Tag: work product privilege

Categories
Blog

When Your AI Chat Becomes Exhibit A: What United States v. Heppner Means for Compliance Professionals

There are court rulings that quietly shape doctrine, and others that detonate assumptions. The recent decision of Judge Jed Rakoff from the Southern District of New York in United States v. Heppner falls into the latter category. In a February 10, 2026, ruling,  the Court made clear that the attorney-client privilege or the work-product doctrine did not protect materials generated through a third-party generative AI platform. In plain English, what a defendant typed into a public AI system was discoverable.

For compliance professionals, this is not a narrow litigation footnote. It is a flashing red warning light. The era of casual AI experimentation inside corporations is over. Governance now must catch up with adoption. Today, we will consider the Court’s ruling and why it matters to a Chief Compliance Officer.

The Court’s Core Holding

The defendant in Heppner had used a third-party generative AI tool to draft and refine materials that were later shared with counsel. When prosecutors sought production, the defense argued that these materials were protected by privilege and work-product protections. The court disagreed.

The reasoning was straightforward and, frankly, predictable:

  • The AI tool was not an attorney.
  • The terms of service did not guarantee confidentiality and allowed retention or potential disclosure of inputs.
  • The materials were not prepared at the direction of counsel for the purpose of obtaining legal advice.
  • Simply sending AI-generated drafts to counsel after the fact did not, by itself, retroactively cloak them in privilege.

This is a fundamental point: privilege attaches to communications made in confidence for the purpose of seeking legal advice. When an employee enters sensitive facts into a third-party AI platform that disclaims confidentiality, that “confidence” is at best questionable. When those drafts are created independently of counsel’s direction, work-product arguments grow thin. The court did not create a new doctrine. It applied existing principles to new technology. That is precisely why this ruling is so important.

The Illusion of Confidentiality

Many business users treat AI platforms like a digital notebook. They assume that because the interaction occurs on a screen and feels private, it is private. That assumption is dangerous. Public and consumer AI platforms often reserve the right to store, analyze, or use inputs for service improvement. Even when vendors promise limited retention, those commitments may not meet the strict confidentiality standards necessary to preserve privilege. From a legal perspective, once you introduce a third party without adequate confidentiality protections, you risk waiving your rights.

The compliance lesson is blunt: generative AI is not your lawyer, and it is not your secure internal memo system. This is where governance intersects with culture. If employees are entering investigative summaries, draft responses to regulators, internal audit findings, or potential misconduct narratives into public AI tools, you are manufacturing discoverable evidence. That is not a hypothetical risk. That is now a litigated reality.

Why This Is a Board-Level Issue

The Department of Justice has made clear through the Evaluation of Corporate Compliance Programs (ECCP) that companies must identify and manage emerging risks. Artificial intelligence is no longer emerging. It is embedded in operations, marketing, finance, and legal workflows. The Heppner ruling converts AI usage from a technology convenience into a legal risk category. Boards of Directors should be asking:

  • Do we have an inventory of AI tools used across the enterprise?
  • Are employees permitted to input confidential, regulated, or legally sensitive information into third-party platforms?
  • Have we reviewed the vendor’s terms of service regarding confidentiality, retention, and data ownership?
  • Are legal and compliance functions involved in approving AI deployments?

If the answer to any of these questions is uncertain, there is a governance gap. AI governance is no longer solely about bias, explainability, or regulatory compliance. It is also about preserving privilege, managing litigation risk, and managing evidence.

Privilege cannot Be Recreated After the fact.

One of the most significant aspects of the ruling is the rejection of “retroactive privilege.” Sending AI-generated content to counsel after it is created does not transform it into protected communication. This matters for compliance investigations. Consider the following scenario:

An internal report of potential misconduct surfaces. An employee uses a public AI tool to summarize the facts and generate possible legal arguments before reaching out to in-house counsel. That summary now exists outside any protected legal channel. The vendor may retain it. It may be discoverable.

By the time counsel becomes involved, the privilege damage may already be done. The message for compliance teams is clear: legal engagement must precede, or at least direct, sensitive analysis, not follow it.

Work Product Is Not a Safety Net

Some may argue that AI-assisted drafting in anticipation of litigation should fall under the work-product doctrine. The court in Heppner was not persuaded. Work-product protection generally applies to materials prepared by or for an attorney in anticipation of litigation. When individuals independently generate content using AI tools without counsel’s direction, that protection is far from guaranteed. Compliance professionals should not assume that labeling a document “prepared in anticipation of litigation” will insulate AI-generated material. Courts will look at substance over form.

Practical Steps for Compliance Leaders

This ruling demands operational response from every CCO. Here are some steps every compliance program should consider.

1. Treat Third-Party AI as Non-Confidential by Default

Unless you have a contractual, enterprise-level arrangement with robust confidentiality provisions and clear data controls, assume that information entered into a third-party AI platform is not protected. This default posture should be reflected in policy language.

2. Update Acceptable Use Policies

Your code of conduct and IT policies should explicitly address the use of generative AI. Prohibit the entry of:

  • Privileged communications.
  • Investigation details.
  • Personally identifiable information.
  • Trade secrets.
  • Sensitive regulatory communications.

