On Friday, February 21, 2025, the United States District Court for the District of Maryland issued a preliminary injunction against key provisions of executive orders issued by President Trump that are aimed at curtailing the...more
President Trump’s Executive Orders targeting diversity, equity, and inclusion (“DEI”), discussed in previous client alerts with regard to higher education institutions and business more broadly, have prompted responses from...more
2/20/2025
/ Civil Rights Act ,
Colleges ,
Constitutional Challenges ,
Dear Colleague Letter ,
Department of Education ,
Diversity ,
Diversity and Inclusion Standards (D&I) ,
Equal Protection ,
Executive Orders ,
New Guidance ,
State Attorneys General ,
Title VI ,
Trump Administration ,
Universities
What should privacy and cybersecurity practitioners and specialists consider after the 2025 inauguration? There are a few notable issues that may shape how businesses think about their privacy and cybersecurity programs:...more
11/11/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Protection ,
Election Results ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Intellectual Property Protection ,
Legislative Agendas ,
Members of Congress ,
Online Safety for Children ,
Presidential Elections ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws
The government had another busy year in 2023, investigating and prosecuting healthcare fraud cases on multiple fronts. Contending with the enormous healthcare crises of the now-concluded COVID-19 pandemic and the ongoing...more
7/3/2024
/ Anti-Corruption ,
BlackRock ,
Congressional Investigations & Hearings ,
Coronavirus/COVID-19 ,
Department of Justice (DOJ) ,
Educational Institutions ,
Enforcement ,
Enforcement Actions ,
Export Controls ,
False Claims Act (FCA) ,
Foreign Corrupt Practices Act (FCPA) ,
Fraud ,
Healthcare Fraud ,
Sanctions ,
Securities and Exchange Commission (SEC) ,
Tennessee
This is the fourth in our 2024 Year in Preview series examining important trends in white collar law and investigations in the coming year. We will be posting further installments in the series throughout the next several...more
2/27/2024
/ Board of Directors ,
Corporate Counsel ,
Corporate Governance ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Final Rules ,
Insider Trading ,
Popular ,
Publicly-Traded Companies ,
Recordkeeping Requirements ,
Regulatory Agenda ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
Securities Regulation ,
Shareholders ,
Special Purpose Acquisition Companies (SPACs) ,
White Collar Crimes
Large companies holding sensitive data – including financial services, telecommunications, business process outsourcing, hospitality, and cryptocurrency firms – as well as their IT helpdesks, are increasingly being targeted...more
11/28/2023
/ Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Collection ,
FBI ,
NIST ,
Popular ,
Publicly-Traded Companies ,
Ransomware ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Sensitive Business Information
Microsoft is one of the world’s leading technology companies. Its products and technologies are in offices, classrooms, and homes. Additionally, governments use them to help conduct vital public services.
Microsoft is also...more
8/16/2023
/ Artificial Intelligence ,
Banking Sector ,
Human Rights ,
Information Technology ,
Law Enforcement ,
Leadership ,
Machine Learning ,
Manufacturers ,
Microsoft ,
Popular ,
Private Equity ,
Retail Market ,
Risk Assessment ,
Risk Management ,
Supply Chain ,
Technology Sector ,
United Nations
On July 10, 2023, the European Commission (EC) adopted its adequacy decision for the EU-U.S. Data Privacy Framework (EU-U.S. DPF, or “Privacy Framework”), which establishes the Privacy Framework as an authorized mechanism...more
7/31/2023
/ Court of Justice of the European Union (CJEU) ,
Cross-Border Transactions ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Privacy Laws ,
Regulatory Agenda
On July 21, 2023, the White House announced that seven leading A.I. organizations (Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI) agreed on and committed to immediately implementing voluntary safeguards...more
On July 26, 2023, the Securities and Exchange Commission (SEC) adopted rules requiring disclosure of material cybersecurity incidents as well as periodic disclosure of cybersecurity risk, management, strategy, and governance...more
7/28/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
New Rules ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC)
As we’ve written about before, the question of anonymization can be tricky. When is something “anonymized” or merely “de-identified” or “pseudonymous” — and when does it matter? This is a particularly fraught issue under...more
The International Association of Privacy Professionals held its annual Global Privacy Summit on April 4-5 in Washington, D.C. Here are some things we learned.
