California has passed a new AI law, Assembly Bill No. 3030, which establishes disclaimer requirements for healthcare providers sending unvetted messages to patients generated by artificial intelligence. AB 3030 is effective January 1, 2025. Under the new law, when a covered provider uses AI to generate a patient communication concerning a patient’s clinical information, that communication must include a disclaimer saying that the communication was generated by AI. Read the full Alert on the Duane Morris website.
Webinar: Artificial Intelligence and Data Licensing
Duane Morris’ Technology Transactions, Licensing and Commercial Contracts Group presents a webinar, Understanding Data Licensing in the World of AI, to be held on Wednesday, December 18, 2024, from 1:00 p.m. to 2:00 p.m. Eastern.
As we head into 2025, more and more of our clients are negotiating data licensing agreements and asking for assistance in understanding a company’s rights regarding data. This webinar will review intellectual property rights with regard to data, the frequent use and terms of creative commons licenses with datasets, and important and commonly negotiated terms in data licensing agreements, with our attorneys providing thoughts on these issues and how they relate to AI. Learn more.
New York Department of Financial Services Issues Cybersecurity Threat Alert as Malicious Activity Rises
The New York Department of Financial Services (DFS) published an alert directed to all DFS-regulated entities specifically warning of a widespread cybersecurity threat involving social engineering of regulated institutions’ IT help desk personnel and call center personnel.
According to the alert, DFS has detected a trend in which threat actors have targeted IT personnel as a part of schemes to gain system access through password resets and diversion of multi-factor authentication (MFA) to new devices. According to DFS, threat actors have employed tactics including voice-altering technology and leveraging information found online about identities of individuals, in attempts to convince IT personnel at help desks and call centers to comply with fraudulent access requests.
DFS cautions all regulated entities to be on “high alert for suspicious communications” based on the observed threat actors’ recent activity. Entities are encouraged by DFS to:
- implement secure controls for password changing and MFA device configurations;
- exercise caution in authenticating the identity of anyone who tries to change a password or MFA device; and
- remain vigilant when receiving requests from individuals and vendors regarding system access.
DFS included a link to guidelines published by the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA). The guidelines from CISA (CISA: Avoiding Social Engineering and Phishing Attacks) identify best practices to protect against these cyber threats, including:
- Distinctions between common methods of social engineering employed by threat actors
- Common indicators of malicious activity disguised as a legitimate communication
- Proactive measures to minimize the risk of disclosing information and/or permitting access to threat actors
- Guidance and resources on handling a cybersecurity compromise
In addition to the CISA guidelines, NYDFS has a publicly available Cybersecurity Resource Center with more information and guidance for DFS-regulated individuals and entities.
For More Information
If you have any questions about this blog post, please contact Michelle Hon Donovan, Ariel Seidner, Milagros Astesiano, any of the attorneys in the Privacy and Data Protection Group, or the attorney in the firm with whom you are regularly in contact.
Disclaimer: This blog post has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm’s full disclaimer.
FTC Announces Enforcement Actions Against AI Use
As part of its ongoing enforcement efforts against allegedly deceptive and misleading uses of artificial intelligence, the Federal Trade Commission (FTC) disclosed five new enforcement actions on September 25, 2024, against companies across various industries that either allegedly made fraudulent claims about their AI resources or offered AI services that could be used in misleading or deceptive ways. Read the full Alert on the Duane Morris website.
FTC Launches Operation AI Comply
The FTC announced recent lawsuits are part of a crackdown on companies allegedly engaging in this behavior called “Operation AI Comply.” Read more on the Duane Morris Artificial Intelligence Blog.
How Copyright Law Regards Artificial Intelligence
Duane Morris partner Agatha Liu is quoted in the Bloomberg Law article, “AI Art Appeal’s Procedural Flaws Put Broader Ruling in Doubt.”
An appeals court panel’s focus on procedural issues in a case involving efforts to copyright AI-generated work left attorneys concerned the judges may sidestep larger questions about how copyright law regards the emerging technology. […]
“The point of copyright protection is it should reward creativity. It should be associated with a human being, not a machine,” said Liu. “But there’s merit in claiming the creator of the machine being an author.”
Read the full article on the Bloomberg Law website.
Artificial Intelligence Updates – 09.18.24
#HelloWorld. It’s been a long summer hiatus. Please bear with us as we play our way back into shape. In this issue, we recap the summer highlights of AI legal and regulatory developments. Of course, the EU AI Act, but not just the EU AI Act. California continues to enact headline-grabbing AI legislation, content owners continue to ink deals with AI model developers, and what would a month in the federal courts be without another AI lawsuit or two. Let’s stay smart together.
Read more on The Artificial Intelligence Blog.
Employment Legislation in Illinois Regulates BIPA and AI
In the span of 10 days in August 2024, Illinois Governor J.B. Pritzker signed into law a series of significant employment legislation, paving the way for a new employment landscape beginning in 2025 and 2026. The new legislation includes:
-
- Adding new requirements for employers utilizing artificial intelligence in their decision-making processes, and imposing liability under the Illinois Human Rights Act if those AI systems create a discriminatory effect;
- Passing long-awaited reforms to the Biometric Information Privacy Act that limit the number of violations an individual may accumulate under the law
Next up for Medtech: Being Generative in Domain-Specific Languages
Given the vast amounts of data available, including raw measurements, diagnostic information, treatment plans, and regulatory guidelines, the biomedical technologies sector stands to gain immensely from artificial intelligence (AI), particularly machine learning (ML).
ML, at its core, learns from training datasets to identify patterns, which can then be applied to new input data to make direct inferences. For instance, if specific body scans frequently result in a particular diagnosis, ML can be used to quickly provide that diagnosis when similar scans are encountered, thus aiding in disease diagnosis.
Read the full article by Duane Morris partner Agatha H. Liu, PhD on the MD+DI website.
Artificial Intelligence Employment Law Enacted in Illinois
On August 9, 2024, Illinois enacted its landmark artificial intelligence employment law, HB 3773. This legislation, which amends the Illinois Human Rights Act, endeavors to prevent discriminatory consequences of using AI in employment decision-making processes. This law goes into effect on January 1, 2026. Illinois is one of 34 states that have either enacted or proposed laws regulating the use of artificial intelligence. Read the full Alert on the Duane Morris website.