Articles In This Issue:
Click here to download the full issue.
This post was written by Lorraine M. Camposand Keith D. Coleman.
On September 15, 2010, the House unanimously passed H.R. 5366, referred to as the “Overseas Contractor Reform Act (the “Act”)”. The Act would amend federal law to require that any individual, partnership, or corporation found to be in violation of the Foreign Corrupt Practices Act of 1977 (“FCPA”) be proposed for debarment from any federal contract or grant within 30 days after final judgment of such violation. The FCPA is a law that prohibits bribery of foreign officials by U.S. or related companies. The Act declares that it is the policy of the U.S. Government that no contract or grant should be awarded to individuals or companies that violate the FCPA. Promulgation of the Act is said to be in reaction to media reports last year that a private security contractor allegedly authorized illegal payments to Iraqi officials to prevent Iraq from revoking the company’s license to operate in the country.
In analyzing the Act, one must first consider whether the provisions of the Act are necessary. The current regulations provide that conviction of a criminal offense, like the FCPA, is cause for debarment. See FAR 9.406-2(a)(1). Moreover, a separate cause for debarment exists for firms and individuals who are convicted of committing bribery. See FAR 9.406-2(a)(3). Therefore, the Act does not grant the Government with any additional authority. However, because FCPA actions are oftentimes resolved by execution of a non-prosecution agreement (“NPA”) or deferred prosecution agreement (“DPA”), contractors must be aware of the consequences of the Act when negotiating such agreements. Specifically, contractors must ensure that the negotiated NPA or DPA does not expressly required the company to admit to violating the FCPA or committing bribery.
The Act is currently being considered by the Senate. Reed Smith will continue to keep you posted on the progress of this legislation.
This post was written by Simon Hart.
Eight weeks and counting. That is the period that the UK’s Ministry of Justice has given for responses to their consultation paper on the guidance which will be published by the Government as to what might constitute “adequate procedures” for companies who might find themselves relying on the statutory defence under the new Bribery Act 2010. What is significant is that the Government has consciously truncated the usual 12 week consultation period so that the formal guidance can be published in January 2011 with the intention being that the Act will still come into force in April 2011.
The draft guidance is built upon 6 principles:
Around each of these the Government has identified a number of draft questions that organisations need to ask themselves in order to decide whether their procedures are adequate for their business. As expected, it appears the guidance will be high level, leaving the onus upon companies to interpret what is required.
Whilst the form of the draft guidance is not a surprise, the timetable for the consultation shows a clear commitment by the Government to bring this Act in to force in spring of next year. In planning terms, that is a very short space of time for corporations to assess their business models and put in place the necessary procedures. The clock is ticking.
For those wanting to review and respond to the consultation, the relevant papers can be found here.
This post was written by Diane Bettino and Paul Bond.
Nearly every state in the U.S. has a statute requiring notifications upon discovery of a data security breach. Most of these laws do not mandate notification to any state authority. T hose few state laws that compel governmental notice are usually satisfied with contemporaneous notice, or notice after the fact.
That all may change, at least for entities licensed or directly regulated by state agencies. The State of Connecticut’s Department of Insurance has issued a bulletin, Bulletin IC-25.
Bulletin IC-25 envisions a much more active government role whenever a company licensed or regulated by the Department has an “information security incident”. This Bulletin applies to a variety of regulated entities, from insurers to appraisers, from bail bond agents to pharmacy benefit managers to medical discount plans.
The Bulletin requires that the business send notice of an “information security incident” no later than five calendar days after the incident is identified. As businesses who have suffered from data security breaches know, it will often take more than five calendar days to know even the basics about a potential incident.
This lightening-quick notification to the Department should include as much as possible about 15 categories of information, including the results of internal reviews and copies of the business’s privacy policies and data breach policies. If regulated companies did not have adequate incentive to have such policies in place before, they surely do now.
