• |

    Feb. 19, 2025

Transforming Security and Privacy Workloads With Generative AI: A Comprehensive Framework

Generative AI (Gen AI) has the potential to revolutionize how organizations approach security and privacy, shifting from reactive, fragmented efforts to proactive, seamless operations. By streamlining processes, eliminating inefficiencies and fostering human-AI collaboration, Gen AI can transform compliance into a strategic driver of innovation. In this guest article, Nikhil Sarnot, a managing director at Accenture Security, explores the building blocks of achieving frictionless compliance by leveraging Gen AI, practical use cases for Gen AI in privacy and security, and the challenges of implementation. See “Applying AI in Information Security” (May 15, 2024).

AI Meets GDPR: Mitigating Risks and Scaling Compliance in the Development and Deployment of AI Models

The European Data Protection Board opinion 28/2024 (Opinion), on the processing of personal data in the context of AI models, conveys a clear message that entities developing and deploying these models need to take a proactive, risk-based approach to data protection. Companies subject to the GDPR, as well as emerging regulations in various U.S. jurisdictions, face challenges in complying with ever complex layers of legal requirements. This second article in a two-part series covering the Opinion offers best practices for controllers when processing personal data in the context of AI development and deployment, suggests strategies for navigating the regulatory landscape, and examines the Opinion’s impact in the broader AI and privacy legal arena. It includes practical insights from A&O Shearman, Bird & Bird, McDermott Will & Emery, Morrison Foerster and Steptoe. Part one discussed significant elements of the Opinion and its implications for entities subject to the GDPR. See “AI Governance: Striking the Balance Between Innovation, Ethics and Accountability” (Feb. 12, 2025).

SEC and CFTC 2024 Enforcement Results: Record-High Financial Remedies Across Fewer Actions

The SEC and Commodity Futures Trading Commission both imposed record-high financial remedies in their 2024 fiscal year (FY2024), which ended on September 30, 2024. On the other hand, however, the agencies brought substantially fewer enforcement actions than in recent years, according to their FY2024 enforcement reports. The agencies’ enforcement reports reflect their continuing focus on fraud and compliance failures involving AI, cybersecurity and other tech-related areas. This article distills the key takeaways from the reports. See “SEC Stresses Cybersecurity, AI and Crypto in Its 2025 Exam Priorities” (Dec. 18, 2024).

Crowell Strengthens Privacy & Cybersecurity Group With Addition of Two Seasoned In-House Counsel in D.C.

Crowell & Moring has welcomed two senior counsel, Justin Weiss and Rita Heimes, to its privacy & cybersecurity group in Washington, D.C. In addition to his role as senior counsel, Weiss will also serve as senior director at Crowell Global Advisors. For commentary from Heimes, see “IAPP-EY Annual Report Finds GDPR Compliance Strides and DPO Explosion” (Oct. 31, 2018). For insights from Crowell, see “Navigating SEC Cybersecurity Enforcement in a Post-SolarWinds World” (Nov. 15, 2023); and “SEC and CFTC Wall Street Resolutions Highlight Need for Communication and Records Compliance” (Oct. 26, 2022).

Wiley Welcomes Former FTC Official in New York

Ian Barlow has joined Wiley’s New York office as of counsel in the firm’s privacy, cyber & data governance; FTC regulation, telecom, media & technology; and white collar defense & government investigations practice areas. He arrives from the FTC. For insights from Wiley, see “Prioritizing Public-Private Partnerships in an Increasingly Complex Regulatory Environment” (Mar. 2, 2022); and “How Financial Institutions Should Strengthen Their Data Security to Comply With FTC’s Updated Safeguards Rule” (Nov. 17, 2021).

Most-Read Articles

Celebrating Data Privacy Day 2025

Read the full brief here.

Cybersecurity Awareness Month

Read the full brief here.