Questions? Chat With Us!

Inside Axiom

Navigating Data Protection and Privacy in the Age of AI: Key Insights for Legal Leaders

April 2025
By Shaheen Sharif

Navigating Data Protection and Privacy in the Age of AI

As VP of Technology Practice at Axiom, I recently had the privilege of moderating our webinar, "The Privacy Frontier: Navigating Data Protection and Privacy in the Age of AI." The discussion brought together legal leaders from Cisco and Proofpoint who shared invaluable insights on how legal departments can harness AI's potential while addressing its risks.

Having worked across the technology spectrum—from startups to large enterprises—I've witnessed firsthand how privacy and data protection challenges evolve with technological advancement. Our recent webinar confirmed what many of us are experiencing: we're at a critical inflection point where legal leaders must develop thoughtful approaches to AI governance and implementation.

 

The AI Adoption Landscape: Where Do Legal Teams Stand?

Our live poll results painted an interesting picture of where legal departments currently stand in their AI journey:

  • Nearly half (47.5%) are still in exploration mode, investigating how AI tools might benefit their operations
  • Equal portions (18% each) have either recently implemented AI tools or are using them regularly
  • A notable minority (15%) have not yet begun using AI tools

These numbers reveal that while there's significant interest in AI, most legal teams are proceeding cautiously—a prudent approach given the complex risks involved. As Keith Larney from Proofpoint observed, we're "going to have to be on journeys with the vendors as they continue to develop," highlighting the evolutionary nature of this technology.

The Democratization of AI: Why Now?

During our discussion, a fascinating insight emerged about what's driving current AI adoption trends. Keith described how the emergence of generative AI has fundamentally changed the accessibility equation: "What really appeared to have entered the stage of generative AI is the democratization of AI. Whereas this used to be primarily technologists that understood how to use it, now in plain language, it's accessible to all of us."

This democratization explains why we're seeing such rapid adoption compared to earlier AI technologies. When tools require specialized technical knowledge, adoption is naturally limited. But user-friendly interfaces that accept natural language queries have opened AI capabilities to legal professionals regardless of their technical background.

Beyond the Hype: Practical Applications for Legal Teams

Our panelists identified several high-value applications for AI in legal departments:

For Contract Management

The promise of AI to transform contract review is substantial. As Keith noted, the "nirvana" would be "taking a commercial contract and sticking it into a tool and it's a customer form that doesn't really relate directly to your form and coming out with an accurate response to that, attuned to our risks through training, algorithm training and playbook training."

While we're not quite at "nirvana" yet, AI tools are already enhancing contract review processes by:

  • Identifying non-standard clauses
  • Flagging potential compliance issues
  • Accelerating initial review processes

For Due Diligence

In mergers & acquisitions (M&A) contexts, AI can dramatically accelerate the due diligence process by:

  • Categorizing and analyzing large document collections
  • Highlighting potential risk areas
  • Generating preliminary findings reports

For Legal Research

AI is also transforming how legal teams conduct research, with tools that can:

  • Summarize lengthy court decisions
  • Extract key principles from regulatory guidance
  • Identify relevant precedents across jurisdictions

However, Jeff Reed emphasized the importance of verification: "At least 50% of the time, there's inaccuracies." This underscores the need for what he calls a "trust but verify" approach when working with AI-generated content.

Addressing Security and Data Protection Concerns

Throughout our discussion, security emerged as a paramount concern when implementing AI tools. Our panelists offered several practical strategies for addressing these risks:

1. Understand Your Vendor's Data Practices

Rob Keller highlighted the tension between customization and confidentiality: "This is this constant push and pull between customers who want something that's really great for their use case, but at the same time they don't want to share all their confidential information."

To address this, legal leaders should:

  • Clarify how vendors use your data to train their models
  • Negotiate restrictions on data usage for improving their general AI capabilities
  • Consider closed solutions where your data is used only for your benefit (though Rob noted these are typically "more cumbersome, more expensive")

2. Evaluate Open Source vs. Proprietary Models

Jeff Reed provided a nuanced analysis of security considerations when choosing between open source and proprietary AI models:

  • Open source models may have more vulnerabilities due to distributed development
  • Patching procedures might be less robust
  • Models from certain countries may pose additional regulatory and security considerations

For tools like DeepSeek (an open-source model), Jeff recommended "tread[ing] cautiously" and "know[ing] your vendor."

3. Partner With Your Security Team

One of Jeff's most practical recommendations was to "partner with your security team, your information security team as you're rolling these tools out." As he noted, "We as lawyers are not aware of the security components, the standards, the requirements... we need that teamwork with the information security team."

4. Consider Attorney Client Privilege Implications

If you are considering uploading privileged communications into an AI tool, be sure to review the state bar opinions and applicable case law to determine whether the AI tool may be considered a third party possibly waiving privilege protections and what additional contractual obligations for the vendor may be required to ensure privilege can be maintained. 

