Privilege Use Boundary Enforcement Agent for Perth Boutique Firms: Stop Privilege Bleed Across Matters Before It Happens

You run a six-lawyer practice in Perth. Two of your matters are on opposing sides of a contested expert evidence question heading to the Administrative Review Tribunal. A paralegal — trying to be helpful — pastes a chunk of one client’s brief into a general-purpose chatbot to draft a summary. The model retains nothing, you’ve been told. But the prompt history sits on a staff workstation, and the next person who opens that same tool sees the autocomplete. That’s privilege bleed, and by the time you notice, you’ve already got a disclosure problem you can’t unmake. The Privilege Use Boundary Enforcement Agent is built to stop the paste before it leaves the workstation.

The problem

Boutique firms run lean. The same lawyer who takes the call drafts the advice, briefs the expert, and prepares the Tribunal book. There is no dedicated information governance team standing between staff and the AI tools they reach for under deadline. Privilege bleed — confidential material from one matter surfacing in another, or material from your firm surfacing in a competitor’s prompt window — is a structural risk created by three things in combination: shared workstations, consumer-grade AI tools, and matters that touch overlapping subject matter or opposing parties.

The Administrative Review Tribunal’s practice directions for expert evidence set expectations for the independence and integrity of expert material put before the Tribunal. Material that has been processed through an unbounded AI tool — whose retention, training, and recall behaviour your firm cannot attest to — creates a question about whether the expert’s evidence is genuinely the expert’s, and whether instructions to that expert remain confidential. Australian Solicitors’ Conduct Rule 9 (confidentiality) and Rule 10 (conflicts concerning former clients) operate regardless of whether the leak was via email, a memory stick, or an LLM prompt window. The mechanism doesn’t change the obligation.

What the Privilege Use Boundary Enforcement Agent does

The Privilege Use Boundary Enforcement Agent runs on staff workstations and intercepts AI tool use that would cross a privilege boundary your firm has defined. It enforces three classes of rule: (1) content from Matter A cannot be sent to an AI tool while the workstation is also handling Matter B where B is recorded as adverse or related; (2) content tagged as privileged or as expert instructions cannot be sent to AI endpoints that are not on the firm’s allowed list; (3) prompt history, clipboard recall, and autocomplete state are scoped per-matter so that a switched context does not bleed into the next session. When a rule fires, the action is blocked, an audit entry is written, and the user is told what would have happened and why.

How it works

1. Matter boundary registration. Your firm registers matters with conflict and adverse-party metadata. The agent reads this as the source of truth for which combinations of content and destination are permitted.
2. Workstation-level interception. The agent sits between the staff member’s applications and external AI endpoints (browser-based chat tools, IDE plugins, document assistants), inspecting the outbound payload against the registered boundaries.
3. Block, log, explain. A boundary violation is blocked at the point of submission. The user receives a short explanation. An audit log entry is written with the matter ID, the destination, the rule that fired, and the time — without storing the offending content itself.
4. Allowed-list routing. Content that is permitted to leave (e.g. de-identified research questions to an approved endpoint) passes through normally. The agent is not a kill-switch on AI; it is a boundary on which AI, for which matter, from which workstation.
5. Weekly governance report. The principal receives a summary of attempts, blocks, and allowed-list usage suitable for the firm’s risk register and for evidencing supervision under ASCR Rule 37.

Why this matters in Perth

Perth’s legal market is small enough that the same boutique firms repeatedly appear on opposing sides of administrative, planning, and resources matters. Lateral hires and contractor paralegals move between firms on short timeframes. The combination — small market, mobile staff, AI tools that retain prompt context by default — makes privilege bleed a foreseeable risk rather than a freak event. For a boutique practice appearing in the ART on expert evidence questions, the cost of one disclosed prompt is not theoretical: it is a challenge to the independence of your expert, a conflict application, and a referral risk under the ASCR. The Privilege Use Boundary Enforcement Agent is designed to make the cheapest path the compliant path — staff don’t have to remember the rule, the workstation enforces it.

Sources

• Administrative Review Tribunal — Practice Directions and Other Guidance (including expert evidence direction): https://www.art.gov.au/help-and-resources/professionals-and-practitioners/practice-directions-and-other-guidance
• Law Council of Australia — Australian Solicitors’ Conduct Rules (Rules 9, 10, 37): https://lawcouncil.au/policy-agenda/regulation-of-the-profession-and-ethics/australian-solicitors-conduct-rules
• Office of the Australian Information Commissioner — Privacy guidance: https://www.oaic.gov.au/privacy
• RuleCheck by Exegesis (open-source verifier — companion tooling): https://github.com/andrefabre/rulecheck

Join the waitlist

The Privilege Use Boundary Enforcement Agent is in scoped build for boutique Australian firms. Perth practices running ART expert evidence work are a priority cohort because the threat model is concrete and the firm size makes workstation-level enforcement tractable. Join the waitlist and we’ll contact you as deployment slots open — your input will shape the boundary rule schema and the audit format we ship with.

Join the waitlist for the Privilege Use Boundary Enforcement Agent →