• |

    Oct. 16, 2024

Deciphering California’s Pioneering Mandate for an AI Nutrition Label 

California has created the first nutrition label for generative AI (Gen AI). The AI Training Data Transparency Act (CAIT‑D) requires an AI developer, which is broadly defined, to post on its website 12 details about datasets it uses for training AI. This article, with insights from attorneys at BakerHostetler, Carlton Fields, IAPP and Luminos Law, explains the new requirements, CAIT‑D’s benefits and shortcomings for downstream AI governance professionals, and how it compares to requirements in the E.U. and Colorado laws on AI. It also discusses the extent to which the law applies to workplace use of AI and the many companies adapting Gen AI models. See “How to Address the Colorado AI Act’s ‘Complex Compliance Regime’” (Jun. 5, 2024).

Cybersecurity and Privacy: Two Sides of the Same Coin

Cybersecurity Awareness Month is a good time to visit the latest evidence of how cybersecurity and privacy are overlapping and often blending, evident in the convergence of laws and regulations in the space. Many frameworks also contain both cyber and privacy elements. There is overlap in regulatory enforcement as well – just last week, the FTC’s settlement with Marriott and Starwood to resolve charges that lax data security led to three large data breaches included both privacy and cybersecurity mandates. Despite the ties, there is still a hint of tension in how to govern data privacy and cybersecurity to ensure a cohesive, continued alignment. In this guest article, Divya Sridhar, vice president, global privacy division and privacy initiatives operations, and Leah Smyle, privacy compliance coordinator, both at BBB National Programs, examine and offer perspective on the crossover, and provide a plan of action for closing the gaps between these two operations and putting coordinated efforts to work. See “Fostering Collaboration and Communication Between Security and Compliance” (Mar. 13, 2024).

Meeting DOJ Expectations Post-Resolution Requires Realism and Accountability

Many companies think that settling an issue with the SEC or DOJ brings the matter to a close. However, the ongoing obligations that appear in numerous settlements require companies to mind their manners with U.S. enforcers for years after a deal is inked. In a recent panel hosted by Ethico, Sidley Austin partner and former Assistant Attorney General Kenneth Polite, compliance consultant and former DOJ Compliance Counsel Expert Hui Chen, and compliance consultant and former Albemarle CCO Andrew McBride discussed the intricacies and challenges of navigating the aftermath of regulatory resolutions. This article summarizes the key takeaways from the discussion, including who manages continued communications with the DOJ, how much to report and accountability. See “What CCOs Should Know About the DOJ’s Efforts to Curtail Criminal Use of AI” (Oct. 9, 2024).

Privacy, Cyber & Data Strategy Partner Joins Alston & Bird in London

Alston & Bird has strengthened its privacy, cyber & data strategy team with the addition of Kelly Hagedorn as a partner in the firm’s London office. She arrives from Orrick. For commentary from Hagedorn, see “The Right to Be Forgotten: English High Court Details When Google Must Delist Links to Crimes” (May 9, 2018). For insights from Alston & Bird, see “FTC Signals Stricter Children’s Enforcement in NGL Labs Settlement: Compliance Lessons” (Sep. 25, 2024); as well as our two-part series on cybersecurity obligations in the E.U.’s Digital Laws: “AI Act, CRA and NIS2” (Sep. 4, 2024), and “Data Act, DORA and Compliance Steps” (Sep. 11, 2024).

Most-Read Articles

Spotlight on Trailblazing Women

To mark International Women’s Day 2024, women editors and reporters of ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Jill Abitbol, Managing Editor of the Cybersecurity Law Report and Anti-Corruption Report, features notable women in data privacy, cybersecurity, white collar defense, compliance and anti-corruption law, including Christina Montgomery, Leslie Shanklin, Palmina Fava, Alexandra Ross and Lucinda Low. Enjoy reading their inspiring remarks here.

We Celebrate Data Privacy Day 2024

Read the full brief here.

Spotlight on Trailblazing Women

In honor of International Women’s Day, some of ION Analytics' editorial teams led by women interviewed notable women in the markets and industries we cover. In this part, the Cybersecurity Law Report highlighted notable women in compliance and hedge fund, data privacy and cybersecurity, and anti-corruption law, including Amii Barnard-Bahn, Abigail Bell, Genna Garver, Jane Horvath, Barbara Li, Amy Mushahwar, Mara Senn and Carol Widger. The interviews are here.

 

 

 

Webinar on Compliant International Data Transfers

Listen here to our discussion with our colleagues at Ethos Privacy, which took place on March 1, 2022, on how to approach international data transfer challenges. 

Webinar on Getting a Handle on Vendor Contracts

A recording of the March 10 webinar can be accessed here

Cybersecurity Resolutions for 2021

In this quick take video, we talk about some of our cybersecurity resolutions for 2021.

Facial Recognition Concerns

In this short video, we discuss the privacy and bias concerns with facial recognition technology.

Planning for the Return to Work 

We discuss a few return-to-work privacy issues in this short video.

ACR and CSLR Spring Update 2020

The Senior Editors of the Anti-Corruption Report and the Cybersecurity Law Report recently teamed up to present an update on the trends and hot topics in the anti-corruption, cybersecurity and data privacy spaces since the beginning of the year and what the publications will be focusing on in the coming months. A complimentary download of the webinar is available here.

Upcoming Webinar: Companywide Work From Home - Cybersecurity and Privacy Best Practices

Please join us on Monday, March 23, 2020, from 12:00 p.m.- 12:30 p.m. EDT for a complimentary webinar discussing the cybersecurity and privacy challenges the shift to remote working has created and how to overcome them. Registration information for the webinar is here

Upcoming Webinar to Explore Best Practices for Alternative Data Use

Please join us on Wednesday, January 15, 2020, at 11:00 a.m. EST for a complimentary webinar hosted by our sister publication, the Hedge Fund Law Report, discussing issues relating to the use of alternative data by private fund managers. To register for the webinar, click here.

Upcoming HFLR/CSLR Webinar to Explore Strategies and Tactics for Conducting an Effective Tabletop Exercise

Please join the Hedge Fund Law Report and the Cybersecurity Law Report on Tuesday, July 30, 2019, at 1:00 p.m. ET for a complimentary webinar discussing the strategies and tactics companies can employ to conduct an effective tabletop exercise. GCs and CCOs are encouraged to invite their CISOs and CTOs to join as well. The webinar will be moderated by Shaw Horton, Associate Editor of the Hedge Fund Law Report, and will feature Luke Dembosky, partner at Debevoise, John “Four” Flynn, chief information security officer at Uber, and Jill Abitbol, Senior Editor of the Cybersecurity Law Report. Registration for the webinar is available here.

Anti-Corruption Webinar: How HPE Is Using Its New T&E Tool to Generate Compliance Metrics

Measuring the effectiveness of a compliance program can be tricky, but some companies are finding ways to use their existing internal controls to generate useful data. Join our sister publication the Anti-Corruption Report (ACR) for a complimentary webinar that explores Hewlett Packard Enterprises’ new travel-and-entertainment-approval tool. On Wednesday, March 27, 2019, from 1:00 p.m. to 2:00 p.m. EDT, the ACR’s Megan Zwiebel will interview Becky Rohr, vice-president of anti-corruption and global trade at Hewlett Packard Enterprises, about how they are using their T&E tool to measure and improve compliance. Registration information is here.