We have been tracking and reporting on the U.S. Department of Justice’s Civil Cyber-Fraud Initiative (“CCF Initiative”), which U.S. Deputy Attorney General Lisa O. Monaco announced in October 2021. The CCF Initiative employs the powerful False Claims Act (“FCA”) in an effort to “hold accountable entities or individuals that put U.S. information or systems at … Continue Reading
Join subject matter experts across policy, litigation, and regulation for an engaging discussion around privacy, cybersecurity, and AI. This live event will be in our Washington DC office and will include perspectives from in-house leaders, a former FBI agent, an incident response forensic expert, world-class public policy experts, and our privacy and cybersecurity professionals. The … Continue Reading
On March 1, 2023, the Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) demonstrated continued interest in investigating insider trading by company executives who possess material non-public information when they unsealed an indictment and filed a civil complaint, respectively, in the Central District of California. Though a Rule 10b5-1 plan—an investment device … Continue Reading
As we recently discussed, the Department of Justice released new guidance covering a multitude of topics, including employees’ use of personal electronic devices and third-party messaging platforms, financial compensation incentives and clawbacks. At the American Bar Association’s 38th Annual National Institute on White Collar Crime, Deputy Attorney General Lisa Monaco announced the launch of the … Continue Reading
We previously offered insight into two False Claims Act (“FCA”) enforcement actions brought by the U.S. Department of Justice (“DOJ”) as part of its “Civil Cyber-Fraud Initiative” (“CCF Initiative”). Deputy Attorney General Lisa O. Monaco announced the CCF Initiative in October 2021, stating that “[t]he initiative will hold accountable entities or individuals that put U.S. … Continue Reading
On Friday, March 3, 2023, the DOJ released its updated Evaluation of Corporate Compliance Programs, which included new guidance on ephemeral messaging platforms and other issues. This new guidance was released contemporaneously with Assistant Attorney General Kenneth A. Polite, Jr.’s (‘Polite”) speech at the American Bar Association’s (“ABA”) 38th Annual National Institute on White Collar … Continue Reading
With the cold and flu season underway and COVID-19 still ever-present, it is a good time to take stock of the potential risks that come with working remotely. Following the lifting of pandemic restrictions allowing offices to open back up, many companies continued to offer work from home or hybrid arrangements. It is important for … Continue Reading
As 2022 comes to a close, is it possible to predict a trend for corporate and white-collar enforcement by the U.S. Department of Justice in 2023? Yes: enforcement will increase in 2023, and it will increase yet more in 2024. Understanding the Department as a dispersed, human institution that responds to incentives explains why.… Continue Reading
On August 8, 2022, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) sanctioned virtual currency mixer Tornado Cash for having laundered more than USD 7 billion worth of virtual currency since its founding in 2019. This includes over USD 455 million worth of stolen virtual currency associated with the Lazarus Group, … Continue Reading
The U.S. Department of Justice announced late last year that it would utilize the False Claims Act, the U.S. government’s primary civil tool to redress false claims for federal funds and property, to bring actions against U.S. government contractors and subcontractors who do not meet the cybersecurity requirements of a particular contract or grant. The … Continue Reading
The authors would like to thank Thomas Fogarty and Anya Bharat Ram for their contributions to this post. Section 1832 of the Economic Espionage Act of 1996 (the “Act”) criminalizes the theft of trade secrets “intended for use in interstate or foreign commerce, to the economic benefit of anyone other than the owner.” 18 U.S.C. § 1832(a). … Continue Reading
Industrial espionage refers to various activities performed to gain an unfair competitive advantage, rather than for national security purposes. As we discussed in a previous article, the ways in which industrial espionage can affect a company are numerous and include theft of trade secrets and disruption to operation. Section 1832 of the Economic Espionage Act … Continue Reading
On March 2, 2022, the U.S. Department of Justice (“DOJ”) announced the creation of the interagency Task Force KleptoCapture (the “Task Force”) to enforce the sanctions, export restrictions, and economic countermeasures against Russian officials and oligarchs in response to the conflict in Ukraine. The Task Force will consist of prosecutors and agents from numerous federal … Continue Reading
We recently shared a timely post on Consumer Privacy World that, given the focus of, we wanted to call to your attention. “President Biden has recently delivered on a long stated priority of his presidency: requiring the disclosure of cyber security incidents for companies that operate critical infrastructure. After announcing an executive order in May … Continue Reading
On September 21, 2021, the United States Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued an Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments (the “Updated Advisory”) superseding its earlier October 1, 2020 guidance on ransomware attacks and, for the first time, added a virtual currency exchange to the Specially … Continue Reading
In this article for the Consumer Privacy World Blog, John Burlingame and Kristin Bryan discuss a recent federal district court decision which calls into question the application of attorney work-product privilege to work-product prepared by consultants in anticipation of litigation.… Continue Reading
In light of two new US Treasury Department advisories signaling increased oversight of ransomware payments, victim companies and their third-party response teams considering making payments should follow certain due diligence and compliance best practices, write Colin Jennings, Ericka Johnson, Dylan Yépez and Elizabeth Weil Shaw in an article for Law360.… Continue Reading
With cybercrime on the rise, two U.S. Treasury Department components, the Office of Foreign Assets Control (“OFAC”) and the Financial Crimes Enforcement Network (“FinCEN”), issued advisories on one of the most insidious forms of cyberattack – ransomware.… Continue Reading
In remarks to the Association of Certified Anti-Money Laundering Specialists (“ACAMS”), Kenneth A. Blanco, the Director of the U.S. Treasury’s Financial Crimes Enforcement Network (“FinCEN”), covered a number of high-priority topics, including FinCEN’s response to the pandemic, the latest COVID-19 related fraud schemes, emerging cyber threats, virtual currency issues, and important regulatory updates. A theme … Continue Reading
Every organization is at risk of a data breach, and can learn something from Uber’s data privacy missteps. In an article for Corporate Compliance Insights, Squire Patton Boggs lawyers Colin Jennings, Ericka Johnson, and Dylan Yépez offer key takeaways from the company’s high-profile data breaches and the criminal charges that followed.… Continue Reading
A judge recently ordered Capital One to disclose its cybersecurity report about a data breach. For tips on how to keep such reports under attorney client privilege, go to our post here on the Consumer Privacy World blog by Colin Jennings, Ericka Johnson, and Dylan Yépez.… Continue Reading
As business slowly and cautiously reopens, cybercriminals lie in wait. A case study into a massive unemployment insurance fraud shows that cybercriminals patiently hunt for lucrative opportunities to strike. For that reason, companies reopening should consider conducting a cyber-audit to identify their cyber vulnerabilities and thwart cybercriminals lying in wait.… Continue Reading
The ongoing Iran-US tensions, and potential for retaliatory cyberattacks, alert each organization to prepare to defend against a cyberattack. Iran has a history of sophisticated cyberattacks in response to increased tensions. In a new client alert, our Data Privacy & Cybersecurity team recommends a thorough review of your people, facilities, networks, and data procedures in response … Continue Reading
Responding effectively to a data breach requires an organization to obtain a thorough forensic report about what happened and why. Yet this report can damage the company further if it becomes public inadvertently. Members of our cross-practice data protection team discuss how to protect a forensic report under privilege. The insights of Leah Parsons, Ericka Johnson, and Colin Jennings can be found here. A related … Continue Reading
