Photo of Stephen C. Piepgrass

Stephen C. Piepgrass

Subscribe to Stephen C. Piepgrass's Posts

Stephen leads the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group. He focuses his practice on enforcement actions, investigations, and litigation. Stephen primarily represents clients engaging with, or being investigated by, state attorneys general and other state or local governmental enforcement bodies, including the CFPB and FTC, as well as clients involved with litigation, with a particular focus on heavily regulated industries. He also has experience advising clients on data and privacy issues, including handling complex investigations into data incidents by state attorneys general other state and federal regulators. Additionally, Stephen provides strategic counsel to Troutman Pepper’s Strategies clients who need assistance with public policy, advocacy, and government relations strategies.

Follow:Read more about Stephen C. PiepgrassStephen C.'s Linkedin Profile

This article was originally published on August 24, 2023 in Reuters and is republished here with permission.

In the burgeoning realm of data incidents, it is a truism that such incidents are not created equal. Indeed, a data incident is not necessarily a data breach.

An incident is any “occurrence that actually or potentially jeopardizes the confidentiality, integrity or availability of an information system,” or an event that constitutes a violation of an organization’s computer security or acceptable use policies. National Institute of Standards and Technology, Minimum Security Requirements for Federal Information and Information Systems, FIPS 200, at 7 (Mar. 9, 2006) (nist.gov). A breach is an incident that imposes statutory and regulatory obligations on an affected organization when it holds or controls certain consumer information.

On June 7, the Federal Trade Commission (FTC) announced a request for information (RFI) to gain additional insight into how it can optimize joint enforcement with state attorneys general (state AGs) to protect consumers from fraud. The announcement signals a growing trend of cooperation between the FTC and state AGs, which we have also seen between the Consumer Financial Protection Bureau (CFPB) and the state regulators.

Many companies use machine learning algorithms and artificial intelligence (AI) to assist with employment decisions and tenant screening. In our final episode, Stephen Piepgrass and colleagues Ron Raether and Dave Gettings examine the use and impact of AI in background screening, including the potential risks companies may face with increased reliance on AI.

On May 17, District of Colombia Attorney General Brian Schwalb announced the settlement of an investigation into Easy Healthcare Corporation, requiring the company to change its privacy practices involving the ovulation tracking app “Premom” to protect the sensitive reproductive data of consumers. Easy Health agreed to several remedial measures intended to prevent the disclosure of sensitive information to third parties and to pay a $100,000 penalty to the states involved with the investigation.

Financial services companies are using AI to assist with many business processes, including underwriting decisions, consumer credit approval, servicing and collections, loss mitigation programs, customer interaction on websites and mobile apps via chatbots, and in detecting fraud. In this fourth episode, Stephen Piepgrass and colleagues Chris Willis and Michael Yaghi examine the use and impact of AI in the financial services industry. They discuss the potential risks financial services companies may face with increased reliance on AI, as well as the increased focus on AI by various regulators and state attorneys general.

AI continues to capture the headlines. One recent headline noted that ChatGPT passed the medical boards. In this third episode, Stephen Piepgrass and colleagues Michael Yaghi and Barry Boise discuss the potential risks health care companies may face with increased reliance on AI, as well as the increased focus on AI by various regulators and state attorneys general, particularly in the health care space.

Artificial intelligence (AI) has captured the imagination and generated excitement with consumers and businesses, but at the same time, developments in AI have also raised public concerns and spawned regulation that sometimes threatens to outpace the technological innovation we are seeing. In this second in our series on AI, Stephen Piepgrass and colleagues Jim Koenig and Chris Willis discuss the background of AI, including the opportunities and associated risks it presents, as well as the emerging global best practices surrounding the collection, use, and sharing of data and its use in AI.

Join us for the first in a series of episodes covering artificial intelligence (AI). As technology continues to develop, more companies are using AI in their day-to-day business, and with increased use comes increased risk. In this episode, Stephen Piepgrass and colleagues Michael Yaghi and Trey Smith provide an overview of AI, including uses and risks, and the increased focus on AI by various regulators, including state attorneys general, federal agencies, and local governments.