Privacy & Data Security

On October 26, 2018, China enacted the International Criminal Judicial Assistance Law. This law imposes additional procedures relating to the provision of judicial assistance in criminal matters between China and other countries. Our Asia Investigations team considers the key provisions of the law, its potential impact on internal investigations by foreign companies operating in China, and implications on foreign criminal enforcement against Chinese entities and nationals in this client alert.…
On February 20, 2019, the French data protection authority (the “CNIL”) published a set of questions and answers (“FAQs”) indicating the CNIL’s recommendations, and steps that organizations should take, to prepare for a no-deal Brexit. The CNIL’s FAQs build upon guidance the European Data Protection Board (“EDPB”) provided in its Information Note on Data Transfers under the GDPR in the Event of a No-Deal Brexit.…
The Department of Justice (DOJ) recently announced two high-dollar False Claims Act (FCA) enforcement actions involving allegedly fraudulent arrangements tied to the implementation and use of electronic health record systems (EHRs). The respective settlements enable recovery by DOJ of over $100 million, and immediately precede the government’s recent proposal of new rules to promote the interoperability of EHRs. The settlements thus serve as an important reminder of the importance of adhering to federal fraud and…
The Department of Defense recently released a memorandum directing the Defense Contract Management Agency (DCMA) to implement and assess company-wide cyber compliance with the DFARS Safeguarding Clause and related security standard, NIST SP 800-171.  For further analysis, visit our Government Contracts Legal Forum blog post.…
In a recent letter, the New York Department of Financial Services provided guidance for insurers who use third party data to help with their underwriting decisions. The letter was drafted in response to reports that insurers are getting information about potential insureds from many “unconventional” data sources, including those that contain predictive models and algorithms. These sources are used to supplement medical underwriting, and include information that isn’t necessarily related to a person’s medical…
In an aggressive first move, Plaintiffs – two former employees accused of trade secret misappropriation – filed a preemptive suit for declaratory relief and unfair business practices against their former employer, Defendant Chandler Holding’s, Inc., in California Superior Court. Plaintiffs contend that shortly after their resignations from Chandler Holdings, Inc., they received letters from Defendant’s counsel accusing them of “numerous wrongful, illegal, fraudulent and contract breaching actions.” The letters allege that Plaintiffs are wrongfully competing…
We predicted last year that hackers would become more malicious in the future, not only stealing and selling data for nefarious purposes, but actually destroying data and even systems. That reality hit email provider VFEmail last week, and on February 12, founder Rick Romero tweeted “Yes, @VFEmail is effectively gone. It will likely not return. I never thought anyone would care about my labor of love so much that they would want to completely and…
The Cybersecurity Information Sharing Act of 2015 (CISA) was intended to incentivize private entities to share threat intelligence information with the federal government (specifically the Department of Homeland Security), allowing all parties to react more quickly and efficiently to cyber threats. The vision was that thousands of companies would sign on, creating a powerful network that could form a joint defense in real time against emerging cyber threats. The dream is not going well. At…
The cyber insurance market continues to evolve, and major questions remain unanswered. Should policies cover regulatory fines? Should first- and third-party claims be addressed in separate policies? The list goes on. For the consumer, here is an interesting thought experiment: Is a company having limited access to cyber insurance actually a good thing? Aside from niche exceptions (like GINA, HIPAA, etc.), there is a dearth of regulation pertaining to how private entities treat personal data…
The 2016 U.S. Presidential election demonstrated the importance of digital campaigning. President Trump’s campaign was vastly outspent by Hillary Clinton’s campaign, and placed little emphasis on traditional ground-game tactics. Instead, Trump focused his campaign on digital strategies to target “persuadable voters” via social media. The outcome of the election demonstrated the efficacy of this strategy; not only did Clinton lose the election, but she became the first general election candidate in nearly 40 years to…