Background

For some time there has been a perception that the UK is a safe refuge for corrupt individuals seeking to conceal their unlawfully acquired assets. This has particularly been the case with regard to persons from countries outside the UK.

The Government has sought to address this by amending the Proceeds of Crime Act

The Federal Trade Commission (FTC) and U.S. Department of Education (ED) increasingly are responding to concerns about educational technology and its ability to capture and manipulate massive quantities of private student and parent data. “EdTech,” as it is called, broadly refers to online curriculum and instructional materials accessed by school and personal devices. EdTech has

In its 2017 Regulatory and Examination Priorities Letter, FINRA made clear that one of its top priorities is identifying high-risk brokers and ensuring that their firms properly monitor them. To assist it in doing so, FINRA has established a dedicated examination unit to identify and examine brokers who may pose a high risk to investors.

The recent judgment in the case of Serious Fraud Office (SFO) v Eurasian Natural Resources Corporation Ltd [2017] EWHC 1017 (QB) is a matter of major concern for companies and those involved in advising them on the best approach to the prospect of investigation by the U.K. SFO. We understand that this English High Court

Deputy Attorney General Rod Rosenstein’s Nov. 29 announcement that the Department of Justice FCPA “Pilot Program” will be permanently expanded is good news for companies that repeatedly faced the dilemma of whether or not to investigate and disclose FCPA issues discovered internally. However, companies should be careful to read the fine print of the policy

On November 9, 2017, Steven R. Peikin, Co-Director of the SEC’s Division of Enforcement, delivered a keynote speech at a conference commemorating the 40th anniversary of the enactment of the Foreign Corrupt Practices Act (“FCPA”) in which he reflected on “the past, present, and future” of the SEC’s enforcement of the FCPA.

After confirming the

 The days of speculation may have ended. Immigration and Customs Enforcement’s (ICE) acting director recently made clear that Form I-9 audits and worksite enforcement actions will surge in the coming year.

In line with the Trump Administration’s tough position on immigration and its budget requests, most employers have anticipated increased immigration-focused audits and enforcement actions.

“A significant data breach is likely to cost the company materially, and costs could drag on for a number of years,” analyst Shlomo Rosenbaum, commenting on the Equifax breach.

Organizations increasingly rely on third-party service providers for data collection, processing, transfer and storage. As a result of this dependence on external data management sources, most companies are rethinking data breach risk and cost allocations in new and existing vendor agreements.

Limitation of liability and indemnification clauses form the framework for reducing unforeseeable, and potentially devastating, data breach costs. To defend against unpredictable damages, these clauses are fast becoming the most fiercely negotiated language in service provider agreements.  Both liability and indemnity have taken on new importance as organizations become acutely aware that the customer, not the vendor, most likely has the ultimate responsibility for data breached while in the hands of a vendor. The harsh reality that a majority of state statutes allocate the risk and costs of unauthorized disclosure to the data owner, not the vendor, is a red flag in contract negotiations. Customers now realize that they are probably legally required to investigate a breach, provide required notifications and cover any and all costs related to a breach despite the fact the vendor is the sole culpable party.  Under most state statutes, a service provider’s obligations, and liability for costs, end with notification to the customer.  Simply put, if the organization’s sensitive data is breached while under the control of a vendor, the vendor’s only obligation is to notify the organization. It is then the customer’s obligation to handle the fallout, unless the customer’s contract with the vendor provides otherwise.