Policy must move from general warnings to specific examples.

3. Involve Legal in AI Governance

AI procurement should not be a purely IT function. Legal and compliance must review vendor terms, especially around:

  • Data retention.
  • Subprocessor use.
  • Confidentiality obligations.
  • Audit rights.
  • Breach notification.

If you cannot articulate how your AI vendor protects inputs, you cannot defend privilege claims.

4. Implement Training That Reflects Real Risk

Annual compliance training should now include explicit guidance on AI usage. Employees should understand that entering confidential information into public AI tools can waive privilege and render it discoverable. Training should include practical scenarios. The objective is behavioral change, not abstract awareness.

5. Establish Secure AI Environments for Legal Work

If your organization intends to use AI in legal or investigative contexts, consider enterprise solutions that:

  • Operate within your controlled environment.
  • Restrict data sharing.
  • Provide contractual confidentiality.
  • Maintain clear audit logs.

Even then, legal oversight is essential. Secure does not automatically mean privileged.h

6. Align with Litigation Hold Procedures

AI interaction logs may constitute discoverable material. Ensure that your litigation hold processes account for AI-generated content. If your organization logs prompts and outputs, those logs may fall within the scope of preservation obligations. Ignoring this dimension creates spoliation risk.

The Cultural Dimension

Technology adoption inside companies often outruns governance. Employees experiment. Business units optimize. Productivity improves. Compliance arrives later. That sequencing is no longer sustainable. The Heppner ruling should catalyze a shift from reactive to proactive governance. AI usage must be mapped, risk-ranked, and monitored, just as third-party intermediaries, high-risk markets, and financial controls are. If your risk assessment does not explicitly include generative AI, it is incomplete.

Connecting to the DOJ’s Expectations

The DOJ has repeatedly emphasized dynamic risk assessment. Artificial intelligence now clearly falls within the scope of corporate compliance evaluation. Prosecutors will not be sympathetic to arguments that “everyone was using it” or that policies were silent. They will ask:

  • Did the company identify AI as a risk area?
  • Did it implement controls?
  • Did it train employees?
  • Did it monitor usage?
  • Did it respond to incidents?

The answers to those questions will influence charging decisions, resolutions, and penalty calculations.

A Final Word: Convenience Versus Control

Generative AI is transformative. It enhances drafting, analysis, and research. It can elevate compliance operations if deployed thoughtfully. However, convenience without control is exposure. The lesson of United States v. Heppner is not that AI should be avoided. It is that AI must be governed with the same rigor as any other high-impact enterprise tool.

Privilege is fragile. Once waived, it cannot be restored. In a world where a chat prompt can become an exhibit, compliance professionals must lead the charge in redefining responsible AI use. If you are a chief compliance officer, this is your moment. Update your policies. Engage your board. Coordinate with legal and IT. Embed AI governance into your compliance framework. Because the next time an AI conversation surfaces in discovery, you do not want to explain why your program treated it like a harmless experiment.

Categories
All Things Investigations

All Things Investigations Episode 1: Coburn and the Attorney/Client Privilege


Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast All Things Investigations. In this podcast host Tom Fox and members of the Hughes Hubbard Anti-Corruption & Internal Investigations practice group will highlight some of the key legal issues involved in white collar and other investigations, both domestically and internationally. In this first episode, I visit with Mike Huneke on discovery dispute in the US v. Coburn criminal action.

Mike Huneke is a Hughes Hubbard & Reed partner who has spent his career in both Washington, DC and Paris, France. For his entire 17-year career Mike has been practicing in the anti-corruption space, on everything from investigations and government resolutions, acting as “buffer counsel” to companies subject to compliance monitors, third party and M&A due diligence, and proactive risk assessments and second-level compliance reviews. Most recently, Mike and his Hughes Hubbard colleagues were recognized for their role on the Airbus case by Global Investigations Review.
Key areas we discuss on this podcast are:

  • Individual defendants are wildcards in matters involving privilege claims in FCPA investigations.
  • The dangers of the over-assertion of privilege to the DOJ and to the Courts.
  • The false comfort of “oral” disclosures.
  • The “personal jurisdiction” discussion by the Court.
  • Beware civil discovery in criminal cases.

Resources
Hughes Hubbard & Reed website
Mike Huneke bio
Anti-Corruption and Internal Investigations Practice Group
US v. Coburn, Judge McNulty decision

Categories
Blog

Day 15 of One Month to Better Investigations and Reporting-the Parameters of Privileges

In the Evolving Attorney-Client Privilege: Business Entities”, David E. Keltner wrote that under US federal law, the attorney/client applies when the following are present:

  1. A client is seeking legal advice or a lawyer’s services;
  2. The person to whom the communication is made is a lawyer or his or her representative;
  3. The communication relates to a fact disclosed from a client (a representative) to a lawyer (a representative);
  4. Strangers are not present;
  5. A client requires confidentiality.

