In the U.S., several legal regimes control the protection of privacy and cybersecurity, among them Massachusetts law 201 CMR 17.00, Nevada law NRS 603A, the Gramm-Leach Bliley Act (GLBA), the New York Department of Financial Services’ 23 NYCRR 500, as well as various other state laws related to notification of data breaches. Beyond regulatory requirements, parties may contract with each other to shift liability for breach of these laws, or require each other to be responsible for more obligations. These obligations may require companies to put in place new policies, practices, technology and personnel.
Artificial Intelligence (AI) aims to automate and do at scale what humans currently do better than machines, such as making decisions about whether a cyber-intrusion has occurred, or if there is a suspicious pattern of network activity. Companies may use AI to derive information about people from aggregate data which may not directly contain Personally Identifiable Information (PII), and these actions potentially risk putting such companies under the coverage of regulations and contractual obligations. Furthermore, as AI becomes better at protecting security, the “reasonable” industry standard may be to use such AI tools, and the failure to do so could have legal and economic consequences for companies.
In this program, Huu Nguyen, a Squire Patton Boggs partner with a strong technical background, will introduce the legal implications of using AI as a tool to help companies analyze data, including a practical discussion of the benefits and pitfalls in implementing these systems.