05/30/2014 - Directors Beware: ISS Urges Ouster of Target’s Directors in the Wake of its Data Breach
Institutional Shareholder Services (“ISS”), a prominent proxy adviser, has issued a report urging Target Corporation’s shareholders to oust seven of the company’s directors for “failure to provide sufficient risk oversight” on cybersecurity.
05/21/2014 - Defining Foreign Government and Foreign Officials under the FCPA
Under the Foreign Corrupt Practices Act (the “FCPA”), it is unlawful for companies to bribe or make corrupt payments to officials of foreign governments or of any “instrumentality” thereof.
05/20/2014 - LabMD Appeals District Court Dismissal, Eleventh Circuit Denies Emergency Relief
LabMD, Inc. renewed its argument that the FTC lacks authority to regulate the data security practices of HIPAA covered entities by appealing the dismissal of its case for lack of jurisdiction to the Eleventh Circuit.
05/16/2014 - FTC Retains Authority to Regulate Data Security at HIPAA Covered Entities - For Now
The healthcare industry will have to wait for a court to answer the question of whether the United States Federal Trade Commission (the “FTC”) has authority to regulate data security practices of entities covered by the Health Insurance Portability and Accountability Act (“HIPAA”).
05/08/2014 - A Desk Guide to Data Protection and Breach Response - Special Series
If your business is connected to the Internet, it is vulnerable to attack, either by willful perpetrators intent on exfiltrating your proprietary or sensitive data for their own personal gain, or by casual hackers or hacktivists intending to cause damage to your business.
04/17/2014 - HIPAA Covered Entity Challenges FTC’s Authority to Regulate Data Security
Although a federal court recently ruled that the United States Federal Trade Commission (the “FTC”) has the authority to regulate data security practices, a clinical testing laboratory is arguing that the FTC’s regulatory authority does not extend to entities covered by the Health Insurance Portability and Accountability Act (“HIPAA”).
04/11/2014 - DOJ and FTC Release a Joint Antitrust Policy Statement Encouraging Companies to Share Cyber Threat Information
In a joint policy statement released on April 10, 2014, the Department of Justice (“DOJ”) and Federal Trade Commission (“FTC”) officially encouraged companies, including direct competitors, to share cyber threat information with one another when it announced that “properly designed sharing of cyber threat information should not raise antitrust concerns.”
04/09/2014 - Court Rules that FTC has Authority to Regulate Corporate Cybersecurity
Beleaguered companies suffering from data breaches got more bad news when a federal judge held that the United States Federal Trade Commission (the “FTC”) has the authority to regulate corporate cybersecurity practices.
03/28/2014 - SEC Roundtable is Latest Sign of Cybersecurity’s Critical Importance to Businesses
On March 26, 2014, the Securities and Exchange Commission (“SEC”) hosted a roundtable to discuss cybersecurity. The roundtable focused on how cybersecurity affects markets and how public companies and other businesses should address cybersecurity issues.
03/27/2014 - A Desk Guide to Data Protection and Breach Response - Part 7
In this installment of our special series, A Desk Guide to Data Protection and Breach Response
, we discuss the firestorm of litigation that can arise following a breach and provide practical guidance for preparing for the worst.
03/26/2014 - Privacy Advisor Guest Article: Designing and Implementing an Effective Privacy and Security Plan
In its 2013 global data breach study, the Ponemon Institute reported that data breaches experienced by U.S. companies continue to be the second most expensive in the world at $188 per record. The study also reported that U.S. companies had the second greatest number of exposed or compromised records per breach at 28,765, resulting in an average total organizational cost of more than $5.4 million per data breach.
03/13/2014 - A Desk Guide to Data Protection and Breach Response - Part 5
In this installment of A Desk Guide to Data Protection and Breach Response
, we discuss disclosure and enforcement actions by regulators, including state attorneys general, the U.S. Federal Trade Commission (the “FTC”), and the U.S. Department of Health and Human Services (the “HHS”), among others.
03/06/2014 - A Desk Guide to Data Protection and Breach Response - Part 4
In this installment of our special series, A Desk Guide to Data Protection and Breach Response
, we discuss strategies companies should implement once they suspect a data breach has occurred.
02/20/2014 - A Desk Guide to Data Protection and Breach Response - Part 2
In this installment of our special series, A Desk Guide to Data Protection and Breach Response
, we discuss how companies can create a tailor-made data security plan to limit their breach exposure.
