Blog › Professional practice

Using AI in a Professional Practice Without Breaching Confidentiality

For a fiduciary, an accountant or a small law firm, AI is genuinely useful — until it touches a client matter. Then two duties collide with the tool: your obligation to give correct advice, and your obligation to keep client information confidential. Neither is optional, and neither is satisfied by a disclaimer. This is a working method for using AI on real matters while keeping both intact.

The two real risks

There are only two failure modes worth planning around, and they are different in kind.

The first is the confident-but-wrong answer. A general-purpose model will produce a fluent, well-structured reply to a tax, accounting or legal question that is simply incorrect — a repealed rule cited as current, a threshold that changed last year, a case that reads plausibly but does not exist. The danger is not that the answer is wrong; it is that it looks right. Fluency reads as authority, and a single model gives you no signal about where it is guessing. Nothing eliminates this risk — but cross-checking helps you catch it before it reaches a client.

The second is data exposure. The moment you paste a client's name, a contract, a set of figures or a scanned document into a tool, you have disclosed it to whoever operates that tool — and possibly to whoever it shares data with, and possibly to a training pipeline. For a regulated professional, that is not a productivity question. It is a breach of professional secrecy and of data-protection law — GDPR in the EU, the FADP in Switzerland — regardless of how good the answer was.

Handle these as two separate problems, because the fixes are different.

A simple method that takes about a minute

You do not need a policy binder. You need a habit applied to every question before you type it.

1. Classify the question. Is it general or client-identifying? "How is a foreign dividend generally treated for a Swiss-resident individual?" is general — it contains no client. "Should my client Dupont SA book this EUR 240,000 receivable in Q3?" is client-identifying. General questions carry no confidentiality risk and can go to AI as written. Client-identifying questions never go anywhere without step two.

2. Anonymise in about thirty seconds. You rarely need the client's real details for the model to reason well. Strip them:

The reframed question keeps everything the model needs to reason and removes everything that identifies your client. If a question genuinely cannot be answered without identifying details, that is a signal to keep it inside your practice, not to send it out.

3. Never use a free consumer account for client matters. Free and consumer tiers of general AI tools are the highest-risk channel: they commonly retain inputs and may use them to improve the product. A properly anonymised general question is fine anywhere; anything touching a client belongs only in a tool with contractual data protection behind it.

What to require of any AI vendor

Anonymisation reduces exposure; it does not replace due diligence on the tool itself. Before any AI vendor touches work connected to clients, require — in writing:

If a vendor cannot answer these plainly, that is your answer. Quorello ships with Private mode on by default for supported models: requests route only to Zero Data Retention endpoints that do not retain the prompt or train on it. Non-ZDR models are disabled while it is on, and Private-mode conversations are never saved to history. You can read the specifics on our security page and in Zero Data Retention, explained.

Cross-checking is the verification reflex

Even a correct, well-scoped question can get a wrong answer from any single model — and one model cannot tell you it is uncertain. This is where the professional's instinct to get a second opinion becomes a workflow.

Putting the same question to several models from independent providers and looking at where they agree, where they diverge, and how confident to be turns an invisible risk into a visible one. When independent providers converge, you have a stronger basis to proceed. When they diverge, you have found exactly the point that needs your own review, a source, or a call to a colleague — instead of discovering it after the advice has gone out. That disagreement signal is something a single-vendor tool structurally cannot give you.

None of this shifts responsibility. AI is a verification layer, not a decision-maker. The professional reads the reasoning, checks the authorities, and signs off — as always. What changes is that you catch more errors before they leave your office, and you keep client data out of places it should never go.

If your practice is weighing how to bring AI into client work safely, that is the workflow Quorello is built for: anonymise, cross-check independent providers, and keep the sign-off where it belongs — with you.

This article is general information, not legal, tax or professional advice.