The Privacy Checklist: What Every SA Attorney Needs to Know

The number one question used to be "Can it write a contract?" Now the number one question is "Will I get disbarred for using it?"

The short answer: Maybe.

The long answer depends on your settings. Here is the non-negotiable checklist for South African firms using AI.

1. Turn Off Model Training

If you are on the free version of ChatGPT or Gemini, you are likely part of the product. Your inputs can be used to train future models.

• OpenAI: Settings > Data Controls > Turn off "Chat History & Training" (or use Enterprise).
• Claude: Commercial data is not trained on by default (check T&Cs).

2. The "Names and Dates" Rule

Even with privacy on, never paste:

• Client Names (Use "Client A" or "The Purchaser")
• ID Numbers
• Bank Account Details
• Unpublished Court Case Numbers

Sanitization is your first line of defense.

3. POPIA & Data Sovereignty

Most LLMs process data in US servers. Under POPIA, you need to ensure adequate protection when transferring special personal information cross-border.

Does the US have adequate protection? Adequacy depends on the specific safeguards in place — South Africa's Information Regulator has not issued a blanket finding. Your client engagement letter should disclose that you use cloud-based AI tools. [REQUIRES SOUTH AFRICAN LEGAL VERIFICATION]

4. Privilege is Fragile

If you paste privileged advice into a public chatbot, have you waived privilege? The courts haven't ruled yet, but do you want to be the test case?

"Treat the AI like a crowded elevator. Don't say anything you wouldn't want a stranger to overhear."

Summary

You can use AI safely. But you can't use it blindly. Sanitize your inputs, pay for the enterprise versions, and update your client letters.