“The Department will want to review, in draft form, any communications proposed to be made” regarding the breach. Additionally, “depending on the type of incident and information involved, the Department will also want to have discussions regarding the level of credit monitoring and insurance protection which the Department will require to be offered to affected consumers and for what period of time” (emphasis added). Businesses used to drafting their own communications and selecting their own remedies to offer will now be negotiating those points post-breach with a government agency.
In addition, the Department will set up a “monitoring process,” unique to each incident, to keep abreast of “activities associated with any information security incident”.
It remains to be seen whether other state regulatory agencies adopt a similar approach. However, for those who fall under the ambit of this Bulletin, it represents a sea change in the allocation of authority between government and business in the period between breach and notification.
This post was written by Kevin Xu and John L. Hines, Jr.
U.S. courts often disregard foreign data privacy laws in the context of discovery. Litigants sometimes find themselves compelled to produce under U.S. law what they are forbidden to produce under the privacy laws of another country. However, a recent U.S. court decision indicates increasing sensitivity to the privacy expectations of persons abroad.
On August 27, 2010, in connection with In re Payment Card Interchange Fee and Merchant Discount Antitrust Litigation, the court ruled that some data collected and processed in the EU would have been unlawful to transfer to the United States under the EU Privacy Directive, and thus, should not be subject to production in U.S. litigation.
Continue Reading...This post was written by Joelle Laszlo.
In a twist lauded by proponents of government transparency, the 2010 Supplemental Appropriations Act (“Act”) signed by President Obama July 29, 2010, requires that nearly all of the information contained in the Federal Awardee Performance and Integrity Information System (“FAPIIS”) be made available on the Internet. Specifically, the Act amends the Clean Contracting Act of 2008 to provide that the General Services Administration (“GSA”) will post to the Web all FAPIIS data except contractor past performance reviews. The Act provides no deadline for GSA action in this regard, but the Office of Management and Budget, which oversees GSA’s administration of FAPIIS, is reportedly hard at work on the logistics of posting FAPIIS information on the Internet.
In May, Reed Smith provided details on the FAPIIS reporting requirements promulgated in the spring by the Federal Acquisition Regulation Council. Essentially, FAPIIS is to contain a comprehensive set of information regarding contractor performance, including contract terminations for default; contractor suspension, debarment, and other penalties; and contract-related criminal, civil, and administrative proceedings and their outcomes. Though contractors have the opportunity to comment on any of the information about them in FAPIIS, the public disclosure of nearly all FAPIIS data may leave some ill at ease. It is yet another reason contractors would be well advised to ensure their houses (and reports) are in order, before competitors, watchdogs, and the media come knocking.
This post was written by Richard Waite.
The UK's main competition authority, the OFT, appears to be gearing itself up to make greater use of its powers to target individuals involved in anti-competitive practices in the UK.
Individuals have faced the threat of enforcement action in the UK since 2003, in the form of disqualification of directors and, in relation to cartel activity, fines and prison sentences of up to five years. However, to date, such sanctions have only been imposed in one case - and that being the Marine Hose case where the individuals admitted their guilt as part of a plea bargain with U.S. prosecutors.
The OFT has now issued new guidance relating to its power to apply to the court for competition disqualification orders (CDOs) to be made against UK company directors. A successful application will result in a director of a company involved in anti-competitive arrangements, including abuse of dominance, being banned from acting as a company director in the UK for up to 15 years. One of the key changes to the OFT's approach reflected in the new guidance is that it no longer distinguishes between the level of involvement of the director in the infringing activity. So, the OFT may now be likely to apply for a CDO where a director ought to have known about an infringement, as well as where the director him/herself was directly involved in the infringing conduct. In other changes, the guidance now envisages CDO applications where there has not yet been a prior OFT decision or where the undertaking has not been fined. However, a proposal to leave open the possibility of CDO applications in some cases where a company had applied for leniency was dropped due to concerns that it would undermine the leniency system.
