Sharon Toerek AI Legal Risks Every Marketer Should Know

Podcast: Play in new window | Download

AI is helping agencies and marketers move faster than ever – but it’s also creating legal questions most businesses aren’t prepared for. In this episode, Sharon Toerek breaks down the real-world risks around AI, copyright, confidentiality, contracts, and client work, along with the practical guardrails agencies should have in place now.

What Businesses Need to Know About AI and the Law

There’s a moment most of us skip over every time we start using a new AI tool (or any software, for that matter.) The terms of service pop up, we scroll to the bottom without reading a word, click “accept,” and get on with it.

That moment, it turns out, carries more legal weight than most of us realize.

I had a conversation with Sharon Toerek, a marketing and intellectual property attorney who works exclusively with independent agencies, and it changed how I think about the legal side of AI. Not because she scared me, but because she made the risks concrete and the solutions practical. If you’re using tools like ChatGPT, Claude, or Gemini to produce content for clients or your own business, here’s what you need to understand.

 

The Two Risk Zones: Input and Output

Sharon frames AI legal risk in two camps:

The first is input risk: what you’re feeding into the AI platforms your team uses every day.

The second is output risk: what the AI produces for you, and whether that work creates legal exposure once it goes public.

Most people are only vaguely worried about the second one. But the first one can be just as serious.

If you’re an agency, you’re regularly working with proprietary client information: business plans, product strategies, campaign data. Inputting that into an AI tool without understanding how the platform handles that data is a potential breach of your client confidentiality agreements. And depending on the subscription tier you’re on, your inputs may be contributing to the platform’s training data, which means sensitive information could theoretically surface in someone else’s output.

Sharon’s advice here is blunt: know which tools your team is using, know which subscription level those tools are set to, and make sure you’re on a license tier that explicitly does not use your data for training. Most of the major platforms offer this at a certain subscription level. Whether they honor it is a separate conversation, but at a minimum, you want the contractual protection.

 

The Copyright Question Nobody Wants to Answer

Currently, there’s no reliable way to know whether something the AI produces for you infringes on someone else’s work.

Sharon is clear about what that means in practice. The platforms are not going to indemnify you. Every major AI tool’s terms of service puts the responsibility for infringement on the user, not the platform. They’re happy to let you own the output. They’re just not willing to guarantee it’s clean from a copyright standpoint.

So if an AI-generated campaign goes public and it turns out to resemble an existing copyrighted work too closely, that’s your problem. And your client’s problem. And if history is any guide, Sharon notes, it tends to come down to depth of pockets.

The practical response isn’t to stop using AI. It’s to keep doing the clearance work you should already be doing anyway: trademark searches for branding, copyright checks for creative work before it goes to market. AI doesn’t change that checklist. It just adds urgency to it.

 

What About Using AI to Imitate a Style or Likeness?

This came up because it’s genuinely murky territory. If you prompt an AI to write in the style of a specific author, or generate an image that mimics a celebrity’s likeness, where does the liability fall?

On style: the core question is how closely the output resembles an existing original work, and what your commercial intent is. Writing in someone’s style isn’t automatically infringement. But if the output is substantially similar to a specific copyrighted work and you’re using it commercially, the fact that an AI wrote it doesn’t protect you.

On likeness: Sharon was unambiguous here. The liability framework around using someone’s name, image, or likeness in a commercial context hasn’t changed just because AI is involved. It’s still unauthorized commercial use. AI simply makes it easier and faster to do something you probably shouldn’t be doing in the first place.

 

Sharon’s Five-Step Framework for Managing AI Risk

Need some practical advice? Sharon laid out five things any agency or business can start working on right now, without necessarily needing a lawyer on retainer.

1. Written AI Policies

You need two: an internal policy for your team, and an external policy you can share with clients and vendors. These don’t need to be long or complex, but they need to exist. They’ll evolve as the tools evolve, but you have to start somewhere.

2. Updated Contracts

Your master service agreements and client contracts need language that addresses AI: which tools are permissible, who owns work product created with AI assistance, and who bears liability if something goes wrong. If your contracts don’t mention AI, they’re already out of date.

