Month: August 2025

Posted on

Legal Insights on AI: Protecting Privacy in a Data-Driven World with Colleen García

Podcast: Play in new window | Download (Duration: 10:59 — 15.1MB)

Subscribe: RSS

Summary

In this episode, Marc is chattin’ with Colleen García, a seasoned privacy attorney. The conversation begins with an introduction to Colleen’s extensive background in cybersecurity law, including her experience working with the U.S. government before transitioning to the private sector. This sets the stage for a deep dive into the complex relationship between data privacy and artificial intelligence (AI), highlighting the importance of understanding legal and ethical considerations as AI technology continues to evolve rapidly.

The core of the discussion centers on how AI models are trained on vast amounts of data, often containing personal identifiable information (PII). Colleen emphasizes that respecting individuals’ data privacy rights is crucial, especially when it comes to obtaining proper consent for the use of their data in AI systems. She points out that while AI offers many benefits, it also raises significant concerns about data misuse, leakage, and the potential for infringing on privacy rights, which companies must carefully navigate to avoid legal and reputational risks.

Colleen elaborates on the current legal landscape, noting that existing data privacy laws—such as those in the U.S., the European Union, Canada, and Singapore—are being adapted to address AI-specific issues. She mentions upcoming regulations like the EU AI Act and highlights the role of the Federal Trade Commission (FTC) in enforcing transparency and honesty in AI disclosures. Although some laws do not explicitly mention AI, their principles are increasingly being applied to regulate AI development and deployment, emphasizing the need for companies to stay compliant and transparent.

The conversation then expands to a global perspective, with Colleen discussing how different countries are approaching the intersection of data privacy and AI. She notes that international efforts are underway to develop legal frameworks that address the unique challenges posed by AI, reflecting a broader recognition that AI regulation is a worldwide concern. This global outlook underscores the importance for companies operating across borders to stay informed about evolving legal standards and best practices.

In closing, Colleen offers practical advice for businesses seeking to responsibly implement AI. She stresses the importance of building AI systems on a strong foundation of data privacy, including thorough vetting of training data and transparency with users. She predicts that future legislative efforts may lead to more state-level AI laws and possibly a comprehensive federal framework, although the current landscape remains fragmented. The podcast concludes with Colleen inviting listeners to connect with her for further discussion, emphasizing the need for proactive, thoughtful approaches to AI and data privacy in the evolving legal environment.

Key Points

  1. The Relationship Between Data Privacy and AI: The discussion emphasizes how AI models are trained on data that often includes personal identifiable information (PII), highlighting the importance of respecting privacy rights and obtaining proper consent.
  2. Legal Risks and Challenges in AI and Data Privacy: Colleen outlines potential risks such as data leakage, misuse, and the complexities of ensuring compliance with existing privacy laws when deploying AI systems.
  3. Current and Emerging Data Privacy Laws: The conversation covers how existing laws (like those from the U.S., EU, Canada, and Singapore) are being adapted to regulate AI, along with upcoming regulations such as the EU AI Act and the role of agencies like the FTC.
  4. International Perspectives on AI and Data Privacy: The interview highlights how different countries are approaching AI regulation, emphasizing that this is a global issue with ongoing legislative developments worldwide.
  5. Practical Advice for Responsible AI Deployment: Colleen offers guidance for companies to build AI systems on a strong data privacy foundation, including vetting training data, ensuring transparency, and staying proactive in legal compliance as the regulatory landscape evolves.

Key Quotes

  1. “AI models are built, trained, and built on data. They are as good as the data we put in.”
  2. “Data privacy concerns arise when personal data, or PII, is used to design, develop, and train those AI models.”
  3. “Existing laws being applied to data privacy are often being used in new ways to address AI, such as the FTC’s focus on transparency and honest disclosures.”
  4. “Designing AI with privacy-enhancing techniques, like differential privacy or federated learning, can help protect individual data.”
  5. “Companies should build AI on a strong data privacy framework rather than trying to do it in reverse.”

About Our Guest

Colleen García is Of Counsel at Tannenbaum Helpern’s Cybersecurity & Data Privacy practice, advising clients on legal and regulatory compliance, drafting and negotiating technology agreements, privacy policies, and terms of use. She is certified as CIPP/US and AIGP by the IAPP. Her practice encompasses the entire cybersecurity lifecycle, including incident response, breach plans, cybersecurity insurance, and training, as well as supporting M&A transactions with data privacy reviews. Colleen’s clients span industries such as technology, healthcare, transportation, real estate, and insurance, including security firms and data brokers. Prior to joining Tannenbaum Helpern, she served as Director for Cybersecurity Policy at the NSC, Attorney Advisor at the DOJ, and Assistant U.S. Attorney in Virginia. She was also a founding partner of Fractional GCs PLLC and is an Adjunct Professor at The LBJ School of Public Affairs in Austin, Texas.

Follow Our Guest

LinkedIn | Tannenbaum Helpern

About Our Host

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

Follow Our Host

Website | LinkedIn