Regulation

It started as a hushed rumor in the beltway, then became a known fact by those going to join the administration. And now we all know: The Biden administration has brought with it a renewed focus on data privacy and cybersecurity.

Recognizing the ever-increasing cyber threats to businesses, government entities, and individuals, the White House announced that Federal Civilian Executive Branch agencies must migrate toward Zero Trust Cybersecurity Architecture by September 2024. Under Zero Trust, trust is the ultimate vulnerability of any system and, therefore, trust has to be eliminated from a business' cybersecurity approach.

This article discusses the potential criminal and civil penalties that companies can face if their employees engage in insider trading in digital assets, and suggests several measures that exchanges can take to reduce their exposure from such risks.

The past 12 months have seen a steady drumbeat of action by federal law enforcement and regulatory agencies of which in-house counsel should take note. Whether new guidance, regulation, investigations, or enforcement activity, the message is clear: The federal government is paying close attention to how companies are handling and protecting their data — especially consumer and sensitive data.

The Personal Information Protection Law of the People's Republic of China (PIPL) went into effect on Nov. 1 and brought with it a suite of new requirements and lingering questions.

This article discusses the importance of the "official act" requirement established in McDonnell v. United States, and how its logic should lead to a parallel requirement that private citizens should not be chargeable with the commission of official acts as part of a scheme to deprive the public of honest services.

This article explores a key consideration for companies under government investigation: whether voluntary disclosure of privileged information in an effort to obtain cooperation credit waives the privilege vis-à-vis third parties in subsequent litigation.

The U.S. doesn't have a federal cybersecurity law, but that doesn't mean there is no cybersecurity industry standard. There are regulations, case law, guidelines and state laws that, when combined, create an industry standard applicable to almost all business sectors.