惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
T
Threat Research - Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
A
Arctic Wolf
Security Latest
Security Latest
Simon Willison's Weblog
Simon Willison's Weblog
I
Intezer
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Troy Hunt's Blog
Latest news
Latest news
Help Net Security
Help Net Security
S
Security Affairs
Webroot Blog
Webroot Blog
The Hacker News
The Hacker News
AI
AI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Tor Project blog
Forbes - Security
Forbes - Security
Google DeepMind News
Google DeepMind News
AWS News Blog
AWS News Blog
Attack and Defense Labs
Attack and Defense Labs
P
Proofpoint News Feed
www.infosecurity-magazine.com
www.infosecurity-magazine.com
H
Help Net Security
L
Lohrmann on Cybersecurity
S
SegmentFault 最新的问题
Google Online Security Blog
Google Online Security Blog
MongoDB | Blog
MongoDB | Blog
Cyberwarzone
Cyberwarzone
The Last Watchdog
The Last Watchdog
S
Securelist
N
News and Events Feed by Topic
S
Secure Thoughts
F
Fortinet All Blogs
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
量子位
M
MIT News - Artificial intelligence
F
Full Disclosure
T
The Blog of Author Tim Ferriss
T
Tailwind CSS Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Microsoft Security Blog
Microsoft Security Blog
I
InfoQ
P
Privacy International News Feed
L
LangChain Blog
Know Your Adversary
Know Your Adversary
C
CERT Recently Published Vulnerability Notes