3. Read the Terms of Service (At Least the Relevant Parts)

Nobody loves this. But Sharon suggests at minimum picking your top two or three tools and understanding what they’re granting you in terms of IP rights and what they’re explicitly not guaranteeing. Using AI to summarize these documents, as I’ve done, is a reasonable starting point. Just verify the key points independently.

4. Review Your Insurance Stack

There are no AI-specific policies yet, but your general liability, errors and omissions, and cyber insurance coverage may address some of the risks that could arise from AI-related work product issues. Worth a conversation with your broker.

5. Regular Team Training

Not a one-time rollout. Ongoing conversations about which tools the team is using, what the approved use cases are, and what conversations need to happen with clients before a project starts. The cowboy-style adoption of AI tools, where everyone on the team is using different things on personal accounts with no oversight, is where a lot of the real exposure lives.

 

The Conversation You’re Probably Not Having with Clients

One thing Sharon said that I hadn’t considered: before you start a new project, ask your clients directly whether they have a corporate AI policy, whether there are tools they don’t permit you to use, and whether there’s any information they don’t want exposed to AI platforms.

It sounds like a simple conversation. It is. But not having it could mean spending real time and budget on AI-assisted work that a client refuses to approve because it violates their internal policies. And they’re probably not going to pay you for that work.

Building that into your onboarding and project kickoff process is a quick, low-cost way to prevent a frustrating and expensive situation.

 

Where Is All of This Heading?

The short answer is that nobody knows for certain, but Sharon’s read on the near-term landscape is thoughtful. She expects some kind of mandatory licensing framework to emerge for AI’s use of copyrighted content, along with more accessible infringement reporting processes from the major platforms (similar to what social media platforms have developed for trademark and copyright complaints).

On regulation, she sees the federal-versus-state tension continuing. The federal government wants to control AI regulation and currently prefers minimal rules. States are filling the void. That’s the same pattern that played out with data privacy, and it didn’t resolve cleanly or quickly.

What’s not likely to change without court intervention: the major AI platforms’ current approach of train now, license later. Sharon describes it as “take and train now, apologize and work out a license later,” and she doesn’t expect that to shift until the legal system forces it.

In the meantime, the responsibility sits with agencies and brands. That’s not a comfortable position, but it’s the current reality.

 

Where to Start

If this conversation made you realize your policies, contracts, or client conversations are behind where they need to be, Sharon’s firm is at legalandcreative.com. She also hosts the Innovative Agency Podcast and is active on LinkedIn.

The practical next steps, in order of urgency:

1. Check the subscription tier you’re on for your major AI tools. Are you on a level that protects your data from training?
2. Pull out your standard client contract. Does it mention AI at all?
3. Draft a basic internal AI policy. Even a one-page document with an approved tool list is a better starting point than nothing.
4. Add a standing question to your client onboarding: “Do you have a corporate AI policy we should know about?”

You don’t need to solve everything at once. But you do need to start.

Transcript from Sharon Toerek’s Episode

Rich: Today’s guest is a marketing and IP attorney who works with independent agencies across the U.S. She’s the founder of Legal+Creative and host of The Innovative Agency Podcast.

She created the Agency Protection System, an agency legal toolkit product at, you can find it at agencylegalprotection.com and is an approved participant on the four A’s legal consultants panel and the past president of the American Ad Federation of Cleveland.

Today we’re going to be diving into the murky waters of AI use, the law, and your responsibilities with Sharon Toerek. Sharon, welcome to the podcast.

Sharon: It’s great to be here, Rich. Thanks for having me.

Rich: Alright, so how did you end up focusing your legal work specifically on marketing agencies and AI related issues?

Sharon: You know, if I trace it back, my original background in the law is as an intellectual property lawyer. And in the course of developing experience I started working with marketers quite a bit, especially in the brand protection realm, and became pretty skilled in trademark and copyright issues.

And that led to working with a lot of marketers, because marketing is actually very IP heavy. And then that narrowed over time into working with a lot of agencies. And I just really loved the blend of entrepreneurship, and IP, and marketing law issues. And so about 12 1/2 years ago, I founded my current firm to focus just on independent agencies.

