The growing catalogue of AI errors in Australian litigation has focused mostly on fabricated case citations in filed submissions. That is the visible problem. There is a less visible one building in the background, in the document review workflows of litigation teams running technology-assisted review at scale.
Where an AI error in a submission creates a conduct exposure, an AI error in discovery creates a different category of risk: the inadvertent disclosure of privileged documents, the satellite litigation that follows, and in some circumstances the question of whether privilege has been waived. The costs of resolving an inadvertent disclosure are significant even when the legal position ultimately favours the disclosing party.
Technology-assisted review ('TAR') is now standard practice in large-scale Australian litigation. Courts have consistently accepted TAR workflows as a legitimate approach to managing high-volume document review in complex commercial disputes. In matters with documents running into the hundreds of thousands, manual review is not a practical alternative. The question for litigation teams is not whether to use TAR, but how to build privilege protection into the process from the outset.
TAR models learn from a seed set: a sample of documents that human reviewers have coded as relevant or not, privileged or not. The model then applies those patterns across the full document population. The efficiency gain is legitimate, but so is the exposure: if the seed set is built without adequate privilege analysis, documents coded by staff without proper training or privilege determinations made too quickly, the model replicates those errors at scale.
The risk therefore exists at a systemic level. A seed set that consistently misclassifies a particular category of documents, say, communications with in-house counsel, will produce a review population that misclassifies that category across thousands of documents. Instead of just being one 'bad call', it is one bad call multiplied across the full production, and it is the kind of error that is very hard to detect until the other side raises it.
Under Australian common law, inadvertent disclosure does not automatically waive privilege, but the position is less protective than practitioners sometimes assume. The High Court confirmed in Expense Reduction Analysts Group Pty Ltd v Armstrong Strategic Management and Marketing Pty Ltd [2013] HCA 46 ('Expense Reduction') that courts have inherent jurisdiction to require return of inadvertently produced privileged documents. The Court held that it was sufficient to prove the parties intended to maintain their claims to privilege and that reviewers were carrying out their clients' instructions; from that, the fact of mistake could be inferred. The key was that Norton Rose Fulbright sent a letter promptly advising of the error before the receiving party had fully inspected the documents.
Under the Uniform Evidence Act regimes in New South Wales, Victoria, and federally, the relevant test is whether the disclosure was 'knowing and voluntary.' In FKP Constructions v Smith [2005] NSWSC 126, inclusion of privileged documents under time pressure was held not to satisfy that test. But where solicitors had adequate time for review and failed to identify privileged documents, courts have found that the producing party failed to show why the disclosure was not knowing and voluntary, and privilege was lost. The combination of scale, time pressure, and inadequate seed set construction that TAR workflows can produce sits uncomfortably in this analysis.
The practical point is that inadvertent production puts the disclosing party in a difficult and expensive position regardless of how the legal question resolves. Speed matters: in Expense Reduction, prompt action before full inspection occurred was what saved the privilege claim. A TAR workflow that has no mechanism for detecting inadvertent disclosure quickly is one where that window may already be closed by the time the problem surfaces.
The operational response is to treat privilege review as a core part of the TAR workflow architecture rather than a downstream check applied after relevance review is complete.
In practice, this means privilege-trained solicitors involved in seed set construction from the outset, not junior staff making relevance calls without the ability to assess privilege. The seed set needs to include a representative sample of document categories that are realistically likely to attract privilege claims. A model that has not been exposed to those categories during training will not handle them reliably at scale.
It also means running a privilege review pass in parallel with relevance review rather than sequentially. Many TAR workflows treat privilege as a second pass after relevant documents have been identified. That is better than a single-pass approach, but it leaves the non-relevant set unreviewed for privilege, and non-relevant documents that are also privileged still need to be withheld.
A defensible TAR process needs to be documented at each stage. Courts have emphasised that privilege claims require focused and specific evidence for each document; a TAR process that cannot show what accuracy rates were achieved, how the non-relevant set was sampled to check for errors, and who signed off on the decision to stop reviewing, is harder to defend than one that can. The evidentiary burden for a privilege claim rests on the party asserting it, and that burden is not discharged by process descriptions that are vague about what actually happened.
Separate from the workflow design question is a procurement question that is worth asking before documents are uploaded rather than after. Several AI-powered review platforms process documents on shared infrastructure or retain them under default settings that may allow training use. For legally privileged material, those terms bear directly on confidentiality obligations and potentially on the terms of the retainer.
Some vendors offer private cloud or on-premises deployment, and data handling terms can often be negotiated. The point is to understand what you are agreeing to before documents are in the system, not after a data handling question surfaces mid-dispute when the leverage to negotiate has gone.
Privilege risk in TAR is substantially more manageable at the design stage than at the problem stage. TAR workflows built with privilege analysis embedded from the start cost approximately the same as those built without it. The practical difference is in who decides to treat privilege as a core design constraint rather than a review pass applied at the end when the document volume is already in the system.
