Virginia passes second state-level consumer data privacy law in the U.S.

On March 2, 2021, Virginia joined California as the second state to enact comprehensive data privacy protections for its residents. The Virginia Consumer Data Protection Act (CDPA), which will go into effect January 1, 2023, will mainly be interpreted and enforced by The Virginia Attorney General (AG). Our State Attorneys General and Virginia Government Relations teams describe the new law and what companies need to be aware of in our recent Technology Law Dispatch blog post.

UK Imposes Sanctions on Senior Belarusian Figures

By Brett Hillis and Ray-Shio Ho on 30 September 2020 Posted in International Trade & National Security

As advised previously in our client alert, the UK has again departed from the EU sanctions regime by imposing sanctions against eight members of the Belarusian regime.

On 29 September 2020, the UK imposed sanctions under its Global Human Rights sanctions regime on eight members of the Belarusian regime, for human rights violations (including torture and forced deportations) and rigged elections. The eight members subject to the sanctions include Alexander Lukashenko (Belarusian president), his son and senior figures in the Belarusian government. Prior to the UK sanctions, the UK government triggered an independent investigation into the Belarus elections and human rights violations. The sanctions, which were imposed in conjunction with Canada, include a travel ban and asset freeze.

This is the second time the UK has departed from the EU sanctions regime and imposed sanctions under the Global Human Rights sanctions regime (the first being in July 2020). This marks a clear intention by the UK to collaborate with other countries and maintain a distinct sanctions regime.

Tracking federal agencies’ re-opening plans for government contractors

By Lawrence Block, Elizabeth Leavy and William Kirkwood on 26 June 2020 Posted in Government Contracts & Grants

After months of federal agency closures, and a wide expansion of teleworking and other remote work policies crafted in response to the novel coronavirus, the federal government is planning for a phased re-opening.[1] This post was most recently updated on June 26, 2020, and it includes updates to the following agency plans: Department of Defense, IRS/Treasury, U.S. Census Bureau, NASA, Department of Energy, State Department, Department of Homeland Security, Office of Personnel Management, Department of Transportation, Department of Agriculture and the EPA. In June, a number of agencies entered Phase One of their reopening plans. We will continue to update as agencies continue to release and modify their reopening guidance.

On April 20, 2020, the Executive Office of the President, Office of Management and Budget (OMB) published Memorandum M-20-23 on “Aligning Federal Agency Operations with the National Guidelines for Opening Up America Again.”

In this Memorandum, OMB provides a framework to be used by federal agencies to develop policies and procedures for re-opening and a return to the federal workplace. Each federal agency must develop its own policies and procedures consistent with the Guidelines for Employers included in the Memorandum, as well as accounting for the agency’s own operational needs and the geographic area in which each agency operates. Like most states that have issued re-opening guidelines, the Memorandum contemplates a gating period in which the agency must see a downward trend in COVID-19 cases before proceeding to a phased re-opening. Agency policies and procedures for a phased re-opening must take into account the following criteria:

Cryptocurrency and digital asset fraud in the Asia-Pacific – how can you mitigate the risk?

By Calvin Chan, Hagen Rooke, Nicholas Seng and Jun Yi Ho on 2 June 2020 Posted in Data Security, Privacy & Management, Government Investigations & White Collar Criminal Defense

The Asia-Pacific region has a flourishing cryptocurrency and digital-asset ecosystem, but despite comprehensive regulatory frameworks, fraudulent actors continue to exploit cybersecurity and control weaknesses making it vital that businesses have fraud mitigation measures in place. In our recent client alert, we take a detailed look at crypto and digital asset fraud in the region, provide an overview of the regulatory frameworks in specific jurisdictions, explore investigating instances of crypto fraud, and identify 5 practical measures that businesses can implement to mitigate fraud risks.

8 key considerations when handing data privacy risks in Asia-Pacific corporate investigations

By Calvin Chan, Charmian Aw and Nicholas Seng on 22 May 2020 Posted in Data Security, Privacy & Management, Government Investigations & White Collar Criminal Defense

Investigations can be fraught with a range of data privacy issues; addressing these issues quickly is critical if there is a possibility of implicated individuals tampering with electronic evidence, and companies can expect serious ramifications if data protection and privacy laws are found to have been breached. In our latest client alert, we provide an overview of the Asia-Pacific regulatory landscape and identify 8 key points to help businesses manage data privacy risks in the region.