WhatIs

Hims & Hers launches AI agent for lab results Twilio revamps, updates customer engagement platform Most patients find appointment scheduling, billing overly complex Teradata's latest targets putting agentic AI into production AHA, Joint Commission launch cyber resilience program Tableau in transition as AI forces BI vendors to evolve California hospitals sue Elevance over out-of-network penalty CMS Health Tech Ecosystem adds electronic prior auth pledge Atlassian MCP updates take aim at AI token usage Leapfrog: Hospitals improved in 17 patient safety measures United promises another 30% cut to prior auths in 2026 AI outperforms docs on clinical reasoning, but not ready for solo work ServiceNow's Autonomous CRM takes aim at Salesforce ServiceNow reintroduces itself as an AI 'security company' New Tableau leader talks vendor's evolution in era of AI Deloitte warns of a "bubble effect" caused by the GLP-1 boom Tableau repositions for AI, unveils new knowledge layer IBM Bob AI coding agent ships, HashiCorp AIOps previewed DOJ forms West Coast Strike Force to stop healthcare fraud Most people benefit from the ACA's free preventive services SAP acquisitions of Dremio, Prior Labs target AI development Bridging the gap: Legacy tools gain enterprise AI support Amazon Connect Talent: AWS enters AI interviewing market AHA, West Health launch health tech adoption initiative How are states preparing for Medicaid work requirements? Medical device security improves, but cyberattacks remain pervasive Weekly news roundup: Musk vs. Altman, Google’s Pentagon AI deal, China and EU hit Meta Skin substitute spending driven by patients, products, prices Clinical AI company Aidoc snags $150M in new funding Qlik's Capone departs after eight years as CEO OIG: CMS paid millions in improper virtual care payments FDA moves toward real-time review of clinical trial data FQHCs in low-income neighborhoods have lower cancer screening rates Solving quantum computing's longstanding no-cloning problem Qdrant boosts performance, reliability to meet AI needs Racial health disparities still impact U.S. as policy changes loom Agentforce Operations tackles workflow orchestration Boehringer's dual agonist obesity drug spurs up to 16.6% weight loss Legacy architecture, awareness gaps stifle microsegmentation adoption in healthcare AMA alerts officials of health plans' No Surprises Act abuse Latest SAS capabilities focus on fostering reliable AI AHA calls for TEFCA individual access SOP delay, citing patient privacy concerns Actian targets secure, compliant AI with new vector database Payers promise standardized electronic prior auths MIT EmTech: 2026 is the year AI goes to work As Claude Design debuts, Adobe users -- and buyers -- shrug GoodData joins agentic AI development mix with Agent Builder Comfort, affordability top drivers of digital mental health tool use CMS accelerates Medicare coverage for breakthrough medical devices Weekly news roundup: Tim Cook exits Apple, Meta layoffs intensify and Anthropic investigates Claude Merck inks $1 billion AI drug development deal with Google Cloud OCR settles four HIPAA investigations, prioritizes risk analysis OpenAI launches ChatGPT for Clinicians 90% of patients re-check AI chatbot health info with other sources Gemini Enterprise Agent Platform adds 'connective tissue' to Vertex AI AMA urges greater oversight of AI mental health chatbots CMS benches BALANCE Model for Medicare Former ransomware negotiator pleads guilty to BlackCat conspiracy New Google TPUs multiply AI infrastructure efficiency When brand-name drugs need a prior auth, brace for delays Google unveils data cloud purpose built for agentic AI Snowflake updates further goal of being control pane for AI UnitedHealthcare eliminates prior authorization for rural providers Yelp launches appointment scheduling button from Zocdoc Oracle takes steps toward CMS Health Tech Ecosystem goals OpenAI debuts AI model GPT-Rosalind to speed up drug discovery Which patient care access barriers deter cancer screening? Redis unveils Feature Form to improve AI, ML workloads Adobe defines its AI-powered customer experience platform How to escape agentification pilot purgatory for scalable AI New HSCC guidance tackles third-party AI risk Data quality, fast failures and quick wins key to AI success Stop Overpaying for Storage: A FinOps Guide for CIOs AWS launches AI-driven tool to speed up early-stage antibody discovery AMA: Clinician burnout in specialties persists as overall rates drop Mental health parity remains elusive in 43 states Before revenue cycle AI, payers and providers need to get along Edge and physical AI poised to upend enterprise networks Salesforce releases Agentforce dev tools, updates Agent Fabric Cyberattack continues to disrupt operations at Signature Healthcare FDA reminds sponsors, researchers to report clinical trial results AI arms race leading to prior auth problems, reimbursement cuts Abridge dives deeper into clinical decision support with NEJM, AMA AI provider search is here. How can health orgs stay visible? Judge dismisses No Surprises Act lawsuit against HaloMD What IT leaders should know from Nutanix .NEXT HubSpot builds answer engine optimization into its platform Sutter Health, MemorialCare face class action lawsuit over AI scribe use Latest Qlik tools target helping users achieve AI goals CMS taps Verily, Noom, 150+ others to participate in ACCESS model Starburst intros AI assistant to boost analysis, exploration Payers face faster prior authorization approvals under CMS proposal Lenovo deploys AI data agent for marketing, UX, e-commerce Cisco Galileo buy reflects blurring lines in AI observability CMS proposes 2.4% IPPS bump, joint replacement model expansion Patients unsure what to trust amid health information overload Nutanix expands flexibility by building out external storage Amazon Pharmacy adds Lilly's obesity pill with same-day delivery ServiceNow AI pricing change takes on enterprise ROI struggles Oracle's Sudha Raghavan on AI's infrastructure renaissance
HR must have a say in AI policy to forestall legal risks | TechTarget
David Essex · 2026-06-18 · via WhatIs

In this Q&A, employment attorney Deepa Menon explains the legal risks of using AI for workforce decisions and why lawyers, HR and IT must agree on a framework before implementing AI.

ORLANDO, Fla. -- The legal risks of using AI in HR processes, such as bias in hiring, performance management and promotions, are well known. But organizations face a bewildering array of other risks from AI, from data privacy litigation to loss of trade secrets and contractor disputes. Regulatory environments are numerous, vary widely by jurisdiction and change often.

Attorney Deepa Menon helps organizations and their HR departments understand the nuances of the legal risks they face when applying AI to their workforces. While many problems predate AI and tread familiar legal territory, the technology adds new complications with which most organizations are unfamiliar.

