Summary

In this insightful episode of the Chattinn Cyber podcast, host Marc Schein is chattin’with Ryan Steidl, a leading privacy and artificial intelligence attorney, to explore the evolving landscape of AI from a legal and cybersecurity perspective. Ryan shares his journey from Maryland to becoming a respected figure in data privacy and AI law, highlighting the influence of pioneering professors and his early work at Under Armour. He frames AI as an evolutionary technology that builds on existing data privacy and security issues but introduces new complexities due to limited human intervention in its processes.

Their chat delves into the current regulatory environment surrounding AI in the United States, which Ryan describes as a patchwork of state laws with no comprehensive federal framework yet in place. He discusses the recent veto of Virginia’s AI bill and the ongoing debate over a proposed federal moratorium on state AI legislation, emphasizing the tension between innovation and safety. Ryan also notes the role of federal agencies like the FTC and EEOC in shaping AI policy and how shifts in administration priorities—from safety to innovation—impact regulatory approaches.

Ryan advises business leaders to focus on the purpose behind AI adoption, urging them to carefully assess use cases, data needs, and risk tolerance before allowing AI tools in their organizations. He stresses the importance of governance, recommending cross-functional oversight teams and clear ownership at multiple levels—from enterprise governance to tool implementation and output accountability. He also highlights the necessity of rigorous vetting and ongoing risk assessments to manage AI-related risks effectively.

The chat further clarifies the distinctions between open-source AI models, public tools like ChatGPT, and private sandbox environments. Ryan warns against indiscriminate use of public AI models with sensitive data and advocates for controlled environments that offer greater security and customization. He also touches on emerging trends like synthetic data and regulatory sandboxes, which balance innovation with risk mitigation, citing Utah’s AI lab as a pioneering example.

Concluding on the topic of AI’s impact on cyber risk, Ryan offers a nuanced view: AI can both help manage and exacerbate cyber risks depending on how it is used. He underscores the increasing complexity AI introduces and the critical role of human oversight in accountability and enforcement. Ryan predicts that insurers will push organizations toward proactive risk management rather than reactive responses, emphasizing the need for continuous monitoring and anticipation of AI-related pitfalls. He closes by inviting listeners to access further resources and contact his team for guidance.

Key Points

AI as an Evolutionary Technology: AI builds on existing data privacy and security frameworks but introduces new challenges due to limited human intervention in its processes.
Fragmented AI Regulation: The U.S. currently has a patchwork of state-level AI laws with no comprehensive federal legislation, complicated by political debates such as the proposed moratorium on state AI laws.
Governance and Ownership: Effective AI adoption requires clear governance structures, cross-functional oversight, and defined ownership at multiple organizational levels.
Risk Assessment and Documentation: Organizations must implement thorough vetting processes, conduct ongoing risk assessments, and maintain detailed documentation to demonstrate accountability and compliance.
Safe AI Adoption Practices: Businesses should avoid using public AI models with sensitive data, favor sandbox or private instances, and consider synthetic data to mitigate privacy and compliance risks.

Key Quotes

“AI is more evolutionary than revolutionary, at least. It builds on a lot of topics that we’re pretty familiar with, especially in cybersecurity.”
“AI’s processing with limited human intervention heightens potential risk, so we have to dive deep into how we approach, analyze, control, and comply with it.”
“The current AI regulatory landscape in the U.S. is a patchwork, with states like California, Utah, and Colorado leading, but no comprehensive federal law yet.”
“Purpose, purpose, purpose — understanding why you’re using AI and what problem you’re solving is the foundation for managing risk.”
“Humans will need to be involved in AI no matter how much intervention happens … Insurers will demand organizations be proactive, not reactive, in managing AI risks.”

About Our Guest

Ryan Steidl, based in Seattle, Washington, is a member of Constangy’s Cyber Team and part of its compliance advisory group, where he provides strategic guidance on navigating complex data privacy and cybersecurity laws. He advises clients on compliance with diverse state, federal, and international privacy regulations, helping them develop business-focused data protection strategies that minimize legal risk and align with operational goals. Prior to joining Constangy, Ryan spent eight years at Grant Thornton as a founding member of their Cyber Practice and Senior Manager of the Privacy & Data Protection team, leading regulatory risk assessments, privacy program development, and compliance advisory for a broad range of clients including Fortune 500 companies, multinationals, private equity firms, and startups.

Follow Our Guest

Website | LinkedIn

About Our Host

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

Follow Our Host

Website | LinkedIn