In February 2026, a federal court in New York made a ruling that should have sent a chill through every professional services office in America. In United States v. Heppner, the Southern District of New York ruled that conversations held with publicly available AI platforms — including ChatGPT — carry no expectation of privacy and are not protected by attorney-client privilege or work product doctrine.

The defendant, Bradley Heppner, had used ChatGPT to draft approximately 31 documents outlining his defense strategy, his anticipated legal arguments, and his own analysis of criminal exposure. The court found those documents were discoverable by prosecutors. His AI “advisor” wasn't bound by any duty of confidentiality. His entire strategy was laid bare.

For CPAs, financial advisors, attorneys, and consultants who routinely feed client documents, tax returns, financial statements, and confidential business information into public AI platforms, this ruling is a clarifying moment. The architecture of consumer AI tools makes privacy impossible — not just unlikely.

What Actually Happens to Your Data When You Use ChatGPT

When you paste a client's tax return into ChatGPT, you are not whispering to a private advisor. You are submitting that information to OpenAI's servers, where it is transmitted over the internet, processed by OpenAI's systems, potentially stored as part of training data, and subject to OpenAI's privacy policy — which reserves the right to share data with affiliates and when required by law.

OpenAI distinguishes between consumer and business accounts. If you use the free consumer tier or a basic paid subscription, your inputs are treated as training data by default. Business accounts (ChatGPT Team, Enterprise, API) come with data-sharing opt-outs. But most professionals using AI tools for quick lookups are not using enterprise accounts with iron-clad data protection contracts.

60%
of employees use free AI platforms rather than corporate-approved tools1
78%
of professionals using AI bring their own tools (BYOAI) to work1
46%
of US workers admit uploading sensitive company information to public AI platforms2

This means the majority of professional services employees using AI are doing so with consumer-grade products that carry none of the data protection guarantees required for client work. And they're doing it without organizational policies in place: according to Pew Research, only 26% of workers say their organization has a policy related to generative AI use.3

The Court Has Ruled — And the Ruling Stings

United States v. Heppner (S.D.N.Y., February 17, 2026) is the first major federal ruling on the intersection of public AI tools and legal privilege.

Heppner was indicted on securities fraud charges in October 2025. In preparing his defense, he used ChatGPT to draft approximately 31 documents detailing his legal strategy, anticipated prosecution arguments, and his analysis of his own criminal exposure. When prosecutors subpoenaed these documents, Heppner argued they were protected by attorney-client privilege and the work product doctrine.

The court disagreed. Its reasoning was simple: AI platforms are not bound by any duty of confidentiality. Their privacy policies explicitly state that user conversations may be used to train models, may be reviewed by employees, and may be disclosed to third parties including government agencies. By submitting his strategy to ChatGPT, Heppner had effectively disclosed it to a third party — waiving any privilege that might otherwise have applied.

Key ruling: The court found that “under the terms of AI platforms' privacy policies, users have no reasonable expectation of privacy in the contents of their conversations.” — Chapman and Cutler LLP analysis, February 20264

The implications are immediate. If a CPA inputs client tax return details into ChatGPT to prepare an advisory memo, those details have been disclosed to a third party. If a financial advisor inputs a client's portfolio information to generate analysis, that information is now outside the advisor's confidential control. If an attorney uses ChatGPT to draft a privileged client communication, that communication may no longer be privileged.

The Regulatory Framework Already Prohibited This

The Heppner ruling didn't create new obligations. It clarified that existing obligations have always applied. Professional standards across every client-facing field already prohibited sharing confidential client information with unauthorized third parties.