02/13/2014 - A Desk Guide to Data Protection and Breach Response - Part 1
The news has been filled with stories of high-profile data breaches, exposing breached companies to intense and negative scrutiny from lawmakers, regulators, media, customers, and plaintiffs’ attorneys. Other companies that handle personal information have been asking us how they can avoid a similar fate. In the coming weeks, we will be exploring that issue through our special series, "A Desk Guide to Data Protection and Breach Response."
02/05/2014 - California AG Cracks Down on Timing of Data Breach Disclosures
Kaiser Foundation Health Plan, Inc. (“Kaiser”) has agreed to pay $150,000 to settle claims by the California Attorney General (the “AG”) that Kaiser’s notification to California residents regarding a breach of their personal information was unreasonably delayed. In its suit, the AG alleged that Kaiser should have provided notice as soon as it determined that particular individuals’ information had been or was “reasonably believed to have been” breached – even before Kaiser concluded its internal investigation.
12/19/2013 - Prosecutors Obtain First RICO Conviction in a Cybercrime Case
A federal jury in Nevada recently convicted 22-year-old David Ray Camez of violating the Racketeering Influenced and Corrupt Organizations Act (“RICO”) for his association with a “carder” website, Carder.su.
12/16/2013 - The IP Beacon, December 2013
The IP Beacon is a Haynes and Boone Newsletter highlighting current issues in Intellectual Property Law.
10/02/2013 - Fifth Circuit Expansion of Cyber Liability?
The Fifth Circuit Court of Appeals recently held that a company may be liable for weak cybersecurity measures that cause another party economic injury, even if there is no contractual relationship between the parties.
09/30/2013 - The IP Beacon, September 2013
A Haynes and Boone Newsletter highlighting current issues in Intellectual Property Law.
08/15/2013 - White House Reports on Recommended Incentives for Adopting Cybersecurity Framework
The White House recently issued a report outlining potential incentives that may be available to companies that adopt the voluntary cybersecurity framework currently being developed by the National Institute of Standards and Technology.
06/19/2013 - Cyber Liability & Loss: Practical Tips on Preparing for and Responding to a Cyber Security Breach
Haynes and Boone, PricewaterhouseCoopers, McGriff, Seibels & Williams (a BB&T Company) recently hosted an event to discuss practical tips for directors, officers, risk managers and general counsel on how to mitigate the risk of a cyber/privacy breach.
04/25/2013 - California Man Convicted of Hacking into Former Employer’s Computer Network
A jury in the Northern District of California has convicted David Nosal of violating the Computer Fraud and Abuse Act (“CFAA”) by accessing his former employer’s computer network without authorization to obtain confidential information for use in a competing business.
04/23/2013 - SEC and DOJ Resolve Parallel FCPA Investigations through Dual Non-Prosecution Agreements
This week, the Ralph Lauren Corporation became the first company to obtain a non-prosecution agreement from the Securities and Exchange Commission in connection with a Foreign Corrupt Practices Act (“FCPA”) investigation.
04/17/2013 - California Computer Hacking Case Highlights Important Circuit Split on the Computer Fraud and Abuse Act
The computer hacking trial of David Nosal is under way in federal district court in California. The trial is being followed with interest in the business community because it is the latest development in a case that highlights an important split in the interpretation of the Computer Fraud and Abuse Act (“CFAA”) that has far-reaching ramifications with respect to liability–and protection for companies’ proprietary information.
03/14/2013 - Cyber Attacks are the Number One Threat to National Security
The U.S. Director of National Intelligence, James Clapper, advised the Senate Intelligence Committee this week that cyber attacks are the number one threat to national security.
03/12/2013 - Public Companies Increasingly Disclosing Cybersecurity Risks
An increasing number of public companies - particularly banks and financial institutions - are disclosing cybersecurity incidents in their filings with the Securities and Exchange Commission.
03/06/2013 - Texas Executive Convicted of Hacking Former Employer’s Computer Network
A federal jury in the Northern District of Texas has convicted Michael Musacchio, a former logistics company executive, of violating the federal Computer Fraud and Abuse Act.
02/28/2013 - Supreme Court Limits Government’s Ability to Seek Civil Penalties on Stale Claims
The United States Supreme Court yesterday significantly limited the federal government’s ability to bring an action for civil penalties more than five years after the alleged misconduct occurred.
02/19/2013 - President Obama Signs Cybersecurity Executive Order
President Obama recently signed an executive order focused on improving the security of the nation’s infrastructure from cyber attack.
01/31/2013 - PCAOB Auditing Standard No. 16 Outlines Requirements for Communications between Audit Committees and Auditors
The Public Company Accounting Oversight Board (“PCAOB”) recently issued Auditing Standard No. 16, Communications with Audit Committees
(“Standard 16”), to provide a framework for the discussions that an auditor must undertake with the audit committee of its public company clients.
