• |

    Dec. 6, 2023

Dos and Don’ts for Employee Use of Generative AI

A year after ChatGPT’s public release, companies are revising their initial rules that address how employees can use generative AI (Gen AI) tools. Many companies have given employees Gen AI dos and don’ts for the workplace and directed them to use only brand-new enterprise versions of Gen AI applications. This article examines employers’ shift in Gen AI policies and practices, including training and risk assessment, and presents several dos and don’ts for employees’ Gen AI use. See “Key Legal and Business Issues in AI-Related Contracts” (Aug. 9, 2023).

Navigating a Breach As a Third-Party Service Provider: Communications and Investigation

The series of significant third-party breaches in 2023, notably the MOVEit breach, highlighted the complex incident response considerations that arise when a service provider is a victim of a cyberattack. Collaboration and coordination among various stakeholders are key, all while the response time remains unyieldingly critical. At a Privacy+Security Forum Fall Academy panel, Troutman Pepper attorneys, along with Kroll’s global head of threat intelligence, discussed third-party incident response issues and practical ways to address them. In this first installment of our two-part series distilling the insights offered, we address messaging, forensic investigations and navigating the dark web. Part two will cover notifications, containment, restoring service and preserving attorney-client privilege. See our two-part series on a ransomware tabletop’s 360-degree incident response view: “Days One to Four” (Jan. 4, 2023), and “Day Five Through Post-Mortem” (Jan. 11, 2023).

U.K. Penalizes Morgan Stanley for Lax Electronic Communications Practices

While the SEC and CFTC continue to target appropriate recording and retention of electronic communications relevant to business operations, a recent U.K. proceeding is an important reminder that firms must also be cognizant of the requirements of other jurisdictions and regulators. The U.K.’s Office of Gas and Electricity Markets determined that Morgan Stanley & Co. International plc (MSIP) had violated recordkeeping regulations applicable to trading in the energy markets by failing to record and retain employees’ WhatsApp messages. The matter resulted in the first fine issued in the U.K. for failure to record and retain electronic communications relating to trading in wholesale energy products, wherein MSIP will pay a penalty of £5.41 million. This article details the relevant regulatory regime and MSIP’s violations. See “SEC and CFTC Continue to Penalize Firms for Electronic Communications Recordkeeping Violations” (Sep. 20, 2023).

Seasoned Cybersecurity and Data Privacy Attorney Joins Stinson in Dallas

Stinson LLP has announced that Jenifer McIntosh has joined the firm’s intellectual property and technology practice division as of counsel in its Dallas office. McIntosh brings more than 20 years of experience and arrives from Ferguson Braswell Fraser Kubasta PC.

Most-Read Articles

Spotlight on Trailblazing Women

 In honor of International Women’s Day, some of ION Analytics' editorial teams led by women interviewed notable women in the markets and industries we cover. In this part, the Cybersecurity Law Report highlighted notable women in compliance and hedge fund, data privacy and cybersecurity, and anti-corruption law, including Amii Barnard-Bahn, Abigail Bell, Genna Garver, Jane Horvath, Barbara Li, Amy Mushahwar, Mara Senn and Carol Widger. The interviews are here.

 

 

 

Webinar on Compliant International Data Transfers

Listen here to our discussion with our colleagues at Ethos Privacy, which took place on March 1, 2022, on how to approach international data transfer challenges. 

Webinar on Getting a Handle on Vendor Contracts

A recording of the March 10 webinar can be accessed here

Cybersecurity Resolutions for 2021

In this quick take video, we talk about some of our cybersecurity resolutions for 2021.

Facial Recognition Concerns

In this short video, we discuss the privacy and bias concerns with facial recognition technology.

Planning for the Return to Work 

We discuss a few return-to-work privacy issues in this short video.

ACR and CSLR Spring Update 2020

The Senior Editors of the Anti-Corruption Report and the Cybersecurity Law Report recently teamed up to present an update on the trends and hot topics in the anti-corruption, cybersecurity and data privacy spaces since the beginning of the year and what the publications will be focusing on in the coming months. A complimentary download of the webinar is available here.

Upcoming Webinar: Companywide Work From Home - Cybersecurity and Privacy Best Practices

Please join us on Monday, March 23, 2020, from 12:00 p.m.- 12:30 p.m. EDT for a complimentary webinar discussing the cybersecurity and privacy challenges the shift to remote working has created and how to overcome them. Registration information for the webinar is here

Upcoming Webinar to Explore Best Practices for Alternative Data Use

Please join us on Wednesday, January 15, 2020, at 11:00 a.m. EST for a complimentary webinar hosted by our sister publication, the Hedge Fund Law Report, discussing issues relating to the use of alternative data by private fund managers. To register for the webinar, click here.

Upcoming HFLR/CSLR Webinar to Explore Strategies and Tactics for Conducting an Effective Tabletop Exercise

Please join the Hedge Fund Law Report and the Cybersecurity Law Report on Tuesday, July 30, 2019, at 1:00 p.m. ET for a complimentary webinar discussing the strategies and tactics companies can employ to conduct an effective tabletop exercise. GCs and CCOs are encouraged to invite their CISOs and CTOs to join as well. The webinar will be moderated by Shaw Horton, Associate Editor of the Hedge Fund Law Report, and will feature Luke Dembosky, partner at Debevoise, John “Four” Flynn, chief information security officer at Uber, and Jill Abitbol, Senior Editor of the Cybersecurity Law Report. Registration for the webinar is available here.

Anti-Corruption Webinar: How HPE Is Using Its New T&E Tool to Generate Compliance Metrics

Measuring the effectiveness of a compliance program can be tricky, but some companies are finding ways to use their existing internal controls to generate useful data. Join our sister publication the Anti-Corruption Report (ACR) for a complimentary webinar that explores Hewlett Packard Enterprises’ new travel-and-entertainment-approval tool. On Wednesday, March 27, 2019, from 1:00 p.m. to 2:00 p.m. EDT, the ACR’s Megan Zwiebel will interview Becky Rohr, vice-president of anti-corruption and global trade at Hewlett Packard Enterprises, about how they are using their T&E tool to measure and improve compliance. Registration information is here.