The Consultant's Guide to Safe Client Prompts
Consultants live in NDAs. Here's how to keep the productivity gain of an LLM without ending up on the wrong side of a confidentiality clause.
The one-sentence test
Would this prompt read the same if I were asking about a hypothetical client in the same industry? If yes, you have redacted correctly. If not, keep going.
What to strip, in order
- The client legal name and any known trade names.
- The project codename — 'Project Nightingale' is more identifying than 'Google'.
- Any named executive; roles are fine, names are not.
- Revenue and EBITDA numbers with more than two significant figures.
- Geographic detail below country level.
- Dates finer than the quarter.
The custom-terms trick
PromptShielder lets you paste a per-engagement list of literal strings — codenames, initiatives, product-line names — that always get redacted regardless of context. Set it up on day one of the engagement. It saves the 'oh, I forgot our internal name for that programme' moment later.
Where LLMs actually help
- Structuring an argument once the analysis is done.
- Alternative wordings for a diplomatic paragraph.
- Drafting slide-deck speaker notes from a bulleted outline.
- Turning a rough recommendation into a two-page memo.
Frequently asked
Can I use my firm's enterprise ChatGPT for everything?+
Even with a DPA, the confidentiality clause in the client NDA usually requires prior written consent for any third-party processor. Redaction is the pragmatic bypass.
What about diagrams?+
The same rule applies. A screenshotted org chart is far more identifying than the same information in prose.