Blog, Compliance and Federal law - Legal Tech Connection

Maturing Compliance with the Bulk Sensitive Data Rule (Data Security Program) before the July 8, 2025 Safe Harbor Expires

Debevoise Data Blog

MAY 28, 2025

On April 11, 2025, shortly after the first effective date of the DSP the National Security Division (NSD) of DOJ issued asuite of three policy and guidance documents to facilitate compliance with the DSP, including a 90 day civil enforcement safe harbor for good-faith compliance. Intelligence Community.

Compliance

Compliance Due diligence Time-tracking Federal law

CPPA Proposed Rulemaking Package Part 2 – Automated Decision-Making Technology

Debevoise Data Blog

FEBRUARY 13, 2025

The Draft Regulations note several federal law preemptions, including for entities and data subject to HIPAA, entities and data subject to the FCRA, and data subject to the GLBA. To subscribe to the Data Blog, please click here. The cover art used in this blog post was generated by DALL-E. Whats Next?

Compliance

Compliance Machine learning Federal law International law

Staying Compliant in U.S. Investigations: How to Protect Privacy Without Losing Momentum

Lineal Services

APRIL 11, 2025

For global organizations and international law firms, conducting internal investigations that involve U.S. privacy compliance depends on navigating a maze of federal statutes, state-level laws, and industry-specific regulations. Instead, U.S. Data Retention: A Double-Edged Sword U.S. and international standards.

Compliance

Compliance Time-tracking Federal law International law

Webinars

Prep with Purpose: How to Build Better Trial Binders

MORE WEBINARS

Preparing for AI Whistleblowers

Debevoise Data Blog

APRIL 24, 2024

1] In March, the DOJ announced a new pilot whistleblower rewards program that reaffirmed its focus on AI, stating that prosecutors would integrate AI assessments into evaluations of corporate compliance programs and would seek “stiffer sentences” for AI misuse. [2] To subscribe to the Data Blog, please click here. 15, 2024). [4]

e-records

e-records Federal law Prosecutor Compliance

New Requirements for Localisation of Major Internet Companies in Russia

Debevoise Data Blog

AUGUST 19, 2021

On 1 July 2021, [1] Federal Law No. 236-FZ on the Internet Activities of Foreign Entities in the Russian Federation (the “Law”) [2] came into force, requiring establishment of local presence, such as a branch, a representative office, or a subsidiary, for foreign Internet companies whose activities are focused on Russian users.

Federal law

Federal law Court Compliance Software

Southwest’s Technology Troubles Accelerate DOT Action?

The North Carolina Journey of Law and Technology

JANUARY 26, 2023

However, federal law requires airlines to reimburse passengers for canceled or, in some situations, “significantly delayed” flights. In early January, the DOT issued a notice to “reaffirm its commitment to vigorously enforce the law to protect aviation consumers.” Department of Transportation (“DOT”) make things “right?”

Federal law

Federal law Software Compliance Hearing

2024 Law Firm Data Security Guide: How to Keep Your Law Firm Secure

Clio

JANUARY 30, 2024

HIPAA : The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires healthcare providers and “ business associates ” to protect protected health information (PHI) from inadvertent disclosure. Check out our blog post on understanding HIPAA compliance for more information.

Law firm

Law firm Law Law Due diligence

Washington’s Novel Health Data Law: An In-Depth Look

Debevoise Data Blog

AUGUST 2, 2023

Although states continue to pass comprehensive privacy laws in 2023, Washington’s My Health My Data Act (“MHMDA”) deserves closer attention due to its breadth as well as its novel—and potentially onerous—provisions. To subscribe to the Data Blog, please click here. The cover art used in this blog post was generated by DALL-E.

Law

Law Law e-records Time-tracking

A Closer Look at 2023 U.S. State Privacy Law Activity: Washington State

Debevoise Data Blog

AUGUST 2, 2023

Although states continue to pass comprehensive privacy laws in 2023, Washington’s My Health My Data Act (“MHMDA”) deserves closer attention due to its breadth as well as its novel—and potentially onerous—provisions. To subscribe to the Data Blog, please click here. The cover art used in this blog post was generated by DALL-E.

Law

Law Law e-records Time-tracking

How to Make Sure Your Law Firm's Website is ADA Compliant

Centerbase

NOVEMBER 29, 2022

Ensuring that your law firm’s website is ADA compliant is another way to show that you care. In this blog, we’ll cover the basics of the ADA and ADA compliance. We’ll also dive into how to make your law firm website accessible and why, above all, accessibility matters and should be strived for. What is ADA compliance?

Law firm

Law firm Lawsuit Law Law

Face Forward: Strategies for Complying with Facial Recognition Laws

Debevoise Data Blog

OCTOBER 18, 2021

For purposes of these blog posts, we focus mainly on the former use case—matching a face to a specific person for identification purposes—rather than other use cases such as emotional evaluation and lie detection. c) Texas Texas’s biometric privacy law also imposes similar requirements to BIPA, but allows more avenues for compliance.

