ADCG on Privacy & Cybersecurity – Détails, épisodes et analyse

In this episode of the ADCG Privacy & Cybersecurity Podcast, host Jody Westby is joined by former Magistrate Judge Ronald J. Hedges, a legal thought leader in the areas of electronic discovery and artificial intelligence and the law. Jody and Ron discuss how AI is driving legislative and regulatory action, including action within the judiciary and ethics rules and guidance from bar associations. In addition to discussing issues with admissibility and discovery of evidence, Ron discusses how the work of three bar associations regarding the use of AI in the legal profession could be a model for professionals in other industry sectors. Ron is a member of the New York and New Jersey state bar associations’ AI Task Forces, and is Chair of the Court Technology Committee of the ABA Judicial Division. He is principal at Ronald J. Hedges LLC.

In this episode of ADCG’s Privacy and Cybersecurity Podcast, Jody Westby interviews Jean Camp, Director of the Center for Security and Privacy in Informatics, Computing, and Engineering and Professor of Informatics at University of Indiana. Prof. Camp is a renowned thought leader in privacy and cybersecurity and has conducted meaningful research on issues related to SBOMs and how they could be more effective. In this podcast, we explore the role of SBOMs in cybersecurity, what limits their effectiveness, and the Federal Government's role in advancing the use of SBOMs, developing tools to ease the use of SBOMs, and international efforts to create a harmonized approach to the development and use of SBOMs. Links to some of Prof. Camp’s work in this area is available on the ADCG website.

This week’s podcast episode features Steve Britt, Counsel at Parker Poe and privacy expert to discuss the five state privacy laws that went into effect in 2023 and the TEN that have been enacted in 2023, how they vary, what they have in common, and this new “trend” to protect consumer health data (not HIPAA data). Steve also discusses the new requirement for Data Protection Assessments, expanded protections for children’s data, and regulatory risk factors and triggers. He ends with key takeaways and has provided a slide deck for listeners to download and follow along as they listen to the podcast (see adcg.org/podcast for supplemental materials on this episode).

The Federal Reserve Bank of San Francisco has published a report titled The Role of Individuals in the Data Ecosystem. The report is a comprehensive catalog of issues related to data rights and data protection for individuals. Notably, it concludes that "most of this regulation is limited to specific sectors or geographies and creates a complexity that is precarious for individuals and burdensome for businesses and government oversight. There is clear value in creating a foundation of data protection that extends across all entities and individuals in the U.S. and borrows from the possible lessons that current laws have taught us."

In this episode, Jody Westby and Jerry Buckley interview the report’s author, Kaitlin Asrow. The report offers a potential national legal framework for data governance, but also suggests the need for a significant rethinking of the ways in which we approach the legal structure for individual data protection. The report and our discussion with Kaitlin are a must hear for anyone seriously interested in understanding the way forward in privacy and data protection policy.

Data is the lifeblood of the financial services industry and personal financial data is among the most sensitive data that exists. An informal Financial Services Data Protection Working Group of national financial services trade associations has come together to respond to proposed state and federal privacy legislative proposals. Nicole Booth (Executive Vice President of Public Affairs, Notarize) and Elizabeth Young-LaBerge (Senior Regulatory Counsel, NAFCU) are playing leadership roles in Working Group. This episode will explore the data protection issues the financial services industry is grappling with at the state level and the prospects for national privacy legislation.

Kate Flocken and Ty Griffin provide an up-close look at the current state of play for legislation that would create a national privacy/data protection regime. Kate is a senior policy adviser at Allon Advocacy LLC where she works with fintech and financial services companies to help them navigate complex policy issues, and worked for Senator Rob Portman of Ohio (a founder and co-chair of the bipartisan Senate AI caucus).  Ty Griffin co-founded Prism Money, a consumer-focused bill payment tool, in 2012 and is now a managing partner at Financial Venture Studio, which invests in fintech startups.

Kate and Ty bring us a real time, close-up look at the legislative landscape from two points of view: Kate's close following of Senate and House legislative proposals and Ty's understanding of how these proposals will impact the fintech and other companies who are seeking to bring technology-based solutions to the marketplace. The legislative landscape on Capitol Hill is fluid and the results of the election will have a big impact on what way Congress decides to go. Further, there are multiple claimants to writing the rules with several congressional committees seeking a role. Even the core principles that will inform any national legislation are still up for debate. This episode provides a snapshot of where we are now and looks ahead at the issues that will need to be resolved if national privacy legislation is to become a reality.

Daniel J. Solove is the John Marshall Harlan Research Professor of Law at the George Washington University Law School. He is also the founder of TeachPrivacy, a privacy and cybersecurity training company.  

Professor Solove provided one of the inaugural podcasts of the ADCG series and discussed the current privacy landscape including the CCPA, the EU GDPR, and the EU Court of Justice decision invalidating the US Privacy Shield.  Against this backdrop, Prof. Solove discussed whether a federal privacy law is more likely now than in the past and, if so, what such a law might cover and how close it might get to the GDPR or the CCPA. In this discussion, Prof. Solove also discusses the American Law Institute (ALI) Principles of Data Privacy, which propose comprehensive privacy principles for legislation that are consistent with key foundations in the U.S. approach to privacy, but also better align the U.S. with the EU.  The Principles will likely be influential in future policy discussions, especially with respect to notice and choice.  Finally, the podcast explores with Prof. Solove potential stumbling blocks that are likely to be encountered in discussions regarding a federal privacy law.

Jim Dempsey is the Executive Director, Berkeley Center for Law and Technology and formerly held leadership roles at the Center for Democracy and Technology. Jim Dempsey provided one of the inaugural podcasts of the ADCG series and discussed the lengthy and unsuccessful attempts to enact a federal privacy law. In light of the EU GDPR, California’s passage of the CCPA, and the EU Court of Justice invalidating the US Privacy Shield, he ponders whether the U.S. needs a federal privacy law and what that might look like. The discussion covers likely stumbling blocks to a federal privacy law, such as preemption of state law and a private right of action, similar to that provided in the CCPA. As a professor of cybersecurity issues at UC Berkeley, Jim also explores the potential cybersecurity aspects of privacy legislation and the role cybersecurity requirements have played in breach notification laws.

This podcast will explore:

• What would national legislation look like?  On what principles would it be based?
• What are the arguments for and against a preemptive national standard?
• What federal agency or agencies should  be charged with implementing a national privacy law?
• What role would be left to the states if a national policy were to be adopted?
• How is congressional debate likely to unfold?
• What role will the executive branch play in this debate?
• Will the United States, where the digital economy was born, cede leadership on data protection regulation to other countries?
• How would a U.S. national privacy law relate to the EU General Data Protection Regulation (GDPR)?
• What domestic and international competitive issues are in play?

All points of view, pro and con, will be heard on these podcasts.

Show Notes:

Visit our website for more information: adcg.org
Visit our resource page for new and other information: adcg.org/news-resources/
Follow us on our social media platforms for updates:
- Twitter
- LinkedIn
- Facebook

Don't forget to review the podcast to help us reach out to other listeners. And also, do not forget to subscribe to get our next episode automatically.

Thanks again for listening!

This episode features Peter Halprin, a partner in the New York City office of Pasich LLP in New York, representing commercial policyholders in complex insurance coverage matters, including cyber. We discuss the price increases in coverage and the scrutiny given claims under property and casualty, cyber, and corporate general liability policies, the risks in the application process, new technology risks associated with biometrics and AI, cyberwar exclusions, and possible changes to policy language to help manage claim risks to carriers.