11/20/2012 - DOJ and SEC Release Long-Awaited FCPA Resource Guide
On November 14, 2012, the Department of Justice and the Securities and Exchange Commission released the much-anticipated Resource Guide to the U.S. Foreign Corrupt Practices Act (the “Guide”).
05/19/2011 - SEC Announces First-Ever Deferred Prosecution Agreement
The Securities and Exchange Commission has reached its first-ever deferred prosecution agreement (“DPA”) with Tenaris, S.A., a global supplier of steel pipe products to the oil and gas industry. Tenaris disclosed to the Commission that its employees had engaged in conduct that potentially violated the Foreign Corrupt Practices Act (“FCPA”).
04/01/2011 - Limitations on the SEC: The Application of 28 U.S.C. § 2462 in SEC Proceedings
Although there is no express statute of limitations for lawsuits instituted by the SEC, numerous courts have held - and the SEC has acknowledged - that the federal “catch all” statute of limitations, 28 U.S.C. § 2462, applies to claims brought by the SEC.
03/03/2011 - SEC Enforcement: Spotlighting Outside Directors
In an action filed this week, the Securities and Exchange Commission (SEC) charged three outside directors of a public company with securities fraud based on their alleged failures to fulfill their roles and responsibilities as Board members. The SEC contends that by their actions and inaction, the outside directors – Jerome Krantz, Cary Chasin, and Gary Nadelman – facilitated and assisted in a massive accounting fraud at DHB Industries, Inc., a body armor supply company.
12/22/2010 - SEC Enters First Ever Non-Prosecution Agreement With a Cooperating Company
The U.S. Securities and Exchange Commission announced on December 20, 2010, that it entered into a non-prosecution agreement with Carter’s, Inc., an Atlanta-based provider of children’s clothing. This is the first non-prosecution agreement entered since the SEC announced its new cooperation initiative in January 2010 to encourage cooperation from corporations and individuals.
12/21/2010 - Horizontal Cooperation Agreements Between Competitors: Key Features of the Revised EC Guidelines
Last week, the European Commission (“EC”) adopted revised rules for evaluating cooperation agreements between horizontal competitors at the same level in the supply/distribution chain.
11/10/2010 - SEC Warns Credit Rating Agencies of Increased Fraud Scrutiny
Haynes and Boone Partners Kit Addleman
and Ron Breaux
discuss two recent Securities and Exchange Commission actions focusing on credit ratings agencies.
09/07/2010 - SEC Warns Credit Rating Agencies of Increased Fraud Scrutiny
In two actions released last week, the Securities and Exchange Commission (“SEC”) signaled its new focus on credit rating agencies and foretold the seriousness with which it will approach the expanded regulatory authority granted to the SEC by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank Act”).
08/04/2010 - The Impact of Dodd-Frank on Public Companies
Haynes and Boone has prepared a summary of significant provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act that may have consequences for public companies and their officers and directors, as well as related entities, along with commentary on those provisions.
02/01/2010 - Enforcement of the Foreign Corrupt Practices Act: The Hits Keep Coming
On January 19, 2010, the Department of Justice pulled back the curtain on its largest prosecutions of individuals in the history of the Foreign Corrupt Practices Act (“FCPA”). About 150 agents from the Federal Bureau of Investigation arrested 22 individuals and executed 14 search warrants in the United States and United Kingdom. Those arrested are believed to represent about 16 companies involved in the foreign bribery investigation.
01/27/2010 - Federal Court Issues Injunction Requiring Insurer to Advance Defense Costs to Stanford Financial Defendants for DOJ and SEC Proceedings
Yesterday, January 26, 2010, Judge David Hittner of the United States District Court for the Southern District of Texas issued an important opinion in the Stanford Financial case that paves the way for targets of criminal and civil enforcement proceedings to obtain insurance coverage for costs of defending themselves. The decision marks a significant victory for executives who have the misfortune of being caught up in a government prosecution and find themselves otherwise unable to fund their defense.
01/25/2010 - A New Era of Cooperation at the SEC
The SEC’s Division of Enforcement is implementing a series of measures designed to enhance and encourage cooperation in its investigations and litigation and, the Division hopes, expedite the enforcement program.
07/20/2009 - The 2008 Term of the United States Supreme Court: The Decisions Most Important to the Business Community
The United States Supreme Court recently issued several significant decisions affecting businesses and the nature of business litigation in federal court. The most important of these decisions are summarized in this alert.
