[The IPKat] Fordham 33 (Report 2): Top 5 Takeaways: Data Governance, Privacy, & Cybersecurity in an AI World
15 views
Skip to first unread message
Annsley Merelle Ward
Apr 10, 2026, 4:40:04 PM (7 days ago) Apr 10
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to IPKat Readers
The data governance session The IPKat is back in Fordham, with the Spring skies and the chirping birds gracing the streets of the Upper West Side. As a proud and long-standing partner with the Fordham IP Conference, now in its 33rd year, the IPKat is thrilled to partner with the students of Fordham for reports from this years’ conference. This report comes from Seth B. Pearson (First Year Student of Penn State Dickinson Law).
Over to Seth:
"Thursday afternoon featured the Data Governance, Privacy, and Cybersecurity session. This session tackled the massive clash between data sovereignty, cross-boarder transfers, and the shifting economics of cybersecurity in our digital economy. Moderated by Cameron Russell (Mastercard), the panel featured Kohei Wachi (Mori Hamada), Sven Schonhofen (Reed Smith LLP), Benoit Van Asbroeck (Bird & Bird), Charisse Castagnoli (Vilya Law PLLC), and Aniket Kesari (Fordham University School of Law). All views expressed on the panel were their personal views.
For legal professionals attempting to navigate this volatile space, here are the top five takeaways:
1. AI is Forcing a Data Governance Overhaul: Traditional data governance relied heavily on established retention schedules and straightforward de-identification. That era is over. As Castagnoli noted, "read-only is a suggestion to an LLM." The fundamental mechanics of AI necessitate total traceability and a completely reshaped approach to vendor and sub-processor management to ensure compliance.
2. A Tale of Two Regulatory Regimes: The global approach to AI and data regulation is severely diverging. While the EU is aggressively regulating with nearly 100 digital laws in play (including the GDPR and AI Act), Japan is taking a drastically different path. Wachi highlighted that to combat a shrinking workforce, Japan is actually loosening consent requirements for AI training data to promote immediate technological adoption.
3. The U.S. Preemption Battle: Domestically in the US, the core tension lies in whether the federal government will preempt a growing patchwork of state-level AI regulations. Kesari pointed out that defining what an "AI product" actually is will be central to resolving whether states can effectively differentiate and regulate these tools locally, or if a national standard is required.
4. The Economics of Cyberattacks Have Plummeted: AI has fundamentally lowered the cost and effort required to execute highly sophisticated cyberattacks. Deepfakes and AI-generated phishing are effortlessly bypassing traditional human-layer defenses. Kesari struck fear into some of the audience members when he explained how the agent features found within AI systems like Claude, is making it more streamlined, efficient, and cheaper to sophistically attack numerous people. However, the panel reminded the audience that traditional "defense in depth" still remains critical - an isolated vulnerability cannot be exploited if layered corporate defenses hold steady.
5. The Lawyer as a Translator: For those navigating early legal careers and breaking into the corporate compliance space, mastering the legal doctrine is only half the battle. Legal professionals must increasingly act as translators between engineering teams, business stakeholders, and regulators. Having a foundational curiosity about how the underlying technology works is no longer optional; it is a prerequisite for effective incident response and global compliance.
As the digital landscape shifts beneath our feet, one thing is certain: in the collision of AI, privacy, and security, the most successful legal professionals will have to be not only experts in the law, but they'll have to be the essential bridges between innovation and ethics."
"Thursday afternoon featured the Data Governance, Privacy, and Cybersecurity session. This session tackled the massive clash between data sovereignty, cross-boarder transfers, and the shifting economics of cybersecurity in our digital economy. Moderated by Cameron Russell (Mastercard), the panel featured Kohei Wachi (Mori Hamada), Sven Schonhofen (Reed Smith LLP), Benoit Van Asbroeck (Bird & Bird), Charisse Castagnoli (Vilya Law PLLC), and Aniket Kesari (Fordham University School of Law). All views expressed on the panel were their personal views.
For legal professionals attempting to navigate this volatile space, here are the top five takeaways:
1. AI is Forcing a Data Governance Overhaul: Traditional data governance relied heavily on established retention schedules and straightforward de-identification. That era is over. As Castagnoli noted, "read-only is a suggestion to an LLM." The fundamental mechanics of AI necessitate total traceability and a completely reshaped approach to vendor and sub-processor management to ensure compliance.
2. A Tale of Two Regulatory Regimes: The global approach to AI and data regulation is severely diverging. While the EU is aggressively regulating with nearly 100 digital laws in play (including the GDPR and AI Act), Japan is taking a drastically different path. Wachi highlighted that to combat a shrinking workforce, Japan is actually loosening consent requirements for AI training data to promote immediate technological adoption.
3. The U.S. Preemption Battle: Domestically in the US, the core tension lies in whether the federal government will preempt a growing patchwork of state-level AI regulations. Kesari pointed out that defining what an "AI product" actually is will be central to resolving whether states can effectively differentiate and regulate these tools locally, or if a national standard is required.
4. The Economics of Cyberattacks Have Plummeted: AI has fundamentally lowered the cost and effort required to execute highly sophisticated cyberattacks. Deepfakes and AI-generated phishing are effortlessly bypassing traditional human-layer defenses. Kesari struck fear into some of the audience members when he explained how the agent features found within AI systems like Claude, is making it more streamlined, efficient, and cheaper to sophistically attack numerous people. However, the panel reminded the audience that traditional "defense in depth" still remains critical - an isolated vulnerability cannot be exploited if layered corporate defenses hold steady.
5. The Lawyer as a Translator: For those navigating early legal careers and breaking into the corporate compliance space, mastering the legal doctrine is only half the battle. Legal professionals must increasingly act as translators between engineering teams, business stakeholders, and regulators. Having a foundational curiosity about how the underlying technology works is no longer optional; it is a prerequisite for effective incident response and global compliance.
As the digital landscape shifts beneath our feet, one thing is certain: in the collision of AI, privacy, and security, the most successful legal professionals will have to be not only experts in the law, but they'll have to be the essential bridges between innovation and ethics."
Do you want to reuse the IPKat content? Please refer to our 'Policies' section. If you have any queries or requests for permission, please get in touch with the IPKat team.
Reply all
Reply to author
Forward
0 new messages