Recent Insights

---

To schedule a consultation with counsel, simply click on the "Request a Consult" button on this website. This will take you to a brief form designed to expedite the conflict check and intake process.  Counsel or an intake specialist will then gather background information about the legal issue you are facing. This meeting is an opportunity to share relevant details and learn about possible next steps.

It's understandable that starting a legal process can feel overwhelming, especially if you’re unsure whether a virtual law firm can handle your unique situation. The good news is many types of legal matters can be managed entirely online, saving you time and offering greater access to skilled counsel.  Every case is different, though, and the best way to determine whether we’re the right fit is to schedule a consultation.

Businesses can start with the best practice of assessing how AI tools handle personal data. This includes implementing robust data protection strategies, regular audits, and clear privacy policies to protect sensitive customer and employee information.  It is important to consult a professional to ensure your business meets all necessary requirements and avoids making any unnecessary promises in published notices.

Integration should prioritize data security, regulatory compliance, and ethical use. Best practices include maintaining human oversight, provide staff training on responsible AI use, and implement governance frameworks to manage risks throughout the AI lifecycle.

Companies should evaluate AI vendors for industry certifications, security controls, and risk assessments.  Gartner and Capterra are available resources to consult when researching vendors.

Suggested steps include establishing clear policies on how long data is stored, logical separation of sensitive data, and mechanisms for secure deletion. The trend is to conduct regular reviews of the process because of evolving requirements and new laws.

AI can inadvertently perpetuate bias, share sensitive data, or make non-compliant decisions. Businesses should implement oversight mechanisms, require advance approval of AI solutions, audit AI outputs, and train staff on ethical AI use.

Request detailed documentation on encryption, access controls, and incident response protocols. Conduct due diligence to ensure vendors meet industry-specific security standards and regulatory requirements.

North Carolina businesses should consider adopting the NIST AI Risk Management Framework, a leading, voluntary guideline designed to help organizations identify, assess, and manage risks throughout the AI lifecycle. This NIST framework is structured around four core functions, Govern, Map, Measure, and Manage, which guide organizations in establishing oversight, mapping risks, measuring impacts, and managing mitigation strategies.

In addition to NIST, the OECD Framework for Classifying AI Systems is highly regarded for its global perspective and focus on trustworthy AI. The OECD framework encourages organizations to evaluate AI systems based on context, risk level, and societal impact.

Digital marketers should be aware of both federal laws (e.g. CAN-SPAM and HIPAA) and North Carolina laws that restrict deceptive advertising and encourage clear disclosures about data use. North Carolina legislative proposals would further require businesses to provide clear opt-out options for targeted ads, avoid manipulative design, especially for minors, and ensure all privacy settings default to the highest protection for minors.

As of Summer 2025, North Carolina has not yet passed comprehensive privacy legislation, though several bills are repeatedly considered every session. Businesses should monitor legislative developments and prepare for new requirements, such as data protection assessments, opt-out mechanisms for targeted ads, and enhanced transparency obligations.