The difficulties encountered so far in bringing successful cartel offence prosecutions (see for example the recent collapse of the trial against three British Airways executives), may partially explain why the OFT seems to be turning its attention to director disqualification as potentially an easier way to target senior individuals. The OFT has never used these powers before, however, by publishing new strengthened guidance, it looks to be sending a message that it is intending to be more active in this area. New guidelines on their own will obviously have no effect unless they are put into practice, so it will be interesting to see how long it is before these powers are tested and how successful they prove. The OFT may well be waiting for a straightforward case where a director has been directly involved in a serious infringement in order to ensure its first CDO application is a success.
This post was written by Cynthia O'Donoghue and Nick Tyler.
On July 13, 2010, the influential Article 29 Working Party ("Working Party"), consisting of all the European Union's national data privacy regulators, adopted Opinion 3/2010 on the principle of accountability (the "Opinion").
This is an important contribution to the European Commission's review of the European Data Protection Directive 95/46/EC (Data Protection Directive), a draft of which had been expected later this year, but is now expected some time in late 2011. In essence, the Opinion builds on good practice in the area of global regulatory compliance, advocating the introduction of a "principle of accountability" in the revised Data Protection Directive that "would explicitly require data controllers to implement appropriate and effective measures to put into effect the principles and obligations of the [Data Protection] Directive and demonstrate this on request." The Working Party objective is to "encourage data protection in practice" by requiring data controllers to take a strategic, risk-based approach when determining effective and appropriate measures based on the nature of the personal information being processed and the risks represented by such processing.
It is going to be several years before any revised Data Protection Directive is agreed and in force throughout Europe. In the meantime, organisations are encouraged to follow the lead of an increasing number of data controllers who are taking responsibility for their data privacy obligations through the adoption of robust data privacy compliance programs. In so doing, they are holding themselves accountable to their stakeholders, including data protection authorities and data subjects, for that commitment to good practice.
The Working Party suggests that not only are such organisations more likely to be in compliance with the law, but, in the event of a data protection violation, data protection authorities also "could give weight to the implementation (or lack of it) of measures and their verification in considering sanctions."
The Opinion is an important output of the Working Party and provides a clear indication of how the European data protection authorities view the real-world challenges facing data controllers.
To view the entire alert please click here. For additional information please contact one of the authors.
This post was written by Cynthia O'Donoghue, Katalina Chin and Katharina Weimer.
A few days following the concession made by BlackBerry manufacturers, Research in Motion (RIM), to provide Indian security agencies access to their encrypted data, India’s Home Minister P. Chidambaram held “security to be more important than privacy”.
Security concerns in India have certainly risen following the terror attack on Mumbai in November 2008, the worsening violence in the disputed region of Kashmir and a rising Maoist insurgency in a mineral-rich territory of the East. And certainly, such concerns may be flared by the fact that attacks are often coordinated using mobile phones, satellite phones and voice over internet calls. These mounting fears over terrorism have led the Indian Government to demand from their first target, RIM, full access to the encrypted data of BlackBerry users in India.
Canadian company RIM refused this request on technical grounds, arguing that the information would be impossible to provide. However, in the knowledge that data is provided by RIM to other countries the Indian Government stuck firm to their demand: then why not India? While the private service, Blackberry Internet Service (BIS), offered by RIM uses their own servers for communication, RIM maintained it is not possible for them to access the business service (Blackberry Enterprise Service (BES)). Indeed, the level of privacy afforded to RIM’s corporate customers is a strong selling point and providing governments with access to email communication for surveillance purposes has the potential to breach a fundamental principle of RIM's business approach: customers' trust in the confidentiality of their communications.
Following RIM's refusal to grant access, the Indian Government issued an ultimatum: if they did not grant full access to all data (encrypted or not), India would block the mail service of the smart phone manufacturer entirely. Fearing this ban on their business in India, one of the fastest growing smart phone markets of the world, RIM conceded to the Indian Government's requests and made several suggestions to resolve the issue of providing access to their data. The decision made by Nokia, RIM’s main competitor in the region, to set up servers in India to facilitate government monitoring, may well have weakened any bargaining position that RIM were hoping to play on.
