Compliance, Definition and Federal law

Privacy Law: Status of Legal Practice Area in 2025

Martindale-Avvo

APRIL 30, 2025

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Childrens Online Privacy Protection Act (COPPA) of 1998 were significant federal advances in the areas of health information privacy and childrens online data. These few federal laws apply to only some kinds of information. Know the definitions.

Law

Law Law Federal law Data protection

Maturing Compliance with the Bulk Sensitive Data Rule (Data Security Program) before the July 8, 2025 Safe Harbor Expires

Debevoise Data Blog

MAY 28, 2025

On April 11, 2025, shortly after the first effective date of the DSP the National Security Division (NSD) of DOJ issued asuite of three policy and guidance documents to facilitate compliance with the DSP, including a 90 day civil enforcement safe harbor for good-faith compliance. Intelligence Community.

Compliance

Compliance Due diligence Time-tracking Federal law

CPPA Proposed Rulemaking Package Part 2 – Automated Decision-Making Technology

Debevoise Data Blog

FEBRUARY 13, 2025

Most notably, the Draft Regulations definition of ADMT is more expansive than other regulatory definitions in that it includes technology that substantially facilitates human decisionmaking. This closely follows the GDPRs definition of profiling in Article 4(4).

Compliance

Compliance Machine learning Federal law International law

Webinars

No Objections: Better Case Management with AI for Paralegals

MORE WEBINARS

Building a Digital Future: Is America Ready for a Federal Digital Bill of Rights?

Richmond Journal of Law and Technology

MARCH 7, 2025

Nevertheless, there are some concerns with the FDBR that would likely pose significant challenges to the adoption of a federal version. These include the scope through which the FDBR’s restrictive definition of “controller” would be applied federally, the potential to stifle innovation, and unclear enforcement methods.

Compliance

Compliance Data protection Federal law Court

2024 Law Firm Data Security Guide: How to Keep Your Law Firm Secure

Clio

JANUARY 30, 2024

HIPAA : The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires healthcare providers and “ business associates ” to protect protected health information (PHI) from inadvertent disclosure. Check out our blog post on understanding HIPAA compliance for more information. Are they compliant?

Law firm

Law firm Law Law Due diligence

Washington’s Novel Health Data Law: An In-Depth Look

Debevoise Data Blog

AUGUST 2, 2023

Although states continue to pass comprehensive privacy laws in 2023, Washington’s My Health My Data Act (“MHMDA”) deserves closer attention due to its breadth as well as its novel—and potentially onerous—provisions. What Are the Key Substantive Obligations?

Law

Law Law e-records Time-tracking

A Closer Look at 2023 U.S. State Privacy Law Activity: Washington State

Debevoise Data Blog

AUGUST 2, 2023

Although states continue to pass comprehensive privacy laws in 2023, Washington’s My Health My Data Act (“MHMDA”) deserves closer attention due to its breadth as well as its novel—and potentially onerous—provisions. What Are the Key Substantive Obligations?

Law

Law Law e-records Time-tracking

Face Forward: Strategies for Complying with Facial Recognition Laws

Debevoise Data Blog

OCTOBER 18, 2021

Illinois’ Biometric Information Privacy Act (“BIPA”) excludes both “digital photographs” and “information derived from” photographs from the definition of “biometric information.” c) Texas Texas’s biometric privacy law also imposes similar requirements to BIPA, but allows more avenues for compliance.

Law

Law Law Court Time-tracking

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

Debevoise Data Blog

OCTOBER 26, 2021

In this part, we assess where the law seems to be heading and offer some practical risk reduction strategies. Federal and State Legislation There is currently no federal law that specifically regulates biometric privacy. No comprehensive and preemptive federal law seems likely to pass anytime soon.

Compliance

Compliance Federal law Data protection Machine learning

What the ADPPA Means for U.S. Data Regulation

Debevoise Data Blog

JULY 12, 2022

The ADPPA adopts a broad definition of “covered data” similar to the EU’s General Data Protection Regulation (“GDPR”) and the CCPA. State Law Preemption, with Exceptions The ADPPA expressly preempts a host of existing state privacy laws, as well as certain federal laws that regulate covered data. ADPPA § 2(9).

State law

State law Federal law Compliance Data protection

NYC’s AI Hiring Law Is Now Final and Effective July 5, 2023

Debevoise Data Blog

APRIL 12, 2023

In this Debevoise Data Blog post, we discuss the current state of the AEDT Law and highlight how the final changes impact employers’ compliance obligations. Examples of tools outside this definition include junk email filters, antivirus software, calculators, spreadsheets, databases, and other compilations of data.

Law

Law Law Compliance Machine learning

New Cyber Incident Reporting Coming for Critical Infrastructure: Five Key Takeaways

Debevoise Data Blog

MARCH 16, 2022

Instead, the Act further centralizes CISA as the primary hub within the federal government for information sharing and allows CISA to refer cases to the Department of Justice and other federal agencies for enforcement and prosecution of other federal laws or regulations. Expanding Federal Cybersecurity Enforcement.

Due diligence

Due diligence Federal law Compliance Attorney

Biden Administration Acts to Limit Access to Sensitive Personal Data by Countries of Concern

Debevoise Data Blog

MARCH 5, 2024

Concurrently, the Department of Justice (“ DOJ ”) released an Advance Notice of Proposed Rulemaking (“ Advance Notice ”), detailing potential definitions for key terms not defined in the Order, discussing the potential regulatory framework to implement the Order (the “ Program ”) and seeking public comment on over 100 related questions. [1]

Compliance

Compliance e-records Federal law Court

A Takedown of the Take It Down Act

Eric Goldman

JUNE 5, 2025

Some interpreted this as a reference to a viral AI-generated video of Trump kissing Elon Musks feet precisely the kind of political satire that could be subject to removal under the Acts broad definitions. For authentic images, the law could easily reach innocent but revealing photos of minors shared online.

Failure-to-appear

Failure-to-appear Prosecutor Court Law

Legal Tech Connection

Privacy Law: Status of Legal Practice Area in 2025

Maturing Compliance with the Bulk Sensitive Data Rule (Data Security Program) before the July 8, 2025 Safe Harbor Expires

Webinars

Trending Sources

CPPA Proposed Rulemaking Package Part 2 – Automated Decision-Making Technology

Webinars

Building a Digital Future: Is America Ready for a Federal Digital Bill of Rights?

2024 Law Firm Data Security Guide: How to Keep Your Law Firm Secure

Washington’s Novel Health Data Law: An In-Depth Look

A Closer Look at 2023 U.S. State Privacy Law Activity: Washington State

Face Forward: Strategies for Complying with Facial Recognition Laws

Face Forward Part 2: Proposed Legislation and Strategies for Compliant Use of Facial Recognition

What the ADPPA Means for U.S. Data Regulation

NYC’s AI Hiring Law Is Now Final and Effective July 5, 2023

New Cyber Incident Reporting Coming for Critical Infrastructure: Five Key Takeaways

Biden Administration Acts to Limit Access to Sensitive Personal Data by Countries of Concern

A Takedown of the Take It Down Act

Stay Connected