The leak doesn't come from the C-suite. It comes from a Thursday deadline.
Picture a 35-person agency, a campaign due Friday, and a junior strategist who pastes a client's positioning deck and a CSV of their paid-media audience into a free chatbot to "speed up the brief." Nobody approved it. Nobody logged it. And nobody will know until that client's competitor — who also uses your agency's preferred AI tool on a free tier — sees something that feels uncomfortably familiar.
That is the specific exposure an agency carries that an in-house team does not: the most sensitive material in your building belongs to someone else. Your acceptable-use policy is not really about protecting your agency. It's about protecting the client trust you bill against.
The macro picture supports treating this as an operating problem, not a tech toy. The RSM middle-market AI survey, the San Francisco Fed small-business AI analysis, and the OECD SME AI adoption report all land on the same point: AI creates value only when it has workflow fit, trained people, and management capacity behind it. For an agency, that management capacity is the policy that decides what touches a client's data and what doesn't.
Draw the line at the data, not the task
Most agency AI rules fail because they try to ban tasks ("don't use AI for copy"). That's unenforceable — half your team already does, and the useful half are your best people. The line that actually holds is drawn around the data, not the activity.
So sort your work into two bins. Green-light, no friction: internal subject-line variants, repurposing a published case study into a LinkedIn draft, cleaning up meeting notes, building a production checklist, brainstorming concepts off a public brand. None of that carries a client's confidential context. Locked behind review: anything containing a client's unpublished strategy, a raw audience or CRM export, performance data they'd consider proprietary, creative that hasn't shipped, or a claim that needs legal substantiation before it goes near a media buy.
The mechanism that keeps this from becoming a binder nobody reads is naming what each AI tool is actually allowed to ingest. The NIST AI Risk Management Framework gives you the map-and-assign structure; the CISA AI Data Security Best Practices covers the data-movement, access, and logging controls underneath it. And if your shop standardizes on a managed assistant, check what it actually does with prompts — Microsoft 365 Copilot's privacy and data controls and OpenAI's enterprise privacy commitments tell you whether a tool trains on your inputs. Critical for agencies: vendor terms set a floor, but your client contracts set the ceiling. A client MSA with a confidentiality clause overrides whatever a tool's enterprise tier permits.
Wire the review into the approval step you already have
You already gate client-facing work — copy gets a second read, media plans get account-lead sign-off, claims get scrutiny before launch. Don't invent a parallel AI process. Add one question to the gate that exists: "Did anything client-confidential touch an AI tool to make this, and was it an approved one?" Asked at the same checkpoint, every time, that question does more than a ten-page document.
A workable agency policy fits on a page: a named owner (usually creative operations or whoever runs the studio), the short list of approved tools, the locked-data categories above, the one review question, a place to log the rare approved exception, and a quarterly look at what teams are actually doing — because shadow usage tells you where the policy is too tight to follow.
To pressure-test where your data boundaries actually leak today, run the SMB AI readiness assessment. Then use the 90-day implementation plan to sequence the rollout: tool selection, team training, and the first low-risk workflows you green-light without a second thought. Start with internal brief drafting next week — the easiest win that builds the habit before the stakes get higher.
