IGHS56 - Navigating the Intersection of AI and Information Governance with Kevin Benedicto

Jim Merrifield (00:00.837)
Well, hello and welcome to the InfoGov hot seat. I'm your host Jim Merrifield and with me today is Kevin Benedicto at Redgrave. Welcome, Kevin.

Kevin Benedicto (00:08.984)
Thank you so much for having me, Jim.

Jim Merrifield (00:11.301)
Yeah, it's great to have you on the Hot Seat. I know we saw each other briefly at InfoCon. so was nice to meet you in person. Nice to see you again virtually here. We'll get to the conference in a moment. But before we get to that subject, would you like to provide a brief introduction of yourself, your current role, and one fun fact about yourself?

Kevin Benedicto (00:31.298)
Yeah, absolutely. Again, I want to start off by thanking you for having me. I feel like I'm in the presence of a celebrity because at Infocon, you're always up at the lectern surrounded by all the fancy people. So a little starstruck here. But yeah, thank you so much for having me. My name is Kevin Benedicto and I'm counsel at Redgrave LLP, which is a boutique law firm that practices exclusively in the area of information law. So we like to say we're a law firm that exists at the intersection of law and technology.

I think we do also exactly where ARMA and where Infocon live. So I think it's a really good match that we're always very involved. And so in my practice, I work on the advisory side for information governance, for data privacy, I do cybersecurity work. I'm developing, helping develop Redgrave's artificial intelligence law practice. And also I'm a litigator by training. So was definitely hopefully able to provide some wisdom from that experience at Infocon.

A fun fact about myself, when I was a younger lawyer, I got pretty involved in some pro bono cases related to criminal justice and police reform in San Francisco, which is where I live. And actually in 2022, I was appointed to the San Francisco police commission. And so in addition to being a practicing litigator at Red Grave, I also serve as a commissioner for the San Francisco police commission.

Jim Merrifield (01:53.145)
Awesome, well, congrats. Yeah, that's great. Great background. I know prior to Redgrave, right, you were at Morgan in-house as a lawyer. So now you're on the Redgrave side, being able to service clients. And again, thanks for sharing that fun fact. So let's talk about Infocon. I know your company recently attended Infocon in Houston. There are probably lots of takeaways. We've had some time to kind of, I guess, settle in.

after Infocon, but what were your key takeaways, Kevin, from the event?

Kevin Benedicto (02:27.086)
Yeah, absolutely. Yeah, Redgrave was so privileged to get to attend Infocon. We work closely with organizers and sort of were able to help a lot with the legal track. So for any of your viewers that attended the legal track, had seven different panels that Redgrave organized on the legal track. I spoke on three of them on a variety of topics from defensible disposition to tips for Microsoft 365 and co-pilot and a lot of AI related topics, as well as an overview of.

US privacy law developments and international privacy law developments as well. So a real kind of covered the waterfront of the legal track of the conference. There were a number of takeaways that I think it really struck out to me and then now they're a little bit out. I think one just kind of being there at the legal track is so many people have questions about the shifting legal landscapes in the US and internationally.

We don't always have the answers because it's shifting so fast. I the story I shared in one of our presentations was in 2019, California was the only US state with a comprehensive data security and privacy law. And now there are 20 states that have it and with more on the way. And so you're really seeing this shifting legal landscape. And there are so many questions that our panels had so many questions. How do I comply with all these shifting requirements? How do I deal with the fact that

Washington requires this, Texas requires this, and our company is global, there are so many of the ARMA attendees are. So I think one is there are many legal questions about that landscape. A few others, I really think that IG and good records management is more important than ever with the rise of AI. I know we're gonna talk about AI a little bit later. I think it's on the front of mind for pretty much every company these days, whether you are deploying it, whether you're thinking of how can you leverage the data you have.

to be valuable to as a training set, whether it's how you streamlining your own operations with artificial intelligence. It's really, and it really is that at the moment where good information governance, good records management is more important than ever. And then I'll go with two more. One, I'm going to steal from my co-panelists, Jennifer Brown at Genesis, who gave a great line that said, we are as diverse as our data, which I think really resonated with me throughout the conference where

Kevin Benedicto (04:45.346)
We had huge multinational companies there who have legal departments and IG departments bigger than my law firm. And we had tiny companies where the person there is solely responsible for all IG and all RM and probably also compliance and audit and so many other functions. We have people that operate in two states and people that operate internationally. And so I think some people have just traditional paper records and some now have AI training data or biometric data.

There's no one-tie-all-fit solution because we are really as diverse as our data. And the last one really is that when you tie all these things together, when you look at the shifting landscape, when you look at the rise of AI, when you look at how diverse the data set and the companies are, I think we're on the real precipice of a sea change, driven a lot by the rise of AI. But I think that we're going look back at this as a real inflection point on how IG and RM is looked at within organizations and within the industry.

Jim Merrifield (05:40.463)
Yeah, I completely agree. Those are some excellent takeaways. Of course, AI has taken center stage. And I know you mentioned in the outset that you're focused at Redgrave around deploying an AI practice. So there were lots of discussions around AI. I'm sure you were central to those conversations. And I do agree with you that IG professionals need to really stay ahead of the curve. So what advice do you have for

IG professionals that are listening to this podcast. What should we be doing or focused on?