And the AI focus, risk management around adoption of AI and agency operations and in generation of work products is something that has just been a necessary component of what we do for agencies. Because it really floats over all three silos of the work that we do, which is IP, contract development and negotiation, and marketing regulation compliance. AI really floats over all three of those things and tons of opportunity. And what we want to do is put agencies in a place of being able to manage and plan for the risks along the way so that you can minimize surprises as much as possible.

Rich: Yes, and I think the whole IP piece is absolutely fascinating. That’s a whole other topic, maybe we’ll have you back on another day. But obviously, it also directly impacts AI.  So when business owners or marketers hear the legal risks of AI, what does that mean in practical terms, in your opinion? 

Sharon: I think there’s two primary risk areas that most businesses are and should be concerned about now. And one is whether the outputs that they use might create any sort of infringement with the rights of other creators, or whether the output might create any other legal liabilities because the work product that gets published has inaccurate claims in it, or inaccurate information, or misleads in some way a consumer that might see that work product. So that’s the first thing.

And then secondly, it’s how do we handle what we input into the AI platforms that we’re leveraging in our businesses every day, and how do we manage the expectations of our clients? And this is agency specific in this example, but if your brand is providing you with product plans, business plans, strategies, things that may be very proprietary or very confidential, there need to be guardrails around how you input or use AI to sort of process that information. And then there are of course data privacy implications to feeding data into AI engines. And so those are the two camps, the input and the output and the response.

Rich: Response, I was about to say.

Sharon: Yeah, input and output and the liability they can create.

Rich: Alright, so for those of us who are using tools like ChatGPT, Claude, Gemini to create content, to generate content, what are the biggest legal risks that we’re not thinking about?

Sharon: The first is that there is really no good way to discern right now, as you and I are having this conversation, whether the output will actually infringe upon the rights of another copyright holder. The platforms you use are not going to indemnify you for that.

There are some strides that some of the major players are trying to make in terms of creating levels of licensing that have supposed higher levels of security. But the bottom line is at the end of the day, you don’t know whether what you use the machines to create for you or contribute to the work that you do are going to put you in a situation of infringing somebody else’s IP. So, I’ll start there.

Rich: Alright, so you described kind of the two campuses, input and output, when it comes to a AI. So let’s just kind of start with the input stuff. What are the risks around putting proprietary or confidential information, whether it’s your own businesses or if you are an agency, some other businesses, putting it into the AI tools? What are the risks there? And maybe how can we minimize or eliminate those risks?

Sharon: The primary risk is, well, there are two primary risks. The first is that you may have very firm commitments to your clients about confidentiality and sensitivity or proprietaries of the information. And without proper communication, you may be inputting stuff into an AI platform that they very much would not want you to do, or that they have corporate policies that prevent you from doing. So it’s breaching the agreement you have with your client as to the confidentiality.

And then secondly, the risk is that you cannot be certain unless you’re using the right products, that you’re not contributing to the training data of an AI engine and inadvertently creating opportunity or real estate for someone else to infringe on your intellectual property, or for the information to just somehow come out in somebody’s output that isn’t supposed to because it’s sensitive.

And a primary risk here is that most agencies are set up in terms of their talent, where there’s a lot of, frankly, cowboy use of AI tools. You may be working with 1099 freelancers. They may be using their personal accounts for their parts of the project, or even employees might be doing this. So the first suggestion with respect to what can we do is limiting the tools and having a process for approving additional tools and or use cases for AI amongst your team members.

Rich: All right. Shifting to output, although I may come back with some more input questions. If AI generates something that infringes on somebody else’s IP, who’s responsible? Is that on me, because I put in some sort of prompt? Or is it on the , because they generated something with Mickey Mouse in there?

Sharon: It’s right now where we are with the state of the copyright litigation in the US, not going to be on the platform most likely. It will most likely be on the brand, and then probably on the agency, depending on your involvement in the creative process and how much of the work you’re actually responsible for turning out.

So I wish I had clear direction on this point right now. But one thing is clear that if you look at the terms and conditions of every major AI platform that you’re using in a generative way to help you create work product or outlines that result in work product, whatever the case might be, they’re not going to indemnify you or hold response. They’re happy to have you own the work product at the end of the day, even though they may not have the right to give you that privilege. But they’re not going to indemnify you if something goes sideways once that work gets public released down into the market.

