Rupp Pfalzgraf was founded in 2000 by three visionary attorneys who were determined to redefine the traditional law firm model. Over the course of the past 25 years, they have grown into a dynamic, multi...
In-house counsel have the sobering responsibility of protecting their organizations from evolving cybersecurity and data privacy threats at a time when there is a dramatic increase in the sophistication...
By Madison Johnson, Esq. | Manager, Large Markets In recent discussions , legal industry experts have highlighted the potential of agentic AI systems as a transformative force for law firms aiming to...
Although the initial registration period for the fiscal year 2026 H-1B visa program is expected to open as usual for employers in March 2025 , much uncertainty persists about the types of changes that...
By: Practical Guidance Corporate investment in generative artificial intelligence (Gen AI) technologies continues to accelerate. Average Gen AI budgets grew by 30% in 2024 and they are expected to grow...
In-house counsel have the sobering responsibility of protecting their organizations from evolving cybersecurity and data privacy threats at a time when there is a dramatic increase in the sophistication of attack vectors and regulatory obligations.
“With a host of new state data privacy laws coming online in 2025, this year is sure to test organizations’ compliance capabilities more than ever before,” reported LegalTech News, in a recent story regarding legal industry experts’ predictions for data privacy challenges in the year ahead. “It’s likely that some new laws will be enacted to cover the many data privacy issues stemming from the rise of Gen AI.”
Legal experts are ringing the alarm bell that AI-powered cyberattacks are a serious new threat for corporate data security teams.
“Threat actors are increasingly leveraging AI to launch more sophisticated and adaptive cyber attacks, such as crafting highly convincing phishing emails, evading detection systems and automating exploits at an unprecedented scale,” writes Matt White and Alex Koskey, shareholders at Baker Donelson, in a recent Law360 Expert Analysis column.
The authors warn that bad actors can use AI to mimic legitimate behaviors and thereby infiltrate information systems with greater precision, while traditional cybersecurity defenses struggle to keep up. Moreover, cybercriminals are deploying advanced AI tools to create malware capable of learning and adapting to defenses in real-time.
For in-house counsel who think their year-ago cyber-risk reviews were recent enough, you may want to think again. AI tools can now be leveraged by threat actors to write phishing emails so convincing that even a trained IT professional may be tricked into clicking on links, according to Messrs. White and Koskey—and AI can now brute-force through voice and facial recognition to bypass multifactor authentication.
The proliferation of data privacy laws across the globe, each with its own nuances and specific requirements, is presenting a major challenge in 2025.
States such as California have enacted sweeping data privacy mandates, countries such as China and India have implemented their own laws and, of course, the European Union’s benchmark GDPR continues to influence privacy regulations worldwide. In-house counsel must wrestle with this patchwork of laws, as reported by Law360®, to ensure compliance in all key markets where their companies conduct business.
“As if cybercriminals weren’t enough, regulators are also turning up the heat,” writes Messrs. White and Koskey. “Noncompliance isn’t just a legal headache—it’s a reputational disaster. If your institution gets caught flat-footed during a regulatory review, the fines could pale in comparison to the damage done to client trust.”
For example, many companies rely heavily on third-party vendors to perform various work functions more efficiently—but this reliance introduces data privacy and security risks when outside contractors are given access to corporate systems. In-house counsel must ensure that vendors adequately protect the personal data they collect and process on the company’s behalf.
Another growing privacy challenge pertains to the internal workforce. The increasing use of remote work arrangements and employee monitoring tools necessitates a re-evaluation of employee privacy rights, such as how employees conduct themselves on social media platforms. In-house counsel must balance the need for workplace productivity and brand protection with the right of employees to privacy.
The new cybersecurity and data privacy landscape may feel like murky territory for corporations to navigate in 2025, but in-house counsel can play a critical role for their organizations by staying informed, developing strategic approaches for compliance and monitoring emerging developments. This requires access to key information resources that deliver practical legal insights directly into their hands.
The Practical Guidance team for LexisNexis® has compiled a comprehensive practice note, Privacy Compliance Program Development, which addresses key privacy issues for consideration and sets out actionable steps that companies can take to develop a privacy compliance program. This tool discusses:
Practical Guidance also offers a practice note with legal insights for creating or reviewing a corporate privacy policy, Privacy Policies: Drafting a Policy, and a summary of critical steps that companies should take to successfully develop or evaluate a corporate privacy policy, Privacy Policy Checklist.
A wide range of these news, analysis and practice resources is accessible from Lexis+® General Counsel Suite, which is now available with Lexis+ AI®.
Get a free 7-day trial of Lexis+ GC Suite.