• |

    Jul. 30, 2025

From CEO Deepfakes to AI Slop, AI Incident Tracking Ramps Up

After years of eye-opening statistics about cybersecurity attacks, it is AI incidents’ turn to be tracked and tallied. The AI Incident Database (AIID), a research effort, has compiled reports on 1,140 publicly disclosed AI-related incidents, classified into 23 types of harms and risks. The Organisation of Economic Cooperation and Development runs another, mostly automated tracker that has added an average of approximately 330 AI incident reports per month to its database this year. Additionally, in April, the non-profit MITRE launched an AI incident-sharing site that incentivizes companies to confidentially report model tampering, adversarial data injections, voice cloning and other malicious acts targeting AI systems. MITRE has already released 32 case studies for professionals and policymakers to reference. This article presents observations by leaders at MITRE and AIID on the maturity of AI incident tracking, how to define what counts as an AI incident, incident trends and the benefits of AI incident information sharing. See “First Independent Certification of Responsible AI Launches” (Apr. 12, 2023).

Connecticut and Oregon’s Revised Privacy Laws: Impact Assessments, Minors and More

The trend toward more robust and nuanced privacy protections continues to grow. In June 2025, Connecticut and Oregon enacted significant amendments to their comprehensive consumer data privacy laws – joining Montana, Utah, Virginia and Colorado, all of which also made major revisions to their laws in 2025. This second installment of a two-part article series examines some of the key changes the Connecticut and Oregon amendments introduce, including a new and unique impact assessment obligation, privacy notice requirements, prohibitions on the sale of certain data types, and heightened protections for children and minors. With insights from McDermott Will & Emery, Hintze Law, Reed Smith and Orrick, it also provides practical compliance measures that companies should consider taking before the revised provisions go into effect. Part one covered the amendments’ broader threshold and scope, new and expanded definitions of key terms, and enhanced consumer protections. See “Connecticut AG’s Report Reveals Privacy Enforcers Reaching Deeper Into Their State Laws” (Apr. 30, 2025).

Compliance Analytics Can Provide Strategic Insights for the Whole Company

Building a meaningful data analytics system for a company can be a multi-stage process with numerous challenges along the way. The effort could be worthwhile, however, because a well-functioning system can provide strategic insights that help the whole company to thrive. This article distills insights from compliance team leaders at American Express Global Business Travel, shared during a session at the 2025 Society of Corporate Compliance and Ethics Conference on Data Analytics for Compliance Programs, about how the team built an analytics program that generated insights that created value for the whole company. See “A Step-by-Step Approach to Upleveling Compliance Analytics” (Jul. 9, 2025).

Most-Read Articles

Women to Watch: Contributions, Achievements and Observations of Outstanding Female Professionals

To mark International Women’s Day, women editors and reporters at ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Law Report Group editors Jill Abitbol, Robin L. Barton and Megan Zwiebel profile notable women in data privacy, cybersecurity, private funds and anti-corruption law, including Anne-Gabrielle Haie, Jessica Lee, Micaela McMurrough, Laura Perkins, Amanda Raad, Madelyn Calabrese, Ranah Esmaili and Genna Garver. Enjoy reading their inspiring remarks here.

Celebrating Data Privacy Day 2025

Read the full brief here.

Cybersecurity Awareness Month

Read the full brief here.