News From the World Wide Web

Forecast 2025: what are this year’s biggest legal-tech challenges? by NH Business Review for Cameron G. Shilling

Posted on by FromAround TheWWW
Forecast 2025: what are this year’s biggest legal-tech challenges? by NH Business Review for Cameron G. Shilling
Shilling Cameron

Cameron Shilling

Businesses face three predominate legal-technology challenges in 2025. First, businesses need to implement artificial intelligence (AI) into their operations using foresighted legal strategies to do so. Second, organized cyber criminals are perpetrating highly sophisticated ransom attacks and electronic funds transfer (EFT) fraud. Businesses need to be prepared to repel or minimize them, and respond when such an incident occurs. Third, privacy laws are in effect in New Hampshire, as well as many other states and countries. Businesses need to comply with them now to avoid becoming subjected to customer complaints and regulatory scrutiny.

AI is being adopted by businesses at lightning speed. Employees are clamoring to use generative AI applications, like ChatGPT, Gemini and Copilot. Additionally, AI is rapidly integrating into core business applications, like customer relationship managers (e.g., Salesforce and HubSpot), accounting and finance tools (e.g., QuickBooks, Xero and Zoho), enterprise resource planning (e.g., Acumatica, Epicor, NetSuite and Sage), human resources platforms (e.g., ADP, Paylocity and Workday), and design and engineering tools (e.g., AutoCAD and SmartDraw).

The opportunities for businesses to capitalize on AI are irresistible, including for tasks like quality and process improvement, cost reduction, and sales and marketing optimization. However, AI’s power is equaled by its dangers and liabilities if not implemented properly. For example, existing and emerging AI laws prohibit the use of it for certain purposes, and require business to identify and adopt safeguards for certain restricted uses of AI that impact individuals or present safety hazards. Examples of restricted uses include AI for human resources, autonomous decision-making, certain product design and testing, and many educational, security and infrastructure environments. Even if an AI use is not regulatorily restricted, businesses still must ensure that information entered into and outputs from AI remain confidential (including from the AI developer), and that outputs of AI are legitimate, reliable and free from error and bias.

To ensure compliance and reduce risk, businesses need a foresighted legal strategy to implement AI. That includes the following.

  • Form a governance team to identify existing and potential AI tools and uses of them, and to establish rules and policy for AI implementation.
  • License AI that is a closed system for the business, and determine which employees will be permitted to use it and the purposes it can be used for.
  • Create written rules and policy for employee AI use, train employees authorized to use AI, and ensure that all AI inputs and outputs are human-controlled.
  • Ensure the integrity of data used to train AI, test and prototype its results before using it in a production capacity, and periodically audit its results thereafter.
  • Be transparent about the business’s use of AI in a privacy policy and notices and consents with consumers, and in language in proposals, statements of work, and contracts with customers and vendors.

In comparison to AI, cybersecurity seems passé. But the likelihood of a business experiencing a ransom attack or EFT fraud is high, and the liability potentially crippling. Organized criminal syndicates are orchestrating sophisticated attacks. Businesses must adopt advanced cybersecurity safeguards to avoid most of them and mitigate the impact of a successful attack. Safeguards that were advanced 6 months or a year ago are no longer enough. Examples including the following.

  • Complex passwords and multifactor authentication (MFA) are vulnerable, requiring use of conditional access that allows only business-managed devices to access to email systems, clouds and networks.
  • An advanced activity-based threat application must be deployed on both networks and devices to detect and sequester potentially malicious activity, and it must be monitored 24/7/365 by a security operations center (SOC).
  • Effective email security requires sandboxing to securely test attachments and links in emails, geofencing for access to the email system, and robust access and activity logging retained for at least 120 days.
  • Deploy an automated virtual private network (VPN) to ensure remote workers are operating behind the business’s commercial firewall whenever they are connected to broadband or Wi-Fi.
  • Minimize and encrypt data on mobile devices and laptops, and encrypt confidential or sensitive information at rest on networks and in clouds.
  • Purchase appropriate and sufficient crime and cyber liability insurance to cover a significant ransom attack and EFT fraud.

While cybersecurity may seem passé, it remains the highest risk of significant liability.

Privacy laws are in effect right now, yet many businesses are unaware of them or the measures needed to comply. Posting a privacy policy on the website is not enough. A business must identify the personal information (PI) and sensitive PI it collects and uses. Sensitive PI includes information about children, health, biometrics, sexual orientation, geolocation, race, ethnic and national origin, citizenship, immigration status, political affiliation and religious beliefs.

Notice must be delivered to individuals about how the business collects and uses PI. Additionally, consent must be obtained and a data processing impact assessment (DPIA) conducted for certain activities, such as collection and use of sensitive PI, disclosure or sale of PI to a third party for marketing purposes, and use of PI in automated decision-making.

Individuals have rights concerning their PI, and businesses must honor requests from individuals to exercise those rights. For example, individuals have the right to know how a business collects and uses their PI, limit and opt-out of the collection and use of their PI, obtain a usable copy of their PI, and have the business delete their PI. While these rights are not unlimited, a business that fails to honor them in accordance with privacy law may face consumer complaints that can lead to regulatory audit and fines. Similarly, while New Hampshire’s privacy law affords some latitude for businesses to come into compliance during 2025, businesses need to act promptly, since implementing the measures needed for compliance often takes at least 3 to 6 months.

2025 will be the year of AI implementation, sophisticated cybersecurity attacks and privacy law compliance. Buckle your seatbelts, expect high speeds and bumps, and make sure your business is prepared to address these three legal-technology challenges.

Cam Shilling founded and chairs McLane Middleton’s Cybersecurity and Privacy Group. The group of five attorneys and one paralegal assist businesses and private clients to improve their security, privacy and AI compliance, and address any incidents or breaches that occur.

Categories: Cybersecurity, Law, News, Technology
FromAround TheWWW

A curated News Feed from Around the Web dedicated to Real Estate and New Hampshire. This is an automated feed, and the opinions expressed in this feed do not necessarily reflect those of stevebargdill.com.

stevebargdill.com does not offer financial or legal guidance. Opinions expressed by individual authors do not necessarily reflect those of stevebargdill.com. All content, including opinions and services, is informational only, does not guarantee results, and does not constitute an agreement for services. Always seek the guidance of a licensed and reputable financial professional who understands your unique situation before making any financial or legal decisons. Your finacial and legal well-being is important, and professional advince can provide the support and epertise needed to make informed and responsible choices. Any financial decisons or actions taken based on the content of this post are at the sole discretion and risk of the reader.

You might also like

On his first day, President Trump reversed these fair housing protections by Lee Davenport, Ph.D. for HousingWire
January 31, 2025
Bijoy John joins Sage Home Loans as senior VP of marketing by Kennedy Edgerton for HousingWire
January 30, 2025
Home inspector sees interaction from baby boomers, aging in place and reverse mortgages by Chris Clow for HousingWire
January 30, 2025

Leave a Reply