Cybersecurity

A recent decision from the U.S. District Court for the Southern District of New York (SDNY), United States v. Heppner, has generated outsized commentary suggesting that the use of generative AI tools may jeopardize attorney-client privilege. A closer reading shows something far less dramatic.

The 2025 legislative cycle marked a pivotal year in U.S. privacy law, defined not only by continued nationwide expansion into AI) governance, children’s and teen privacy and online safety, as well as emerging data categories. In this article, we detail what enterprises need to be prepared for in 2026 and explain why we believe next year will be a watershed period for consumer privacy in the U.S.

Every decision to onboard a client, partner, lateral hire, contractor, consultant or expert witness carries risk. Yet despite the increasing complexity of that risk, many firms continue to rely on onboarding practices that have not kept pace with the digital world in which their clients and people operate. The result is a widening gap between how risk actually manifests today and how it is assessed at the point of onboarding.

Understanding the “not written by people” feature of AI software is the best lens for viewing AI transactions. The fact that an AI is not a legal entity, prompts the proper legal analysis of AI transactions.

A great debate seems to be rearing its head–is it better to conduct document review with traditional machine learning or with generative AI? This article examines traditional machine learning and generative AI in the context of review for production in litigation matters. While each party seeks to improve efficiency and defensibility, they differ meaningfully in workflow, transparency, human involvement, and overall impact on legal practice.

As insurance retreated from AI exposure, contracts began absorbing functions that insurance once performed. Indemnities compressed. In effect, contracts began underwriting elements of AI risk. This shift has significant consequences for lawyers drafting, negotiating and advising on AI-related agreements.

You would not tolerate an associate with uniform confidence for very long. It makes them less useful, not more, because you cannot triage your review. Every assertion demands the same level of scrutiny. Yet this is precisely how every major large language model operates today. And the artificial intelligence industry’s proposed solution — spending billions to marginally reduce hallucinations — fundamentally misunderstands what lawyers actually need.

Businesses subject to the CCPA now must conduct risk assessments for certain types of processing activities and, starting in 2028, must certify to California regulators that they completed the assessments.