Technology

Subscribe to Technology via RSS

On September 23, Principal Deputy Assistant Attorney General Nicole M. Argentieri announced that the U.S. Department of Justice (DOJ) updated its guidance on the Evaluation of Corporate Compliance Programs (ECCP). The DOJ’s ECCP serves as a roadmap for federal prosecutors to use when evaluating the effectiveness of corporate compliance programs. Therefore, companies should also pay close attention to this guidance when reviewing their compliance programs. Ultimately, a company’s efforts to design, regularly evaluate, and update its compliance program in line with this guidance could inform criminal investigations, charging decisions, and case resolutions.

Published in Law360 on September 27, 2024. © Copyright 2024, Portfolio Media, Inc., publisher of Law360. Reprinted here with permission.

On Sept. 18, Texas Attorney General Ken Paxton announced a settlement with healthcare technology company Pieces Technology pursuant to the Texas Deceptive Trade Practices-Consumer Protection Act.

On September 9, Colorado Attorney General (AG) Phil Weiser issued a public advisory warning voters about the dangers of election misinformation and disinformation in the form of realistic-looking images, videos, and audio created using artificial intelligence (AI), known as “deepfakes.” The advisory follows the May 2024 enactment of HB24-1147, an act designed to prevent a broad range of actors from using deepfakes depicting candidates in political communications without properly disclosing the untruthful nature of the communication to voters.

Dear Mary,

Each of the 50 states has its own definition of what constitutes a reportable data breach. For some, it requires “unauthorized access” to personal information. For others, it requires “unauthorized acquisition.” And then, some states have further qualifications to their definition, such as whether that unauthorized access or acquisition “compromises” or “materially compromises” the integrity, security, or confidentiality of the data. No states (apart from New York) define access or acquisition, and no state defines compromise vs. material compromise. How would you suggest analyzing all these varying terms?

– Patchwork

In 2024, the landscape of state attorneys general (AGs) is poised for significant change, with numerous elections and regulatory actions reshaping priorities and enforcement strategies. This dynamic environment reflects the critical role AGs play in addressing key issues across various sectors, from environmental regulations and consumer protection to health care and privacy. As state AGs continue to influence policy and legal frameworks, their actions will have far-reaching implications for businesses and consumers alike. Troutman Pepper’s State AG team is pleased to provide you with this mid-year review summarizing the activities in this regulatory space over the past six months.

On May 17, 2024, Colorado Governor Jared Polis signed into law Senate Bill 24-205, the Colorado Artificial Intelligence (AI) Act, making Colorado the first U.S. state to enact comprehensive legislation regulating the use and development of AI systems. The act is designed to regulate the private-sector use of AI systems, particularly addressing the risk of algorithmic discrimination arising from the use of so-called “high-risk AI systems.” The law will take effect on February 1, 2026, and the Colorado attorney general (AG) has exclusive enforcement authority.

State attorneys general (AGs) have increased their scrutiny of the use of artificial intelligence (AI), particularly in relation to data privacy laws, consumer protection statutes, and anti-discrimination laws. Our state AG team has issued a new white paper examining this trend, including a detailed look at the recent advisory opinion issued by the Massachusetts AG’s office, which provides guidance on how existing laws apply to AI. Understanding the potential legal implications of AI use is important to any consumer-facing business, include private equity firms and other investors.

On May 8, attorneys general (AG) from 14 states and the District of Columbia sent a letter to Congressional leadership opposing provisions of the recently proposed federal American Privacy Rights Act (APRA). In addition to the District of Columbia, the signatory states include California, Connecticut, Delaware, Hawaii, Illinois, Maine, Massachusetts, Maryland, Minnesota, Nevada, New York, Oregon, Pennsylvania, and Vermont. Their objections primarily center on the APRA’s preemption clause, which would nullify 16 state comprehensive data privacy laws that have been enacted since 2018.

Massachusetts Attorney General (AG) Andrea Joy Campbell issued an advisory to provide guidance on how state consumer protection, anti-discrimination, and data security laws apply to artificial intelligence (AI). The advisory emphasizes that these existing laws apply to emerging technology, including AI systems.