05/12/2009 - Aggressive Antitrust Enforcement: What Should Businesses Expect from the Obama Administration’s Recent Policy Announcements?
The Obama Administration has announced its initial roadmap for more aggressive antitrust enforcement. In a speech delivered yesterday, Christine A. Varney, the Assistant Attorney General for Antitrust, announced policy initiatives that were consistent with promises made during her confirmation hearings to promote civil antitrust enforcement and “rebalance legal and economic theories in antitrust analysis and enforcement.” What does this mean for corporate antitrust compliance under the Obama administration? Varney’s speech identified several areas in which businesses can expect increased scrutiny.
02/03/2009 - Legislation Requiring Investment Fund Registration Introduced in the U.S. Senate
On January 29, 2009, Senators Chuck Grassley (R-Iowa) and Carl Levin (D-Michigan) introduced the Hedge Fund Transparency Act of 2009 (the “Act”) in the United States Senate with the stated purpose of imposing more extensive regulatory oversight of hedge funds. However, the bill is not limited to hedge funds; it generally would apply to, and dramatically impact, all private funds (including private equity and venture capital funds) that rely on an exemption from registration under Section 3(c)(1) or Section 3(c)(7) of the Investment Company Act of 1940, as amended (the “Company Act”).1
12/18/2008 - Siemens AG Concludes FCPA Investigations with Record-Setting Criminal Penalty
On Monday, December 15, 2008, Siemens AG entered comprehensive settlements in the United States and Germany related to charges of widespread bribery of foreign officials from 2001 through 2007. Siemens agreed to pay a record-setting $1.6 billion to resolve charges asserted under the Foreign Corrupt Practices Act ("FCPA"). This alert digests this landmark case and provides observations relevant to companies' FCPA compliance efforts.
09/12/2008 - Criminal Prosecution of the FCPA
The Foreign Corrupt Practices Act ("FCPA") has provided the basis for an increasing number of criminal prosecutions during recent years. For example, The Department of Justice initiated more individual prosecutions on FCPA charges than in any other year since the FCPA was enacted, and twice as many as in 2006. The Department of Justice recently obtained a guilty plea in one of its highest profile FCPA cases in the history of the Act. While Albert "Jack" Stanley's plea has garnered significant media attention, significant events during the first two weeks of September in two other cases provide additional insight into FCPA criminal enforcement activity. The attached alert discusses the developments in these three cases.
09/05/2008 - Recent SEC Action Reinforces Principles of Compliance with the Foreign Corrupt Practices Act
This alert digests the Con-way case and highlights four principles of FCPA compliance that are reinforced by this SEC enforcement action.
08/06/2008 - Whole Foods - Where Does the Federal Trade Commission Go From Here?
Whole Foods has closed its acquisition of Wild Oats, but it may not have much time to enjoy its purchase. The Federal Trade Commission had sought a preliminary injunction to block the merger to give it time to conduct a trial on the merits, but the district court denied the motion.
06/27/2008 - Foreign Corrupt Practices Act (“FCPA”)
The United States government’s increase in enforcement of the Foreign Corrupt Practices Act (“FCPA”) during the past five years has raised awareness of domestic and foreign corporations to the Act’s requirements. Still, violations continue to make headlines. The latest news came from Houston May 14, when an oil and gas services company agreed to pay $32 million in sanctions for FCPA violations in connection with international contracting activities.
03/05/2008 - Criminal Enforcement of the U.S. Securities Laws
This paper, presented to the Union Internationale des Avocats Winter Meeting on Claims Management, Torts and Litigation of Claims, focuses on the criminal enforcement of the U.S. securities laws.
01/28/2008 - A Second Chance: Thousands of Hours + Millions of Dollars = Two Convictions Vacated
When Barry McNeil first read a memo about the trials of two Mexican nationals serving life sentences for the brutal murder of a convenience store clerk in a small town about 30 miles west of Lubbock, he recalls thinking, “This doesn’t sound right.”
06/16/2006 - Stock Option Backdating--How Big Are The Problems And What Should You Do?
Recently, over 40 public companies have come under investigation by the SEC or the Justice Department for improperly backdating options, and it is likely that more public companies will come under investigation in the future. At issue is whether option grants to executives and others were backdated to coincide with dates when a company’s stock price was low, thereby increasing the potential profits realized by the holders of the options if and when exercised. Improper backdating may be intentional or a result of faulty corporate procedures. In either event, serious accounting, tax, and disclosure issues result.
08/22/2002 - Compliance with the Foreign Corrupt Practices Act in the Post-Sarbanes-Oxley World