Menon is a partner based in the Washington, D.C. office of Eversheds Sutherland, a global law firm. She was interviewed right after giving a presentation on the topic at the 2026 annual meeting of the Society for Human Resource Management (SHRM). The interview was edited for length and clarity.

Deepa Menon, Partner, Eversheds SutherlandDeepa Menon

Why are the legal risks of AI so important right now?

Deepa Menon: In the United States, it is very important for multiple reasons. One is that we have a patchwork of laws. AI implicates so many different laws on so many fronts, each of which has a patchwork of laws associated with it. The compliance framework gets that much more complicated. The second reason is the kind of litigation risk we're seeing with AI. The minute you've removed the human component, there is more of a litigation risk. It raises the bar because trying to defend something that runs in an automated way is definitely harder than defending something where human beings are involved and specific directives are being given and risk assessments are done.

Can you summarize the risks?

Menon: When you think about AI and HR, the first risk is that of litigation -- claims based on bias or discrimination: This tool has an inherent bias, it was deployed and therefore I was adversely impacted because it had nothing to do with my qualifications or objective criteria that could have been at play.

The second risk is to a company's information. We live in a time where more AI tools are accessible, so if the enterprise doesn't have its own AI tool, employees are likely to use public tools. That means potential leakage of confidential information or trade secrets. AI models are often trained using data, and if you're using my company's data to train another company's model, there's potential leakage. This happened. We saw this with the Samsung case where an engineer put some code into a public GPT platform.

Companies are afraid their data is being used to train other models. Is data getting mixed up, or are vendors able to keep it separate? How does the company know the data is being kept separate?

There is also intellectual property risk. If companies are developing their own AI models and bringing contractors in, it accelerates the risk. What if a contractor's data is being used to train the AI model? Does the contractor now have rights to the model itself? Can they say their data was used to train this model, and therefore they have IP rights over it?

Lack of documentation then becomes a real risk, whether it's lack of contract documentation or policies that clearly tell employees how to use AI.

In your presentation, you called HR leaders' attention to a huge number of risks. Is it possible to name two or three to tackle first?

Menon: The thing that makes this a little complicated is it could be sector specific: small company versus big company versus nonprofit versus publicly traded company versus which sector they sit in and the kind of data they tend to deal with.

That said, the first risk to look out for is any automated system that completely removes the human component. You want to ensure there is a human component in there somewhere, because that will be your biggest defense if there is a claim.

Second is the risk that HR is simply not involved when an HR AI tool is adopted. We have seen that go south very quickly because of tech innovation that doesn't take into consideration the real-world implications of deployment in their workforce, and the communication, disclosures and compliance that have to go with it. We've generally seen companies run into major challenges when HR was not in the room. 

This is one place where legal counsel and HR have to work together. There are so many legal ramifications to every AI rollout. It could look like it's just an employment issue, but there could be an IP issue or unfair trade practice issue behind it. There could be so many other implications because the data that's being used and the far-reaching impact of the AI output could go beyond just the contours of employment.

Given the patchwork of regulations at the U.S. federal, state and even city level, plus in other countries, should organizations take a wait-and-see approach? For example, in the federal government, there's been a lot of back and forth and a lot of question marks.

Menon: Two things. One, this is not an area where you want to be a trailblazer and the first to have implemented something. The second is that 100% compliance with every single global AI and privacy law is impossible. It's true of GDPR and U.S. laws. You can only do so much. You have to pick the big battles and comply with specific pieces to the greatest extent you can.

There are upsides and downsides to the wait-and-see approach. Where you have an unsettled area of law, you probably want to see how things go before you pour a lot of money into AI implementation. That said, the risk -- and this is especially true in the U.S. -- is if there is an impact on the employee, it could be fodder for litigation.

It's almost a risk-benefit analysis. I've had companies say there's a DSAR [Data Subject Access Request] in California and we know this employee is going to sue us. Do we comply with CCPA [California Consumer Privacy Act] or give this person free discovery? Which penalty is greater?

