Duane Morris TechLaw

February 12, 2025 by Duane Morris

FDA Draft AI Guidance Marks a New Era for Biotech, Diagnostics and Regulatory Compliance

The U.S. Food and Drug Administration’s recent release of two draft guidance documents on the use of artificial intelligence in drug development, biologics and medical devices has sparked both excitement and skepticism. As AI increasingly permeates these fields, the regulatory landscape is just beginning to take shape—and these proposed guidelines take a step in that direction by raising awareness of important questions about the future of AI innovation in life sciences. For therapeutic, medical device and diagnostics companies—whether already implementing AI or just beginning to explore its potential—the message is clear: The landscape is evolving, and future success will require thoughtful consideration of compliance, patient safety and privacy protection from the earliest stages of AI adoption.

Read the full Alert on the Duane Morris LLP website.

January 2, 2025January 2, 2025 by Duane Morris

Data Privacy and Consumer Protections in 2025

Duane Morris partner Michelle Hon Donovan shares insight with NBC News about the privacy laws that take effect this year.

Eight states will have privacy laws take effect this year: Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Maryland, Minnesota and Tennessee. The laws impose stricter obligations on businesses handling personal data and grant consumers the right to more transparency on how their data is collected, used and shared, according to Donovan. Not all companies will be required to comply, as each state has its own requirements and thresholds, such as Nebraska, which exempts small businesses.

Donovan said that before 2020, there were few laws across the country addressing privacy except for online privacy laws in a handful of states. Federal laws mostly focus on certain industries, she added, like the Family Educational Rights and Privacy Act and the Health Insurance Portability and Accountability Act.

Read the full article on the NBC News website.

December 13, 2024 by Duane Morris

New Law on Generative AI in Healthcare

California has passed a new AI law, Assembly Bill No. 3030, which establishes disclaimer requirements for healthcare providers sending unvetted messages to patients generated by artificial intelligence. AB 3030 is effective January 1, 2025. Under the new law, when a covered provider uses AI to generate a patient communication concerning a patient’s clinical information, that communication must include a disclaimer saying that the communication was generated by AI. Read the full Alert on the Duane Morris website.

December 5, 2024 by Duane Morris

Webinar: Artificial Intelligence and Data Licensing

Duane Morris’ Technology Transactions, Licensing and Commercial Contracts Group presents a webinar, Understanding Data Licensing in the World of AI, to be held on Wednesday, December 18, 2024, from 1:00 p.m. to 2:00 p.m. Eastern.

REGISTER

As we head into 2025, more and more of our clients are negotiating data licensing agreements and asking for assistance in understanding a company’s rights regarding data. This webinar will review intellectual property rights with regard to data, the frequent use and terms of creative commons licenses with datasets, and important and commonly negotiated terms in data licensing agreements, with our attorneys providing thoughts on these issues and how they relate to AI. Learn more.

October 10, 2024October 10, 2024 by Michelle Hon Donovan

New York Department of Financial Services Issues Cybersecurity Threat Alert as Malicious Activity Rises

The New York Department of Financial Services (DFS) published an alert directed to all DFS-regulated entities specifically warning of a widespread cybersecurity threat involving social engineering of regulated institutions’ IT help desk personnel and call center personnel.

According to the alert, DFS has detected a trend in which threat actors have targeted IT personnel as a part of schemes to gain system access through password resets and diversion of multi-factor authentication (MFA) to new devices. According to DFS, threat actors have employed tactics including voice-altering technology and leveraging information found online about identities of individuals, in attempts to convince IT personnel at help desks and call centers to comply with fraudulent access requests.

DFS cautions all regulated entities to be on “high alert for suspicious communications” based on the observed threat actors’ recent activity. Entities are encouraged by DFS to:

implement secure controls for password changing and MFA device configurations;
exercise caution in authenticating the identity of anyone who tries to change a password or MFA device; and
remain vigilant when receiving requests from individuals and vendors regarding system access.

DFS included a link to guidelines published by the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA). The guidelines from CISA (CISA: Avoiding Social Engineering and Phishing Attacks) identify best practices to protect against these cyber threats, including:

Distinctions between common methods of social engineering employed by threat actors
Common indicators of malicious activity disguised as a legitimate communication
Proactive measures to minimize the risk of disclosing information and/or permitting access to threat actors
Guidance and resources on handling a cybersecurity compromise

In addition to the CISA guidelines, NYDFS has a publicly available Cybersecurity Resource Center with more information and guidance for DFS-regulated individuals and entities.

For More Information

If you have any questions about this blog post, please contact Michelle Hon Donovan, Ariel Seidner, Milagros Astesiano, any of the attorneys in the Privacy and Data Protection Group, or the attorney in the firm with whom you are regularly in contact.

Disclaimer: This blog post has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm’s full disclaimer.

September 27, 2024September 27, 2024 by Duane Morris

FTC Announces Enforcement Actions Against AI Use

As part of its ongoing enforcement efforts against allegedly deceptive and misleading uses of artificial intelligence, the Federal Trade Commission (FTC) disclosed five new enforcement actions on September 25, 2024, against companies across various industries that either allegedly made fraudulent claims about their AI resources or offered AI services that could be used in misleading or deceptive ways. Read the full Alert on the Duane Morris website.

September 27, 2024September 27, 2024 by Duane Morris

FTC Launches Operation AI Comply

The FTC announced recent lawsuits are part of a crackdown on companies allegedly engaging in this behavior called “Operation AI Comply.” Read more on the Duane Morris Artificial Intelligence Blog.

September 23, 2024September 23, 2024 by Duane Morris

How Copyright Law Regards Artificial Intelligence

Duane Morris partner Agatha Liu is quoted in the Bloomberg Law article, “AI Art Appeal’s Procedural Flaws Put Broader Ruling in Doubt.”

An appeals court panel’s focus on procedural issues in a case involving efforts to copyright AI-generated work left attorneys concerned the judges may sidestep larger questions about how copyright law regards the emerging technology. […]

“The point of copyright protection is it should reward creativity. It should be associated with a human being, not a machine,” said Liu. “But there’s merit in claiming the creator of the machine being an author.”

Read the full article on the Bloomberg Law website.

September 18, 2024 by Duane Morris

Artificial Intelligence Updates – 09.18.24

#HelloWorld. It’s been a long summer hiatus. Please bear with us as we play our way back into shape. In this issue, we recap the summer highlights of AI legal and regulatory developments. Of course, the EU AI Act, but not just the EU AI Act. California continues to enact headline-grabbing AI legislation, content owners continue to ink deals with AI model developers, and what would a month in the federal courts be without another AI lawsuit or two. Let’s stay smart together.

Read more on The Artificial Intelligence Blog.

August 29, 2024 by Duane Morris

Employment Legislation in Illinois Regulates BIPA and AI

In the span of 10 days in August 2024, Illinois Governor J.B. Pritzker signed into law a series of significant employment legislation, paving the way for a new employment landscape beginning in 2025 and 2026. The new legislation includes:

- Adding new requirements for employers utilizing artificial intelligence in their decision-making processes, and imposing liability under the Illinois Human Rights Act if those AI systems create a discriminatory effect;
- Passing long-awaited reforms to the Biometric Information Privacy Act that limit the number of violations an individual may accumulate under the law

Read the full Alert on the Duane Morris website.