Exercises /Confidentiality /Exercise 01

Anonymization Audit

Students receive a realistic client email containing sensitive employment-related facts and prepare it for possible use in a public-facing AI tool. The goal is not a perfect redaction, it is to experience how hard it is to remove identifying and sensitive information while preserving enough legal substance for the tool to be useful.

Pillar
Confidentiality
Time
30–45 min

Purpose

This exercise builds the habit of pausing before using AI with client-related facts.

Students are asked to sanitize a client email before entering it into a public AI tool such as a consumer-facing chatbot. The exercise forces students to confront the trade-off at the center of AI confidentiality work: the more they anonymize, the safer the prompt becomes; the more they remove, the less useful the AI response may be.

The activity also helps students see that confidentiality risk is not limited to names, addresses, and obvious identifiers. Emotional details, procedural details, workplace dynamics, timing, job roles, and combinations of facts can all create risk, even when no single detail seems identifying on its own.

Learning Goals

By the end of this exercise, students should be able to:

  1. Distinguish direct identifiers from sensitive facts and residual re-identification risks.
  2. Explain why public AI tools require a different confidentiality analysis than enterprise or institutionally approved tools.
  3. Recognize that anonymization is a judgment exercise, not a mechanical deletion task.
  4. Preserve enough legal substance for issue-spotting while reducing unnecessary client-data exposure.
  5. Identify when a detail is legally useful now, when it can wait until later, and when it should not be shared with a public tool at all.
  6. Connect client-data handling choices to professional responsibility duties, especially confidentiality, competence, supervision, and verification.

Materials

  • A realistic client email involving alleged workplace harassment, gender-based exclusion, complaints to management, resignation, and post-employment procedural developments, written from a former laboratory employee seeking legal advice after leaving her job.
  • The email includes many details that create confidentiality and re-identification concerns: the client's name and email address, city, employer, job title, dates of employment and resignation, procedural details, mental-health impacts, and specific workplace dynamics.
  • The email is intentionally difficult to sanitize. Some details are obvious removal candidates, names, locations, employer information, exact dates. Others are harder: emotional distress, gender dynamics, exclusion from meetings or projects, the EEOC timeline, and the resignation-then-discharge sequence may be legally relevant but also make the client or workplace easier to identify.
  • Slides or prompts explaining the tool context: the student wants to use an AI tool to help draft a response or analyze the legal issues, but the tool does not have proper data security agreements.
  • A later debrief slide or discussion guide summarizing common student choices and missed risks.

Setup

This exercise works best after students have already been introduced to the professional responsibility framework for AI use. In class, the activity followed discussion of competence, care, confidentiality, candor, supervisory duties, tool safety, and the difference between public-facing tools and tools with stronger data protection arrangements.

The key setup is that students are not simply redacting for privacy in the abstract. They are acting as lawyers who want to use AI for a client-related task but do not have a tool with appropriate data security agreements. That constraint matters, it makes the exercise about professional judgment, not just editing.

Run of Show

Total, approximately 30–45 minutes

  1. Frame the scenario~2 min Students are told they have received a sensitive client email and want to use an AI tool to help draft a response or analyze the legal issues. The tool available to them is a public-facing or consumer-style AI tool without proper data security agreements.
  2. Individual anonymization~10 min Students work individually to remove or replace information that could identify the client, identify other parties, reveal sensitive or traceable facts, or violate confidentiality if disclosed.
  3. Prompting constraintongoing Students must preserve enough context for the AI tool to provide useful issue-spotting or initial legal framing. They should not remove so much information that the legal problem becomes generic or useless.
  4. Initial reflection~3 min Students consider what they removed, what they kept, and what risks remain.
  5. Later debriefnext class In a later class, the instructor reviews common patterns in student responses, what students caught, what they missed, and how the exercise changes their understanding of public-tool use.

Student Instructions

You received a client email with sensitive information. You want to use an AI tool to help draft a response or analyze the legal issues, but the tool does not have proper data security agreements.

Your task is to sanitize the email so that it is safer to input into a public AI tool.

Remove or replace information that could:
  • Identify the client.
  • Identify the employer or other parties involved.
  • Reveal specific locations, dates, procedural details, or other unique facts.
  • Expose sensitive personal information unnecessarily.
  • Allow someone familiar with the situation to trace the facts back to a real person or workplace.
As you work, keep asking two questions:
  • What does the AI tool actually need in order to help with initial issue-spotting?
  • Could this fact, alone or in combination with other facts, be traced back to the client?
You have 10 minutes.

Instructor Notes

The most important part of the exercise is the debrief.

Students are usually good at spotting traditional identifiers. In the class version, students showed strong instincts around names, locations, employer names, job titles, procedural specifics, and exact dates. The more useful teaching moments came from what students often left behind.

One category was emotional and mental-health detail: anxiety, difficulty sleeping, embarrassment, humiliation, dread, isolation, and feeling emotionally overwhelmed. These details may not identify the client in the traditional PII sense, but they can still expose sensitive personal information, compromise client dignity, and shape how the AI tool frames the person or problem.

A second category was specific workplace dynamics: working in a largely male department, exclusion from lunches or breaks, being assigned less visible tasks, being spoken over in meetings, and being subject to dismissive jokes or belittling comments. These details may be legally relevant, but they can also create combinatorial re-identification risk when paired with timing, employer context, location, and procedural posture.

The debrief should emphasize purpose. At this stage, students are seeking the lay of the land: possible issues, questions, claims, and research directions. They do not need every specific fact at the first AI-assisted issue-spotting stage. More detailed facts can come later, with a secure tool, traditional research, or the lawyer's own analysis.

A useful decision framework
Must redact
Direct identifiers, specific locations, employer details, exact dates, unique job titles, procedural specifics that create a unique fingerprint, and other facts that could identify the client or matter.
Should redact or generalize
Emotional and mental-health details, highly specific workplace dynamics, unique factual combinations, and details that are not necessary for initial issue-spotting.
Can remain
General legal claims and theories, broad workplace behavior categories, jurisdictional information if needed for legal analysis, and analytical questions about the law.
The recurring question is: could this be traced back to my client?

Adaptation

Here are some suggestions on how to adapt this in other teaching contexts. The adaptations below have been limited to firm trainings and asynchronous suggestions, but there are other possible adaptations for workshops, seminars, and other contexts. Be creative!

Firm training / CLE
Pair the exercise with the organization's AI-use policy. Ask participants how the analysis changes depending on whether the tool is public, paid consumer, enterprise, legal-specific, or firm-managed.
Asynchronous
Replace the live debrief with a short written reflection asking what the AI did well, what still required verification, and what the participant would do next.
Provided materials
docx Anonymization Audit: Student Packet Download