In the modern workplace, AI tools like ChatGPT are transforming productivity — employees use them to draft emails, brainstorm names, refine pitches, and debug code. It’s fast and convenient. And if you’re not careful, it’s a lawsuit waiting to happen.
Most companies have employees sign Non-Disclosure Agreements (NDAs) to safeguard proprietary information, but few have updated their policies to address the risks posed by AI platforms. The result can be an invisible leak that exposes trade secrets, violates confidentiality clauses, and undermines years of competitive advantage. Here’s what employers and employees need to understand.
1. NDAs Are Not an Off-Switch for Liability
An NDA is a contract. It creates a legal obligation to protect confidential information — but it doesn’t prevent misuse, even unintentional misuse. When an employee pastes proprietary financial data, source code, customer lists, or internal strategy into ChatGPT believing it’s just “help,” that data leaves your secured network and hits an external platform, where your legal protections begin to unravel.
Have a question about your situation? A short conversation can save a costly mistake. We offer a free 15-minute consultation for businesses in Arizona, California, and Texas.
Book a Free Consultation →2. AI Models Learn From Input — And That Can Be a Problem
While providers implement privacy safeguards, earlier models trained in part on public interactions. The concern isn’t only what’s exposed today, but what may be retained or surfaced tomorrow. Even if the latest versions don’t retain inputs, employees rarely read the fine print — and if they’re on third-party platforms, browser extensions, or unsecured networks, data may still be captured, cached, or intercepted. In the eyes of the law, that could be an NDA breach regardless of intent.
3. Confidentiality Breaches Cost More Than Embarrassment
Violations of NDAs can result in:
- Lawsuits for breach of contract
- Injunctions or restraining orders
- Termination for cause
- Loss of intellectual property protections
- Regulatory penalties (especially in healthcare or finance)
Even without a lawsuit, the reputational and operational fallout of an inadvertent leak can be severe — a product name surfaced before launch, or confidential M&A discussions “inspired” by a prompt that later leaks.
4. Employers Need to Update Their Policies — Yesterday
If your NDA doesn’t reference AI use, it’s outdated. Every company should:
- Explicitly prohibit inputting confidential or proprietary data into external AI tools without written permission
- Train employees on what constitutes confidential data under their NDA
- Monitor AI platform usage on company devices
- Consider internal or API-based AI tools with strict data controls
- Update onboarding and compliance policies to include generative AI risks
This isn’t about stifling innovation — it’s about channeling it responsibly.
5. “Helpful Tool” Doesn’t Equal “Private Channel”
Employees often treat AI like a smarter Google, but the prompts you feed an AI can contain far more sensitive context. “Write an email apologizing to our biggest client for the $2.4M overcharge” is not the same as “how to apologize to a client.” Even anonymized data can reveal more than intended. Treat AI prompts like public conversations — because technically, they might be.
Use the Tools, But Respect the Lines
AI tools aren’t going away, and used wisely they give companies a real edge. But power without guardrails is risk — and every NDA-signed employee using AI without guidance is a potential crack in the dam. Whether you’re the CEO, an HR manager, or a curious staffer, pause before you paste. Contact us to update your NDA for the age of AI.
Have a question about your situation?
Get clear, business-first guidance from an attorney licensed in AZ, CA & TX.
Frequently Asked Questions
Can using ChatGPT breach an NDA?
Potentially yes. When an employee inputs confidential or proprietary information into an external AI tool, that data leaves your secured environment, which could constitute a breach of the NDA regardless of intent.
Should our NDA mention AI tools?
Yes. If your NDA doesn’t address AI, it’s outdated. Update it to explicitly prohibit inputting confidential data into external AI tools without permission, and train employees on what counts as confidential.
How can employers reduce AI confidentiality risk?
Prohibit confidential data in external AI tools without written permission, train employees, monitor AI use on company devices, consider internal/API-based tools with data controls, and update compliance policies.
This article is general information from Accord & Shield Legal, PLLC and is not legal advice. Reading it does not create an attorney-client relationship. For guidance on your specific situation, please consult a qualified attorney.
Frequently Asked Questions
Potentially yes. When an employee inputs confidential or proprietary information into an external AI tool, that data leaves your secured environment, which could constitute a breach of the NDA regardless of intent.
Yes. If your NDA doesn’t address AI, it’s outdated. Update it to explicitly prohibit inputting confidential data into external AI tools without permission, and train employees on what counts as confidential.
Prohibit confidential data in external AI tools without written permission, train employees, monitor AI use on company devices, consider internal/API-based tools with data controls, and update compliance policies.