Photo of Jayne Ponder

Jayne Ponder

Jayne Ponder counsels national and multinational companies across industries on data privacy, cybersecurity, and emerging technologies, including Artificial Intelligence and Internet of Things.

In particular, Jayne advises clients on compliance with federal, state, and global privacy frameworks, and counsels clients on navigating the rapidly evolving legal landscape. Her practice includes partnering with clients on the design of new products and services, drafting and negotiating privacy terms with vendors and third parties, developing privacy notices and consent forms, and helping clients design governance programs for the development and deployment of Artificial Intelligence and Internet of Things technologies.

Jayne routinely represents clients in privacy and consumer protection enforcement actions brought by the Federal Trade Commission and state attorneys general, including related to data privacy and advertising topics. She also helps clients articulate their perspectives through the rulemaking processes led by state regulators and privacy agencies.

As part of her practice, Jayne advises companies on cybersecurity incident preparedness and response, including by drafting, revising, and testing incident response plans, conducting cybersecurity gap assessments, engaging vendors, and analyzing obligations under breach notification laws following an incident.

On January 29, 2024, the Department of Commerce (“Department”) published a proposed rule (“Proposed Rule”) to require providers and foreign resellers of U.S. Infrastructure-as-a-Service (“IaaS”) products to (i) verify the identity of their foreign customers and (ii) notify the Department when a foreign person transacts with that provider or reseller to train a large artificial intelligence (“AI”) model with potential capabilities that could be used in malicious cyber-enabled activity. The proposed rule also contemplates that the Department may impose special measures to be undertaken by U.S. IaaS providers to deter foreign malicious cyber actors’ use of U.S. IaaS products.  The accompanying request for comments has a deadline of April 29, 2024.

The Proposed Rule would effectuate many of the requirements laid out in the Executive Order on Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities (“E.O. 13984”).  E.O. 13984, issued three years prior to the Proposed Rule, set in motion requirements for IaaS providers to enact certain customer identity verification procedures and take special measures to prevent their services from being used by foreign actors for malicious cyber-enabled activities.  The AI provisions of the Proposed Rule stem from the more recent Executive Order on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (“E.O. 14110″), issued on October 30, 2023, which directed the Department to propose regulations for U.S. IaaS providers to (i) submit reports to the Department when a customer transacts with the provider to train an AI model that could be used for malicious cyber-enabled activities and (ii) ensure foreign resellers of IaaS products also conduct identity verification of foreign account holders.

The proposed regulations are further explained and summarized below:Continue Reading Department of Commerce Issues Proposed Rule to Regulate Infrastructure-as-a-Service Providers and Resellers