- in United States
- with readers working within the Pharmaceuticals & BioTech industries
AI is reshaping product development and the regulatory landscape, and the pace of change is accelerating. In this episode of the Cybersecurity Awareness Series, Amy S. Mushahwar and Kathleen A. McGee discuss the rapid expansion of state AI and privacy laws, evolving breach notification obligations, and heightened scrutiny around model integrity, safety, and ethical use. From algorithmic regulation to concerns about hallucinations and data contamination, today's risks extend far beyond traditional compliance.
Speakers:
- Amy S. Mushahwar, Partner, Chair, Data Privacy, Security, Safety & Risk Management
- Kathleen A. McGee, Partner, Data Privacy, Security, Safety & Risk Management, White Collar
READ THE TRANSCRIPT
Kathleen A. McGee: So, AI is obviously a huge issue for our clients, both in terms of product development and also in the regulatory landscape. It is a very popular subject for state laws that are being rolled out across the country—usually consumer facing, but algorithmic use and AI, SAS product-oriented regulations are starting to blossom throughout the state landscape.
Amy S. Mushahwar: We are having privacy
statutes creep and crawl across the country, just like data breach
statutes did now 20 years ago, starting with the first California
data breach statute.
So, we are seeing an escalation of the amount of data
laws—AI, data disposal, still granular breach and more breach
obligations and more breach subject data—and the scary thing
for our clients is many of these laws require notification and
notification on a stepped-up timetable.
What is fascinating for me is the fact that we have moved beyond
what most firms are looking at, which is simple equal protection to
ethical use, efficacy of the models, and whether or not the models
are hallucinating. Some security companies, like CrowdStrike, have
argued that just 150,000 records injected into your models and
within your model-training data, can create marginally different
outcomes. And can you imagine being a GC who all of a sudden
realizes that the AI they are relying upon—perhaps for
employment, for lending, and for other very serious use cases and
perhaps even the distribution of benefits—maybe that's
not working the way it should.
We advise our clients that when dealing especially with more modern
safety issues—bullying, bulimia, true safety issues and
trafficking, and we have clients who are actively assisting in some
of these areas—they're just an issue that it doesn't
matter whether or not federal enforcement occurs. A) it probably
will occur because it's not politically expedient to avoid it,
and B) there are still state attorneys general that will
aggressively go after safety issues because that is squarely within
their, you know, Mini Section 5 jurisdiction.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