Kevin Benedicto (06:15.47)
Yeah, I mean, that's a great question. I mean, I think by my account, more than 80 % of the panels at Infocon either were directly about AI or were not, but at some point had in a slide on a reference something about AI because it really touches every part of our industry and really of all industries. I spoke recently at an event about AI for the Santa Clara County Bar Association in California. And we talked about how no company is immune

to AI in some fashion. Even if you're the most analog, if you're a company that makes silverware, and it's a factory, it's about as analog as you can get, it's likely that your hiring process is now involving an algorithmic decision-making tool, because you use a provider for that. You might have a customer service chat bot that is ingesting information and is using AI. There is no industry or company that won't be affected one way or another. Even the choice to not adopt AI tools.

will begin to have its own implications. So even for companies that don't adopt tools, that choice itself involves having to weigh and look at your tools. So there really is everywhere. So I think that's one thing is that if you think that you're, think the same is true for data security and cybersecurity and those sort of laws. If you think that you're not part of that, you need to reassess and look at your things more closely. For example, we had a speaker, Steve Golden, who's at Sony Pictures Entertainment and

One piece of IG that he's responsible for that is kind of non-traditional is closed circuit TV footage from their backlots and from their, you wouldn't think of that as, I'm capturing data, but under a lot of these new state international laws is that that's likeness data. that potentially, you know, like what are you collecting or the implications? I think that that's one piece of advice is that you're in it. There's no opting out. A couple other things I think I would give for advice is,

Something one of the panelists said at a panel that we weren't part of, but I attended, I think I've been repeating nonstop, which is that the foundation to a successful AI deployment is good information governance and records management. You're only as good as your data. And if you don't have good hygiene, good security, good labeling, making sure you're like, then you're opening yourself up to your AI both being not as effective and to potential risks. If it goes wrong, there was a case study we talked about.

Kevin Benedicto (08:37.154)
which is sort of the nightmare scenario that a lot of lawyers have used in subsequent examples where one company was using a non-secured version of an AI tool and like just asking for tips on how to spruce up a presentation. But in that process, upload that presentation, not realizing, you know, good, good IG hygiene. Half way around the world, a competitor was saying, give me some presentation ideas to the same AI tool. And it spit out.

the competitors presentation complete with confidentiality labels and corporate labels because they were not using a secure environment and doing good data labeling. so AI will not be successful and exposes your company to huge risks unless you have good IG and good records management, because that's so, so, so important. Another thing that we'd heard consistently from a lot of people at the conference is it can be really hard for folks in the information governance.

teams to get attention from their higher ups, whether you're a law firm or a company, it's never the top priority of anyone but you. But AI often is. so AI can be an opportunity for, think, for information governance and record manager professionals to get that attention. If you sit under the CFO or might not get their attention for, we need to upgrade our labeling, we need to upgrade our sensitivity.

I bet they have an AI task force is getting a lot of attention. It's a way to get a seat at the table, because I think it's so important. And one challenge I think we heard across was how to, the number of different ways, whether it was at panels or at the informal events at the hoedown, we would get asked, how does IG get a seat at the table? And I think one way is using AI as that entry point, because in making that pitch that it's not gonna work well, or it's gonna expose you to risk unless we're at the table, making sure we're managing. Which is where I think my

other piece of advice is don't run from it. Like I said, there's no getting around it. I think as information governance professionals, as lawyers, we're inclined to be more skeptical than maybe our business side folks just want to be like, I saw on the news, everyone's using ChatGPT we should be using that everywhere. And so I think there's an instinct to like pump the brakes. And so I think it's about that balance, like don't run from it, because it's going to be like pushing against the seat, you can't get away from it. But also don't go in uncritically, figure out how it fits into your org, how best to use it as a tool.

Jim Merrifield (10:41.735)
Thank

Kevin Benedicto (10:56.344)
how to use together to seed the table and how to mitigate risk. And the last piece of advice, which is somewhat selfish, but get a good lawyer. There are uncharted legal risks that we're all learning. There are courts that are imposing new rules on lawyers using AI in their courts. There are state bars that are considering new rules on that. are Delaware, which is the home of America's corporations, is considering how it regulates AI. so law firms and lawyers are all learning it too, but you need to find

find a partner in a law firm in your legal department that can help walk through these thorny issues.

Jim Merrifield (11:33.327)
Yeah, no, that's excellent advice. I mean who doesn't want to talk about AI these days? I think every firm corporation has an AI task force. most of the time, the IG folks are usually responsible for policy within the firm, right? Maybe.

I see a lot of organizations developing a GenAI usage policy to have. So maybe that's some inroads there for the IG professional. you struck a cord with me. I think it's critically important for practitioners and business partners and even on the corporate side. I guess you could say law firms, corporations, which are clients.

and business partners to kind of work together to better understand Gen. AI. Because you go to these conferences and all three of those attendees are represented. And it's a great opportunity. I think any conference I attend because I'm very grateful that my firm is very supportive. But I take ownership.

