Skip to content
Photo of David A. Zetoony

David Zetoony, Co-Chair of the firm's U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation.

Attorneys familiar with the European GDPR are acquainted with the bifurcation of the world into controllers and processors. For purposes of European data privacy, a “controller” refers to a company that either jointly or alone “determines the purposes and means” of how personal data will be processed.[1] A “processor” refers to a company (or

Categorizing data as “sensitive” is a common feature in U.S. state privacy law, as well as the EU’s GDPR (which uses the term “special category” for similar personal data).[1] What is considered sensitive data varies from state to state, as well as the obligations that come with it. Colorado, Connecticut, Florida, Indiana, Montana, Oregon

Companies across industries are considering whether, and how, to utilize artificial intelligence (AI). Once developed, an AI can be utilized in a variety of different ways.

Foundational models are large-scale AI models trained using vast amounts of unlabeled data that can be used for varying tasks. Foundational models typically use self-supervised learning to apply learnings

Companies across industries are considering whether, and how, to utilize artificial intelligence (AI). Once developed, an AI can be utilized in a variety of different ways.

As part of developing an AI, computers may be provided with large quantities of data from which patterns and associations can be recognized (“training data”). Training data is often

Companies across industries are considering whether, and how, to utilize artificial intelligence (AI). Once developed, an AI can be utilized in a variety of different ways.

Prompts are a subset of input data that describe the instructions provided to the AI model (i.e., “please summarize the following 10 documents”) as opposed to other types of

Companies across industries are considering whether, and how, to utilize artificial intelligence (AI). Once developed, an AI can be utilized in a variety of different ways.

Input data is data added to an artificial intelligence (AI) to explain a problem, situation, or request. Input data may be cleaned, labeled, and organized, or it may be

The term “data minimization” generally refers to two requirements within the GDPR: (1) a company should only collect and process personal data that is “necessary” in relation to its purpose, and (2) a company should keep data for “no longer than is necessary for [that] purpose[].”[1] Put differently, a company should only collect what

Data is typically added to an AI to explain a problem, situation, or request (“input data”). Some popular AI models refer to input data by the term “prompt” as the user is prompting the AI to initiate an action, or to create additional information. Prompts can take different forms such as text prompts or image