There is a constant risk-benefit analysis of whether to comply and make immediate disclosures. Or do you limit your disclosure and wait and see how much disclosure will be required in the particular jurisdiction? There are risks associated with over-disclosure and under-disclosure.

HR historically has been reactive to AI and blocked things IT wanted to do because they were too risky. You say HR's role has drastically changed and should change, and the new model is for HR to work with legal counsel and IT to create a framework before implementing anything.

Menon: When new technology comes out, you're going to have either joy or disgruntlement in how employees react to it. We often forget when we do AI rollouts, especially in the workforce, that these are people, and people have people reactions to things.

We often forget when we do AI rollouts, especially in the workforce, that these are people, and people have people reactions to things.

HR is the first line of defense for a company when there are people reactions. HR must be able to explain why, but also how a tool works and what the benefit is. HR must first be convinced that a tool is important. It's a human trait to have to understand the technology and be convinced about it before you can defend it in front of an employee. When HR is not in the room when these workforce AI tools are being adopted, it is put at a disadvantage because the line of communication with employees is impacted.

It especially becomes an issue with a global rollout because we don't live in a world where people are siloed by jurisdiction. Organizations have to realize that they have cross-border sharing of information between employees on what tools are being deployed and their impact.

Your presentation mentioned reductions in force (RIFs) and the Worker Adjustment and Retraining Notification (WARN) notices companies must give about layoffs. Legal issues aside for the moment, what is the role of HR in helping employees with their fears about job loss? Part of their role is to train people to use AI and help them move into roles that AI could free them to do. At the same time, HR is the people you never want to see in the room when a big, unexpected meeting is called. HR is in all sorts of difficult positions here.

Menon: With most of the job loss or reskilling issues it comes down to one single factor: trust. Do they trust the company? It's not very different from when you have an investigation and ask an employee if you can have their phone for forensic investigation. If trust exists, the employee will say take my phone; I know you're not going to do anything with it.

When there's an AI tool rollout, if trust exists, there is less concern among employees because there is an innate understanding the company is trying to make things better for them. Often, when employees raise concerns, it's because that underlying trust is already fractured. It could come down to things like whether pay equity exists in the company and decisions are fair and objective, or whether there is a clear path to employment decision making and the complaint process is clear.

If there's an issue with AI, it tells you there is a cumulative trust deficit. When companies are able to work on the trust deficit, we see these issues start to reduce.

Bringing legalities back in, if employees suspect layoffs are AI-driven, what are the potential legal issues?

Menon: It's less of a problem when you have a whole plant closing, but if you have selective mass layoffs and AI has been deployed, you have clear litigation risk because the question is whether the AI tool is somehow selecting or not selecting people in a protected category.

How about when certain tasks or jobs were clearly automated with AI? Are there legal implications if employees suspect they were replaced with AI?

Menon: Say there are two departments that do similar things, and AI is only deployed in one department that just happens to have more women. They might ask: Why did you deploy it here and choose us for termination?

It's case by case. Anything could be a litigation risk if it's not implemented uniformly.

Care to make any predictions about where this is going at the federal level?

Menon: I think we're going to see more of a hands-off approach. That said, the Title VII protections against discrimination continue to exist. Say there's an AI tool that scrapes the internet for background information and gives you all the things an individual has done or pulls all their social media. There's a huge question whether that is a background check bound by the FCRA [Fair Credit Reporting Act]. At the federal level, they've said they're probably not going to pursue it, but there is litigation being advanced based on that exact same theory.

The federal government has always stepped away from privacy law, and not just this administration. We've always kind of left it to the states to regulate. Pending state legislation is on a huge uptick. While the federal piece might not exist, companies will essentially end up in the same place if the litigation risk and state privacy statutes continue the way they have.

David Essex is an industry editor who creates in-depth content on enterprise applications, emerging technology and market trends for several Informa TechTarget websites.

Dig Deeper on Core HR administration technology