本文目前仅提供英文版本。
Can I Use ChatGPT With Client Data? The Honest Business Owner's Guide
Your team is using ChatGPT to draft client proposals, analyse contracts, and summarise meetings. The efficiency gains are real. So is the legal exposure. Here's what you are actually risking and what to do about it.
Key Takeaways
The free tier of ChatGPT stores and may use your conversations for model training. If your team is inputting client data into the free tier, that data may be used to train OpenAI's models — almost certainly not what your client agreed to.
ChatGPT Enterprise and API access have different data handling terms that can be configured to not train on your data — but these require a paid subscription and specific settings to be activated.
If client data is protected by a confidentiality agreement, using it in commercial AI tools without the client's knowledge likely breaches that agreement — regardless of whether OpenAI handles it appropriately.
Professional obligations — legal professional privilege, medical confidentiality, financial adviser duties, accountant-client privilege — apply regardless of what tool is used. AI tools do not create exceptions to these obligations.
The practical framework: categorise your data (public, internal, confidential, regulated), decide which categories can go into which AI tools, document this in a one-page AI acceptable use policy, and train your team.
"仅供参考。本文不构成法律、监管、财务或专业建议。如需具体指导,请咨询合格专家。"
What actually happens to data you put into ChatGPT
OpenAI's data handling varies significantly depending on which ChatGPT product you use. The free consumer tier (ChatGPT.com) trains on conversations by default — you can opt out in settings, but most business users are not aware of this and have not done so. The ChatGPT Plus paid tier also trains on conversations by default with an opt-out. ChatGPT Team, ChatGPT Enterprise, and API access with the appropriate settings can be configured to not train on your data — but this requires deliberate setup and a paid account.
The practical implication: if your employees are using the free tier or a personal Plus subscription to process client data, that data is likely being sent to OpenAI and may be used for training. This is a data breach in the privacy law sense — you have disclosed personal information about your clients to a third party without their consent and without a proper legal basis.
The confidentiality breach risk
Most professional service firms — law firms, accounting firms, consulting firms, financial advisers — have confidentiality obligations to clients that are broader than privacy law. Confidentiality agreements typically prohibit disclosure of client information to any third party without the client's consent. Inputting client information into a commercial AI tool operated by a third party (OpenAI, Google, Anthropic, or any other provider) is disclosure to a third party for the purpose of these agreements. Unless your client agreement specifically permits this — and almost none do, because most were drafted before this was a relevant consideration — you are likely breaching your confidentiality obligation every time an employee inputs client information into a commercial AI tool.
Building a practical data classification framework
The solution is not to ban AI tools — the efficiency gains are too significant and the practice is too widespread to be effectively banned. The solution is a data classification framework that tells employees what data they can and cannot put into which AI tools. Public data (information that is already public knowledge, your own published content, publicly available research) can generally go into commercial AI tools. Internal data (internal processes, non-confidential business information) can go into approved enterprise AI tools with appropriate settings. Confidential client data requires either approved enterprise tools with verified data handling settings or internal AI infrastructure. Regulated data (health information, financial data subject to specific rules) requires the highest level of protection and should only go into specifically approved tools.