Hintze Law PLLC is pleased to announce Mason Fitch’s promotion to Of Counsel at the firm.
Read MoreCongratulations to Mason Fitch on Promotion to Of Counsel
Texas District Court Vacates Majority of HIPAA Reproductive Privacy Rule
by Cameron Cantrell and Felicity Slater
On June 19, 2025, the U.S. District Court in the Northern District of Texas vacated the vast majority of the HIPAA Privacy Rule to Support Reproductive Health Care Privacy (the “HIPAA Reproductive Privacy Rule” or “Rule”). The Department of Health and Human Services (“HHS”) published the Rule in the Federal Register in April 2024 with a compliance date of December 23, 2024. The District Court’s decision to vacate the reproductive privacy aspects of the Rule has an immediate and nationwide effect.
Read MoreHintze & Partners Recognized by Chambers in 2025 USA Rankings
Hintze Law PLLC is delighted to announce the Chambers & Partners recognition of Susan Hintze, Mike Hintze, Sam Castic, and Mason Fitch in its USA Guide 2025. These recognitions include the firm’s sixth year being nationally ranked in Privacy and Data Security, and third year in Privacy & Data Security: Healthcare.
Read MoreState Privacy Regulators Announce Formation of Collaboratory Consortium
by Felicity Slater and Susan Hintze
On April 16, 2025, the California Privacy Protection Agency (CPPA) and state Attorneys General from California, Colorado, Connecticut, Delaware, Indiana, New Jersey, and Oregon announced the formation of the bipartisan "Consortium of Privacy Regulators." The focus of the Consortium will be to foster multi-state coordination, including sharing of expertise and resources, in investigation of potential violations of and enforcement of their state's respective comprehensive privacy laws.
Read MoreTakeaways From the New DOJ Guidance on Its Cross-Border Data Rule
in Cybersecurity, Data Privacy, DOJ
By Sam Castic
On Friday April 11, 2025, the DOJ released a Compliance Guide and more than 100 FAQs on the Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons Rule (the “DOJ Rule”). It also released an Implementation and Enforcement Policy, which indicates it will not prioritize enforcement against companies making good faith efforts to comply until July 8, 2025.
Read MoreGenAI in the Workplace: Hong Kong PCPD Releases Checklist for Employer Policies
By Leslie Veloz and Jennifer Ruehr
The Hong Kong Office of the Privacy Commissioner for Personal Data (“PCPD”) recently published its Checklist on Guidelines for the Use of Generative AI by Employees (“Checklist”). The goal of the Checklist is to help organizations draft internal policies and procedures governing employee use of generative AI (“GenAI”) tools, especially where GenAI is used to process personal data.
Read MoreVirginia Governor Signs Reproductive Health Data Restrictions into Law
by Cameron Cantrell and Felicity Slater
On March 24, 2025, Governor Youngkin (R) of Virginia signed SB 754—which amends the Virginia Consumer Protection Act (VCPA) to restrict the collection and processing of “reproductive or sexual health information” and is enforceable through a private right of action—into law. The law will take effect July 1, 2025.
Read MoreFrench Competition Authority Fines Apple €150M Alleging Market Power Abuse of Ad Privacy System
By Susan Hintze and Hansenard Piou
Note that the Autorité has not yet been published the decision in question as it is in process of redacting information relating to trade secrets. Please check back for updates.
Read MoreFourth Circuit Publishes Landmark Ruling on 21st Century Cures Act “Information Blocking”
By Cameron Cantrell and Kate Black
On March 12, 2025, the Fourth Circuit Court of Appeals ruled that (1) the information blocking prohibition in the federal 21st Century Cures Act (“Cures Act”) was plausibly violated when an Electronic Health Record (EHR) provider blocked bot access to its systems without sufficient justification, and (2) this violation may support a Maryland state law unfair competition claim, despite the Cures Act not having its own private right of action. This decision notably appears to be the first Circuit Court decision concerning the information blocking prohibition and, for parties subject to the rule, raises the risk that information blocking may be enforceable through a de facto state privacy right of action.
