AI Archives

NIST AI Risk Management Framework

The NIST AI Risk Management Framework launched in January 2023 with language so carefully neutral it could have been written by committee — because it was. Two years later, something unexpected has happened: it has quietly become the closest thing the United States has to a de facto AI governance standard, cited in state legislation, […]

AI Governance Framework: How to Align with the EU AI Act, NIST AI RMF, and State AI Laws

Artificial intelligence is already inside your business. It may not be approved. It may not be documented. It may not be reviewed by legal, privacy, security, compliance, HR, or procurement. It may not be listed in your vendor inventory. It may not appear in your privacy notice. It may not be covered by your data […]

Meta Left Employee Keystroke Data Exposed Company-Wide After Internal AI Training Program Raised Alarm

Meta built a program to watch its own employees. Then it failed to watch the program. According to an internal security notice obtained by WIRED and confirmed by three current employees familiar with the matter, Meta left potentially sensitive data collected from worker laptops accessible to anyone inside the company. The data in question was […]

Shadow AI Is a GLBA Safeguards Rule Problem

If you work at a financial institution you will want to get your privacy compliance and AI governance posture in place because the FTC is actively looking for violations. Your employees are not trying to create a compliance crisis. They are trying to do their jobs faster. But the AI tools they are reaching for […]

AI Scribes in Mental Health Care: Consent Theater, HIPAA Gaps, and the Privacy Crisis Hiding in Plain Sight

There is a recording device in your therapist’s office. You may have consented to it. You almost certainly do not know what happens to the recording afterward. This is the quiet reality unfolding across major health systems as AI-powered ambient scribes — tools that listen to and transcribe clinical encounters in real time — are […]

Privacy Regulation in the Age of AI: Experts Call for Radical Shift from Consent to Institutional Accountability

In March of this year, Carnegie Mellon University’s Block Center for Technology and Society convened a group of interdisciplinary experts to grapple with a pressing question: how should privacy regulation evolve as artificial intelligence reshapes the data landscape? The discussions, summarized in a recent center publication, paint a sobering picture of a regulatory system ill-equipped […]

Agentic AI Is About to Turn Payments Into a Compliance Minefield

Agentic AI is being sold as the next evolution of online shopping. That undersells what is really happening. The shift is not simply from search to checkout, or from chatbot to shopping assistant. The real shift is from human-directed commerce to delegated commerce. Consumers will not just ask AI for product recommendations. They will authorize […]

Meta Removes Hidden Facial Recognition System From Smart Glasses App After WIRED Investigation

Meta quietly embedded an unreleased facial recognition system into a companion app for its smart glasses — and just as quietly removed it after a journalist found it. The episode is a case study in how privacy-invasive capabilities get built into consumer products before legal frameworks catch up, and what it means for the organizations […]

You Trust Your Chatbot With Everything. Should You? How AI Providers Extract and Handle Your Conversations

We pour our hearts out to AI chatbots. Health worries, financial secrets, relationship troubles, creative ideas, and even legal strategies flow freely into these digital confidants. The conversation feels private—like talking to a trusted friend or professional. But according to a detailed study by Professor Theodore Christakis of the University of Grenoble Alpes, that sense […]

GDPR Compliance When Using Claude Enterprise

A question spreading across compliance forums right now cuts straight to the heart of how modern businesses are deploying AI tools: if we use Claude Enterprise but don’t have Zero Data Retention, are we actually GDPR compliant? It’s the right question to ask. HR teams are using Claude to screen CVs, build payroll dashboards, and […]

Captain Compliance Platform Overview

Get an Overview of our all-in-one data privacy platform

Cookie Scanner

Get a real-time view of all the cookies on any website

Privacy Notice Generator

Central place to manage your privacy policy tied to your consent and Cookie Policy

Cookie Consent Manager

Manage consent for data privacy laws around the world

DSR Portal

Easily manage Data Subject Requests in your DSR Portal

Cookie Transparency Page

Build trust by showing users the most current cookies on your site

By Regulation

Compliance