AI notetakers may be used. This may include approved tools and categories of communications where use is permitted and those that are off-limits (e.g. highly confidential meetings, strategy discussions, sensitive client matters).
Vendor due diligence – Thoroughly vet vendors and review vendor terms, including whether transcripts are used for model training.
Confidentiality, privilege, and work product safeguards – Be cautious with (and consider restricting) the use of AI tools for external meetings, especially those involving sensitive or confidential information or where legal or professional privilege may apply. Consider standardising opening statements announcing the use of a notetaking tool, participants’ consent, and any applicable confidentiality or privilege protections.
Notice and consent – Identify and comply with applicable laws on recording, transcription and privacy. Before recording, inform all participants that an AI notetaker will be used and allow objections. Confirm and document consent. At the outset of meetings, consider asking others whether they are using recording or AI tools.
Accuracy review and human oversight – Review transcripts for accuracy and watch for issues such as misattribution, misinterpretation or omissions. Record any necessary corrections to ensure an accurateaccount of the meeting.
Training and awareness – Train professionals and support staff on the limitations and risks of AI notetaking tools, as well as best practices for maintaining confidentiality and information protection obligations.
Client communication – Be transparent with clients about AI notetaker use and the organisation’s policies. Consider including terms in engagement letters explaining the benefits and risks and permitting use unless the client objects. Where appropriate, advise clients on their own use of AI notetakers, including notice, consent and confidentiality considerations. If a client uses an AI notetaker in relevant meetings, consider requesting a copy of the transcript for review.
For more information, reach out to a member of our team.
