On Wednesday, June 25, Steve Britt will participate in a panel discussion hosted by SWE Lowcountry during their Alliance for Success Professional Development Series.

AI: Friend, Foe, or Frenemy?
Exploring the Real‑World Impact of AI Across Engineering and Technology in the Lowcountry
🗓️ Wednesday, June 25 | 6-8 p.m.
📍 ECPI University, North Charleston
Light appetizers offered.

This dynamic panel brings together experts across tech, business, law, and enterprise to unpack how AI is reshaping industries, redefining leadership, and raising new challenges in innovation and ethics.

🌟 Meet the Panelists:
Amy Ingram, Co-founder & Head of Operations, Querri, Inc.
Alex Veloz, Business Coach & Mentor, Increasing H.O.P.E Financial Training Center – Women’s Business Center
Jen Clark, Director, Advisory – Technical Enablement, EisnerAmper Advisory Group LLC
Steve Britt, Managing Partner, Britt Law LLC | General Counsel, National AI Association
David Bowman, Associate Technical Fellow, Enterprise AI & Data, The Boeing Company

🎙️ Moderated by:
LTC Shankar Banik, Ph.D.
Professor & Head, Department of Cyber and Computer Sciences, The Citadel

Steve’s discussion and handout will focus on:

Legal Landscape

• GDPR applies to all 27 EU member states
• EU Artificial Intelligence Act applies to all AI Systems introduced or used in
  Europe
• 24 state data privacy laws – No Federal data privacy law
• 4 State AI laws (Colorado, Utah, Calif. and Texas); 20+ introduced
• CA proposes broad cyber and ADMT risk management regulations
• Plaintiffs suing on tracking technologies, wiretapping and common law privacy laws

What Most State Data Privacy Laws Have in Common

• For-profits collecting data on 100,000 residents (TN 175K, MT 50K, DE 35K,
  TX/NE 1)
• Broad “personal information” & “sensitive data” definitions
• Grant broad data rights (Right to Know/Access/Correct/Delete/Opt-Out)
• Restrict sale of data, use of sensitive data, targeted advertising & profiling
• All but 2 require Data Protection Assessments
• AI risk assessments for algorithms and AI technologies
• NO PRIVATE CAUSE OF ACTION (except WMHMDA)

How Do These Laws Differ?

• CO, Washington, Oregon, NV and DE apply to nonprofits
• 3 States regulate consumer health data (this is not PHI)
• CA 1st-in-the-nation state data privacy regulator (CPPA)
• CA grants data rights to employees and B2B contacts (others exclude this data)
• Some require opt-in to collection of sensitive data – others grant right of opt-out.
• 5 states require recognition of universal opt-out mechanisms
• 5 states have social media platform bills (i.e., parental controls)
• Legal triggers for algorithms & automated data processing

Artificial Intelligence Compliance

1. What is AI Governance? System of policies, practices and processes to ensure
AI meets objectives, is used responsibly and complies with legal requirements

2. What is an AI Governance Committee? Committee of product development,
compliance, marketing, sales, users and senior management that identify risks,
administers controls and oversees development, testing and validation of AI System

3. What are Trustworthy AI Standards?

• Valid: System trained on data the developer had the right to use;
• Reliable: System performs as intended consistently and accurately,
• Safe: System does not endanger life, health, property or the environment,
• Secure: System operates correctly despite interventions,
• Resilient: System returns to normalcy after unexpected event,
• Accountable: Consequences of System are traceable to the responsible party,
• Transparent/ Explainable / Interpretable: System algorithms and operations explained,
• Privacy-Enhanced: System design safeguards human autonomy, identity and dignity,
• Human-Centric: System implements equality, fairness, rule of law, social justice, privacy and personal
  freedom

Data Management Compliance Game Plan

• Conduct a privacy impact assessment / data map / data inventory
• Review Data Practices: analyze data processes, develop game plan, set
  priorities
• Draft new privacy notices that meet laws & match data practices
• Implement data subject rights, including forms, processes, reports &
  assessments
• Avoid Regulator Triggers: opt-in/opt out rights, sale of data, targeted advertising,
  profiling, use of tracking technologies, use of consumer health data
• Draft cyber / data protection / AI assessment reports
• Provide employee training
• Establish reasonable data security (breach notices trigger data privacy audits)
• Comply with social media platform and minor / parental consent rules
• Incorporate AI compliance into data privacy program (not a separate system)
• Track evolving laws & regulations (AI is its own regime)
• Incorporate compliance into product & service roadmap
• Start early on a data management program. Companies must be able to tag,
  track, recover & delete individual user records.
• Everything requires assessments analyzing privacy / cyber / AI risks