Our next compliance crisis is already here: The rules protecting client data weren’t built for AI

Somewhere in Canada right now, a real estate agent is uploading a client’s purchase agreement and other personal identification into an AI tool to save themselves 20 minutes. They probably have no idea they just exposed themselves to liability. Their broker may have no idea either.

That is not a scandal — yet. But it will be.

The compliance conversation in real estate has been slow to catch up to artificial intelligence, and even slower to ask the question that actually matters: what happens to client data when it passes through these tools, and who is responsible when it does? Most of the industry hype around AI is still about productivity — better listing copy, faster market analysis, streamlined social media. Those are legitimate use cases, but they are not the conversation we need to be having. The urgent one is about privacy.

What fiduciary duty actually requires

When a client signs a representation agreement in Canada, they are not hiring a service provider in the ordinary sense. They are entering a fiduciary relationship with their agent. That word — fiduciary — gets used far too loosely in this industry, so let’s be direct about what it means: the agent owes the client the highest standard of loyalty and care recognized in Canadian law.

Part of what flows from that is a duty to protect confidential information. A client’s financial situation, their motivations, their personal circumstances, their identity documents — all of it is disclosed to the agent within a relationship that carries a legal obligation of confidence. It does not belong to the agent, and it certainly does not belong to a technology platform operating under foreign terms of service.

When an agent uploads that information to a consumer AI tool to process a document or fill a trade record, they are transmitting confidential client data to a system that neither the agent nor the brokerage controls. Many consumer AI platforms reserve rights to submitted data and, in some cases, use it for model improvement subject to user settings and product tier. The trouble is that most mainstream consumer AI infrastructure was not originally designed with Canadian real estate compliance or privacy requirements in mind. Using these tools to process client records could arguably expose agents and brokerages to allegations that they failed to adequately protect confidential client information.

The AI companies have already told you not to do it

What makes this moment particularly hard to defend is that the platforms themselves have drawn distinctions around appropriate use.

Anthropic, the company behind Claude, publicly states that it “encourages our users not to use our products or services to process personal data.” Most agents may have never read that guidance — and more concerning still, some brokerages recommending these tools may not have read it either.

Some will argue that local or desktop-based tools solve this problem because the data never leaves the device, but that argument has limits. Many AI tools marketed as simple plug-and-play solutions still rely on cloud processing through third-party infrastructure, even when they appear to be integrated into local workflows. The exception would be a fully air-gapped, in-house server running a self-hosted model. That is not what most brokerages have, and it is almost certainly not what agents are using.

Others will point to a setting that prevents conversations from being used to train the model and assume that closes the gap. It does not. That setting controls one specific use of data after it has already reached the platform’s servers. It does not prevent transmission, it does not prevent storage, and it has no effect on the platform’s legal obligations. The data has already left the building before that setting does anything at all.

In February 2026, the U.S. District Court for the Southern District of New York, in United States v. Heppner, found that a defendant using a publicly available AI platform had no reasonable expectation of confidentiality for attorney-client privilege purposes, citing the platform’s terms of service and third-party disclosure structure. While U.S. case law does not bind Canadian courts, the reasoning is a warning sign for any profession handling confidential client information through consumer AI systems. A session containing a client’s agreement of purchase and sale or personal identification does not necessarily disappear because the agent closed the browser.

A wave of purpose-built tools is coming

Consumer AI platforms are one part of this discussion, but the more complicated issue is the suite of tools being developed on top of these platforms — built specifically for real estate agents and marketed, in some cases explicitly, as compliance-forward solutions.

These tools are arriving quickly. Some are being built and sold by agents or brokerages themselves, which concentrates liability in a way that, one can only assume, most have not yet thought through. When a brokerage develops or endorses a tool, deploys it to process client documents, and that tool later turns out to transmit data in ways inconsistent with the agent’s fiduciary obligations, the liability does not sit with the agent alone. The brokerage that built it, recommended it or profited from agents using it is also exposed.

This is not about any one specific product, but a pattern emerging in real time as more of these tools are released: the gap between what they claim and what they can actually demonstrate. Privacy-forward branding is easy to produce. A published data processing agreement, transparent terms of service, a clear explanation of where client data goes and for how long — those are harder to find. Agents and brokers worried about compliance should be demanding to see them before uploading a single document.

Where the law currently leaves us

Canada’s privacy legislation — PIPEDA, written in 2000 — is arguably ancient at this point. It addresses digital data in general terms but was obviously not designed with AI processing in mind, and it does not come close to covering what happens when personal information is transmitted to a large language model operating under foreign terms of service.

The legislation that would have modernized it has not passed. The Consumer Privacy Protection Act and the Artificial Intelligence and Data Act (AIDA) both died when Parliament was prorogued in January 2025. A federal election followed, and by June the responsible minister confirmed that AIDA would not return in its original form. There is no clear timeline for what comes next.

RECO has not yet published a comprehensive AI governance framework specific to client data handling, nor have major Canadian real estate associations released detailed industry-wide standards on the issue.

This is not a criticism of regulators — legislation takes time and the technology moves fast. But the absence of rules does not create an absence of liability. Fiduciary duty exists independent of any AI-specific regulation, and the obligation to protect client information does not get put on hold because the tools have become more capable. 

What brokerages should do right now

The answer to a regulatory vacuum is internal policy. Brokerages cannot wait for federal legislation or for provincial regulators to define the standard. By the time guidance arrives, the exposure will already exist in hundreds of client files.

It is also worth noting that by next month, or next year, everything described here could be obsolete. Platform terms change. Privacy settings get updated. Security postures shift. The companies behind these tools can strengthen their protections tomorrow — or weaken them — and an agent who uploaded a client’s purchase agreement last month had no say in either outcome. That is precisely why internal policy is not optional.

A brokerage AI policy does not need to be complex to be functional. It needs to answer a handful of questions: which tools or AI models are agents permitted to use in the course of representing clients? What categories of information are explicitly off-limits for input into any external AI system? How are agents trained on the policy?

These are the questions that determine where liability lands when something goes wrong. Brokerages that have worked through the answers are in a defensible position. The ones that haven’t are hoping none of their agents have crossed that line yet. That is not a compliance strategy, and luck always finds a way of running out.

Brokerages that build a clear AI policy today are doing what brokerages have always been responsible for: setting the standard before an incident forces the conversation. The window to act is open right now — but not for long.

The post Our next compliance crisis is already here: The rules protecting client data weren’t built for AI appeared first on REM.