In-house counsel have the sobering responsibility of protecting their organizations from evolving cybersecurity and data privacy threats at a time when there is a dramatic increase in the sophistication...
The trend of pet-friendly workplaces has seen a significant rise in recent years, with many companies recognizing potential benefits for employee morale and recruitment. A 2024 study found that 82% of...
By Madison Johnson | LexisNexis 2024 was the year of experiments and pilots with legal tech. As we look ahead, 2025 is shaping up to be the year where use cases are actioned and AI goes mainstream. To...
By Madison Johnson | LexisNexis The legal industry is on the brink of a transformative era, as highlighted in the latest LexisNexis® white paper " Legal Tech Trends 2025 ". This comprehensive...
Rupp Pfalzgraf was founded in 2000 by three visionary attorneys who were determined to redefine the traditional law firm model. Over the course of the past 25 years, they have grown into a dynamic, multi...
In-house counsel have the sobering responsibility of protecting their organizations from evolving cybersecurity and data privacy threats at a time when there is a dramatic increase in the sophistication of attack vectors and regulatory obligations.
“With a host of new state data privacy laws coming online in 2025, this year is sure to test organizations’ compliance capabilities more than ever before,” reported LegalTech News, in a recent story regarding legal industry experts’ predictions for data privacy challenges in the year ahead. “It’s likely that some new laws will be enacted to cover the many data privacy issues stemming from the rise of Gen AI.”
Legal experts are ringing the alarm bell that AI-powered cyberattacks are a serious new threat for corporate data security teams.
“Threat actors are increasingly leveraging AI to launch more sophisticated and adaptive cyber attacks, such as crafting highly convincing phishing emails, evading detection systems and automating exploits at an unprecedented scale,” writes Matt White and Alex Koskey, shareholders at Baker Donelson, in a recent Law360 Expert Analysis column.
The authors warn that bad actors can use AI to mimic legitimate behaviors and thereby infiltrate information systems with greater precision, while traditional cybersecurity defenses struggle to keep up. Moreover, cybercriminals are deploying advanced AI tools to create malware capable of learning and adapting to defenses in real-time.
For in-house counsel who think their year-ago cyber-risk reviews were recent enough, you may want to think again. AI tools can now be leveraged by threat actors to write phishing emails so convincing that even a trained IT professional may be tricked into clicking on links, according to Messrs. White and Koskey—and AI can now brute-force through voice and facial recognition to bypass multifactor authentication.
The proliferation of data privacy laws across the globe, each with its own nuances and specific requirements, is presenting a major challenge in 2025.
States such as California have enacted sweeping data privacy mandates, countries such as China and India have implemented their own laws and, of course, the European Union’s benchmark GDPR continues to influence privacy regulations worldwide. In-house counsel must wrestle with this patchwork of laws, as reported by Law360®, to ensure compliance in all key markets where their companies conduct business.
“As if cybercriminals weren’t enough, regulators are also turning up the heat,” writes Messrs. White and Koskey. “Noncompliance isn’t just a legal headache—it’s a reputational disaster. If your institution gets caught flat-footed during a regulatory review, the fines could pale in comparison to the damage done to client trust.”
For example, many companies rely heavily on third-party vendors to perform various work functions more efficiently—but this reliance introduces data privacy and security risks when outside contractors are given access to corporate systems. In-house counsel must ensure that vendors adequately protect the personal data they collect and process on the company’s behalf.
Another growing privacy challenge pertains to the internal workforce. The increasing use of remote work arrangements and employee monitoring tools necessitates a re-evaluation of employee privacy rights, such as how employees conduct themselves on social media platforms. In-house counsel must balance the need for workplace productivity and brand protection with the right of employees to privacy.
The new cybersecurity and data privacy landscape may feel like murky territory for corporations to navigate in 2025, but in-house counsel can play a critical role for their organizations by staying informed, developing strategic approaches for compliance and monitoring emerging developments. This requires access to key information resources that deliver practical legal insights directly into their hands.
The Practical Guidance team for LexisNexis® has compiled a comprehensive practice note, Privacy Compliance Program Development, which addresses key privacy issues for consideration and sets out actionable steps that companies can take to develop a privacy compliance program. This tool discusses:
Practical Guidance also offers a practice note with legal insights for creating or reviewing a corporate privacy policy, Privacy Policies: Drafting a Policy, and a summary of critical steps that companies should take to successfully develop or evaluate a corporate privacy policy, Privacy Policy Checklist.
A wide range of these news, analysis and practice resources is accessible from Lexis+® General Counsel Suite, which is now available with Lexis+ AI®.
Get a free 7-day trial of Lexis+ GC Suite.