Morrison Foerster is an international law firm with lawyers practicing throughout the United States, Asia, and Europe. Click to discover more.

mofo_share_image.jpg

Morrison Foerster

common-default.jpeg

Terms / Notices

Cookies

Privacy Policy

Reporting Hotline

Attorney Advertising

Alumni

  Linkedin

MoFo LinkedIN

  Facebook

MoFo Facebook

YouTube

MoFo Youtube

Morrison Foerster - Footer

5 Ways to Address the Legal Risks of Employee AI Use

You have not solved the recaptcha challenge yet or session expired, try again.

Email Disclaimer

Disclaimer

Unsolicited e-mails and information sent to Morrison Foerster will not be considered confidential, may be disclosed to others pursuant to our <a href="https://www.mofo.com/about/privacy-policy.html">Privacy Policy</a>, may not receive a response, and do not create an attorney-client relationship with Morrison Foerster. If you are not already a client of Morrison Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

Feedback

mofo-logo-2022.svg

People

Capabilities

Resources

About

Community

Offices

Careers

Stay Connected

In an article authored for Law360, Linda Clark, Marijn Storm and Dan Alam discuss how employees' use of unapproved artificial...

<h3>Sorry, we weren’t able to find the terms you entered.</h3>Please try a different term or keyword.

People

Capabilities

Resources

Not Found Cards

We are Morrison Foerster — a global firm of exceptional credentials. Our clients include some of the largest financial institutions, investment banks, and Fortune 100, technology, and life sciences companies. Our lawyers are committed to achieving innovative and business-minded results for our clients, while preserving the differences that make us stronger.Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Prior results do not guarantee a similar outcome.

About Morrison Foerster

people-default-header-desktop.jpg

people-default-header-mobile.jpg

Default Meta Data

In an article authored for Law360, Linda Clark, Marijn Storm and Dan Alam discuss how employees' use of unapproved artificial intelligence tools, known as shadow AI, is no longer just a hidden IT risk for companies, but also a regulatory and governance issue across jurisdictions. The article outlines the risks of shadow AI and suggests practical steps for lawyers to map shadow AI risks in their organizations, implement lawful and practical guardrails around employee use, and prioritize steps for the short term.As discussed within the article: “Bans on the use of AI tools in workplaces often backfire. Only controlled enablement, transparency and training provide a defensible path to safe and compliant use of AI and the many benefits it offers. Shadow AI is unlikely to disappear. Employees will continue to seek out tools that make their work faster and easier. The pressing task for companies — and their lawyers — is to implement appropriate governance to reduce the risk that shadow AI is used within their organization and mitigate the risk of when, not if, it occurs.”Read the <a href="https://media2.mofo.com/v3/assets/blt5775cc69c999c255/blt65fbfba996c4f8fa/68f23bd5c6270a0650fde860/251015-ways-to-address-the-legal.pdf" target="_blank">full article</a>.

Sign Up

Linda Clark is a partner in Morrison Foerster’s Data, Cyber + Privacy Group. Prior to joining the firm, Linda served as the Chief Data Security Counsel for RELX, where she led the data security legal compliance efforts for RELX in over 40 countries and across their operations in four different market segments worldwide. Prior to that, Linda was a litigator at a large New York law firm. She has over 20 years’ experience advising clients, including on data security best practices and obligations, designing and implementing frameworks for compliance across large multinational organizations, and in complex litigation and regulatory matters.Linda’s practice centers on crafting strategic and comprehensive data security risk management programs, providing business-focused and practical advice, and leveraging her knowledge and deep experience to help organizations and their stakeholders, at all levels, prepare for and respond to incidents on a global and operationally feasible basis. This includes working with clients to proactively prepare for cyber incidents, including by developing incident response programs and risk assessment methodologies and conducting tabletop exercises for global audiences of varying seniority and responsibility. This comprehensive approach to incident readiness helps organizations hone the skills they will need to support critical decision making in high-stakes situations, allowing organizations to implement and leverage an incident response framework that goes beyond legal compliance and supports ethical decision-making.A defining aspect of Linda’s counsel is her ability to translate complex legal issues into actionable advice while accounting for the myriad and diverse concerns of stakeholders at all levels of an organization. She combines an in-depth understanding of technology and cybersecurity with knowledge of the challenges and opportunities clients face when addressing real-world issues. She has a broad command of global privacy and data security laws, having worked on matters in the United Kingdom, the United States, France, Japan, the Netherlands, South Africa, Australia, China, Austria, Brazil, the Philippines, and Germany. She frequently engages with regulators and law enforcement, enabling her to understand and navigate regulatory reviews, third-party audits, and investigations on behalf of her clients around the globe.An industry thought leader, Linda frequently speaks at conferences and educational institutions and is sought out by leading publications and think tanks for her analysis on timely data security and privacy issues, including the American Bar Association (ABA) Cyber Security Institute on topics such as ethical obligations to secure client information, cybersecurity risks, trends in the law relating to data security, and risk management and minimization strategies. Linda also speaks at schools and universities to educate younger generations about safeguarding their digital identities. Additionally, Linda works with leading U.S. nonpartisan, nonprofit law-and-policy think tank, the Sedona Conference, where she has served on the Data Security and Privacy Liability Leadership Council since 2017.Linda graduated cum laude from Barnard College, Columbia University, and is a graduate of the University of Michigan Law School. While at Barnard, Linda was a Research Assistant for the Human Learning and Memory lab, and also focused her studies on human and primate cognition. She is also a Certified Information Privacy Professional (CIPP/US) and a Steering Committee Member, New York City Bar’s Cyrus R. Vance Center for International Justice, Miami Chapter of “Women in the Profession.” She previously served on the Steering Committee for the Cybersecurity Leaders’ Roundtable as well as on the Executive Committee of the Leukemia and Lymphoma Society.

