Why Employee NDAs and ChatGPT Don’t Always Mix

Written By Accord and Shield Legal

In the modern workplace, artificial intelligence tools like ChatGPT are revolutionizing productivity. Employees use them to draft emails, brainstorm product names, refine sales pitches, and even debug code. It’s fast, it’s convenient—and if you’re not careful, it’s a lawsuit waiting to happen.

While most companies have employees sign Non-Disclosure Agreements (NDAs) to safeguard proprietary information, few have updated their policies to address the emerging risks posed by AI platforms. The result? An invisible leak that could expose trade secrets, violate confidentiality clauses, and undermine years of competitive advantage.

Here’s what employers—and employees—need to understand before asking ChatGPT for help on the next “confidential” project.

1. NDAs Are Not an Off-Switch for Liability

Let’s be clear: an NDA is a contract. It creates a legal obligation for employees to protect confidential information. But it doesn’t magically prevent them from misusing that information—even unintentionally.

When an employee pastes proprietary financial data, source code, customer lists, or internal strategies into ChatGPT, they may believe it’s safe. After all, they’re just getting “help,” right?

But the minute that data leaves your secured network and hits an external AI platform, it’s potentially exposed—and the company’s legal protections start to unravel.

2. AI Models Learn From User Input—And That Can Be a Problem

While OpenAI and similar providers implement privacy safeguards, earlier models trained in part on public interactions. The long-term concern isn’t just what’s exposed today—it’s what may be retained or inadvertently surfaced tomorrow.

Even assuming the latest versions don’t retain specific chat inputs, employees rarely read the fine print. If they’re logged into third-party platforms, browser extensions, or unsecured networks, the data may still be captured, cached, or intercepted elsewhere.

In the eyes of the law, this could constitute a breach of the NDA—no matter how “innocent” the intent.

3. Confidentiality Breaches Can Cost More Than Just Embarrassment

Violations of NDAs can result in:

  • Lawsuits for breach of contract,

  • Injunctions or restraining orders,

  • Termination for cause,

  • Loss of intellectual property protections, or

  • Regulatory penalties (especially in sectors like healthcare or finance).

Even if no lawsuit is filed, the reputational and operational fallout of an inadvertent leak can be severe. Imagine a new product name accidentally surfaced months before launch. Or confidential M&A discussions “inspired” by an AI prompt that later gets leaked online.

4. Employers Need to Update Their Policies—Yesterday

If your NDA doesn’t reference AI use, it’s outdated.

Every company should:

  • Explicitly prohibit inputting confidential or proprietary data into external AI tools without written permission,

  • Train employees on what constitutes confidential data under their NDA,

  • Monitor usage of AI platforms on company devices,

  • Consider deploying internal or API-based AI tools with strict data controls, and

  • Update onboarding and compliance policies to include generative AI risks.

This isn’t about stifling innovation. It’s about channeling it responsibly.

5. Employees Must Understand: “Helpful Tool” Doesn’t Equal “Private Channel”

Employees often treat AI like a smarter Google. But unlike Google, the prompts you feed an AI can contain far more sensitive context. Typing “write an email apologizing to our biggest client for the $2.4M overcharge” is not the same as searching “how to apologize to a client.”

Even anonymized data can give away more than intended. Smart employees will treat AI prompts like public conversations—because in a technical sense, they very well might be.

Final Thoughts: Use the Tools, But Respect the Lines

ChatGPT and other AI tools aren’t going away. They’re powerful, adaptable, and, when used wisely, can give companies a real edge.

But power without guardrails is risk. And every NDA-signed employee using AI without clear guidance is a potential crack in the dam.

So, whether you’re the CEO, HR manager, or a curious staffer looking to work smarter: pause before you paste.

Because in the world of AI, the wrong prompt can turn into the wrong kind of headline. Contact us today to update your NDA!

Accord and Shield Legal
Next

Understanding the Current Status of Beneficial Ownership Information (BOI) Reporting Requirements