Dawn raids in the Asia-Pacific: how to prevent them, prepare correctly and protect your business

By Calvin Chan, Charmian Aw and Jun Yi Ho on 15 May 2020 Posted in Government Investigations & White Collar Criminal Defense

Dawn raids cause cataclysmic upheaval and often catch businesses off guard; a company’s initial response can have a significant impact on their ability to influence the outcome. With regulatory authorities having ever greater search and seizure powers in the Asia-Pacific region, it is paramount that businesses prepare for when enforcement officers come knocking. In our latest client alert, we outline some key trends in the region and share our top tips on how to prevent dawn raids, prepare your business and employees thoroughly and, ultimately, how to protect your business.

Contractor successfully uses GAO pre-award protest to modify solicitation

By Elizabeth Leavy and Lawrence Block on 4 February 2020 Posted in Government Contracts & Grants

When the terms of a solicitation run contrary to the regulations, challenging the solicitation in a pre-award protest may provide contractors the chance to shift the tide in their favor before bids are submitted and an award is made. In January 2020, the Government Accountability Office (GAO) sustained a pre-award bid protest brought by Noble Supply & Logistics, Inc. that challenged the terms of a General Services Administration (GSA) solicitation. Noble Supply & Logistics, Inc., B-418141, 2020 WL 289546 (Jan. 16, 2020). Noble Supply argued the RFQ’s price evaluation methodology, as written, failed to provide for an evaluation of which offeror presented the best value and the lowest overall cost alternative, in violation of FAR part 8.

France’s discriminatory Digital Services Tax prompts hefty tariff proposal from the USTR

By Michael J. Lowell, Manasi Venkatesh and Sarah Wronsky on 9 December 2019 Posted in Data Security, Privacy & Management, International Trade & National Security

On December 2, 2019, the Office of the U.S. Trade Representative (USTR) issued a Section 301 Investigation Report on France’s Digital Services Tax (DST), concluding that France’s DST discriminates against U.S. companies, is inconsistent with prevailing principles of tax policy, and is unusually burdensome for affected U.S. companies. In response, the USTR proposed up to 100 percent tariff on French products. Members of our International Trade Team explain these developments in our recent client alert.

Ninth Circuit rejects privacy argument in hiQ Labs, Inc. v. LinkedIn Corp.; raises antitrust concerns

By Gerard Stegmaier, Christopher Brennan, Michelle A. Mantine and Gregory Vose on 3 October 2019 Posted in Antitrust & Competition, Data Security, Privacy & Management

On September 9, 2019, the Ninth Circuit Court of Appeals rejected LinkedIn’s privacy argument in hiQ Labs, Inc. v. LinkedIn Corp., declaring that selectively banning potential competitors from accessing and using public data “may well be considered unfair competition under California law.” The Ninth Circuit also cautioned Big Tech companies against anticompetitive practices when it comes to user data. Our Antitrust and IP, Tech & Data teams describe the implications in our recent alert.

Riding the cybersecurity compliance wave: How defense contractors can navigate the rising tide of cybersecurity regulations

By Elizabeth Leavy and Liza Craig on 23 September 2019 Posted in Data Security, Privacy & Management, Government Contracts & Grants

Cybersecurity attacks targeting government information have drastically increased, and both the federal government and private industry have struggled to implement effective means of protecting this information. Federal agencies continue to strive for a unified approach to protect critical data; however, the various regulations leave contractors without a clear set of requirements that are applicable to all government contracts. Contractors can easily get lost in the alphabet soup of cybersecurity requirements, whether they be in the Federal Acquisition Regulation (FAR), Defense Federal Acquisition Regulation Supplement (DFARS), National Institute of Standards and Technology (NIST) publications, or the upcoming Cybersecurity Maturity Model Certification (CMMC). To aid some of that confusion, in this post we address: (a) the current cybersecurity regulations applicable to defense contractors, (b) the tentative cybersecurity certification program proposed by the Department of Defense (DoD) and new regulations imposed by the Department of Navy (DoN), and (c) what contractors can do now to ensure compliance with the ever-changing regulatory framework. Notwithstanding the implementation of these regulatory requirements, cybersecurity attacks and breaches continue to be a reality. Consequently, the search for ways to increase cybersecurity measures continues to be a priority.