The Presumption of Innocence Podcast: Episode 45 - The Grit, Grace and Gift of Second Chances
The Justice Insiders Podcast - The Ever-Expanding Net: Corporate Compliance in an Era of Increasing Trade Sanctions and Restrictions
False Claims Act Insights - Are All Healthcare “Kickbacks” Subject to FCA Liability?
Episode 333 -- The Boeing Proposed Plea Agreement
DOJ’s New Self-Disclosure Policy and Corporate Whistleblower Awards Pilot Program
False Claims Act Insights - Assessing the Fallout from a Thermonuclear FCA Verdict
FCPA Survival Guide - Step 8 - Investing in Compliance
Exploring the AI and Crypto Intersection
The Justice Insiders Podcast: Jarkesy’s Implications for the Administrative State
The Presumption of Innocence Podcast: Episode 41 - The Dynamics of Decision-Making: Psychology and the Criminal Justice System
INTERPOL and Child Kidnapping Cases. What are INTERPOL’s Abilities and Limitations?
False Claims Act Insights - Eureka! Government Investigators Seek Out Research Misconduct
The Justice Insiders Podcast - AI-Washing: Everything Old Is New Again
The CFPB and State AGs Act Jointly Against Online Educational Company
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Episode 328 -- Sanctions Enforcement Risks and Redlines
FCPA Survival Guide: Step 3 - Extensive Remediation
Episode 324 -- Third-Party Risks and Sanctions Compliance
Compliance Tip of the Day – Compliance Lessons from the Albemarle FCPA Enforcement Action
The Presumption of Innocence Podcast: Episode 38 - A Blueprint for Compliance: The Fraud Pentagon Theory
Molecular diagnostics company Enzo Biochem, Inc. has reached settlements resolving investigations in relation to a 2023 data breach by the attorneys general (AG) for Connecticut, New Jersey, and New York. Enzo has agreed to...more
The SEC recently issued an order and settlement against a company from a pair of cyberattacks in which millions of dollars of client funds were stolen. While the company was able to recover a portion of the funds and...more
On 26 August the Dutch Data Protection Authority (DPA) fined Uber EUR 290 million for a breach of the General Data Protection Regulation (GDPR). Following a number of complaints from French Uber drivers, the DPA found that...more
On August 21, 2024, the second expert committee appointed under the Thai Personal Data Protection Act (PDPA) of 2019, issued an administrative fine to a major private company involved in online sales. The company allowed a...more
Selected U.S. Privacy and Cyber Updates - New York AG Seeks Comments on Rulemaking for Minors’ Online Protection Laws - On August 1, 2024, New York Attorney General Letitia James issued two advanced notices of proposed...more
What do the SolarWinds ruling and other recent developments mean for the future of the SEC’s cyber regulatory program? Will the SEC’s “lack of moderation” result in “violent ends” for its cyber agenda? Or will the current...more
TracFone, the pre-paid phone company, recently settled with the FCC over allegations that the company failed to protect customer information during three different data incidents. According to the FCC, in each of the...more
This Holland & Knight blog post is the second installment in a two-part series that examines the challenges to the U.S. Securities and Exchange Commission's (SEC) charges in its landmark case against SolarWinds Corp....more
On July 18, 2024, District Court Judge Engelmayer of the Southern District of New York issued his 107-page opinion and order dismissing most – but not all – of the landmark allegations of the SEC against SolarWinds Corp. and...more
On July 18, a New York federal judge threw out most of the SEC’s claims brought against both SolarWinds Corp. and the company’s chief information security officer (CISO), Timothy Brown....more
This week, the Federal Communications Commission (FCC) announced a settlement with TracFone Wireless to resolve investigations into whether TracFone failed to reasonably protect its customers’ information from unauthorized...more
On June 18, 2024, the Securities and Exchange Commission (“SEC”) announced a $2.1 million civil penalty settlement of charges against R.R. Donnelley & Sons (“RRD”), a global provider of business communications services and...more
On June 17, the Department of Justice (DOJ) announced settlements of alleged False Claims Act (FCA) violations associated with cybersecurity requirements in contracts to provide a secure environment for online applications...more
On June 24, the staff of the U.S. Securities and Exchange Commission's (SEC) Division of Corporation Finance (Division of Corporation Finance) released five new Compliance & Disclosure Interpretations (C&DIs) relating to the...more
In the ever-evolving compliance landscape, the recent enforcement action by the Securities and Exchange Commission (SEC) against RR Donnelley is a significant case study. This incident underscores the importance of robust...more
In a significant expansion of internal controls enforcement, the SEC announced a $2.1 million settlement with R.R. Donnelley & Sons Co. (“RRD”) for its handling of a 2021 ransomware attack and resulting disclosure failures. ...more
AT&T Inc. announced in a July 12, 2024, SEC filing that hackers stole a cache of six months’ worth of mobile phone customer data, illegally downloading the records from a workspace account at the cloud-service provider...more
The SEC continues to expand its cybersecurity enforcement authority to include allegations that a company's failure to monitor its managed security service providers (MSSP) amounts to violations of federal securities laws....more
In this episode of The Privacy Insider Podcast, host Arlo Gilbert is joined by Rachael Ormiston, Head of Privacy at Osano, to dive into the complex world of U.S. privacy regulations. How does the U.S. view privacy differently...more
On May 15, 2024, the SEC announced it would make amendments to Regulation S-P (Reg S-P). This will be the first amendment to the regulation since its adoption 24 years ago in 2000. The regulation focuses on how institutions...more
SEC Fines the New York Stock Exchange’s Parent Company $10 million for Failure to Promptly Notify Its Subsidiaries of Cybersecurity Breach - On May 22, 2024, the Securities and Exchange Commission (“SEC”) imposed a $10...more
Who may be interested: Investment Companies; Investment Advisers; Broker-Dealers; Transfer Agents - The SEC adopted amendments to Regulation S-P imposing new data privacy and security requirements on broker-dealers,...more
The financial services industry has seen a litany of new data privacy and cybersecurity challenges through the first half of 2024. Financial institutions are facing unprecedented compliance hurdles resulting from the...more
Intercontinental Exchange, Inc. (ICE), the owner of the New York Stock Exchange, has agreed to settle with the Securities and Exchange Commission (SEC) for $10 million over allegations that it failed to timely notify the SEC...more
Last year was a pivotal one for data privacy, as privacy received substantial attention from many regulators, including the Federal Trade Commission (“FTC”). Looking back at the FTC’s 2023 enforcement actions, statements and...more