For Financial Advisors: SEC Reg S-P and FINRA

The SEC's amended Regulation S-P (effective December 3, 2025 for larger institutions; June 3, 2026 for smaller ones) requires investment firms to ensure that vendor contracts — including AI tools — include “confidentiality provisions sufficient to protect information uploaded to the AI tool from model training or unrelated processing.” When an employee uses consumer ChatGPT with client data, that data leaves the firm's controlled environment and may be used for model training, constituting a potential Reg S-P violation.5

FINRA Regulatory Notice 24-09 is equally explicit: securities laws and FINRA rules apply to AI tools just as they apply to any other technology. Rule 2210 communications standards apply whether generated by humans or AI, and existing supervision requirements apply to AI-generated content.6

For Attorneys: ABA Formal Opinion 512

ABA Formal Opinion 512 (July 2024) requires lawyers to obtain informed client consent before inputting confidential client information into generative AI tools with self-learning training capabilities. Lawyers must assess the likelihood of disclosure, the sensitivity of information, and the difficulty of implementing safeguards. Multiple states — including Arkansas — have adopted rules making failure to verify that AI tools don't retain or reuse confidential data a form of professional misconduct.7

For CPAs: AICPA SSTS and IRC §7216

AICPA's Statement on Standards for Tax Services (SSTS) and IRS Circular 230 both prohibit disclosing client privileged information to unauthorized parties. Using consumer ChatGPT with client tax data may constitute an unauthorized disclosure under these standards. IRC §7216 — the criminal statute governing unauthorized disclosure of tax return information — carries penalties up to $1,000 per violation and up to one year imprisonment.8

The Texas Society of CPAs wrote in its March-April 2025 issue: “Tax queries become incorporated in future updates to AI platforms. Cloud-based tools like ChatGPT may expose data to third-party access or insecure storage. Use only closed AI accessible only to practitioners and colleagues.”9

The Samsung Moment: When Enterprise Data Leaks

The warning shot was fired in March 2023, when Samsung engineers leaked semiconductor source code, internal meeting transcripts, and proprietary test data to ChatGPT in three separate incidents within 20 days. Samsung responded with a company-wide ban on all generative AI tools. By mid-2023, over 75% of Fortune 500 companies had implemented generative AI usage policies — many citing the Samsung incident explicitly.10

But the Samsung case was arguably less dangerous than what CPAs and financial advisors do routinely. Samsung leaked proprietary business data. CPAs and financial advisors handle information that is legally protected under confidentiality obligations, covered by professional privilege, subject to criminal penalties for unauthorized disclosure, and entrusted by clients who have a reasonable expectation of privacy.

The Samsung incident triggered an internal policy response. For professional services firms, the equivalent incident triggers client lawsuits, regulatory sanctions, and potential criminal exposure.

The Real Scale of Exposure

The data on how professionals currently use AI tools should concern every practice leader.

Professional AI adoption, 2026:
  • 79% of lawyers use AI in their practice — but only 10% of firms have policies guiding that use11
  • 63% of registered investment advisors now use AI tools — more than doubled since 202312
  • 52% of financial planning professionals are using generative AI, up from 41% in 202512
  • Only 25% of accounting firms have formal AI usage policies2

The cost of getting it wrong is severe. The average cost of a data breach in professional services is $5.08 million — significantly higher than the general business average. And 39% of law firm clients say they would consider leaving their firm after a data breach.11

More broadly: over 100,000 ChatGPT conversations became publicly accessible via Google search in July 2025, when OpenAI tested an experimental feature to make shared chats discoverable by search engines without adequate user notice. Archived versions remain accessible via the Wayback Machine. Some of those conversations almost certainly contained confidential professional information.13

In May 2025, a US federal magistrate judge ordered OpenAI to preserve all output log data that would otherwise be deleted — meaning every chat and uploaded file since June 2025 is now being retained as part of ongoing litigation.14 Every document you uploaded to ChatGPT this year is sitting in a preserve order.

What Safe AI for Professional Work Actually Looks Like

The answer is not to avoid AI entirely — firms that use it well will outperform those that don't. The answer is to use AI that is architecturally incapable of exposing your data. There are two ways to achieve this:

Enterprise contracts with strong data protections. ChatGPT Enterprise, ChatGPT Team, Claude for Enterprise, and similar products come with data retention guarantees and prohibitions on training on your inputs. These are meaningfully safer than consumer tools — but they still require data to leave your device and travel to a third party's server. You are trusting a contract, not an architecture. And contracts can be subpoenaed.

