Insights on Privacy, Data Protection & Data Security

With 2025 underway, the AFS Consumer Products team highlights some of the most pressing legal issues facing the consumer products industry this year.

With 2025 underway, the AFS Health Care team highlights some of the most pressing legal issues facing the health care industry this year.

In 2025, the retail and fashion industries are bracing for a transformative year, heavily influenced by the policies of the new Trump Administration. These policies promise rapid and significant changes, particularly in areas such as trade, tariffs, and immigration, which will profoundly affect global supply chains and labor dynamics.

On January 22, Nebraska state Senator Mike Jacobson (R), at the request of Governor Jim Pillen (R), introduced the Agriculture Data Privacy Act (LB525). This is a first-of-its kind privacy bill that would specifically regulate agricultural-sector data.

In the final days of the Biden Administration, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a notice of proposed rulemaking (NPRM) to modify the Security Rule under the Health Insurance Portability and Accountability Act (HIPAA). The NPRM proposes sweeping changes that impact how health care providers, health plans, and health care clearinghouses (covered entities) and their business associates (collectively, regulated entities) implement, document, and maintain safeguards for electronic protected health information (ePHI). OCR is accepting public comments on the NPRM through March 7.

As artificial intelligence (AI) continues to develop at a rapid pace, even the most sophisticated general counsel (GC) and in-house legal teams will be hard pressed to keep up with the evolving legal landscape.

The Federal Trade Commission (FTC) will hold an informal hearing at 1:00pm EST on January 17, regarding the proposed amendment to its existing impersonation rule.

2025 is set to be another important year for US state privacy laws, with five new laws effective in January and three more coming into effect through October. New laws in Delaware, Iowa, Nebraska, and New Hampshire will go into effect on January 1, 2025, while New Jersey’s law will follow on January 15, 2025. Below, we detail these laws effective in January. Make sure to check back here in 2025 for more information on the laws effective in July and October.

Partner Matthew F. Prewitt and Associate Michelle R. Bowling will present at the National Business Institute’s (NBI) Data Privacy and Cybersecurity 2024-2025: Hot Topics and Trends course on December 17.

When one hears the term “neural data,” a brain implant comes to mind, alongside concerns about these neurotechnologies being able to read our innermost thoughts.

On September 29, California Governor Gavin Newsom vetoed SB 1047, one of the most ambitious efforts yet to establish a comprehensive artificial intelligence (AI) regulatory framework in the United States.

On June 20, a federal district court in Texas ruled that the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) exceeded its authority under the Health Insurance Portability and Accountability Act (HIPAA).

ArentFox Schiff is pleased to announce that 135 attorneys have been recognized by The Best Lawyers in America 2025, with two attorneys highlighted as “Lawyers of the Year” and 70 attorneys listed as “Ones to Watch.”

Presently, there is no overarching federal law or regulatory scheme specific to the unique challenges of AI. This places AI regulation on track to follow the same path as privacy/data collection—with the states, the courts, the industry itself, and other jurisdictions trying to fill the void.

In the absence of a federal privacy bill, nearly 20 states have passed comprehensive privacy laws. On July 1, three of these states — Florida, Oregon, and Texas — have new laws going into effect, with Montana’s effective in October.

Recently, the US Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) issued a notice of proposed rulemaking (NPRM) which, if adopted, would require “covered entities” of critical infrastructure to report “substantial cyber incidents” to CISA within 72 hours, and to report ransomware payments within 24 hours.

Who will notify the potentially millions of individuals whose information might have been jeopardized by the massive cyberattack on Change Healthcare? Since the affiliate of UnitedHealth Group (UHG) first reported the cyberattack in February.

Have you recently visited a plaintiff lawyer’s website? If so, then you may be entitled to compensation under the most contrived California Invasion of Privacy Act (CIPA) theory yet.

The US Senate’s Bipartisan AI Policy Roadmap is a highly anticipated document expected to shape the future of artificial intelligence (AI) in the United States over the next decade.

As the federal government grapples with the complexities of comprehensive artificial intelligence (AI) regulation and competing agendas, several US states are taking matters into their own hands by computing their own solutions to the challenges posed by the rapid advancement of AI.

On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification requirements under the Health Insurance Portability and Accountability Act (HIPAA).

The National Institute of Mental Health reported that 16.32% of youth (aged 12-17) in the District of Columbia (DC) experience at least one major depressive episode (MDE).

With 2024 underway, our team highlights 10 of the most pressing legal issues facing the media and entertainment industry this year.

Consumer Advisory Committee Reinstated and Meeting Scheduled for April 4, 2024, on Heels of AI Robocall Ruling

2023 was another eventful year for class action litigation under the Illinois Biometric Information Privacy Act (BIPA).