Read MoreDon’t Sleep on Maryland: The Maryland Online Data Privacy Act Will Keep Health and Wellness Companies Up at Night
By Felicity Slater and Kate Black
The Maryland Online Data Privacy Act (“MODPA” or the “Act”), which takes effect October 1, 2025, establishes a set of novel requirements that will have a particular impact for companies operating in the health and wellness sectors.
Read MoreHintze & Partners Recognized by Chambers in 2025 Global Rankings
Hintze Law and its lawyers have once again been recognized in Chambers & Partners for expertise in Privacy and Data Security in the 2025 Chambers Global Guide. These recognitions include Hintze Law’s fifth year being ranked as an Elite Law Firm for Privacy and Data Security as well as the firm’s second year receiving recognition for Privacy and Data Security: Healthcare.
Read MoreHintze Law PLLC Attorneys Selected for 2025 LCLD Fellows and Pathfinder Programs
Hintze Law is pleased to announce the two attorneys that have been chosen to participate in the Leadership Council on Legal Diversity’s (LCLD) professional development programs for 2025! Partner Sam Castic has been selected for the LCLD Fellows Program, designed for high-potential mid-career attorneys that have demonstrated strong leadership capabilities. Senior associate Emily Litka will represent Hintze Law in the LCLD Pathfinders Program, which recognizes early-career attorneys who exhibit signs of an emerging leader within their organization.
Read MoreFinal COPPA Rule Amendments: Definitional Changes
By Susan Hintze, Emily Litka, and Amy Lanchester
This is Part 2 in a series of blog posts about the 2025 COPPA Final Rule. It provides a comprehensive review of the revised definitional changes to the Rule. Subsequent posts in the coming days will delve more deeply into the direct and online notice, parental consent, and data governance requirements. Our unofficial redlined copy of the Final Rule can be found here.
Read MoreSusan Hintze Appointed to the 2025 IAPP Board of Directors
Susan Hintze, Founder and Co-Managing Partner of Hintze Law PLLC, has been appointed to the IAPP’s Board of Directors for a five-year term beginning 2025.
Read MoreNew York Legislature Passes Extraordinarily Restrictive Health Data Privacy Bill
By Mike Hintze and Felicity Slater
Last year, we wrote about a proposed New York State law that would have significant impacts for entities that process health and wellness related data. That bill failed to pass before the 2024 legislative session ended. But today, in the early days of the 2025 session, the New York State legislature has passed Senate Bill S929 (SB S929), which is essentially unchanged from last year’s bill.
Read MoreWorkplace Privacy – 5 Things I’m Keeping in Mind for 2025
Many of us are returning to work this month with New Year’s resolutions, predictions, and lists top of mind, and top of inbox. As I turn back to work, I’m thinking ahead to how U.S. laws and regulations are going to impact my clients from a workforce perspective. Here’s what is top of mind for me right now:
Fair Credit Reporting Act
State law AI requirements
Biometrics in the workplace
Genetic data risk
Workplace monitoring
The FTC Issues Final COPPA Rule Amendment
By Susan Hintze and Emily Litka
This is Part 1 in a series of blog posts about the 2025 COPPA Final Rule. It provides a high-level overview of the Final Rule. Subsequent posts in the coming days will delve more deeply into individual aspects of the Final Rule and FTC comments, the issues raised, and implications for specific industry sectors.Our unofficial redlined copy of the Final Rule can be found here.
Read More10 areas for US-based privacy programs to focus in 2025
By Sam Castic
The post below was originally published by the IAPP at https://iapp.org/news/a/10-areas-for-privacy-programs-to-focus-in-2025.
This past year was another jammed one for privacy teams and it was not easy to stay on top of all the privacy litigation, enforcement trends, and new laws and regulations in the U.S.
Read MoreNew U.S. Regulations Impose Significant Restrictions on Cross-Border Data Flows
By Sam Castic and Hansenard Piou
The Department of Justice adopted a final Rule on Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons that takes effect on April 8, 2025.
Read MoreThe EDPB Releases an Opinion on AI Model Development and Deployment
By Emily Litka
On December 18th, in response to a request from the Irish Supervisory Authority (“SA”), the European Data Protection Board (the “EDPB”) published an opinion (the “Opinion”) on the application of the GDPR to certain aspects of AI model development and deployment.
Read More