Developing AI Governance Frameworks

Perhaps the most emphatic point made during our webinar was the critical importance of establishing formal AI governance frameworks. Rob Keller called this "the most important thing" for companies implementing AI.

Based on our panelists' experiences, here's how legal leaders can approach this task:

1. Start With Comprehensive Benchmarking

Jeff described how Proofpoint analyzed "well over a hundred different statements about AI principles" from peers, tech leaders, and other sectors. This benchmarking helped them identify core principles that appeared consistently across industries.

2. Form Cross-Functional Teams

Effective AI governance requires input from multiple perspectives. At Proofpoint, cross-functional teams analyzed each principle "both from a business of legal perspective" to determine relevance and appropriate application.

3. Develop Formal Assessment Processes

Rob explained how Cisco's AI policy team conducts impact assessments for new AI tools, evaluating human rights impacts, legal compliance, and intellectual property considerations.

4. Establish Ongoing Review Mechanisms

Jeff emphasized that developing principles is just the beginning: "Once you have the principles and you're applying them and your company continues to grow and evolve and things change, you keep looking at it again and again and again."

Still in the Phase of Exploring AI Technology?

 

Axiom now offers engagements supercharged with DraftPilot, an AI-powered contract review tool.

  • Rigorously field-tested by Axiom lawyers in real client engagements.
  • Proven to improve the efficiency of contract-related legal tasks by up to 60%.
Learn About DraftPilot
Time saving

 

Navigating the Evolving Regulatory Landscape

Our panelists provided valuable context on the regulatory environment, particularly focusing on recent EU legislation:

  • EU Data Act (2022): Recognizes the value of all data, not just PII
  • EU AI Act (2023): Requires human oversight in AI decision-making
  • Cyber Resiliency Act (2023): Mandates security integration from inception

Rob also noted recent developments that may indicate a shift toward "lighter regulation" in Europe, potentially to help European AI companies like Mistral compete globally.

Practical Contract Recommendations for AI Vendors

Our audience was particularly interested in contractual protections when working with AI vendors. Key recommendations included:

  1. Separate provisions for different AI types
    • Machine learning (which can be anonymized and aggregated)
    • Generative AI (which should not be aggregated)
  2. Include strong indemnification for:
    • Intellectual property claims
    • Liability from false outputs
  3. Balance protection with functionality
    • Keith cautioned against making restrictions "more draconian than they need to be because it may affect the functioning of the tool"

Final Thoughts: The Legal Professional's Role in the AI Era

Despite AI's transformative potential, our panelists were unanimous that it will enhance rather than replace legal professionals. Keith pointed to historical precedent: "Westlaw and Lexis didn't exactly make junior attorneys obsolete at any point."

Instead, AI will likely shift legal work toward higher-value activities requiring judgment, strategic thinking, and creativity. For legal leaders, this represents an opportunity to elevate their departments' contributions while automating more routine tasks.

As Keith observed, this technological wave creates "great opportunities... for utilizing our highest faculties, our judgment faculties, our strategic thinking faculties, our creativity as opposed to sort of rote analysis of something that you do over and over again over time."

Conclusion

Moderating this webinar reinforced my belief that we're at a pivotal moment for legal departments navigating AI implementation. While the challenges are substantial, the potential benefits for those who develop thoughtful governance frameworks and implementation strategies are equally significant.

The legal leaders who will thrive in this new landscape will be those who balance innovation with prudence, embracing AI's capabilities while maintaining rigorous oversight of its risks. As Jeff Reed aptly noted, legal leaders "should be at the forefront of pushing our teams and especially everybody on adopting and using AI to enhance their legal practice rather than be left behind."

To gain more insights from our expert panel and learn additional strategies for navigating data protection and privacy in the age of AI, I encourage you to watch the full webinar recording. The depth of expertise and practical advice shared by our panelists extends well beyond what I've been able to capture here.

For companies still exploring AI legal technology, check out our recently launched our Tech+Talent offering in partnership with DraftPilot, an AI-powered contract review tool that has been rigorously field-tested by Axiom lawyers in real client engagements. This solution has proven to improve the efficiency of contract-related legal tasks by up to 60%.

💡 Harness AI's potential while addressing its risks.

Watch the Webinar Learn About DraftPilot

 

Posted by Shaheen Sharif
Shaheen Sharif is the VP of Technology Practice at Axiom, bringing over two decades of experience working with technology companies ranging from startups to large enterprises in the Bay Area. She specializes in helping legal departments navigate emerging technologies, with a particular focus on AI implementation, data privacy, and regulatory compliance. Shaheen is passionate about finding the optimal intersection of legal talent and technology solutions to help in-house legal teams increase efficiency while maintaining the highest standards of quality and compliance.

Elevate your in-house legal team

Get connected with vetted Axiom legal professionals, seamlessly integrated into your team, when and how you need them.

Find A Lawyer Now Talk To Our Team
Live Page: true