• |

    May 13, 2026

Intuit CPO Discusses Managing Financial Privacy and Implementing AI Guardrails

Intuit’s widely popular financial products TurboTax, QuickBooks and Credit Karma depend on highly sensitive personal data to operate. Balancing the law and that business reality falls to Elise Houlik, Intuit’s CPO, who drives the company’s data stewardship vision and advises on complex privacy, AI and interrelated regulatory issues. The Cybersecurity Law Report spoke to Houlik about the stakes around sensitive data, oversight of AI product features, the evolution of privacy operations and encouraging privacy protection inside a large organization. See “How CPOs Can Manage Evolving Privacy Risk and Add Value to Their Organizations” (Mar. 12, 2025).

Canada’s Privacy Regulators Share Priorities and Activity

Canada’s privacy enforcers are increasingly transparent about the patterns they see across investigations, offering a roadmap to companies for avoiding scrutiny. Their reflections on how they investigate, prioritize and resolve cases offer a window into the evolving expectations that are shaping day-to-day governance. At the recent IAPP Canada Symposium 2026, Canada’s privacy commissioner and deputy privacy commissioner, along with regulators from Ontario and British Columbia discussed regulatory collaboration, children’s privacy and age assurance, enforcement and investigations, privacy statistics and key legislative developments. This article distills their insights, priorities and strategies. See “How to Comply With Canada’s New Privacy Breach Reporting and Record-Keeping Rules” (Oct. 31, 2018).

The Data Analytics and AI Transition in Compliance

After a year of pilot projects and experimentation with AI, companies are now demanding efficiency gains from new technologies. Within compliance, functions that were once based on the memories, intuition and experiences of human beings are increasingly handed over to AI algorithms. This article, distilling commentary from professionals at DaVita, KonaAI, Steptoe and WilmerHale delivered during a recent Practising Law Institute program, examines the movement of compliance programs toward prioritizing data analytics and AI, with a focus on how compliance teams can use these tools for monitoring and managing third-party risk. See “How Tech CLOs Think Attorneys Should Be Using AI” (Apr. 22, 2026).

Simpson Thacher Expands Cybersecurity, Privacy and AI Practices With Two Partners

Matthew Kelly and Kim Le have joined Simpson Thacher as partners, strengthening its cybersecurity, privacy and AI platform across transactional, litigation, regulatory and compliance matters. Kelly will lead the firm’s AI practice in New York, and Le will be based in the firm’s Los Angeles and Bay Area offices and will head the West Coast privacy and cybersecurity team. Both attorneys arrive from Debevoise & Plimpton. For insights from Simpson Thacher, see “Electronic Communications, Cooperation Standards and Other Emerging Trends in the SEC’s Oversight of Private Funds” (Jan. 18, 2023).

Most-Read Articles

Trailblazing Women – Contributions, Achievements and Observations of Outstanding Leaders

To mark International Women’s Day, Law Report Group editors, along with our colleagues across ION Analytics’ products, interviewed outstanding women in the industries and jurisdictions we cover. In this article, Jill Abitbol, Robin Barton, Rorie Norton and Megan Zwiebel profile notable women in the data privacy, cybersecurity, AI, private funds and anti-corruption law fields, including (i) Paula Howell Anderson, (ii) Gwendolyn Lee Hassan, (iii) Audrey Koh, (iv) Stacy Feuer, (v) Heather Egan, (vi) Jeewon Serrato, (vii) Stephanie Breslow, (viii) Anne Choe, (ix) Heather Wyckoff, (x) Angie Batterson, (xi) Jacqueline Eaves, and (xii) C. Dabney O’Riordan.

Enjoy reading their inspiring remarks here.