COVID-19 is delaying just about everything these days—except the CCPA.

In letters submitted on March 17 and March 20, a coalition of nearly sixty business and organizations called on California Attorney General Xavier Becerra to temporarily defer CCPA enforcement by six months to January 2, 2021 due to COVID-19. The coalition, which spans a range of industries including tech, telecommunications, advertising, retail, insurance, transportation and real estate, argued that a deferral of enforcement would allow businesses to prioritize the needs of their workforce during the global pandemic. The coalition also pointed to the still-changing nature of the CCPA’s regulations as grounds for a temporary enforcement hiatus, contending that businesses need time to implement the final CCPA requirements.

Under the leadership of U.S. Securities and Exchange Commission Chairman Jay Clayton, the SEC’s Division of Enforcement has made the protection of Main Street investors its overarching priority.  On March 23, 2020, Division of Enforcement Co-Directors Stephanie Avakian and Steven Peikin issued a statement to financial market participants re-emphasizing the SEC’s commitment to safeguard the

As many industries transition to alternate working arrangements in response to COVID-19, certain sectors and functions essential to the nation’s public health, safety and community well-being must continue to operate. The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security recently released an initial list of “Essential Critical Infrastructure Workers” to help guide state/local officials and industry leaders on which sectors and functions should continue during the COVID-19 response. This memorandum was released after President Trump issued guidance that workers in critical infrastructure industry, as defined by DHS, “have a special responsibility” to maintain a normal work schedule.

On March 18, 2020, Square Inc., became the first U.S. fintech company to receive conditional approval of an Industrial Loan Company (“ILC”) charter from the Federal Deposit Insurance Corporation (“FDIC”), to pair with its prior charter approval on March 17, 2020 from the Utah Department of Financial Institutions.  It became the first new de novo

The Financial Crimes Enforcement Network (FinCEN) released a statement to financial institutions on March 16, 2020, concerning the COVID-19 pandemic. The statement covered two main topics:

  • Potential delays by financial institutions in filing required Bank Secrecy Act (BSA) reports
  • Remaining alert to identify malicious or fraudulent transactions, which often arise during natural disasters

    • First, FinCEN

    Last month, the Tenth Circuit upheld a grant of summary judgment in U.S. ex rel. Janssen v. Lawrence Memorial Hospital, 2020 WL 594508 (10th Cir. Feb. 7, 2020), applying the  “rigorous” and “demanding” standard of materiality for False Claims Act (“FCA”) cases established by the Supreme Court in Escobar.  In Janssen, the

    In the first published enforcement action of 2020, a gastroenterology practice in Ogden, Utah, has agreed to pay a $100,000 settlement to the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) for alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule.

    According to the Resolution Agreement entered into between Steven A Porter, M.D., P.C. (the “Practice”) and OCR, the Practice reported a breach to OCR in 2013 due to conduct by a business associate of the Practice. While investigating the breach, OCR determined that the Practice had not implemented appropriate policies and procedures to address security violations, failed to conduct a security risk analysis, and did not have reasonable and appropriate security measures in place. Further, the Practice had used an electronic health records vendor for several years without entering into an appropriate business associate agreement.

    In addition to the $100,000 payment, the Practice is required to submit to a Corrective Action Plan for a two-year period. The Corrective Action Plan requires the Practice to take a series of broad measures in furtherance of HIPAA compliance, detailed below.

    Government contractors should take note of a March 4, 2020, ruling by the 3rd U.S. Circuit Court of Appeals (Court) that lowers the jurisdictional threshold for establishing a claim under the False Claims Act (FCA).

    The 3rd Circuit’s decision in Druding v. Care Alternatives revived an FCA claim that the U.S. District Court for the