California voters have approved the California Privacy Rights Act (CPRA), a new law coming into effect on 1 January 2023 that will significantly amend the California Consumer Privacy Act. The CPRA will, among other things, modify existing consumer rights and create new rights and establish the United States' first dedicated privacy enforcer. Despite never having been reviewed by California's legislature, the CPRA also limits the extent to which its provisions can be amended through future legislation.
In response to the significant rise in ransomware attacks since the start of the COVID-19 pandemic and just in time for Cybersecurity Awareness Month, the Treasury Department's Financial Crimes Enforcement Network and the Office of Foreign Assets Control recently issued advisories on the potential legal risks of making or facilitating ransomware payments.
The Department of Commerce, the Department of Justice and the Office of the Director of National Intelligence have jointly issued a white paper containing information about privacy protections under the US law for national security access, with a particular focus on the issues raised by the European Court of Justice (ECJ) in its Schrems II decision. The white paper focuses on practical applications of the legal authorities that the ECJ examined and discounts mere 'theoretical possibilities' that are unlikely to occur.
The California attorney general recently issued the final implementing regulations for the California Consumer Privacy Act. The final regulations – which had been under review by the California Office of Administrative Law since 1 June 2020 – include several changes to the previous draft regulations and take effect immediately. Most of the changes relate to grammar, formatting and drafting consistency, but several substantive provisions have been withdrawn entirely for additional consideration.
A recent action by the National Advertising Division (NAD), a self-regulatory arm of the Better Business Bureau, addresses the level of proof necessary to support 'natural' and 'satiety' claims involving competing experts and a variety of scientific data in dispute. Beyond NAD's specific findings, the decision also provides useful insight into how NAD evaluates health benefit and related claims and analyses the corresponding scientific evidence and other substantiation.
When the United States began grappling with COVID-19 in March 2020, the US Securities and Exchange Commission (SEC) Division of Enforcement acted swiftly to make clear to market participants that it was ramping up its efforts to identify and prevent fraud in the wake of the pandemic. Approximately seven months later, statistics released by the SEC bear this out.
Individual prosecutions under the Foreign Corrupt Practices Act (FCPA) have markedly increased over the past five years. This increase in case law will help to better define local, regional and international enforcement. In addition, more FCPA case law shedding clarity on open issues will be a boon to lawyers, judges and scholars seeking to understand the contours of a complex statute – the elucidation of which has previously been almost the sole province of enforcers.
The US Department of Justice (DOJ) has updated its guidance on the Evaluation of Corporate Compliance Programmes, providing increased clarity on some of the key questions that prosecutors ask in assessing the adequacy of corporate compliance programmes when making charging, sentencing and plea and settlement decisions. The guidance helps companies to proactively create or enhance their compliance programmes and effectively advocate before the DOJ in criminal investigations.
The US Department of Justice (DOJ) has issued a new guidance memorandum entitled "Evaluating a Business Organisation's Inability to Pay a Criminal Fine or Criminal Monetary Penalty". This memorandum aims to provide greater clarity, transparency and uniformity as to how the DOJ's Criminal Division evaluates companies' claims that they cannot pay a proposed criminal fine or monetary penalty.
A court has expressed concern with the government's "routine outsourcing" of investigations to the targets of those investigations seeking cooperation credit. The court noted the corporate target's "uniquely coercive position" over its employees, who may also be potential targets of the investigation. The decision may profoundly affect the structure and scope of cooperation agreements between the government and the corporate targets of criminal investigations.