On March 2, 2021, Governor Northam signed into law Virginia’s own Consumer Data Protection Act (“Virginia CDPA” or the “Act”), a bill that brings together concepts from the EU’s General Data Protection Regulation (GDPR) as well as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). It is the first of its kind legislation on the East Coast. The law will go into effect on January 1, 2023.

The drafters of the Virginia CDPA appear to have benefited from observing the pitfalls and problems that arose in the development and implementation of both GDPR and CCPA. The Virginia bill deftly avoids several of those by incorporating narrower, more tailored definitions that clearly exclude categories of data and businesses over which there was (and continues to be) some confusion with respect to both the EU/UK and California compliance regimes. It also adopts, in concept, the framework of the GDPR, and even some of its language. Like GDPR, it characterizes the party who initially collects and controls personal data as the “controller” and obligates that party to be a good steward of the data, through transparency with the consumer, accountability for sharing the data with third parties (“processors”), and a duty to implement appropriate data security to safeguard the data. It will be enforced by the Virginia Attorney General. Notably, there is no private right of action under the Act.

On March 3, 2021, the Securities and Exchange Commission’s Division of Examinations (EXAMS) (formerly the Office of Compliance Inspections and Examinations (OCIE) released its 2021 examination priorities.

Notably, while the majority of the examination priorities echo OCIE priorities from prior years, this year’s EXAMS priorities include a greater focus on climate-related risk and environmental, social, and governance (ESG) matters. This is consistent with the Commission’s increased emphasis on ESG matters in other contexts, as well as that of other regulators. This year’s priorities also include examinations relating to Regulation Best Interest (Reg BI) compliance, considerations relating to the impacts of the COVID-19 pandemic and a continued focus on complex products.

EXAMS’s leadership also calls out its newly operational Event and Emerging Risks Examination Team (EERT), which is tasked with enhancing the Division’s ability to identify and tackle emerging and exigent risks as they arise.

The examination priorities are organized around largely perennial themes, and we discuss each such theme below.

The United States Department of Justice (DOJ) recently announced the nation’s largest settlement involving allegations of drug diversion at a health care system. The settlement, totaling $7,750,000, came after a years-long investigation by the U.S. Drug Enforcement Administration (DEA) into McLaren Health Care Corporation (MHCC).  The DEA concluded that MHCC’s handling of controlled substances violated the Controlled Substances Act (CSA), 21 U.S.C. §§ 801–904, and its implementing regulations.  The government alleged that the health care system’s internal practices were deficient and, therefore, allowed for the diversion of drugs, including opioids.

In today’s budget, UK Chancellor Rishi Sunak announced a £100 million Taskforce to scrutinise claims made under business support schemes designed to help companies and workers navigate their way through the economic impact of the COVID-19 pandemic. The Taxpayer Protection Taskforce will be examining claims made honestly but in error as well as those made fraudulently.

The UK Government’s package of COVID-19 support schemes are credited with saving millions of jobs and keeping many businesses viable. However, auditors and Members of Parliament have been quick to point out that weak safeguards left the schemes vulnerable to exploitation.

It’s an old lesson in government investigations, but one worth repeating. Conduct during an investigation can matter as much as the conduct under investigation – sometimes even more.

High-profile prosecutions of the past have shown the severe consequences of mistakes in responding to government investigations. Martha Stewart went to prison not for insider trading but for how she responded to an insider trading investigation. Barry Bonds was convicted not for steroid use, but for how he responded to a steroids investigation.

As previously discussed, on April 3, 2020, the U.S. Department of Health and Human Services Office of Inspector General (OIG) issued a process for inquiries to be submitted to OIG about whether administrative enforcement discretion would be provided for certain arrangements directly connected to the 2019 novel coronavirus (COVID-19). OIG established this process to

In the month since he became Acting Director of the Consumer Financial Protection Bureau, David Uejio has implemented a “change of direction” at the agency, making sweeping announcements on a weekly basis.

Read our complete commentary on McGuireWoods’ Consumer FinSights blog, which assesses where the CFPB stands after the Biden administration’s first month and the

The U.S. Department of Justice announced an indictment in the U.S. Attorney’s Office for the Central District of California against a North Korea-sponsored international cybercriminal organization that infiltrated public and private computer networks, fundamentally compromised these systems, and sought to obtain over a billion dollars from this illicit access.

Read the full article on our

It was only just over a month ago that President Biden selected David Uejio, a long-time senior leader at the CFPB with a low public profile, to lead the agency temporarily as Acting Director.  But already, Mr. Uejio has made very significant changes at the agency, implementing what he calls a “change of direction” with sweeping announcements on a weekly basis.  Even as the Senate prepares to consider President Biden’s nominee, current FTC Commissioner Rohit Chopra, to lead the CFPB for a full term at a March 2 hearing, it is time to assess where the agency stands after the Biden Administration’s first month and the likely changes still to come.

The U.S. Department of Justice (DOJ) announced charges this month against a Michigan woman, Amina Abbas, for embezzling government property.  This indictment is the first in the nation related to the CARES Act public health and social services emergency fund (the Provider Relief Fund), which provides funds to support healthcare providers during the COVID-19 pandemic.