The measures to be adopted by RIM have yet to be made public but the proposals are seemingly sufficient for the Indian government to grant a two-month grace period to evaluate RIM’s suggestions. While the reprieve offers Blackberry users in India some breathing space, it is unclear whether RIM will be in a position to satisfy the interests of both the Indian Government in security and surveillance and their customers in ensuring the privacy of their communications. India’s Home Secretary is due to meet officials from the Department of Telecommunications, the Intelligence Bureau and the National Technical Research Organisation on Monday the 6th of September to discuss Blackberry security issues.
In light of this development and the Indian Government’s priority on national security over privacy, there is likely to be mounting fear amongst similar online communications companies that they may be the next target and have to provide access to encrypted data transmitted online. RIM has faced similar issues in other countries, including Saudi Arabia, the United Arab Emirates, Lebanon and Indonesia.
This post was written by Anne Borkovic.
After months of intense global negotiations, and facing increased sanctions from the United States, the EU, and the United Nations, what is life like in Iran? As expected, Iranians are experiencing increased gas prices, and the Iranian Revolutionary Guard is having some financing difficulties. Some of the more interesting effects, though, are the ban on mullets and fatwa against puppies.
In July, Iran’s Ministry of Culture and Islamic Guidance announced a ban on certain “decadent Western” hair styles for men, including the mullet. The full catalog of acceptable styles was presented at the Modesty and Veil Festival. Some interesting concessions were made – including allowing a modest amount of hair gel and a goatee – but mullets, pony tails, and elaborate spikes are out.
This past week, the Ministry announced a ban on advertising that promotes pets, pet care, and pet food in response to a June fatwa against pets from Ayatollah Shirazi, because pet owners were “blindly imitating the West.” He explained that “Many people in the West love their dogs more than their wives and children,” and that the devotion to pets would result in “evil outcomes.”
While it is unclear whether the ban on mullets and puppy food advertising will change Iran’s stance regarding nuclear power, we are interested to see what the Ministry will do in response to the June announcement from prayer leader Hojjat ol-eslam Kazem Sediqi that "Many women who do not dress modestly lead young men astray and spread adultery in society which increases earthquakes.”
This post was written by Christopher Rissetto, Larry Demase, Jennifer Smokelin, Bob Helland, and David Wagner.
In the weeks that have passed since our previous article on climate change activity in Congress and the Environmental Protection Agency, it has become evident that Washington is more likely to see a snowstorm this summer than congressional passage of a cap-and-trade measure for greenhouse gas emissions. Passage was never considered to be easy - something we noted in our previous alert. For example, the House of Representatives passed climate legislation in 2009 (H.R. 2454, sponsored by Congressmen Waxman (D-CA-30) and Markey (D-MA-7), but by only a six-vote margin. Still, the 2009 legislation, combined with the impact of the Gulf of Mexico Oil Spill, indicated to some that there was some momentum for a bill passing the Senate and reaching the President this year. But that momentum ran smack into the 60-vote requirement in the Senate, which all measures must clear before receiving a final vote. And the 60 votes were just not there - not for the Waxman-Markey measure or for the industry-specific compromise floated by Senators Kerry (D-MA) and Lieberman (I-CT) during the end of negotiations. It remains possible that the Senate could still take up a cap-and-trade measure, either when it meets from September 13 through October 8 or during its "lame-duck" session, set to begin November 15. But we would not recommend anyone holding their breath.
