Posts

Showing posts with the label governance

New York Governor Unveils New AI Agenda

Image
New York Governor Kathy Hochul announced plans to launch a new office to oversee the implementation and enforcement of New York’s artificial intelligence (AI) and digital technology laws as part of a series of recent proposals. The moves signal that New York will remain one of the leaders among states regulating AI and technology platforms at the same time the fedoeral government seeks to preempt and restrict state regulation of AI. Quick Hits New York Governor Kathy Hochul has announced a new AI agenda, including the establishment of an Office of Digital Innovation, Governance, Integrity and Trust (DIGIT) to oversee digital safety and technology governance. The governor also announced plans to advance legislation aimed at regulating AI-generated content and enhancing consumer privacy, including proposals to mandate labeling of provenance data and require data broker registration. This initiative builds on a series of recent AI and technology policies in New York, positioning the state...

AI Notetaking Tools Under Fire: Lessons from the Otter.ai Class Action Complaint

The rapid adoption of AI notetaking and transcription tools has transformed how organizations (and individuals) capture, analyze, and share meeting and other content. But as these technologies expand, so too do the legal and compliance risks. A recent putative class action lawsuit filed in federal court in California against Otter.ai, a leading provider of AI transcription services, highlights the potential pitfalls for organizations relying on these tools. The Complaint Against Otter.ai Filed in August 2025,  Brewer v. Otter.ai  alleges that Otter’s “Otter Notetaker” and “OtterPilot” services recorded, accessed, and used the contents of private conversations without obtaining proper consent. According to the  complaint , the AI-powered notetaker: Joins Zoom, Google Meet, and Microsoft Teams meetings as a participant and transmits conversations to Otter in real time for transcription. Records meeting participants’ conversations even if they are not Otter accountholders ....

Self-assessing your COI program

Compliance and ethics program assessments sometimes have a general scope and are sometimes focused on a single substantive risk area—such as corruption or competition law. For some companies, it makes sense to do such a targeted/deep dive assessment for conflicts of interest (COIs). This is particularly so for those responding to a significant COI violation or “near miss,” but it is also the case where the likelihood of COI risks is heightened due to geographic, organizational, or industry cultural considerations. The scope and approach of such assessments for any given company at any given time should vary based on various circumstances. Though, as a general matter, what does one look for in a COI program assessment? Risk assessment : Has the company assessed COI risk? If so, has it been done in a documented way? Has it used the assessment(s) results in designing and implementing other aspects of the COI program? Governance : Have the respective COI oversight roles of the board of di...

AI versus MFA

  Ask any chief information security officer (CISO), cyber underwriter or risk manager, or cybersecurity attorney about what controls are critical for protecting an organization’s information systems, you’ll likely find multifactor authentication (MFA) at or near the top of every list. Government agencies responsible for helping to protect the U.S. and its information systems and assets (e.g.,   CISA ,   FBI ,   Secret Service ) send the same message. But that message may be evolving a bit as criminal threat actors have started to exploit weaknesses in MFA.   According to a recent report in  Forbes , for example, threat actors are harnessing AI to break though multifactor authentication strategies designed to prevent new account fraud. “Know Your Customer” procedures are critical in certain industries for validating the identity of customers, such as financial services, telecommunications, etc. Employers increasingly face similar issues with recruiti...

People and Policy: Building Compliance and Ethics into Your Company’s DNA

Image
  It’s not enough to have the right policies in place — you have to embed those policies into the fabric of your organization. In today’s fast-paced and interconnected business world,  ensuring compliance and building an ethical corporate culture  isn’t just a regulatory checkbox—it’s part of your organization’s DNA. Governance, Risk Management, and Compliance (GRC) has evolved from a back-office necessity to a front-line enabler, engaging everyone from employees to third-party partners in the process . This shift emphasizes that c ompliance and ethics must be woven into every aspect of the company’s operations, influencing attitudes, behavior, and, ultimately, organizational culture. At the core of this transformation is the concept of engagement, a critical trend shaping the future of GRC. In the modern organization, GRC is no longer the domain of just compliance officers or risk managers; it involves every employee, contractor, vendor, and partner across the extended e...