On October 3, 2019, the governments of the United Kingdom and United States signed the first-ever executive agreement governing cross-border data requests (the “Agreement”) pursuant to the US Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”).[1]  As contemplated by the CLOUD Act, the Agreement provides a mechanism for the governments to access and share data stored abroad by electronic communications services providers (“CSP”) in their respective countries in a timely manner.  The…

Companies that face non-public government investigations frequently confront challenging questions regarding whether and when to disclose the existence of the investigation, how much to disclose, and any duty to update the disclosure as the investigation proceeds. The SEC recently filed a settled complaint alleging that Mylan committed accounting and disclosure violations for failing to timely disclose an otherwise confidential DOJ investigation into whether Mylan overcharged Medicaid for its largest revenue and profit generating product, the…

The SFO recently released its much anticipated Corporate Co-Operation Guidance (the “Guidance”). It provides details of the types of behaviour expected by the SFO in order for an organisation to receive credit for its cooperation, including through the offer of a Deferred Prosecution Agreement (“DPA”) or by the SFO determining that it is not in the public interest to prosecute. The Guidance raises the bar for obtaining cooperation credit in key areas, and also produces…

In late July 2019, U.S. federal and state regulators announced three headline‑grabbing data privacy and cybersecurity enforcement actions against Equifax and Facebook.  Although coverage of these cases has focused largely on their striking financial penalties, as important are the terms the settlements imposed on the companies’ operations as well as their officers, directors, and compliance professionals—and what they signal about potential future enforcement activity to come.…

On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act” or the “Act”), which expands data breach notification obligations under New York law and for the first time imposes affirmative cybersecurity obligations on covered entities. The Act makes five principal changes to existing New York law: Expanding the law’s jurisdiction to entities that maintain private information of New York residents, regardless…

Last month, Representative Jim Himes (D-Conn) and his co-sponsors, Representatives Carolyn B. Maloney (D-NY) and Denny Heck (D-WA), introduced H.R. 2534:  The Insider Trading Prohibition Act.  Unlike its substantially similar predecessor, H.R. 1625, which was introduced by Representative Himes on March 25, 2015, H.R. 2534 has gained some momentum in the U.S. House of Representatives, having been unanimously approved by the Financial Services Committee in May 2019.  Although the bill is only at the preliminary…

On June 17, 2019, in a decision interpreting the Fifth Amendment’s Double Jeopardy Clause, the United States Supreme Court in Gamble v. United States upheld the doctrine of dual-sovereignty.[1]  In doing so, the Court confirmed that one sovereign may prosecute a defendant under its laws even if another sovereign has already prosecuted the defendant for the same conduct, notwithstanding the Fifth Amendment’s prohibition against multiple prosecutions for the “same offence.”[2]  While Gamble does…