On September 9, 2019, the Ninth Circuit Court of Appeals rejected LinkedIn’s privacy argument in hiQ Labs, Inc. v. LinkedIn Corp., declaring that selectively banning potential competitors from accessing and using public data “may well be considered unfair competition under California law.” The Ninth Circuit also cautioned Big Tech companies against anticompetitive practices when it comes to user data. Our Antitrust and IP, Tech & Data teams describe the implications in our recent alert.
Cybersecurity attacks targeting government information have drastically increased, and both the federal government and private industry have struggled to implement effective means of protecting this information. Federal agencies continue to strive for a unified approach to protect critical data; however, the various regulations leave contractors without a clear set of requirements that are applicable to all government contracts. Contractors can easily get lost in the alphabet soup of cybersecurity requirements, whether they be in the Federal Acquisition Regulation (FAR), Defense Federal Acquisition Regulation Supplement (DFARS), National Institute of Standards and Technology (NIST) publications, or the upcoming Cybersecurity Maturity Model Certification (CMMC). To aid some of that confusion, in this post we address: (a) the current cybersecurity regulations applicable to defense contractors, (b) the tentative cybersecurity certification program proposed by the Department of Defense (DoD) and new regulations imposed by the Department of Navy (DoN), and (c) what contractors can do now to ensure compliance with the ever-changing regulatory framework. Notwithstanding the implementation of these regulatory requirements, cybersecurity attacks and breaches continue to be a reality. Consequently, the search for ways to increase cybersecurity measures continues to be a priority.
In late July 2019, the Securities Commission Malaysia announced that it will be implementing an anti-corruption action plan (the Action Plan). The Action Plan will seek to improve the standards of corporate governance in Malaysia “to prevent corruption, misconduct, and fraud.”
Read our full client alert here.
On May 28 2019, the French data protection authority Commission nationale de l’informatique et des libertés (CNIL) imposed a €400,000 fine on French property management company Sergic for neglecting to maintain the security of and to limit the storage of personal data. This is the first sanction imposed on a French company under the General Data Protection Regulation (GDPR) and is also the most significant financial penalty imposed on a French company for data breaches to date, representing close to 1 percent of the yearly turnover of the fined company.
To learn more, please visit technologylawdispatch.com.
Following a recent data breach, Optical Center has been fined 250,000 euros by The Commission nationale de l’informatique et des libertés (CNIL). The website breach allowed public access to invoices, purchase orders, and personal data of customers. On appeal, the French Highest administrative Court (Council of State) lowered the penalty to 200,000 euros. The reduction of the fine, although slight, proves that the opportunity to file an appeal may be a strategic option for companies operating in France.
To read more on this recent update, please visit technologylawdispatch.com.
This year marks four years since significant statutory reforms regenerated the UK’s collective actions arena. Following a rocky start to this new regime, it appears that 2019 may finally bring some clarity to potential claimants navigating the first hurdle of competition class actions: the Collective Proceedings Order (‘CPO’) application. This is the first stage in the process whereby the Competition Appeals Tribunal (‘CAT’) considers whether to authorise the proposed class representative to bring the claim on behalf of the class. Read our team’s alert on how these recent key collective actions are shaping the UK’s new regime.
On March 8, 2019, the United States Department of Justice (the DOJ) announced a key revision to its Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy (the Policy) regarding employees’ use of ephemeral messaging platforms. The original Policy required companies to prohibit employees’ use of such messaging platforms in order to receive full cooperation credit and demonstrate adequate remediation. The revised Policy permits such communications, so long as proper guidance and controls are put in place to ensure the appropriate retention of business records. This reflects the DOJ’s recognition that its prior position did not comport with modern business realities. Our team describes the updated Policy and what companies now need to mindful of in our recent alert.
Last week, the U.S. Supreme Court decided Lorenzo v. SEC, determining that a person who knowingly disseminates a misstatement about a security can be primarily liable under the antifraud provisions of the federal securities laws. This significant holding opens the door for the SEC and private plaintiffs to charge misstatement cases as scheme cases, and target all parties involved in disseminating the misstatement to the investing public. Our team explains what you need to know in our recent alert.
On March 6, 2019, the U.S. Commodity Futures Trading Commission’s (the “Commission” or “CFTC”) Enforcement Division published an advisory (the “Advisory”) which discussed the implications of self-reporting and cooperation for violations of the Commodity Exchange Act (“CEA”) that involve foreign corrupt practices. The Advisory marks the first time the CFTC has expressed its intention to investigate the use of derivatives involving foreign corrupt practices and is also indicative of regulators’ realization that in the 21st century most businesses are international and use various complex business structures that may involve the use of commodities and derivatives.