And so if you have inadvertently infringed, that’s going to be your mess to clean up. And you will have no way of knowing, in most cases, in advance. There’s some things you can and should do from a risk management perspective, and it turns out they’re the same old fashioned things we should be doing anyway to clear campaigns before they go public. Full trademark searches for branding, copyright clearances when it’s a creative piece of work.

But the bottom line is it’s the agency and it’s the brand. And if history is a clue, it’s going to come down to deepness of pockets for the time being.

Rich: Alright. Of which many small businesses do not have those pockets very deep.

Sharon: No.

Rich: Another popular thing on the web today is the use of memes, including celebrity likenesses or pop culture references. This is a great way, in terms of engaging an audience on social media. And I already questioned whether I can really use some of these memes in a professional setting for social media. But how does AI further complicate or muddy the waters here?

Sharon: I think the biggest complication is that it has made it simply easier to appropriate the likeness of somebody who hasn’t given permission for their likeness to be used in a commercial way.

You’re right the liability landscape, if you will, hasn’t really changed. Anytime you’re using somebody’s name or their image or their likeness in a commercial sense, which is just about every single use case you can think of. Because if you’re an agency, you’re putting together strategies and tactics that are designed to create some sort of commercial impression or result that’s not fair use.

And it can also create implications of brand association that don’t really exist, or endorsements that don’t exist. And so AI just makes it easier to do these things. It creates more real estate for troublemaking. But the liability picture has not changed.

Rich: Does it matter if the person is a celebrity or not? I noticed a recent meme that used the framework of Pam from The Office at the end who says those are the same image, which is a common theme in memes these days. But it replaced her with a stock photography actress instead, probably because they were afraid of having to get permission from both NBC as well as the actress behind it.

Does it matter that these people are celebrities or not? When we’re using AI to create this imagery, is there more protection for celebrities?

Sharon: There’s more protection for celebrities. Definitely. If you were to recreate a scene in which a celebrity is known to have appeared and use different actors mimicry, if you will. It again depends on the level of copying that happened and a commercial purpose for it. So your exposure might be a little bit lower for you for replicating that likeness with somebody who’s not the original actor in that scene. But it’s not necessarily going to be zero.

And I’m going to assume in that scenario that whoever the human is willingly participated. And if they didn’t participate, there’s still liability. It’s just that the damages are probably not going to be as extensive if they don’t have a famous reputation to guard.

Rich: You know, just a day or two ago, Sora, the video software from OpenAI was shut down just as they were about to do a deal with Disney – one of the most litigious companies in the world – about licensing some of their characters so that people could use them in photos and video.

I’m just wondering, it seems very obvious that I couldn’t take a picture of a celebrity, use AI to get them to endorse my product, but it’s a little bit more nebulous, at least for me. When it comes to the written word, what kind of concerns should we have when it comes to the written word versus images, where it’s very obvious that we might be stealing?

Like I probably couldn’t go in and say, “write this article from the perspective or in the style of Stephen King”, say, and do something like that. But how do we need to worry about some of those type of prompts?

Sharon: I think your concern there needs to focus on what does the output look like, and how closely might it resemble an original work. And again, it comes down to what’s your intent with how you’re going to use that work.

Let’s assume it’s commercial in this case. And so copyright infringement, whether AI is involved or not, really comes down to what’s the degree of similarity between the two works. And then, you know, what is your intention with respect to the work. And so it is probably not as apparent on the face of it as a photographic image, duplication might be, but if it’s highly similar and you’re making a commercial use, the fact that it’s been generated by AI is not going to save you.

And you know, to comment on the Sora situation and frankly on copyright and what I call big AI in general, their MO from the beginning, and I don’t see it changing unless they’re forced to change, is take and train now, apologize and work out a license later. This is very intentional on their part. And until a high court in the United States or in other jurisdictions, creates some policy and case law around what infringement actually is and what the responsibility of the AI platforms will be for it, I don’t expect them to change their model.

And so at the bottom-line, responsibility falls on the agencies who are creating, and the brands whose names go out there and association with this stuff.

Rich: All right. Now I understand that you have a framework for managing AI risk. Can you walk us through that process?

Sharon: We do. There are some things that anybody listening here can start on their own, and these are steps to take in hedging the risk.

