Data is currency. Companies must increasingly create, collect, and share information if they want to survive in today’s global economy. With these new opportunities, however, come new and ever-changing legal risks. Between state, federal and international privacy regulations, the law governing the collection, processing, storage, and disposal of personal information is constantly changing and growing more complex. Shook counsels clients to help them build proactive privacy programs that comply with privacy regimes like the CCPA/CPRA, GDPR, LGPD, HIPAA, BIPA, and a mix of other statutes and regulatory guidance. Shook’s attorneys have the experience to help companies identify which law(s) apply to them and how to best comply.

Our team also helps clients navigate the evolving legal frameworks surrounding the use of artificial intelligence. Whether adopting generative AI internally for productivity, engaging with customers using AI tools, or developing an AI system as a product or service, Shook’s team helps companies understand applicable legal requirements and identify and mitigate risks. We follow legal developments in the U.S. at the federal, state, and local levels as well as internationally with data protection or product safety regulation of AI.

Representative Matters

  • Seconded to companies in the life sciences, fintech, and retail industries to develop or mature data protection compliance programs for U.S. privacy and GDPR compliance, working with privacy, legal, HR, marketing, and product business teams.
  • Directed the development of privacy compliance programs for multinational companies covering data mapping, individual request processes, privacy disclosures, vendor management, and employee training.
  • Developed risk assessment and privacy-by-design processes for activities including sensitive data handling, AI/ML systems, data analytics, and biometric data collection and use.
  • Developed frameworks for the international transfer of personal data.
  • Assisted companies with maturing data governance programs, including engaging in data classification and data minimization.
  • Developed Responsible AI Frameworks, directed AI risk management working groups, conducted AI risk assessments, and engaged with employees in training and awareness efforts over the benefits and risks of using AI.