Rise in Popularity of AI Transcription Services Brings Litigation and Disclosure Risks

The increasing use of artificial intelligence (AI) transcription and note-taking services in virtual meetings allows participants to focus on discussions without the distraction of taking notes. 

But this convenience comes with novel litigation and disclosure risks that businesses must assess and manage as they roll out these tools.

AI Transcription in Remote Conferencing

Popular remote conferencing and collaboration platforms offer real-time voice-to-text transcriptions and summarized notes created by generative AI applications. The settings and options for how participants are notified of the use of these tools can vary. Businesses should consider the implications of automatically generated written records of videoconferences for their records retention and disclosure policies and in litigation.

Records Retention and Disclosure

AI transcription records may increase a business’s logistical burdens in several ways, including:

• Mandatory disclosure. Businesses that are subject to legal requirements to make disclosures regarding information known to them, such as public companies that make U.S. Securities and Exchange Commission filings, may need to know what information is in stored transcriptions of video conferences. Businesses may need to incorporate review of stored transcriptions into their existing disclosure compliance workflows, but existing off-the-shelf tools may have limited features to support this workflow.
• Litigation hold obligations and data storage costs. If transcripts exist that are within the scope of a litigation hold, they will need to be retained for the life of the hold. This may become expensive.
• Inadvertent disclosure by third parties. Both the conference service providers and the transcription service may store AI transcription records, and each participant in the video conference also may have a copy. This storage, in turn, may be on-premises with the service provider or, potentially, with a third-party storage provider. Storage of transcriptions by these third parties increases the risks of inadvertent disclosures to others.
• Potential use of conference data for AI training. AI services regularly train their models with users’ data. Conference data would be a valuable source of training data—and it is easily accessible to the providers. Businesses should assess their agreements with conferencing providers to determine whether their data may be used for training and, if so, consider whether that use is consistent with any confidentiality obligations the business has for the contents of the conference.
• Risk of attorney-client privilege waiver. Attorney-client privilege can be waived if confidential information is shared with a third party. Since AI transcription services may store transcripts, privilege could be inadvertently waived if a third party outside the circle of privilege has access to that data storage or if the transcripts are further shared. Thus, particular care would need to be taken before using AI transcription services for any conferences potentially subject to attorney-client privilege.

Litigation Risks

AI transcription services create a written record that can be saved by any attendee. In these written records, it is possible that AI may misinterpret or misattribute words, especially in complex or overlapping conversations. This risk increases the more meeting participants there are and the more they interrupt or speak over each other. Inaccuracies may only be discovered later, if or when the transcript is implicated in litigation. By then, it is too late to correct the document, and it may be difficult to obtain compelling human testimony of what was discussed in the conference. In addition to these accuracy considerations, an additional set of issues may arise if one participant enables the transcription service in a way that other participants are not aware of.

Steps To Minimize Risk

Implementing internal policies regarding AI transcription services can be an important way to mitigate risks and ensure compliance with legal and privacy standards. Here are some options for businesses to consider:

1. Develop Clear Protocols

Define usage guidelines. Consider setting clear guidelines on when and how AI transcription services can be used. For example, guidelines may specify which meetings or types of discussions are appropriate for transcription.

Consent requirements. Requiring explicit consent from all meeting participants before enabling transcription services may serve as a risk mitigator. This can be done through verbal consent at the beginning of the meeting or through written consent before the meeting, for example, as part of a broader acceptable-use policy for technology (if all meeting participants are from the same business).

2. Employee Training and Awareness

Training programs. Consider developing and conducting regular training sessions to educate employees about the risks and proper use of AI transcription services. These training sessions might, for example, teach employees the importance of obtaining consent and the potential legal implications of recorded transcriptions.

Awareness campaigns. Broader awareness campaigns to remind employees to treat all virtual meetings as if they are being recorded and encourage professional communication during meetings may help minimize litigation risk. Humor and attempts at humor often fall flat in a transcript.

3. Data Management and Security

Data retention policies. Businesses may consider defining policies for the retention and deletion of transcription records. For example, these policies might define how long transcriptions should be stored and the process for securely deleting them when they are no longer needed.

Access controls. Imposing access controls to ensure that only authorized personnel can access transcription records can be a useful compliance measure and risk mitigator. These access controls might involve encryption and other security measures to protect stored data.

4. Confidentiality and Privacy

Confidentiality agreements. Consider assessing the business’s incoming and outgoing confidentiality agreements to include provisions related to AI transcription services. In this context, it may be valuable to remind employees that they may have obligations to protect third parties’ sensitive information discussed during transcribed meetings.

Privacy impact assessments. Businesses might benefit from implementing privacy impact assessments to identify and mitigate potential privacy risks associated with the use of AI transcription services.

5. Communication and Documentation

Policy documentation. Internal policies related to AI transcription services should be readily accessible to employees and written in clear, understandable language.

Regular updates. Policies should be subject to regular review and updates. Technology in this space is developing rapidly, and the law may change quickly. It is advisable to communicate any changes to employees promptly.