The first is have written AI policies. And this sounds so basic and so elementary school but have written AI policies. They’re going to be dynamic, and they will evolve as the tools evolve. But you should have an internal AI policy for your team members, which should be socialized to them with training and discussion. An external AI policy, which should be publishable and discussable with your clients, your vendors. That’s job one. And it’s easy for most businesses of any size agencies, of any size to do.

Secondly, your contracts need to start addressing AI use. So if you’re an agency in particular, you need to be putting firm language into your master service agreement, your letter of agreement, whatever you call the document that you use to contract with your clients around AI usage, the permissibility of it, and the responsibility if something goes sideways as a result of work product created using AI. So step one policies. Step two, contracts.

Step three, review the terms and conditions of the tools that you’re using. I know it’s as dull as watching paint dry. Maybe pick the top two or three tools. But understand what the tool purveyors are actually granting to you in terms of intellectual property rights. A spoiler alert there, they’re happy to have you have the rights because nobody can run anything that comes out of AI from a copyright perspective. But more so on the liability side of things.

Along with reviewing those terms, make sure the licenses that your agency or your firm is acquiring are versions that don’t input your data into their training sets. There’s certain levels of subscription in all the major tools that promise us, at least that’s their promise, they’re not using our data to train. So check the terms along with the levels of the license that you’re using.

Look at your insurance stack. There are no AI specific policies out there so far, but your agency should be looking at its stack of general liability, errors and omissions and cyber insurance coverage to deal with as many of the issues that could occur if a problem arises once the work gets public. So those are some steps that I think every agency or business can easily take.

And I would say the fifth one is talk to your team regularly. You need regular team training on all of this. Not just when you roll out your policy, but on an ongoing basis to really have your handle around what tools are we using, what use cases are we making, what are the client conversations we need to be having before we start a project? Because if you’re not all on the same page about use cases and tools, it’s much easier to make a mistake.

Rich: So you mentioned terms of service, and you’re right, nobody reads the terms of service. You just skim to the end and then you click ‘accept’ so you can start using the software. In fact, I’ve used AI to read over these and tell me, “what are the things that I should be most concerned about?”, to try and get some of it.

Sharon: What did it say? I want to know what did it say?

Rich: Sometimes it’ll flag things like, just be aware that this is saying that you may be liable in these sort of situations.

Sharon: You are on your own.

Rich: Yeah, pretty much. I’ve also asked Claude at one point, I know it says that you’re not going to share this information or train on it, but how do I know? And they’re like, well, you’ll have to go back to the original TOS, and I’m only a bot, I can’t really answer your legal questions. Which they probably trained it to say that.

But I guess, to your point, it is important that we understand the terms of service of at least the major platforms that we are planning on using.

You mentioned training the team and keeping that conversation going. What type of internal policies do you recommend that we have in place around AI usage specifically, so that our team is not going rogue because they’re excited about the tools or the opportunities?

Sharon: A few of the key important ones are agreement on which tools, first of all, and publishing that list. And then having along with that, a process for expanding that list. A lot of agencies recently crossed Chat off their list in favor of Anthropic’s products, for whatever reasons. So have that conversation regularly. And that should be part of the training.

The other part of the training should be what are the human guardrails here? Once work product is ready to deliver to a client, who reviews it, who approves it? Because ultimately, it’s going to be perceived by humans in the market. And so who is making, as certain as you can make, and agencies are not lawyers, but an agency creative team should be able to know and be tuned into knowing when they should be asking legal questions or triggering the client to ask its legal counsel these questions.

Because many master service agreements between agencies and brands, quite rightly, put the responsibility of the legal clearances on the brand. But you got to make sure that the brand did that. So it’s the guardrails along with the use cases, along with the tools.

And then finally, I would say what is our checklist of client conversations that we need to have and when we need to have them? For example, do you have a corporate AI use policy that you need us to be aware of? Are there any tools you do not permit us to use? Is there any information that you definitely do not want us exposing to AI? What are your policies? What are your limitations?

Because there’s no sense in using a set of tools that you’re brand/client forbid you to use and waste a bunch of time coming up with a bunch of cool stuff that they’re not going to approve to go out into the world. And which are also, by the way, not going to pay you for, because they probably are going to take the position that you should have known that or ask that.

