Preserving Generative AI Prompts and Outputs: Legal Risks, Discovery, and Best Practices for Information Governance

Preserving Generative AI Prompts and Outputs: What Legal Professionals Need to Know

Generative artificial intelligence (GAI) tools create text and media based on their training data, raising legal issues around data privacy, security, and privilege. In litigation, GAI prompts and outputs may be unique information that requires preservation. Legal teams must consider how to preserve this data and whether to update standard electronic stored information (ESI) agreements accordingly.

Organizations also need clear information governance policies and training to manage GAI use. This includes deciding if GAI-generated prompts and outputs qualify as corporate records and updating retention policies as needed. Having specialized counsel familiar with GAI discovery and governance is essential to ensure proper data retention.

Generative AI Produces Unique Records

Each GAI tool functions differently depending on its setup and data storage methods. Legal professionals must identify the types of data produced and where it’s stored. Because these tools evolve quickly and vary widely, it’s critical to understand a particular tool’s operation and data retention mechanisms.

For example, a GAI application summarizing meetings might first generate a transcript before creating a summary. Where these documents reside—whether in the organizer’s cloud storage, a corporate network, or participant devices—affects preservation obligations. Retention periods will depend on technical setup and organizational policies.

Legal Cases Are Beginning to Address AI-Generated Evidence

Courts are starting to grapple with the treatment of AI-generated materials. In the 2024 Tremblay v. OpenAI case, authors sued OpenAI over alleged copyright infringement involving ChatGPT training data. OpenAI requested discovery of plaintiffs’ ChatGPT account info and prompts used in pre-suit testing, including “negative” outputs that didn’t reproduce plaintiffs’ work.

The magistrate judge initially ordered production of this data, ruling that the plaintiffs waived work product protections by disclosing related facts in their complaint. However, the district judge later reversed this, recognizing the prompts as counsel’s mental impressions and strategies. The court denied production of negative test results but required production of prompts and account settings tied to examples in the complaint.

This case highlights the importance of maintaining a consistent, reproducible workflow and preserving relevant AI-generated data. Consulting expert counsel on preservation and governance before issues arise is the best practice.

Best Practices for Defensible Preservation and Governance

GAI-generated documents and data may be relevant in disputes if tied to claims or defenses and proportional to case needs. Legal and governance professionals should be ready to address these issues when clients use GAI tools. Consider these key practices:

Early Engagement

Include legal and information governance teams early when deploying GAI tools. Waiting until after adoption can create challenges in preserving relevant data or protecting privilege and confidentiality. Governance experts can advise on retention and disposition best practices for GAI-generated content.

Understand Data Creation and Storage

Legal and governance stakeholders should participate in tool selection and testing to determine where prompts and outputs are stored. Preservation depends on knowing the storage locations and how to retrieve data for discovery. This investigation is even more critical for GAI tools due to their fast evolution.

Update Retention and Legal Hold Policies

Organizations may need to revise retention policies to cover GAI-generated records based on business needs and legal requirements. Legal hold procedures should explicitly address AI-created data, ensuring employees understand preservation obligations. Effective policies require compliance monitoring and enforcement.

User Training

GAI outputs depend heavily on user input and behavior. Training should cover both capabilities and risks, emphasizing that AI can produce inaccurate or fabricated content (“hallucinations”). Such data poses risks if preserved and relied upon in litigation. All AI-generated content should be reviewed and verified before preservation.

Training programs should be regularly updated as new tools emerge, and usage should be monitored to prevent problematic data creation.

Conclusion

Integrating GAI into legal practice and corporate environments requires careful assessment of risks alongside benefits. From updating ESI protocols to implementing governance policies, managing GAI data demands a thoughtful approach. These tools offer significant potential but must be used with attention to preserving relevant records for discovery and compliance.

For legal professionals seeking to build expertise in AI and information governance, exploring targeted training can be invaluable. Resources such as Complete AI Training’s latest AI courses provide practical insights into managing AI tools in professional settings.