Converging State Privacy Laws and the Emerging AI Challenge
February 28, 2024 – Published on Dark Reading
Written by Jason Eddinger, Senior Security Consultant – Data Privacy, GuidePoint Security
Eight US states passed data privacy legislation in 2023, and in 2024, laws will come into effect in four, including Oregon, Montana, and Texas, each with comprehensive state privacy laws, and Florida, with its far more limited Digital Bill of Rights law. Notably, these laws all share similarities and underscore a national trend toward unified data protection standards in the patchworked US privacy landscape.
While these laws align in many respects — such as exempting employer information and lacking a private right of action — they also exhibit state-specific nuances. For example, Montana’s lower threshold for defining personal information, Texas’ unique approach to small business definition, and Oregon’s detailed personal information categorization illustrate this diversity.
The laws demonstrate a compelling need for companies to evaluate and ensure data protection addendums in their processes. Accountability is a critical aspect of these laws, reflecting the increased rights and awareness of data subjects. Organizations must establish procedures to enable individuals to exercise their privacy rights effectively, which involves investing in management platforms and monitoring processing activities to ensure compliance….
The rise of generative artificial intelligence (GenAI) presents unique challenges in the privacy sector. As AI technologies become integral to businesses, the need for structured policies and processes to manage AI deployment is paramount. The National Institute of Standards and Technology (NIST) has developed a framework to manage AI risks, focusing on design and deployment strategies.
In terms of governance, we often see AI handed over to privacy instead of security because there is a lot of overlap, but in terms of tactical impacts, there are quite a few. Large language models (LLMs) and other AI technologies often utilize extensive unstructured data, raising critical concerns about data categorization, labeling, and security. The potential for AI to inadvertently leak sensitive information is a pressing issue, necessitating vigilant monitoring and robust governance.
Read More HERE.