Investigations can be fraught with a range of data privacy issues; addressing these issues quickly is critical if there is a possibility of implicated individuals tampering with electronic evidence, and companies can expect serious ramifications if data protection and privacy laws are found to have been breached. In our latest client alert, we provide an overview of the Asia-Pacific regulatory landscape and identify 8 key points to help businesses manage data privacy risks in the region.
Dawn raids cause cataclysmic upheaval and often catch businesses off guard; a company’s initial response can have a significant impact on their ability to influence the outcome. With regulatory authorities having ever greater search and seizure powers in the Asia-Pacific region, it is paramount that businesses prepare for when enforcement officers come knocking. In our latest client alert, we outline some key trends in the region and share our top tips on how to prevent dawn raids, prepare your business and employees thoroughly and, ultimately, how to protect your business.
When the terms of a solicitation run contrary to the regulations, challenging the solicitation in a pre-award protest may provide contractors the chance to shift the tide in their favor before bids are submitted and an award is made. In January 2020, the Government Accountability Office (GAO) sustained a pre-award bid protest brought by Noble Supply & Logistics, Inc. that challenged the terms of a General Services Administration (GSA) solicitation. Noble Supply & Logistics, Inc., B-418141, 2020 WL 289546 (Jan. 16, 2020). Noble Supply argued the RFQ’s price evaluation methodology, as written, failed to provide for an evaluation of which offeror presented the best value and the lowest overall cost alternative, in violation of FAR part 8.
On December 2, 2019, the Office of the U.S. Trade Representative (USTR) issued a Section 301 Investigation Report on France’s Digital Services Tax (DST), concluding that France’s DST discriminates against U.S. companies, is inconsistent with prevailing principles of tax policy, and is unusually burdensome for affected U.S. companies. In response, the USTR proposed up to 100 percent tariff on French products. Members of our International Trade Team explain these developments in our recent client alert.
On September 9, 2019, the Ninth Circuit Court of Appeals rejected LinkedIn’s privacy argument in hiQ Labs, Inc. v. LinkedIn Corp., declaring that selectively banning potential competitors from accessing and using public data “may well be considered unfair competition under California law.” The Ninth Circuit also cautioned Big Tech companies against anticompetitive practices when it comes to user data. Our Antitrust and IP, Tech & Data teams describe the implications in our recent alert.
Cybersecurity attacks targeting government information have drastically increased, and both the federal government and private industry have struggled to implement effective means of protecting this information. Federal agencies continue to strive for a unified approach to protect critical data; however, the various regulations leave contractors without a clear set of requirements that are applicable to all government contracts. Contractors can easily get lost in the alphabet soup of cybersecurity requirements, whether they be in the Federal Acquisition Regulation (FAR), Defense Federal Acquisition Regulation Supplement (DFARS), National Institute of Standards and Technology (NIST) publications, or the upcoming Cybersecurity Maturity Model Certification (CMMC). To aid some of that confusion, in this post we address: (a) the current cybersecurity regulations applicable to defense contractors, (b) the tentative cybersecurity certification program proposed by the Department of Defense (DoD) and new regulations imposed by the Department of Navy (DoN), and (c) what contractors can do now to ensure compliance with the ever-changing regulatory framework. Notwithstanding the implementation of these regulatory requirements, cybersecurity attacks and breaches continue to be a reality. Consequently, the search for ways to increase cybersecurity measures continues to be a priority.
In late July 2019, the Securities Commission Malaysia announced that it will be implementing an anti-corruption action plan (the Action Plan). The Action Plan will seek to improve the standards of corporate governance in Malaysia “to prevent corruption, misconduct, and fraud.”
Read our full client alert here.
On May 28 2019, the French data protection authority Commission nationale de l’informatique et des libertés (CNIL) imposed a €400,000 fine on French property management company Sergic for neglecting to maintain the security of and to limit the storage of personal data. This is the first sanction imposed on a French company under the General Data Protection Regulation (GDPR) and is also the most significant financial penalty imposed on a French company for data breaches to date, representing close to 1 percent of the yearly turnover of the fined company.
To learn more, please visit technologylawdispatch.com.
Following a recent data breach, Optical Center has been fined 250,000 euros by The Commission nationale de l’informatique et des libertés (CNIL). The website breach allowed public access to invoices, purchase orders, and personal data of customers. On appeal, the French Highest administrative Court (Council of State) lowered the penalty to 200,000 euros. The reduction of the fine, although slight, proves that the opportunity to file an appeal may be a strategic option for companies operating in France.
To read more on this recent update, please visit technologylawdispatch.com.
This year marks four years since significant statutory reforms regenerated the UK’s collective actions arena. Following a rocky start to this new regime, it appears that 2019 may finally bring some clarity to potential claimants navigating the first hurdle of competition class actions: the Collective Proceedings Order (‘CPO’) application. This is the first stage in the process whereby the Competition Appeals Tribunal (‘CAT’) considers whether to authorise the proposed class representative to bring the claim on behalf of the class. Read our team’s alert on how these recent key collective actions are shaping the UK’s new regime.