On-device AI. Applications that run the AI model entirely on your local hardware mean your data never leaves your computer. There are no servers to breach, no privacy policies to interpret, no vendor agreements to trust. The architecture makes data exposure impossible — not merely contractually prohibited. In the context of the Heppner ruling, there is nothing to subpoena.

For professionals handling the most sensitive information — client tax returns, financial plans, legal strategy — on-device AI provides a protection that no contractual guarantee can match: your data literally cannot reach anyone else, because it never travels beyond your own machine.

When regulators ask whether you implemented “reasonable safeguards” to protect client data, being able to say “the data never left the device” is the cleanest answer available.

“The architecture makes privacy inevitable, not just promised. We literally cannot see what you're working on because it never reaches us.”

— On the design philosophy behind fully on-device AI

Your Compliance Checklist for 2026

If you handle confidential client information, here is what you need to review before your next AI interaction:

  1. Audit your current AI usage. Which tools are employees using? Are they consumer accounts or enterprise accounts with data protection agreements?
  2. Draft an AI usage policy. You are in the 74% without one. The policy should specify which AI tools are approved for client work, require enterprise contracts with zero-retention clauses, and prohibit consumer AI for any privileged matter.
  3. Update engagement letters. AICPA guidance suggests clarifying in engagement letters that your professional responsibility extends only to advice you provide directly, not to AI-generated guidance the client may have obtained independently.
  4. Consider the Heppner rule for every query. Before submitting anything to a public AI tool: could this be used against your client, or against you, if it became discoverable?
  5. Evaluate on-device AI for sensitive workflows. For work involving privileged client information, the architectural guarantee of on-device AI eliminates the entire category of risk rather than mitigating it.

The legal and regulatory landscape around AI and client data is consolidating quickly. The Heppner ruling is the first, but it will not be the last. Firms that build sound AI governance practices now — grounded in the actual architecture of the tools they use — will be positioned to use AI competitively while their less prepared peers face client losses, regulatory fines, and liability exposure.

The technology is not the problem. The question is whether the tools you choose were designed for professionals who handle sensitive data, or for consumers who share their grocery lists.

Sources & Citations

  1. Qualtrics. “25 Statistics on How Businesses Use AI in 2025.” qualtrics.com
  2. Protecto. “AI Data Privacy Statistics & Trends 2025.” protecto.ai
  3. Pew Research Center. “About 1 in 5 US workers now use AI in their job.” October 2025. pewresearch.org
  4. Chapman and Cutler LLP. “Federal Court Rules That AI-Generated Documents Are Not Protected by Privilege.” February 2026. chapman.com
  5. DKBinnovative. “Secure AI for Investment Firms: SEC-Compliant 2026 Guide.” dkbinnovative.com
  6. FINRA. “Regulatory Notice 24-09.” finra.org
  7. American Bar Association. “ABA Issues First Ethics Guidance on AI Tools.” July 2024. americanbar.org
  8. LeanLaw. “AI Privacy Risks: Protecting Client Data in 2025.” leanlaw.co
  9. Texas Society of CPAs. “Assessing AI From a Tax Perspective.” March–April 2025. tx.cpa
  10. Bloomberg. “Samsung Bans Generative AI Use by Staff After ChatGPT Data Leak.” May 2023. bloomberg.com
  11. Integris. “Breaches and Bots: Law Firms Face a Trust Crisis with Clients.” November 2024. businesswire.com
  12. Charles Schwab. “Schwab Study Reveals RIA AI Adoption More Than Doubles.” 2026. pressroom.aboutschwab.com
  13. Ubergizmo. “Over 100,000 ChatGPT Conversations Exposed Via Google Search.” August 2025. ubergizmo.com
  14. Huntress. “What the OpenAI Court Order Means for Cybersecurity and Privacy.” May 2025. huntress.com
  15. Morgan Lewis. “Using AI in Tax Workflows? What Heppner Means for Tax Departments.” March 2026. morganlewis.com
  16. Ogletree Deakins. “The Intersection of AI and Attorney-Client Privilege — A Cautionary Tale.” ogletree.com