AI Privacy & Data Security

AI runs on data, and data is heavily regulated. FRB's AI privacy and data security team helps organizations deploy artificial intelligence while meeting their obligations under a fast-growing patchwork of privacy and security laws.

Regulators are paying particular attention to AI. New and proposed rules govern automated decision-making, profiling, and the use of personal data to train models, and enforcement activity is rising. A single careless prompt can disclose regulated data to a third-party model, and a poorly scoped vendor agreement can quietly shift liability onto you. We help you put the right guardrails in place: policies, tooling choices, and contract terms, so that adopting AI strengthens your privacy and security posture instead of undermining it.

• GDPR, UK GDPR, CCPA/CPRA, and state privacy compliance
• Automated decision-making and profiling requirements
• Data governance and minimization for AI use cases
• Vendor and cross-border data-transfer assessments
• Security safeguards, incident response, and breach notification
• Privacy notices, consent, and data-subject rights

Enterprise AI raises hard questions: what data may lawfully train or prompt a model, how to honor deletion and opt-out rights, and how to keep confidential or personal information out of tools that may retain it. We build practical data-governance frameworks, covering approved tools, minimization, and de-identification, that let your teams use AI productively without creating regulatory or security liabilities. Talk to us about a privacy review of your AI program.