 |
| The data governance session |
The IPKat is back in Fordham, with the Spring skies and the chirping birds gracing the streets of the Upper West Side. As a proud and long-standing partner with the Fordham IP Conference, now in its 33rd year, the IPKat is thrilled to partner with the students of Fordham for reports from this years’ conference. This report comes from Seth B. Pearson (First Year Student of Penn State Dickinson Law).
Over to Seth:
"Thursday afternoon featured the Data Governance, Privacy, and Cybersecurity session. This session tackled the massive clash between data sovereignty, cross-boarder transfers, and the shifting economics of cybersecurity in our digital economy. Moderated by Cameron Russell (Mastercard), the panel featured Kohei Wachi (Mori Hamada), Sven Schonhofen (Reed Smith LLP), Benoit Van Asbroeck (Bird & Bird), Charisse Castagnoli (Vilya Law PLLC), and Aniket Kesari (Fordham University School of Law). All views expressed on the panel were their personal views.
For legal professionals attempting to navigate this volatile space, here are the top five takeaways:
1. AI is Forcing a Data Governance Overhaul: Traditional data governance relied heavily on established retention schedules and straightforward de-identification. That era is over. As Castagnoli noted, "read-only is a suggestion to an LLM." The fundamental mechanics of AI necessitate total traceability and a completely reshaped approach to vendor and sub-processor management to ensure compliance.
2. A Tale of Two Regulatory Regimes: The global approach to AI and data regulation is severely diverging. While the EU is aggressively regulating with nearly 100 digital laws in play (including the GDPR and AI Act), Japan is taking a drastically different path. Wachi highlighted that to combat a shrinking workforce, Japan is actually loosening consent requirements for AI training data to promote immediate technological adoption.
3. The U.S. Preemption Battle: Domestically in the US, the core tension lies in whether the federal government will preempt a growing patchwork of state-level AI regulations. Kesari pointed out that defining what an "AI product" actually is will be central to resolving whether states can effectively differentiate and regulate these tools locally, or if a national standard is required.
4. The Economics of Cyberattacks Have Plummeted: AI has fundamentally lowered the cost and effort required to execute highly sophisticated cyberattacks. Deepfakes and AI-generated phishing are effortlessly bypassing traditional human-layer defenses. Kesari struck fear into some of the audience members when he explained how the agent features found within AI systems like Claude, is making it more streamlined, efficient, and cheaper to sophistically attack numerous people. However, the panel reminded the audience that traditional "defense in depth" still remains critical - an isolated vulnerability cannot be exploited if layered corporate defenses hold steady.
5. The Lawyer as a Translator: For those navigating early legal careers and breaking into the corporate compliance space, mastering the legal doctrine is only half the battle. Legal professionals must increasingly act as translators between engineering teams, business stakeholders, and regulators. Having a foundational curiosity about how the underlying technology works is no longer optional; it is a prerequisite for effective incident response and global compliance.
As the digital landscape shifts beneath our feet, one thing is certain: in the collision of AI, privacy, and security, the most successful legal professionals will have to be not only experts in the law, but they'll have to be the essential bridges between innovation and ethics."
"Thursday afternoon featured the Data Governance, Privacy, and Cybersecurity session. This session tackled the massive clash between data sovereignty, cross-boarder transfers, and the shifting economics of cybersecurity in our digital economy. Moderated by Cameron Russell (Mastercard), the panel featured Kohei Wachi (Mori Hamada), Sven Schonhofen (Reed Smith LLP), Benoit Van Asbroeck (Bird & Bird), Charisse Castagnoli (Vilya Law PLLC), and Aniket Kesari (Fordham University School of Law). All views expressed on the panel were their personal views.
For legal professionals attempting to navigate this volatile space, here are the top five takeaways:
1. AI is Forcing a Data Governance Overhaul: Traditional data governance relied heavily on established retention schedules and straightforward de-identification. That era is over. As Castagnoli noted, "read-only is a suggestion to an LLM." The fundamental mechanics of AI necessitate total traceability and a completely reshaped approach to vendor and sub-processor management to ensure compliance.
2. A Tale of Two Regulatory Regimes: The global approach to AI and data regulation is severely diverging. While the EU is aggressively regulating with nearly 100 digital laws in play (including the GDPR and AI Act), Japan is taking a drastically different path. Wachi highlighted that to combat a shrinking workforce, Japan is actually loosening consent requirements for AI training data to promote immediate technological adoption.
3. The U.S. Preemption Battle: Domestically in the US, the core tension lies in whether the federal government will preempt a growing patchwork of state-level AI regulations. Kesari pointed out that defining what an "AI product" actually is will be central to resolving whether states can effectively differentiate and regulate these tools locally, or if a national standard is required.
4. The Economics of Cyberattacks Have Plummeted: AI has fundamentally lowered the cost and effort required to execute highly sophisticated cyberattacks. Deepfakes and AI-generated phishing are effortlessly bypassing traditional human-layer defenses. Kesari struck fear into some of the audience members when he explained how the agent features found within AI systems like Claude, is making it more streamlined, efficient, and cheaper to sophistically attack numerous people. However, the panel reminded the audience that traditional "defense in depth" still remains critical - an isolated vulnerability cannot be exploited if layered corporate defenses hold steady.
5. The Lawyer as a Translator: For those navigating early legal careers and breaking into the corporate compliance space, mastering the legal doctrine is only half the battle. Legal professionals must increasingly act as translators between engineering teams, business stakeholders, and regulators. Having a foundational curiosity about how the underlying technology works is no longer optional; it is a prerequisite for effective incident response and global compliance.
As the digital landscape shifts beneath our feet, one thing is certain: in the collision of AI, privacy, and security, the most successful legal professionals will have to be not only experts in the law, but they'll have to be the essential bridges between innovation and ethics."
Fordham 33 (Report 2): Top 5 Takeaways: Data Governance, Privacy, & Cybersecurity in an AI World
Reviewed by Annsley Merelle Ward
on
Friday, April 10, 2026
Rating:
Reviewed by Annsley Merelle Ward
on
Friday, April 10, 2026
Rating:
Follow the IPKat on LinkedIn 
No comments:
All comments must be moderated by a member of the IPKat team before they appear on the blog. Comments will not be allowed if the contravene the IPKat policy that readers' comments should not be obscene or defamatory; they should not consist of ad hominem attacks on members of the blog team or other comment-posters and they should make a constructive contribution to the discussion of the post on which they purport to comment.
It is also the IPKat policy that comments should not be made completely anonymously, and users should use a consistent name or pseudonym (which should not itself be defamatory or obscene, or that of another real person), either in the "identity" field, or at the beginning of the comment. Current practice is to, however, allow a limited number of comments that contravene this policy, provided that the comment has a high degree of relevance and the comment chain does not become too difficult to follow.
Learn more here: http://ipkitten.blogspot.com/p/want-to-complain.html