1. The CFTC’s Mission
The CFTC is an independent agency of the United States federal government that regulates the futures, options and swaps markets (generally, the derivatives). Established in 1974, the CFTC’s role is to “foster open, transparent, competitive, and financially sound markets [and to] protect market users and their funds, consumers, and the public from fraud, manipulation, and abusive practices related to derivatives and other products.” Originally tasked with regulating the futures market for agricultural commodities, the Commission’s jurisdiction has expanded dramatically over the years to include futures (and from 2010 – swaps and options) markets for virtually all derivative products and services, including energy and metals, foreign exchange, various indices, interest rates and credit defaults, and digital assets – all of which are broadly included in the definition of a “commodity.”
The CEA broadly prohibits fraud and manipulation in connection with any transaction involving a “commodity” that is subject to the CFTC’s jurisdiction. Specifically, it is a violation of the CEA to intentionally or recklessly employ any manipulative device, scheme or artifice to defraud in connection with a swap, an option, or a commodity future (i.e., a derivative) as well as in connection with any commodity transaction, including those traded on spot or on a forward basis. Therefore, the CEA gives the CFTC broad authority to police abusive and fraudulent trade practices in derivatives, as well as cash commodity markets.
2. The CFTC’s Advisory
The Advisory follows on a series of similar advisories issued by the CFTC in 2017 and incentivizes companies and individuals to self-report and remediate violations of the CEA involving foreign corrupt practices, and to cooperate fully with the CFTC following the disclosure. Should they do so, market participants not registered (or required to be registered) with the CFTC will be entitled to a presumption of no civil penalty. Registrants with the CFTC are not entitled to this presumption, however, as they already have existing obligations to report material noncompliance with the CEA, including foreign corrupt practices. However, registrants who self-report, cooperate and remediate CEA violations may still secure substantial penalty reductions.
CFTC Enforcement Director James McDonald announced the CFTC’s new enforcement policy at the American Bar Association’s Conference on White Collar Crime (the “ABA Conference”), the same day that the Advisory was issued by the CFTC. McDonald encouraged individuals with information regarding foreign corrupt practices in the commodities or derivatives markets to share such information with the CFTC’s Whistleblower’s Office. According to Director McDonald, the CFTC has awarded at least $85 million to whistleblowers since 2014.
3. The CFTC’s Focus on Foreign Corrupt Practices
The Advisory signals the Commission’s intention to investigate foreign corrupt practices which unfairly impact the cash commodities and derivatives markets. The basis for this assertion of jurisdiction is the CFTC’s broad authority to prevent abusive practices in commodities trading markets, particularly in those instances where a violation of the CEA and the CFTC’s rules and regulations would also demonstrate engaging in foreign corrupt practices.
At the ABA Conference, McDonald provided examples of foreign corruption that the CFTC would investigate. Notably, the CFTC will investigate bribes that are paid to secure business in foreign countries in relation to regulated activities, such as trading, advising or dealing in derivatives or cash commodities. The CFTC will also investigate corrupt practices in connection with the manipulation of benchmark interest rates, which serve as the basis for related derivatives contracts.
McDonald also confirmed that the CFTC has opened investigations into similar misconduct, and emphasized the Commission’s commitment to its focus on foreign corrupt practices, “regardless of the specific factual scenario.”
4. CFTC to Coordinate with the DOJ and SEC on FCPA Enforcement
The Foreign Corrupt Practices Act (“FCPA”) has traditionally been enforced by the Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”), respectively, for criminal and civil offenses.
In this regard, the CFTC has clarified that it would continue to focus on subject matters that fall within its core jurisdiction (i.e., the CEA and the CFTC’s rules and regulations applicable to commodities and derivatives), but that it may now also look at corrupt practices that facilitate or induce commodities trading deals.
For example, a commodity trader who pays a bribe to secure business from a sovereign wealth fund or a foreign government may constitute a violation of both the CEA and the FCPA. In such instances, McDonald stated that the CFTC will closely coordinate with the DOJ or SEC to investigate such misconduct. Indeed, a senior DOJ official who attended the ABA Conference stated that the DOJ was looking forward to coordinating with the CFTC in cases involving foreign corrupt practices.
5. No Piling On
McDonald has emphasized that the CFTC’s focus on foreign corrupt practices is not meant to “pile onto” existing FCPA investigations being conducted by the DOJ or the SEC. To reflect this, the CFTC “will give dollar-for-dollar credit for disgorgement or restitution payments in connection with other related actions.”
These developments substantially heighten the need for participants in the commodity, futures and swaps markets to adopt a proactive approach in identifying and addressing overseas corruption issues that may exist in their deal-making and business practices. This is particularly pertinent for deals which involve parties from high-risk jurisdictions.
On Thursday March 21, 2019, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) updated the advisory document it published on February 23 regarding North Korea’s illicit shipping practices. The updated guidance provides further information about North Korea’s deceptive shipping practices aimed at evading international sanctions and provides a list of ‘red flags’ aimed at assisting in the identification of these deceptive practices. This guidance follows North Korea’s continued attempts to evade U.S. and UN sanctions and remains applicable despite President Trump’s announcement that the United States would not impose further sanctions on North Korea. Our Sanctions Team summarizes the updated guidance document in our client alert.