Kevin Benedicto (12:35.79)
Mm-hmm.

Jim Merrifield (12:47.089)
You know, every conference I attend, come back and I say, listen, this is what was talked about and this is what I think we can implement into our strategic plan. This is what I think. And, you know, our CIO and I, we work really close together, know, GC as well. And I think it's important, you know, I guess the message there is if we're talking about Infocon, I think you mentioned it as well. It's just, you need to come back and bring some takeaways, right, to your organization and some action items because...

You know, we go to these three day conferences. We have a lot of fun. We do. But we also learn a lot. And there are some key takeaways from panels and speakers like yourself that if we don't take advantage of those takeaways and those that information, then what's the point really? I to say it like this, like what's the point of of going to these events? Like we love seeing one another, but there's practical examples and tips that us as practitioners.

Kevin Benedicto (13:18.478)
You

Jim Merrifield (13:43.655)
can take back to our organization. I think both of us agree that, there's so many nuggets of information. know thanks to you and even Ilta that put on that legal track. The sessions were amazing. I know there's a lot of tracks at ARMA, at Infocon. And I think the only ones that make sense to me are the legal ones, just because I've probably lived in legal for 20 years.

So I'm really appreciative of what you and Ilta do to kind of support those tracks. So thank you so much. Yeah, and look, Kevin, I know we talked about a lot here, especially around Infocon and AI and information governance professionals, but is there anything else that you'd like to share that we haven't covered yet with the audience?

Kevin Benedicto (14:22.135)
Absolutely.

Kevin Benedicto (14:35.958)
Yeah, I I think that one, like you said, I think the real value of these conferences is getting to have that networking and have that talk to people you otherwise wouldn't bump into. And I think one thing, know, oftentimes when I was on the law firm side, a lot of the conference I would tend to were really just lawyers, which don't get me wrong, there's a lot of value in getting a lot of lawyers in a room. A lot of issues with that too, but I think what's nice about Infocon is that it's such a mix of IG professionals from so many diverse, you

legal functions, compliance functions, audit functions. And so I think that's how you get those kind of innovative options when you're doing things like writing a GenAI policy, which we're helping a lot of our clients do. I think the next three to five years is gonna be really fascinating because AI is gonna continue to take off. You're going to see more adoption and you're also gonna see more issues come up. That example I gave about that presentation, you had a lawyer.

in New York, high profile have got sanctioned from using ChatGPT to make up cases. So you're going to see AI make mistakes, high profile, expensive, bad mistakes, no matter what your AI tool of choice is, that's gonna happen. And so I think that there are a lot of risks in the next five years and also a lot of opportunities for information governance to get to limit those and to get to play a bigger role in their organization. So I think that's one thing I think is an overall takeaway. I think, like I said, talk to legal, make sure you're all.

puzzling through these issues together and getting someone that can help work on these issues because we're all learning them. It's not just an opportunity to learn about how the law is changing and how your policy is changing. It's an opportunity to shape it. What the laws and policies are on AI in the next five years will be shaped by the people that practice in this space. So the people at Infocon are going to help shape that, whether it's policy of their companies or...

regulations or legislation that's going to be shaped by the people at that forefront. We're getting, which is again, like scary, but also a great opportunity to get to actually make that frontier that other people are going to follow. and I think the last thing is I really think that when looking at all of these changes, you see them as a tool with, with risks and opportunities. think one analogy, so one of my favorite presentations, I'm biased cause I was, I was on it, but we did a panel which was called, lessons learned from the flight of Icarus.

Kevin Benedicto (16:54.542)
successfully navigating copilot and the whole presentation was drawing parallels between the Greek myth of Icarus, who flew too close to the sun with wax wings and an adoption of AI and what the similarities were about hubris, about safeguards and using tools and about building things and using them responsibly. And I think that really was sort of a funny idea that one of our partners proposed, Martin Tully, but ended up being, I think, a really resonant from the field, a really resonant thing. think that's

one way that I hope your viewers can think about AI. It's an incredible tool. can allow you to fly and do things that you've never done before, do them faster, overcome obstacles. But if not deployed responsibly, those wings will melt and you'll find yourself falling without a net. So that's sort of my takeaway.

Jim Merrifield (17:40.005)
love the analogy, love the illustration. I couldn't have said it any better. I'm sure we'll.

Kevin Benedicto (17:44.398)
I was a seventh grade teacher before being a lawyer, so I'm always happy to talk about Greek mythology.

Jim Merrifield (17:49.639)
There you go. Awesome. See, we learned another fun fact about you. Yeah. So we'll definitely, I'm sure have a part two at some point in 2025. But thanks so much, Kevin, for sharing your expertise, your insights from Infocon. And thanks again for your support of being on the podcast here and of course, ARMA in general. We really, really thank you. If you'd like to be a guest on the InfoGov Hot Seat like Kevin here, all you need to do is submit your information through our website.

Kevin Benedicto (17:53.048)
There you go.

Jim Merrifield (18:19.079)
InfoGovHotSeat.com and thank you so much. Enjoy the rest of your day.

Kevin Benedicto (18:23.32)
Thank you so much, Jim. Take care.