1. Generative Artificial Intelligence (“AI”) is Ubiquitous in the...more
4/13/2023
/ Artificial Intelligence ,
Corporate Governance ,
CPOs ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
Internet ,
Machine Learning ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
Web Scraping
This is the eighth part in our 2023 series examining important trends in white collar law and investigations. Up next: anti-corruption.
The tumultuous crypto events of 2022, combined with the heightened agency and executive...more
3/1/2023
/ Blockchain ,
CFTC ,
Cryptocurrency ,
Department of Justice (DOJ) ,
Digital Currency ,
Enforcement Actions ,
Financial Markets ,
Legislative Agendas ,
Popular ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Oversight ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Token Sales
With the adoption of new technology, including the quick and unexpected shift to virtual learning because of the COVID-19 pandemic, K-12 institutions are at an increased risk of cyberattacks and threats thereof. The rise in...more
Editors’ Note: How does ChatGPT fare in writing a law firm blog post? We asked ChatGPT to write one . . .
PROMPT: Write a 500 word blog post, in the style of a law firm blog post, on ChatGPT, focusing in particular on...more
When it comes to website privacy compliance, cookies have consistently presented the most fraught issues for U.S. businesses. This is especially true for those businesses that find themselves in a sometimes new or often...more
1/27/2023
/ Consumer Privacy Rights ,
Cookie Banners ,
Cookies ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Member State ,
Privacy Laws ,
UK ,
Websites
As many businesses prepare to renew their insurance policies, considerations of consumer privacy rights ought to be top of mind.
The Colorado Privacy Act -
Scope -
Foley Hoag has previously written about the Colorado...more
12/23/2022
/ Biometric Information ,
Consumer Privacy Rights ,
Cyber Insurance ,
Data Protection ,
Enforcement ,
Insurance Brokers ,
Insurance Industry ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
Proposed Regulation ,
Renewal Options ,
Sensitive Personal Information
Google will spend the next three years with an independent compliance monitor scrutinizing its process for responding to warrants and other government data requests. This and other requirements are part of a settlement...more
11/15/2022
/ Compliance ,
Corporate Counsel ,
Corporate Integrity Agreement ,
Data Preservation ,
Data Retention ,
Department of Justice (DOJ) ,
Google ,
Regulatory Requirements ,
Search Warrant ,
Settlement ,
Stored Communications Act
On July 13, 2022, the United States Court of Appeals for the First Circuit ruled that the whistleblower protections contained in Section 806 of the Sarbanes-Oxley Act (SOX) do not apply to employees who report potential...more
President Biden issues a new executive order directing the Department of Health and Human Services and the Federal Trade Commission to take steps to safeguard access to reproductive healthcare services, protect patient...more
When is personal data “anonymized”? The answer to this question has largely been based on jurisdiction. If your business is in the U.S., so long as HIPAA or the CCPA does not govern, then generally aggregated or...more
In a move that further executes upon the SEC’s increasingly tough rhetoric on cryptocurrency and cybersecurity, SEC Enforcement recently announced that it will nearly double the size of its newly-renamed Crypto Assets and...more
6/16/2022
/ Corporate Counsel ,
Cryptoassets ,
Cryptocurrency ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Financial Services Industry ,
Investment Adviser ,
Publicly-Traded Companies ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC)
Please join us for a discussion and Q&A regarding the growing threat of business email compromises (a.k.a. man-in-the-middle attacks). Attorneys Chris Hart and Yoni Bard, litigators with experience in privacy matters and...more
This is the ninth post in this year’s series examining important trends in white collar law and investigations. Our previous post discussed trends in SEC enforcement of ESG priorities. Up next: Looking at the Landscape of...more
A data security incident will always require a technical response, and usually that technical response will come from outside experts. Those experts are hired to investigate and remediate an incident. Since data incidents...more