As the first quarter of 2025 draws to a close and we look ahead to the spring, important changes to the Federal Rules of Evidence (“FRE”) regarding the use of AI in the courtroom are on the horizon. Specifically, the Federal Judicial Conference’s Advisory Committee on Evidence Rules (the “Committee”) is expected to vote on at least one AI-specific proposal…
On Tuesday, April 29, 2025 at 1:15 pm, Erez Liebermann will be moderating a panel at RSAC 2025 Conference to discuss the growing regulatory expectations around governance, including that from the Securities and Exchange Commission (SEC) and other regulators beating their cyber drums. The panelists will share best practices to educate the board, both ahead of and during an incident.…
On Wednesday, April 30, 2025 at 2:25 pm, Erez Liebermann will be moderating a panel at RSAC 2025 Conference to discuss different approaches of private equity firms in evaluating cyber maturity and in working with portfolio companies on M&A, risk management, and incident response. The panel will feature: Rich Adduci, Operating Executive, Berkshire Partners James Goddard, Senior Operating Executive, Hellman…
On Tuesday, April 29, 2025 at 9:40 am, Erez Liebermann will be moderating a panel at RSAC 2025 Conference to dive into the work that financial services companies, the government, and cloud service providers are taking to mature incident response. The panel will feature: Todd Conklin, Chief AI Officer and Deputy Assistant Secretary, US Treasury Heather Hogsett, Senior Vice President,…
On Thursday, April 24, 2025 at 9:00 AM ET, as a part of IAPP Global Privacy Summit 2025, Erez Liebermann will be moderating a panel of experienced in-house counsel and a former in-house counsel to discuss the pitfalls of incident response and lessons learned from crisis management missteps. By sharing real-world examples, insights and actionable recommendations, the session aims to equip…
Our top five European data protection developments from January are: UK ransomware reporting proposals. The UK Government released a consultation on ransomware related legislative proposals, including possible reporting obligations and payment bans for cyber ransom incidents. DeepSeek investigated by Italian DPA over AI chatbot data collection practices. The Italian DPA opened an investigation into DeepSeek for possible GDPR non-compliance associated…
On February 20, 2025, the SEC announced the creation of the Cyber and Emerging Technologies Unit (“CETU”) to focus on “combatting cyber-related misconduct and to protect retail investors from bad actors in the emerging technologies space.” In this blog post, we provide an overview of the announcement, which illustrates that the Trump administration will continue to prioritize SEC cybersecurity and…
Because media is constantly urging us to use more AI, Professor Ethan Mollick’s recent post that identified 5 Times Not to Use AI caught our attention. After dispensing with the obvious scenarios (e.g., using AI for illegal purposes, in high-stakes situations where errors could be catastrophic, or for decisions that ethically require human work), Professor Mollick offers five situations where…
In a ruling with potential implications for other pending generative artificial intelligence (“AI”) copyright cases, the United States District Court for the District of Delaware in Thomson Reuters Enterprise Centre GmbH & West Publishing Corp. v. ROSS Intelligence Inc. has granted summary judgment for Thomson Reuters on direct copyright infringement and related defenses, as well as fair use. While the…
In Part 1 of this series, we discussed the annual cybersecurity audit requirements in the proposed rulemaking package (the “Draft Regulations”) of the California Privacy Protection Agency (the “CPPA”). In this Part 2, we discuss the Draft Regulations’ provisions on Automated Decision-Making Technology (“ADMT”). Most notably, the Draft Regulations’ definition of ADMT is more expansive than other regulatory definitions in…