Linda Clark

Partner

Marijn Storm specializes on the intersection of law and technology, with a focus on cutting-edge technologies, such as (generative) artificial intelligence (AI) and large language models, ethical tech, and biometrics. Based in Morrison Foerster’s Amsterdam office, he advises global companies and organizations on a wide range of their most complex and pressing privacy and data security challenges.Marijn’s deep experience in both law and technology enables him to navigate the rapidly evolving landscape of privacy, data security, and technological innovation. Bridging the gap between legal requirements and technological advancements, Marijn advises and educates in-house legal teams on how to effectively manage and oversee technical applications such as AI and, specifically, generative AI. In addition, Marijn trains technical teams on implementing technical solutions in a privacy-by-design fashion, enabling compliance with AI and data protection laws around the world.Marijn also represents clients in class action and other litigation. For example, he has defended both digital advertising and public health clients against claims of alleged GDPR violations. In addition, he counsels clients on investigating and responding to major cybersecurity and ransomware incidents, including notification and related obligations. Marijn has also assisted a number of companies in obtaining regulatory approval for their Binding Corporate Rules, in both the EU and the UK.A recognized thought leader, Marijn regularly speaks at international data protection conferences (including IAPP) on topics such as the future of behavioral biometrics, the ethical application of AI, and developments in EU class actions. Marijn frequently publishes articles and client alerts on a variety of evolving topics, such as the EU AI Act and the NIST AI Risk Management Framework. Since 2019, he has been a guest lecturer at the Tilburg Institute for Law, Technology, and Society, where he teaches Algorithmic Accountability within the biannual course on AI & Law.Marijn is a Dutch-qualified lawyer and is fluent in Dutch and English.

Marijn Storm

Dan Alam is a member of Morrison Foerster’s global Data, Cyber + Privacy Group, based in London. He provides advice to companies on various data‑related matters, including product counseling, regulatory investigations, security incidents, data transfers, litigation, mergers and acquisitions (M&A), and the development of robust data protection and AI compliance programs. Dan is recognized as a key lawyer in the Legal 500 UK (2024, 2025) for privacy, data protection and cybersecurity law.Dan regularly handles multijurisdictional projects and advises companies across various industries, including technology, semiconductors, interactive media, insurance, pharmaceuticals, hospitality, retail and logistics sectors.Dan has significant knowledge in employee privacy issues and the <a href="/gdpr-european-privacy/whistleblowing" target="_self">EU Whistleblowing Directive</a>. He has collaborated with several companies to design and implement global whistleblowing systems. Additionally, Dan supports companies in implementing their <a href="/capabilities/dei-strategy-defense" target="_self">diversity, equity and inclusion (DEI)</a> programs by advising on the collection and use of DEI data to support and advance DEI initiatives.  Examples of Dan’s other experience include:<ul><li>Advising technology companies on the launch of new products, including AI systems.</li><li>Conducting audits on the maturity of the data protection compliance programs of multinational companies.</li><li>Working with companies to respond to large-scale security incidents.</li><li>Providing support to companies on how to comply with cross-border data transfer and data localization restrictions.</li><li>Helping to respond to regulatory requests and investigations from the UK Information Commissioner's Office (ICO) and other EU data protection regulators, including in relation to direct marketing, individual rights requests, the collection and use of children’s data and data security incidents.</li><li>Advising on age assurance mechanisms and obligations under the UK Online Safety Act.</li><li>Defending companies against claims for compensation in respect of alleged breaches of privacy and data protection law.</li><li>Negotiating data processing agreements on behalf of companies acting as controllers and/or processors.</li><li>Providing specialist data protection and AI support on various public and private transactions, with particular experience advising on the acquisition of technology, semiconductor and AI companies.</li><li>Guiding employers on their employee monitoring practices and the collection of DEI data.</li><li>Participating in industry working groups to respond to government and ICO consultations on employee data protection issues and new UK data protection legislation.</li></ul>Before joining Morrison Foerster, Dan spent two months working at the Irish Data Protection Commission.Dan actively contributes to the firm’s pro bono initiatives by working for a variety of charities and NGOs, including by advising on social security and statelessness issues. He was part of the collaboration between Asylum Aid and various law firms that was recognized with the “Excellence in Pro Bono” Award by the Law Society of England and Wales in 2021 for work addressing the issue of statelessness in the United Kingdom. Dan is also co‑chair of the Morrison Foerster London ethnic minority <a href="/culture/diversity/affinity-groups" target="_self">affinity group</a> – MoFo Together.Dan is qualified as a solicitor in England and Wales.