So have your checklist of client conversations that need to be, have, and take a look at your client, your vendor, your freelancer agreements. And this is relevant to training because every agency has different people in charge of these different tasks. But make sure your agreements with all those people and your conversations with all those people align in terms of expectations and responsibilities.

Rich: That is some stuff I hadn’t thought about. Like I haven’t had that conversation yet with any of our clients about are there any platforms or tools that are off limits or anything related to that, which is an excellent question that I’ll be working into our next onboarding. So thank you for that.

Now a lot of businesses don’t have legal teams or the budgets to even, you know, they have to think twice before they even reach out to a lawyer. How can they realistically protect themselves while still taking advantage of AI?

Sharon: I think that a little, you know, I very much have the philosophy that legal affairs are a profit generator for agencies. And what I mean by that is that if you put foundation in place in an evergreen way, look at your basic agreements and make certain that you are on a cadence to review them regularly. In other words, it’s the old adage of an ounce of prevention being better than a pound of cure.

The more that you institutionalize having the right language in your contracts, the right policy making cadence, and the right conversations, the less often you’re going to have to call legal with your hair on fire because there’s a problem with either something getting approved or something going sideways once it’s been released out into the market. So the best way to save yourself is to make a little bit of proactive evergreen investment on the upfront in those areas.

Rich: Awesome. Now we’ve talked a lot about how things are changing literally day to day. The Sora thing came out of nowhere. Nobody saw that coming. Using your crystal ball, your legal crystal ball, where do you see the legal side of AI heading over the next few months, if not years?

Sharon: I think that there’s going to have to be a framework developed for managing copyright infringements and the compensation of creators for their work. Whether that is a general minimum license fee that has to be levied when there’s an infringement found, whether that is the major AI purveyors having their own IP infringement processes that are accessible to creators, not just something you have to jump through 15 hoops.

You know, our social media platforms have done a pretty good job of, I mean, they’re frustrating to navigate through sometimes, but they all have trademark and copyright infringement reporting processes and a cadence of behavior that occurs. I think the AI platforms are going to have to do that in order to manage some of this IP stuff.

And then I don’t foresee any relief from this sort of tennis ball we’re seeing – or pickleball, depending on your preference – getting batted back and forth between the states and the federal government on regulating AI usage. We are regulating it on a state-by-state basis now, just like we have done with data privacy. And with the added dynamic with respect to AI that the feds don’t really want the states governing AI at all. They want to be making the rules, and they would prefer to make very few of them at current.

So those are some of the things I see on the horizon. We’re going to have to come up with some construct to compensate creators and some sort of maybe mandatory licensing along with an expedited reporting process. Makes sense to me, but unless a court stops them, I don’t foresee any of these major platforms deviating from their practice of we’re going to just take the work now and apologize and maybe pay you a license fee later if you have a copyright claim.

Rich: The forgiveness rather than permission approach. I understand.

Sharon: Yes, exactly so.

Rich: Sharon, this has been great. If people are listening in and they want to learn more about you, your practice, and how you can help them either with AI or with IP, where can we send them?

Sharon: Thank you, Rich. It’s been a delightful conversation. So legalandcreative.com is the firm website. I’m pretty active on LinkedIn. It’s Sharon Toerek, T-O-E-R-E-K. Or come listen to our podcast, which is The Innovative Agency, which is not really legal, it’s more about innovation in the agency world. And we talked to a lot of really. Cool and smart people in the marketing field about all sorts of agency topics. So any of those places would be a great place to start.

Rich: Awesome. And we’ll have all those links in the show notes. Sharon, thank you so much for your time today.

Sharon: Thank you.

 

Show Notes:

Sharon Toerek is an attorney focused on intellectual property, marketing law, and risk management, where she helps agencies navigate contracts, compliance, and the evolving legal realities of Ai-powered marketing. Be sure to connect with her on LinkedIn and catch her as host of The Innovative Agency Podcast.

Rich Brooks is the President of flyte new media, a web design & digital marketing agency in Portland, Maine, and founder of the Agents of Change. He’s passionate about helping small businesses grow online and has put his nearly 30 years of experience into the book, The Lead Machine: The Small Business Guide to Digital Marketing.