AI Legal Risks Accelerate: Lisa Fitzgerald Urges Businesses to Vet Use Cases
Artificial intelligence (AI) tools are increasingly integrated into business operations, facilitating tasks such as drafting emails, analyzing documents, and supporting compliance efforts. However, as organizations rush to adopt these technologies, many overlook the significant legal risks associated with their use.
Interactions with public AI tools can inadvertently expose confidential data, breach international data regulations, and create unforeseen legal liabilities. This situation has prompted legal and cybersecurity professionals to confront new challenges related to governance, liability, and responsible AI usage.
Lisa Fitzgerald, a partner at Norton Rose Fulbright, emphasizes the importance of identifying appropriate AI use cases to mitigate these risks. Drawing from her extensive experience advising organizations on cyber incidents and data protection, Fitzgerald highlights the legal blind spots that businesses must address as AI adoption accelerates.
The Real-World AI Legal Risks Organizations Aren’t Talking About
One of the primary challenges organizations face when adopting AI is not the technology itself, but rather the identification of safe and appropriate use cases. Fitzgerald notes that many companies underestimate the legal risks associated with AI applications. She stresses that organizations must ask themselves critical “cost-benefit” questions regarding their AI deployments.
Fitzgerald points out that seemingly innocuous applications of AI can escalate into significant risks. For instance, using generative AI to refine email tone may appear harmless, but incorporating confidential information can lead to a global data breach. Once data is entered into public AI platforms, organizations may lose control over its movement and usage.
She warns that data may cross international borders under terms that allow vendors to use it for training purposes, potentially exposing organizations to costly data breach scenarios. Fitzgerald has advised numerous clients on such inadvertent breaches, emphasizing that they are often preventable.
Beyond privacy issues, organizations may face legal exposure through various channels. Fitzgerald explains that the full legal ramifications of certain AI use cases are still unfolding. For example, a rewritten email intended to eliminate passive-aggressive tones could inadvertently increase litigation risks related to defamation, intellectual property infringement, or privacy violations.
To address these AI legal risks, Fitzgerald outlines two practical steps organizations are adopting: raising staff awareness through training and efficiently vetting AI use cases. Structured review frameworks are increasingly being implemented to assess AI tools before internal deployment.
Fitzgerald likens the vetting process for AI applications to Privacy Impact Assessments (PIAs), introducing the concept of Use Case Assessments (UCAs). These assessments can be streamlined through automated questionnaires that capture essential information about the intended outcomes and required data.
She emphasizes that UCAs should encompass a broader range of digital assets beyond personal information, including confidential, privileged, and proprietary data.
Cyber Risk Strategy: Where Legal Strategy Meets Business Reality
Organizations often struggle to align legal advice with operational decision-making, particularly during cyber incidents or data breach investigations. Fitzgerald observes that this gap is narrowing, as the importance of legal professional privilege becomes increasingly recognized in protecting sensitive information.
Legal privilege is especially critical when organizations commission digital forensic investigations. The absence of this privilege regarding key business decisions, such as digital forensics reports, can expose organizations to regulatory fines and legal liabilities.
Fitzgerald warns that organizations failing to structure legal advice effectively during cyber incidents may face severe consequences, including default judgments in cases of data breaches.
She introduces a straightforward framework used in Australia known as the “Herald Sun” test. This involves asking whether the decisions made regarding cyber and data protection could attract negative media attention. If the answer is yes, organizations should reconsider their approach.
When Privacy and Cybersecurity Become Business Enablers
Many organizations still perceive cybersecurity compliance as a regulatory obligation rather than a strategic advantage. Fitzgerald argues that this perspective shifts when leadership recognizes the value of digital assets.
She asserts that when leaders view privacy and cybersecurity compliance as business enablers, it reflects a maturity in organizational strategy. This shift often leads to an investment in the future success of the business.
Fitzgerald highlights that organizations increasingly recognize data as a strategic resource, often referring to it as the “crown jewels” of the organization. When companies prioritize security and governance, they not only mitigate AI legal risks but also enhance investor confidence.
Changing Barriers for Women in Cybersecurity and Tech Law
Reflecting on the progress made in the field, Fitzgerald notes that one misconception about women in technology is gradually dissipating. The perception that cybersecurity and technology laws are uninteresting to women is changing, as curiosity about technology’s global impact transcends gender lines.
Fitzgerald emphasizes that women share the same curiosity as men regarding the technologies that shape our world and the cyber challenges that arise from them.
Career Advice That Shaped Her Journey
Fitzgerald recalls a pivotal piece of advice from Christine Lagarde, former Chair of a law firm. Lagarde emphasized the importance of hard work and sacrifice but cautioned against sacrificing one’s health. This message has influenced Fitzgerald’s approach throughout her career, leading her to prioritize exercise and well-being as essential components of her professional journey.
Managing AI Legal Risks Requires Governance and Awareness
As organizations continue to integrate AI into their operations, the urgency surrounding AI legal risks intensifies. What may seem like minor productivity enhancements can result in significant legal repercussions if sensitive data or intellectual property is compromised.
Fitzgerald’s insights underscore that successful AI adoption is not solely about technology deployment. It necessitates clear governance frameworks, legal oversight, and internal awareness to prevent the unintentional creation of new risks.
For organizations navigating the complex intersection of law, cybersecurity, and emerging technologies, proactively identifying and managing AI legal risks is essential for maintaining trust and protecting digital assets.
As reported by thecyberexpress.com.
