Cybersecurity experts are seeing more threats with the growing popularity and use of artificial intelligence, and it’s important for people to understand where their information is going, according to Tom Vincent, who teaches Cybersecurity Law and Policy at The University of Tulsa’s College of Law.
“Understanding how that information is shared when it goes into an AI platform is something that is a new idea for a lot of people,” said Vincent, who is a cybersecurity and data privacy practice group lead at law firm GableGotwals.
“I work with clients to prevent data breaches, to keep things from happening, to focus on those compliance requirements. In many respects, cybersecurity is very compliance driven,” Vincent said of his work at the law firm. “There are a number of different laws, regulations and rules from different states, countries, and in some cases, contractual requirements of clients, that dictate how we prepare for and prevent things from happening, as opposed to just reacting to things.”
He said he wants students in the UTulsa course to not only understand the laws and statutes, but to talk about them in a meaningful way with people who may be impacted.
“This issue is an interesting one in general, because it’s not something that stops when you go home,” he said. “It’s something that impacts people personally, both if they are at home logging into their work computer, or if they are receiving things from work or from other people at their personal computers or personal devices. So, it’s an issue that can manifest itself in different ways.”
Vincent previously taught a cybersecurity law course for a master’s degree program in UTulsa’s College of Engineering & Computer Science, home to the renowned School of Cyber Studies.
“You’re taking these concepts that most people may not be familiar with and translating so that people can understand them,” Vincent said. “There are a number of different careers that can come out of being able to do that. Many organizations are developing specialized positions to address security and privacy issues.”
Some local organizations have had data breaches in recent years. Vincent spoke generally about what role a lawyer plays in such situations.
“On the front end, I’ve performed risk assessments for clients. I’ve helped them with their mitigation plans. I’ve drafted policies and procedures,” he said, adding that he also provided employee training.
On the back end, he said one thing lawyers do is assist with incident response, where they come in and ask what happened, what information got out, and what needs to be done, including reporting the breach to any required agencies. They also look at company insurance policies.
“More often than not, we’re there to provide, essentially, a baseline: ‘Here’s what you need to do.’” That, Vincent added, can help companies and individuals regain a sense of control over the situation they didn’t have before.
First-year UTulsa law student Jaela Sanderson (B.S. ’24) majored in environmental policy as an undergraduate and took Vincent’s course as part of her minor in law, policy, and society.
“Cybersecurity is important because it is something that impacts nearly everyone in this technology-driven world,” Sanderson said. “Generally, most people want their sensitive information protected, which is why we need cybersecurity agencies regulating major systems and implementing laws to secure our privacy.”