Feb. 8, 2023

AI Governance Gets Real: Core Compliance Strategies

In the millions of sentences recently published commenting on ChatGPT and the other fun AI platforms that generate images and text, one pattern is obvious: companies must undertake governance to ensure their adoption of AI is responsible. This article, the second in a two-part series, presents top priorities and other tips for creating AI compliance measures from front-line (human) practitioners, with commentary from experts at IBM, the AI Responsibility Lab and PwC, and findings from an Accenture report. It also discusses the brand-new market for automated AI governance platforms. Part one provided tips from an AI chat provider about countering AI risks and creating a governance culture for AI. See “Takeaways From the New Push for a Federal AI Law” (Oct. 26, 2022).  

Data Breaches and the Private Credit Market: Post-Breach Considerations

In the private debt market, it is important for lenders to consider the impacts of increasingly sophisticated and financially impactful data breaches. A primary concern for lenders is that a borrower will expend capital addressing such liabilities that could otherwise be used to service their debt and/or to grow the enterprise, potentially resulting in financial defaults. In this two-part guest article series, Proskauer partners Ryan P. Blaney, Bharat Moudgil and Evan Palenschat discuss considerations to prevent and mitigate the effects of a borrower’s cyber incident. Part one discussed the cost of breaches, why vigilance is urgent and proactive steps to take to assess a borrower’s preparedness. This second part covers how to prepare for and address a borrower’s breach. See “Privacy and Security Due Diligence in M&A Transactions: Going Beyond the Questionnaire” (Jan. 19, 2021).

How to Comply With the CPRA’s Data Minimization Standards

When the California Privacy Rights Act (CPRA) took effect at the start of this year, it introduced general data minimization obligations. With these new requirements, among other tasks, companies will need to continually evaluate their data collection practices and determine the purposes for which data is collected and processed. In a recent Women in Cyber webinar, Alston & Bird partners and in-house counsel at Hitachi Energy and TransUnion offered key considerations for implementation of new CPRA requirements, and discussed the potential regulatory risks for non-compliance. See “CPRA Draft Regulations: Essential Takeaways and 10 Actions to Take Now” (Jul. 13, 2022).

Eckert Seamans Strengthens Cybersecurity and Privacy Practice

Eckert Seamans has added Elizabeth Wilson as a senior attorney in the firm’s cybersecurity, data protection and privacy practice in Philadelphia. She joins from Credit Suisse Securities (USA) LLC.