General counsel working with law firms or legal tech companies implementing OpenAI’s generative AI tools on Microsoft’s Azure cloud face confidentiality issues stemming from a contractual loophole that allows Microsoft employees to review some prompts, Legaltech News reports.
Prompts that include any “hate, sexual, violence and self-harm”-related content can be retained by Microsoft and subject to human review for 30 days, potentially violating attorneys’ confidentiality duties to clients.
“This is supposed to be the leveler that allows us to compete [with big law firms] up and down the scale,” an attorney whose name was withheld told Legaltech News. “But now all of a sudden, we’re hindered because of this concern.”
Microsoft has been publicly disclosing the data retention conditions of its Azure OpenAI Service since 2023, the publication reported. But representatives of law firms and tech companies that the publication talked to said the relevant contract provisions are buried in a “nexus of terms and conditions” that require accessing multiple links and pathways to find it.
“It is a really tough web of contracts to find the [right] documents,” Michael Bommarito, CEO of 273 Ventures and co-founder and CTO at licens.io, told Legaltech News.
They weren’t hidden, he said, but “‘you had to be patient’ and click through several documents to come to find it,” the publication reported.
What’s more, there’s no such data retention policy for Microsoft’s Azure cloud and other services, so the policy was said to have caught some people by surprise.
“All of a sudden, you’re telling me it’s different because it’s Azure OpenAI?’” an unidentified law firm source told the publication. “Like, what just happened over there?”
To close the confidentiality loophole, law firms and tech companies are seeking to get an exemption to the policy, with mixed success. To seek an exemption, the company or firm needs to be what’s called a managed partner – essentially, a big enterprise client – and follow a process that includes answering questions about their size, industry and how they’re using the application, among other things.
Relativity, NetDocuments, Clearbrief and Macro are among the software companies with legal applications that have received an exemption from the policy, according to the publication.
But sources told Legaltech News that a big portion of the legal industry is either unaware of the policy or has tried but been unable to get the monitoring turned off.
“As more clients become aware of Microsoft’s potential monitoring of confidential information, both firms and providers without the right settings are likely to backtrack from their Azure OpenAI integrations,” the publication says.
