AI notetakers are joining the meeting: How startups can protect sensitive info

This is a sponsored guest post by Ballard Spahr. Technical.ly is a free news resource thanks to financial supporters like Ballard Spahr, a Technical.ly Brand Builder client.

The rise of AI-powered notetaking services has introduced new considerations for startups, particularly in meetings involving the legal team. 

Typically, an AI notetaker — often an agent from a third-party provider — joins a video call, records the audio, transcribes it to text and distributes a transcript or AI summary to designated participants. While AI notetakers can save time, they introduce new risks for startups, especially concerning attorney-client privilege, data security and transcript accuracy.

Startups should approach these tools cautiously and consider the following points.

Waiver of attorney-client privilege

Attorney-client privilege is a legal right that protects some confidential communications between a client and their attorney. It is designed to encourage clients to fully disclose information to their lawyer without fear of it being used against them in court. 

Attorney-client privilege can be waived if confidential information is shared too broadly. While using an AI notetaker may not automatically waive privilege, it can increase the risk, particularly if transcripts are distributed widely. The use of a third-party notetaker is similar to a third-party email provider or third-party cloud storage provider. Third-party tools can be used if handled properly. 

It is important to limit access to transcripts or AI summaries of any call with the legal team because distribution to a larger audience increases the risk that attorney-client privilege will be waived.

Unauthorized access

Stories of companies getting hacked are in the news nearly every day. 

As with any vendor, a startup should consider the vendor’s ability to secure the startup’s data and, if possible, not provide any sensitive information at all. 

A startup might consider whether a meeting will include a highly sensitive topic or confidential information and in such meetings, limit how notes are taken and distributed. 

Unintended access

There is a separate risk that a person has authorized access to a meeting transcript or AI summary, but such access was not intended. 

For example, suppose there is an employment issue with a particular high-level employee, and only the CEO is on a call with the legal team. The CEO might use the opportunity to talk openly with the legal team about the employment issue, forgetting that the employee will receive the AI-generated meeting transcript after the call. 

In addition to considering whether a meeting will include a highly sensitive topic or confidential information (as noted above), a startup might also consider where meeting transcripts are stored, whether the storage location is password protected and who will have access to the transcripts and AI summaries.

Privacy policy

In connection with using any AI notetaker service, reviewing an AI provider’s privacy policy and terms of service is essential. 

Startups should confirm with legal counsel that data won’t be shared unexpectedly, such as being used to train other AI models or disclosed to third-party data collectors.

Document retention policy

In general, companies should have a document retention policy to ensure compliance with law and promote the proper handling of documents when they are no longer necessary. 

Startups should properly handle meeting transcripts and AI summaries when they are no longer necessary. Proper document retention also reduces the risk of unintentional access. Startups should discuss with their legal teams about setting up a properly scoped document retention policy and handle meeting transcripts and AI summaries accordingly.

Accuracy

AI transcriptions and summaries can sometimes contain errors. Reviewing and correcting these records shortly after each meeting can prevent misunderstandings later. 

It is a best practice to review meeting minutes, whether created by AI or human notetaker, to confirm the minutes accurately reflect the contents of the meeting. If meeting content ever becomes relevant to a dispute, transcripts or AI summaries are likely to be treated as official records. Discrepancies corrected early are more reliable than relying on memory months down the line.

As with any new technology, startups need to adapt their workflows to maximize the benefits while managing potential risks. Startups should discuss the risks with their legal teams and tailor their approach accordingly.

Kim’s Korner is a series of articles by Ballard Spahr’s emerging company and venture capital attorneys. The column is not legal advice. The substance of the column is derived from our experience working with founders and details many of the current critical issues facing startups.