While action on cap-and-trade in the 111th Congress fizzled in the Senate, EPA has continued on its course of regulating greenhouse gas (GHG) emissions. As reported in Reed Smith’s Environmental Law Resource blog, in response to EPA’s “Endangerment Finding,” a number of petitions for reconsideration were filed by various industry and special interest groups. These petitions challenge the validity of EPA conclusions that global warming is currently at an all-time high and assert that other geologic periods - e.g., the Medieval Warm Period and the Holocene period - were in fact warmer than present. Specifically, the groups challenge data supporting reconstruction of historical earth temperatures and assert that certain e-mails involving scientists at the Climate Research Unit of the University of East Anglia in the United Kingdom demonstrate a deliberate and inappropriate manipulation of the data. The petitioners also challenge the process by which EPA developed the scientific support for the Endangerment Finding; that is, they are claiming that EPA did not independently judge the underlying science and thus did not convene a truly independent external peer review. Petitioners also claim EPA violated the Information Quality Act by failing to post the underlying data and scientific studies in the docket. Finally, the petitioners assert that new scientific studies refute evidence supporting the Endangerment Finding.
On July 29, 2010, EPA denied all of the petitions for reconsideration and found, inter alia, that there were no significant errors in the Intergovernmental Panel on Climate Change’s (IPCC) Fourth Assessment Report, and that there was no conspiracy to manipulate the data. EPA also rejected the claim by petitioners that new scientific studies refuted evidence supporting the Endangerment Finding. The court challenges to the Endangerment Finding can now proceed. These challenges, however, are not as likely to be successful as the challenges to the Tailoring Rule, discussed next.
There are significant challenges to the Tailoring Rule, EPA's rule that "tailors" permitting programs to limit the number of facilities that would be required to obtain New Source Review and Title V operating permits based on their greenhouse gas emissions. If there is a chink in EPA’s armor, it rests in these challenges. The crux of these challenges focus on the threshold and timing determination in the final Tailoring Rule, in which EPA sets a threshold of regulation at 75,000 tons GHGs. This effectively leaves major industrial sources under that threshold unregulated until at least 2016, and perhaps beyond. In the draft regulation, EPA had proposed a 25,000-ton GHG threshold. Challengers to the Tailoring Rule argue that this switch from 25,000 to 75,000 tons is arbitrary and capricious with no scientific basis in the record to support it. And they may be right. Last week, 20 of the lawsuits against EPA's tailoring rule were consolidated by the U.S. Court of Appeals for the District of Columbia Circuit. The case's court date has not yet been set. For more discussion, see here.
On the regulatory front, EPA continues to press its authority under the Endangerment Finding. Following up on its Tailoring Rule, on August 12, 2010, EPA proposed two rules regarding GHG emission permitting under the Clean Air Act . In the first rule, EPA proposed to require permitting authorities in 13 states to make changes in their implementation plans to ensure that GHG emissions will be covered. Other states are to inform EPA if their existing permitting authority does not allow them to address GHG emissions. In the second rule, EPA is proposing a federal implementation plan that would allow EPA to issue permits for covered GHG sources located in states not able to develop and submit revisions to their implementation plans before the Tailoring Rule becomes effective. Neither of the rules has been published in the Federal Register yet. Once they are published, EPA will schedule a public hearing on the federal implementation plan rule likely in Arlington, Va., in September.
This summer, EPA also issued its proposed “Transport Rule” to provide for the attainment and maintenance of the 1997 and 2006 fine particulate matter National Ambient Air Quality Standards and the 1997 ozone NAAQS. While targeting only reductions in emissions of NOx and SO2 transported between the states, many believe this rule will have a dramatic impact on the viability of coal-fired electric generating capacity in the eastern United States. The Transport Rule is discussed in more detail at the Environmental Law Resource.
Finally, the Obama Administration is also considering a variety of actions it can take without Congress. In a report entitled, “Plan B: Near Term Presidential Actions for Energy and Environmental Leadership,” the Presidential Climate Action Project concluded that President Obama could implement the following ideas prior to the United Nations 16th Conference of the Parties in Cancun:
Enter keywords:
To receive updates as they are posted, please add this blog to your feeds or subscribe by entering your e-mail address in the space below.