Chapter 34 Exercises: Legal and Intellectual Property Considerations
Note
These exercises are for educational purposes only. They are designed to build legal literacy and risk awareness — not to provide legal advice. For specific legal questions about your situation, consult a qualified attorney.
Instructions
These exercises develop your ability to identify legal risk in AI use and apply the risk management framework from Chapter 34. Many exercises involve scenario analysis where you identify issues and describe appropriate responses. There are no trick questions — the goal is genuine legal literacy, not gotcha moments.
Part 1: Copyright Analysis
Exercise 1.1: Copyright Ownership Scenarios
For each scenario, describe: (a) whether the output is likely copyright-protected, (b) by whom, and (c) what the practical implications are.
a) You type a simple prompt ("write a haiku about spring") into an AI tool and publish the result in a small newsletter.
b) You spend two hours crafting a detailed, creative prompt describing a specific visual style, color palette, character design, and narrative for an AI image. The resulting image closely matches your creative vision. You use it commercially.
c) You provide a plot outline, character descriptions, and detailed chapter-by-chapter notes to an AI tool, which generates a 300-page novel draft you then revise extensively.
d) A colleague runs a simple business-description prompt through an AI tool and gets a logo design for the company. They register the business and use the logo on everything.
Exercise 1.2: Fair Use Assessment
Rate each AI input scenario as lower risk, moderate risk, or higher risk under fair use analysis, and explain the key factors:
a) Pasting a 200-word excerpt from a New York Times article to ask AI to summarize the key points for personal note-taking.
b) Pasting a full chapter from a current bestseller into an AI tool to "improve the writing."
c) Uploading a competitor's publicly released white paper to AI to ask: "What are the key weaknesses in this argument?"
d) Using an AI tool to ingest 1,000 news articles in order to generate a summary newsletter you sell as a subscription product.
e) Pasting five paragraphs from a public domain government report to ask AI to reformat them for your internal presentation.
Part 2: Workplace IP Issues
Exercise 2.1: Employment IP Agreement Review
Find your employment agreement (or a publicly available template employment IP agreement). Review it for:
a) What types of work product are assigned to your employer? b) Is there specific language about work created using company resources? c) Is there any language (or notable absence of language) about AI tools? d) What does the agreement say about work created outside work hours using non-company resources?
Based on your review: what AI use practices at work might implicate your IP agreement in ways you hadn't considered?
Exercise 2.2: Trade Secret Risk Assessment
For your professional role, identify five categories of information you regularly work with. For each:
a) Would this information qualify as a trade secret (commercially valuable, kept confidential, competitive advantage)? b) Have you or your colleagues ever entered this type of information into a consumer AI tool? c) What is the appropriate approach for each category?
Exercise 2.3: The Open Source Code Audit (for developers)
If you write code professionally:
a) Which AI code generation tools do you use? b) What IP indemnification commitments (if any) does each tool offer? c) For your current codebase: which portions were AI-generated? Are those portions documented? d) Is there any component that may be substantially derived from open source code that could create licensing complications?
If you don't write code professionally, substitute: for AI-generated content in your work, what documentation exists of which portions were AI-generated vs. human-authored?
Part 3: Data Privacy
Exercise 3.1: Privacy Law Applicability Assessment
For each scenario, identify which privacy law(s) are most likely applicable and why:
a) A US hospital in California uses an AI tool to draft discharge summaries, with the AI having access to patient records.
b) A London-based PR firm uses AI to draft press releases about its clients' products.
c) A Texas e-commerce company uses AI to personalize product recommendations for its California customers.
d) A US company uses AI to screen job applications submitted by European candidates.
e) A freelance HR consultant in New York uses AI to help draft performance improvement plans for employees of a client company.
Exercise 3.2: The HIPAA Bright Line
Describe the specific steps a healthcare organization should take before using any AI tool with Protected Health Information. Your description should include:
a) What questions to ask about a specific tool b) What contractual documentation is required c) What categories of PHI require the most careful analysis d) What to do if you discover PHI has been entered into a non-HIPAA-compliant tool
Exercise 3.3: Consumer vs. Enterprise Tool Decision
You are a consultant advising a mid-size financial services company on AI tool adoption. They want to use AI tools for: (a) internal strategic analysis using anonymized data, (b) client-facing documentation using client data, (c) HR analytics using employee data, (d) customer communication personalization.
For each use case: assess whether a consumer tier AI tool is appropriate, what questions need to be answered to evaluate enterprise tool options, and what additional steps are required before proceeding.
Part 4: Professional Liability
Exercise 4.1: Reasonable Professional Standard
For each professional context, describe what the reasonable professional standard looks like for AI-assisted work:
a) A lawyer using AI to research case law for a brief b) A financial advisor using AI to generate an investment analysis memo c) A structural engineer using AI to assist with load calculations d) A marketing consultant using AI to draft campaign strategy recommendations e) A software developer using AI-generated code in a patient management system
For each: what oversight, verification, and documentation would a reasonable professional apply to AI output before relying on it?
Exercise 4.2: Contract Review
Take an existing client contract you have (or use a publicly available professional services agreement template). Review it for:
a) Any provisions that address AI tool use b) Whether the confidentiality provisions would be violated by entering client information into a consumer AI tool c) Whether the professional standard provisions are compatible with your current AI use practices d) What language you might want to add in future contracts to address AI use clarity
Exercise 4.3: E&O Coverage Review
If you carry errors and omissions (professional liability) insurance:
a) Review your policy for any AI-related exclusions or requirements b) Contact your broker to ask whether AI tool use affects your coverage c) Document the response for your records
If you don't carry E&O: assess whether your professional activities would benefit from it and whether AI tool use creates exposure that should be insured.
Part 5: EU AI Act and Regulatory Landscape
Exercise 5.1: EU AI Act Risk Classification
Classify the following AI uses under the EU AI Act risk framework (prohibited / high risk / limited risk / minimal risk) and explain the key factors:
a) An AI chatbot on a retail website that answers questions about product returns b) An AI tool used to rank job applications at a company that hires EU residents c) An AI system that assigns credit scores to consumers based on behavioral data d) An AI tool used by teachers to grade essays e) An AI image generation tool for marketing materials f) A real-time facial recognition system for surveillance in public spaces
Exercise 5.2: Regulatory Monitoring Plan
Identify the three regulatory developments most relevant to your professional AI use (choose from: EU AI Act implementation, US federal AI legislation, sector-specific agency guidance in your field, copyright litigation outcomes, state privacy law developments).
For each: a) What is the current state? b) What are you watching for? c) What monitoring source will you use? d) What would trigger a change in your practice?
Part 6: Risk Management Application
Exercise 6.1: Personal AI Use Risk Classification
For your actual AI use, create a risk classification:
| AI Use | Risk Level (H/M/L) | Primary Legal Issue | Current Safeguard | Gap? |
|---|---|---|---|---|
| [Your use 1] | ||||
| [Your use 2] | ||||
| ... |
Complete this table for your five most significant professional AI uses.
Exercise 6.2: Building Your Legal Risk Checklist
Using the risk management framework from Section 7, draft a personal pre-use checklist for any new AI tool or new AI use case. The checklist should cover: data classification, tool privacy terms review, existing contract implications, professional liability considerations, and when to escalate to legal counsel.
Exercise 6.3: The One Call You Should Make
Based on completing this chapter's exercises, identify: what is the one legal question about your current AI use that you should raise with a lawyer? Why? What information would you bring to that conversation?
If after completing the exercises you have no such question, describe what specifically gives you confidence that your current practices are legally sound.