Law

Law Law Court Time-tracking

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

Debevoise Data Blog

OCTOBER 26, 2021

In this part, we assess where the law seems to be heading and offer some practical risk reduction strategies. Federal and State Legislation There is currently no federal law that specifically regulates biometric privacy. No comprehensive and preemptive federal law seems likely to pass anytime soon.

Compliance

Compliance Federal law Data protection Machine learning

New Cyber Incident Reporting Coming for Critical Infrastructure: Five Key Takeaways

Debevoise Data Blog

MARCH 16, 2022

Instead, the Act further centralizes CISA as the primary hub within the federal government for information sharing and allows CISA to refer cases to the Department of Justice and other federal agencies for enforcement and prosecution of other federal laws or regulations. Expanding Federal Cybersecurity Enforcement.

Due diligence

Due diligence Federal law Compliance Attorney

What the ADPPA Means for U.S. Data Regulation

Debevoise Data Blog

JULY 12, 2022

The ADPPA places direct obligations on service providers, including obligations not found in other state privacy laws such as a prohibition on transferring data (except to another service provider) without affirmative express consent. To subscribe to our Data Blog, please click here. ADPPA § 302(a). ADPPA § 404(b)(1)‑(3).

State law

State law Federal law Compliance Data protection

NYC’s AI Hiring Law Is Now Final and Effective July 5, 2023

Debevoise Data Blog

APRIL 12, 2023

In this Debevoise Data Blog post, we discuss the current state of the AEDT Law and highlight how the final changes impact employers’ compliance obligations. The Final Rules answer a question that we raised in our last blog regarding how employers can conduct bias audits when they lack sufficient historical data.

Law

Law Law Compliance Machine learning

Building a Digital Future: Is America Ready for a Federal Digital Bill of Rights?

Richmond Journal of Law and Technology

MARCH 7, 2025

Compliance complications could lead to businesses’ complete refusal to use data insights: “While this will certainly ensure the company does not run into data privacy non-compliance issues, it can also stifle future innovation and efficiency. FedSoc Blog (Apr. For companies of any size, data insights can drive success.” [16]

Compliance

Compliance Data protection Federal law Court

Biden Administration Acts to Limit Access to Sensitive Personal Data by Countries of Concern

Debevoise Data Blog

MARCH 5, 2024

government; and (4) transactions required or authorized by federal law or international agreements. ◦ government; and (4) transactions required or authorized by federal law or international agreements. ◦ Compliance requirements. companies and individuals develop and implement risk-based compliance programs.

Compliance

Compliance e-records Federal law Court

A Takedown of the Take It Down Act

Eric Goldman

JUNE 5, 2025

Section 3: Notice and Removal of Nonconsensual Intimate Visual Depictions Alongside its criminal provisions, the Act imposes new civil compliance obligations on online services that host user-generated content. For authentic images, the law could easily reach innocent but revealing photos of minors shared online.

Failure-to-appear

Failure-to-appear Prosecutor Court Law

National Security Update: DOJ Unveils Rules Restricting Sensitive Bulk Data Transfers

Debevoise Data Blog

JANUARY 16, 2025

company and its foreign subsidiaries and transactions required by federal law or international agreements. Third-Party Contractual and Compliance Obligations The rule prohibits data brokerage with any foreign person who is not a covered person unless the U.S. To subscribe to the Data Blog, please click here.

Compliance

Compliance Due diligence e-records Time-tracking

Legal Tech Connection

Maturing Compliance with the Bulk Sensitive Data Rule (Data Security Program) before the July 8, 2025 Safe Harbor Expires

CPPA Proposed Rulemaking Package Part 2 – Automated Decision-Making Technology

Webinars

Trending Sources

Staying Compliant in U.S. Investigations: How to Protect Privacy Without Losing Momentum

Webinars

Preparing for AI Whistleblowers

New Requirements for Localisation of Major Internet Companies in Russia

Southwest’s Technology Troubles Accelerate DOT Action?

2024 Law Firm Data Security Guide: How to Keep Your Law Firm Secure

Washington’s Novel Health Data Law: An In-Depth Look

A Closer Look at 2023 U.S. State Privacy Law Activity: Washington State

How to Make Sure Your Law Firm's Website is ADA Compliant

Face Forward: Strategies for Complying with Facial Recognition Laws

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

New Cyber Incident Reporting Coming for Critical Infrastructure: Five Key Takeaways

What the ADPPA Means for U.S. Data Regulation

NYC’s AI Hiring Law Is Now Final and Effective July 5, 2023

Building a Digital Future: Is America Ready for a Federal Digital Bill of Rights?

Biden Administration Acts to Limit Access to Sensitive Personal Data by Countries of Concern

A Takedown of the Take It Down Act

National Security Update: DOJ Unveils Rules Restricting Sensitive Bulk Data Transfers

Stay Connected