The associate just wanted to summarize tax documents. Consumer ChatGPT retains for training.

Mid-March — the backlog. An advisory associate, two years into her career, was working through a backlog of small-business engagements. Each one involved reading three to five years of returns plus current-year working papers plus QuickBooks exports — and synthesizing a memo. She had heard about ChatGPT being able to summarize long documents. She opened a browser tab, signed into ChatGPT with her personal Gmail account (the firm's SSO did not cover consumer AI), and began uploading.

What she thought she was using. The firm had purchased ChatGPT Enterprise the previous fall for the partners. The associate had attended the rollout meeting. She remembered seeing the firm's logo on the sign-in screen. She did not realize her browser had defaulted to her personal account, not the firm tenant. The interface looked identical. The firm's IT-managed devices did not block consumer ChatGPT at the network or identity layer.

What ChatGPT's consumer tier does. Consumer ChatGPT — the Free, Plus, and Team tiers as they existed at the time — retains uploaded content and chat history for model improvement unless the user has explicitly turned off training in settings. The associate had never opened settings. Every document she uploaded over two weeks was added to a content pool eligible for future model training.

Two weeks of uploads. Approximately 47 client engagements. Several hundred individual tax returns spanning three years. QuickBooks exports including bank account numbers and EINs. Prior-year W-2 and 1099 detail. K-1s with high-net-worth distribution information. Approximately 3,800 individual taxpayer records implicated when later scoped.

Day 16 — the client call. A small-business owner client called to ask about her engagement memo. The associate had referenced specific details about her prior-year return that the client had not raised in their current-year meeting. The client's husband, who worked in tech, asked his wife to ask the question directly: was AI involved in preparing this memo, and if so, what AI. The client called the managing partner.

Hours 1 to 8 — the investigation. The managing partner asked the associate. She showed him her workflow. He saw the personal Gmail sign-in. He called the firm's outside counsel before he called anyone else.

Days 1 to 7 — scope determination. Through counsel, the firm requested a data-export from OpenAI under the consumer account's user data rights. The export confirmed two weeks of uploads. The retroactive opt-out from training was applied — but only forward-looking. OpenAI confirmed in writing that the prior uploads had been in the training-eligible pool for the full two weeks before opt-out.

Day 21 — IRS, state AG, and client notification. The firm filed notification with the IRS under tax preparer rules, with state attorneys general in the eight states where affected clients resided, and with every individual client. The notification named ChatGPT directly. The firm offered two years of credit monitoring and identity protection.

Days 21 to 90 — the exodus. The firm's A-tier clients — high-net-worth families and small-business owners with the most to lose — began moving. 31 percent of A-tier clients had transitioned to another firm by day 90. The remainder stayed but with explicit AI-use restrictions written into engagement letters. B-tier and C-tier retention was relatively unaffected.

First call — stop the bleeding, preserve evidence. We immediately block consumer ChatGPT, Claude, Gemini, and Perplexity at the firm's identity layer and at the network edge. We preserve the associate's browser history, the firm's SSO logs, and the OpenAI consumer account export through counsel. We do not delete the consumer account — that is evidence.

Days 1 to 5 — scope. We work with the associate to reconstruct every upload over the two-week window. We cross-reference against client engagement files to identify which clients were touched, what specific data was in each upload, and which states have notification obligations based on client residency. The scope output goes directly to breach counsel.

Week 2 — notification strategy. Tax preparer notification rules and state AG breach notification rules apply in different windows. We help the firm prioritize: IRS notification within seven days where required, state AG notification according to each state's timeline (some 30 days, some shorter), client notification as soon as the scope is firm enough to support honest disclosure. The notification names ChatGPT — naming the service is what regulators expect.

Weeks 3 to 8 — AI governance program rebuild. We deploy enterprise AI tiers with full audit logging, contractual no-training terms, and DLP for sensitive data classes (SSNs, EINs, account numbers). We rebuild the firm's AI use policy with specific named tools approved or blocked. Every employee signs the policy with attestation that they have completed associated training. We add a quarterly attestation cycle.

Months 2 to 9 — client retention. The managing partner spends months on the phone with A-tier clients. We provide the technical evidence package — what we have done, what the new controls are, what AI tools are now blocked, what is in writing with vendors. Most clients who stay want to see the policy and the enterprise contract terms. We help the firm produce those for client diligence.

Ongoing. Quarterly AI use attestation. Monthly review of AI traffic at the network edge. Annual AI use policy refresh. The firm's engagement letters now name AI use restrictions explicitly — the clients who stayed wrote it in themselves.