BizTech Law Blog

Following Executive Order 14179 from January 23, 2025 titled Removing Barriers to American Leadership in Artificial Intelligence, President Donald Trump’s administration has unveiled its awaited artificial intelligence (“AI”) roadmap to cement the United States as a front runner in the “race to achieve global dominance in [AI]”.

The plan, titled American’s AI Action Plan (the “Plan”), is a 28-page document that outlines more than 90 federal policy actions under three strategic pillars: (1) accelerating innovation; (2) building American AI ...

See also Recommendations on AI and Copyrightability from the U.S. Copyright Office’s Latest Report

It is no surprise that generative artificial intelligence (“AI”) is changing the way companies all over the world operate. Some are embracing it with open arms and finding consistent opportunities to integrate AI into the workplace. Other businesses have found themselves at a standstill in terms of incorporating AI into their preexisting tools and technology, wondering whether embedding AI into their systems is a necessary step to stay relevant or one that may take them away ...

To hear more on this topic, business & IP attorney, Lindsey Mead, recently appeared on an episode of Expert Connexions to discuss the copyrightability of AI-generated content. See the interview here.

The United States Copyright Office (the “Office”) released the latest part in its Report on Copyright and Artificial Intelligence on January 29, 2025. Part 1, titled “Digital Replicas” was published on July 31, 2024 and discussed videos, images, and audio recordings that are manipulated to falsely depict individuals and information. This practice of creating ...

The Federal Trade Commission (FTC) is continuing its firm stance in regulating companies making unsubstantiated or exaggerated claims about their products or services employing artificial intelligence (AI).

With the rise of generative artificial intelligence (AI) and its various synthetic media outputs, deepfakes are just one of many new risks to businesses. Deepfakes pose considerable threats to companies, potentially damaging reputation, trust, and financial stability through malicious impersonation and manipulation of digital content.

Yesterday, on October 16, the Federal Trade Commission (“FTC”) issued final amendments to the “Rule Concerning Recurring Subscriptions and Other Negative Option Programs”, also referred to as the “Click-to-Cancel” Rule (the “Rule”). See the following link from the FTC’s website for more information: Federal Trade Commission Announces Final “Click-to-Cancel” Rule Making It Easier for Consumers to End Recurring Subscriptions and Memberships | Federal Trade Commission (ftc.gov).

On April 14, 2021, the U.S. Department of Labor’s (“DOL”) Employee Benefits Security Administration (“EBSA”) issued its first cybersecurity best practices guidance for retirement plans. The EBSA guidance was highly anticipated as the frequency and cost of data breaches affecting employee benefit plans continues to rise. 

Many businesses are using Artificial Intelligence (AI) tools in a variety of innovative ways to improve productivity and to save time and money. According to a 2023 Forbes article (forbes.com/advisor/business/software/ai-in-business/), 1 in 3 businesses plan to use ChatGPT to write their website content while 97% of business owners believe it will help their business.

The Corporate Transparency Act (“CTA”), which became effective on January 1, 2024, requires that many businesses report a significant amount of information about the company and its “beneficial owners” to a federal database. This article outlines the general rule, exceptions to the rule, the definition of “beneficial owner” and the CTA’s implications for companies owned by Employee Stock Ownership Plans (“ESOPs”).

Given the ever-changing landscape and increasing popularity of remote work, the use of electronic signatures (“e-signatures”) is on the rise. Business in general is going virtual, causing electronic transactions and online interactions to become more common. To accommodate this new digital environment, legislators have passed laws to permit the use of e-signatures to bind individuals to electronic agreements. In addition to keeping up with the evolution of online business, providing your organization with a reliable e-signature policy is pivotal to ensure clear reliance on and expectations for e-signatures.

Artificial intelligence (AI) is fast becoming an integral element in the operation of virtually every business and organization.

The AI Revolution is here! Startups across our region are using AI tools in innovative new ways. But could there be legal pitfalls you haven’t considered?

Whether you are the CEO of a big corporation working in the office six days a week or an analyst working remotely from home entering data, everyone is at risk of a cyber-attack. Despite the fact that all organizations, regardless of size, are at risk, few have preventative measures in place, or have even planned for how they would respond in the event of an attack. 

In the wake of the Colonial Pipeline ransomware attack, cyber attacks such as ransomware and phishing continue to be a major threat for all businesses, large or small. Even with precautions in place, it is not a matter of "if" but "when" a business will experience an attack. In the case of Colonial Pipeline, the hackers not only demanded and received millions from Colonial Pipeline in May 2021, but the resulting ransomware attack forced the company into a fuel distribution shutdown, making headlines across the country and causing gas shortages on the east coast. The attack also compromised thousands of individuals' personal information. 

The ​U.S. and China compete for global dominance in the areas of tech and innovation; however, in an era of global firms and global citizens they must also learn to cooperate.

The Children’s Online Privacy Protection Act (“COPPA”) was enacted in 1998 and was created to address concerns with the online collection of children’s personal information. Recently, the Federal Trade Commission (“FTC”) has announced several large fines for companies not in compliance.

Today, the use of software as a service ("SaaS") is widespread and the cybersecurity considerations are an afterthought.

In 2016 Lansing, MI's Board of Water and Light fell victim to a cyber-attack that resulted in $2.4 million in costs, including a $25,000 ransom paid to the perpetrators. In the aftermath of the breach, BWL announced that it was filing for a $1.9 million insurance claim under its cyber insurance policy, including $2 million in covered losses, less a $10,000 deductible.

There is a lot at stake for businesses when it comes to cyber-crime, which is why more and more businesses are investigating and purchasing cyber insurance to hedge against the risks associated with cyber security and data privacy.

No matter how carefully, thoughtfully and diligently a company works to prevent it, data breaches happen. Company management, IT teams and outside consultants can do everything right and still end up dealing with a breach. That means that knowing how to best respond when (not if) a breach happens should be part of every company’s data protection strategy.

We recommend that every company assemble a security breach team, consisting of individuals inside and outside of the organization who possess different skill sets. This may include technology officers, as well as staff from IT, human resources, communications, legal departments, outside counsel, and outside vendors. The composition of the team will depend on the type and size of the organization, but each member should be in a position and have skills that enable the organization to quickly and properly respond to an incident. The team must also be equipped, authorized and empowered to evaluate and immediately react to an incident once it has occurred.

A recent decision by the U.S. Court of Appeals for the Sixth Circuit (the “Sixth Circuit”) may make it easier for plaintiffs to bring costly lawsuits against companies that allow sensitive data to fall into the wrong hands. Most troubling from a company's perspective, the Sixth Circuit used language that some states legally require in data breach notification letters to justify allowing the case to move forward. Read more about this case here.

It is time for hospitals and physicians to start using electronic health records ("EHR").  It is particularly important if hospitals or physicians want to take advantage of the 2011 Medicare incentive payments, since important deadlines are quickly approaching.

The Office of the National Coordinator for Health Information Technology ("ONC") announced that the first electronic health record ("EHR") incentive payments were going to be made in mid-May to providers who had successfully attested to having met "meaningful use" and all of the other program requirements.  The maximum payment that a Medicare provider in the EHR program can receive in 2011 for his or her first year of participation is $18,000.  Incentive payments for eligible hospitals begin at $2 million.