The significance of meeting each of these five prongs is critical. If they are met, “Absent privilege, once the attorney-client privilege is properly invoked – the privilege is absolute.” However, the failure to meet Prong 1 doomed former co-CEO Sigelman’s efforts, as he was not seeking legal advice. Former GC Weisman flew to Sigelman’s home to confront him over the fact that the FBI had come to his house asking questions about the payments made in Columbia. Finally, it is important to note that the attorney/client privilege belongs to the corporation and not to any one individual. The attorney/client privilege can be waived. While there is a general recognition that “only an authorized agent of a corporation may waive the privilege of the corporation,” Keltner advises that the “most frequently encountered instances of losing the privilege through selective disclosure” are in responding to a government investigation, supplying information to a government agency; information disclosed in certain Securities and Exchange Commission (SEC) filings or other required financial disclosures; in certain circumstances disclosures to external corporate auditors or accounting responses; any disclosure made to a third party not affiliated with a lawyer; and insurance disclosures. How should we apply the above to the situation faced by former co-CEO Sigelman? Was he meeting with his lawyer or seeking legal advice? As reported by Joel Schectman in the Wall Street Journal (WSJ), in an article entitled “Secret Informant Recordings to be Allowed in PetroTiger Case,” the trial court distinguished between having an attorney/client relationship from the attorney/client privilege. Schectman reported, “a judge in U.S. District Court in Camden said last week that having an attorney-client relationship isn’t enough to make all conversations privileged–a client needs to be actively seeking legal advice. “I cannot find a shred of indication that Weisman is there to give legal advice to Sigelman,” Judge Joseph Irenas said, “or the converse, that Sigelman was seeking legal advice from Weisman.” Interestingly the trial court did not opine on the question of who the client was in this situation. My experience is that most CEO-types think of a GC as their lawyer. That view is also misplaced as a GC works for a company, and the client is the corporation. While he did not have to reach the question of who the client was in the Sigelman/Weisman meeting, the trial court might have allowed the current corporate owners of PetroTiger to waive any privilege asserted by a former co-CEO. Schectman quoted G. Derek Andreson, a lawyer specializing in the Foreign Corrupt Practices Act, that “Attorney-client privilege is often misinterpreted as broader than it is.” Did the FBI take advantage of some special relationship between Sigelman and Weisman? As reported in the article, in his brief attempt to suppress the evidence, Sigelman’s counsel said, “Messrs. Sigelman and Weisman had a “long-standing attorney-client relationship, one that fostered candor and trust between them–as any good attorney-client relationship should. The government took advantage of this trust.” Such would seem to be the nature of wiring up cooperating witnesses; if they cannot engender trust with those they are speaking to and surreptitiously taping, it would seem they are of little use to authorities. For the attorney/client privilege to be of use to you, certain hard work must be done to establish the attorney/client privilege in the corporate context. The five prongs listed by Keltner must be fulfilled for the privilege to apply. Simply chatting with your lawyer or company’s lawyer will not invoke the privilege or protect you. In addition to the attorney/client privilege, another privilege can come into play around internal investigations. It is the attorney/work product privilege. Keltner noted, “The attorney-client privilege and the attorney work-product doctrine are often asserted interchangeably. While there is some overlap between the two, the attorney-client privilege is significantly different from the attorney work-product doctrine.” Moreover, as “codified in Fed R.Civ. P. 26(b)(3), [the attorney/work product] provides a qualified protection to materials prepared by party’s counsel or other representatives in anticipation of litigation.” The doctrine exists “because it permits lawyers to “work with a certain degree of privacy, free from unnecessary intrusion by opposing parties . . .” The key is that it be prepared in anticipation of litigation. Unlike the attorney-client privilege, which belongs to a client, work-product immunity may be asserted by the lawyer or the client. While the attorney-client privilege is included in the Rules of Evidence, the work-product doctrine is included in the Rules of Civil Procedure in the series relating to discovery. This makes it problematic to assert in the context of a criminal investigation. For in-house lawyers in the UK or EU countries, however, there is no such work product privilege. Two recent examples highlighted this key difference between the US, UK, and EU legal systems. First was the raid by German prosecutors of Volkswagen’s outside counsel, Jones Day’s offices, for information surrounding the law firm’s investigation of the company’s emissions-testing scandal. The raid was based on a court-issued subpoena. The second is the recent judicial decision out of the UK involving Eurasian Natural Resources Corp. (ENRC). The UK’s highest court held that the company must produce to the UK’s Serious Fraud Office (SFO) documents the company claimed were privileged, including attorneys’ notes of employee interviews conducted during the company’s internal investigation. The SFO sought the documents as part of its criminal investigation into fraud, bribery, and corruption allegations. The court largely rejected ENRC’s claims of the work product privilege, holding that it does not apply when a document is not prepared for the sole or dominant purpose of conducting adversarial litigation. ENRC was required to produce the bulk of the contested documents because the investigation was a fact-finding exercise. 

Three Key Takeaways:

  1. Note the differences in the attorney/client and work product privileges.
  2. Both privileges can be waived intentionally or through negligent conduct.
  3. Take care of attorney work products outside the US, where there may be no privilege.

Remember who can assert privileges in an investigation and who can waive them.