Cybersecurity and data privacy continue to be among the most significant legal risks that businesses face today.

Last year brought a series of high-profile cyberattacks on major companies and U.S. infrastructure targets, continuing the trend seen in recent years. Regulators also brought a number of cybersecurity enforcement actions and announced new rules, guidance, and initiatives on ransomware and other cyber-related issues. In addition, after many years of debate, Congress made some progress in crafting legislation that would require certain companies to report significant cyberattacks and ransomware payments to the U.S. federal government. Companies should expect the demands of cybersecurity risk management and oversight to intensify as we enter 2022.
Continue Reading 2021 Cybersecurity and Privacy Developments in the United States

Over the weekend, former Vice President Joseph R. Biden, Jr. was declared the winner of the U.S. presidential election. Although President Trump has yet to concede and press reports suggest he will continue to make his case in court, thoughts have turned to what the Biden administration will mean for federal regulation of business and finance.

In many ways, the future will depend on whether the centrist, coalition-building Biden of yesteryear will show up, or if he will embrace the more progressive wing of the Democratic party that has since grown in influence. Below we lay out our initial reactions on how the Biden presidency is likely to reshape the corporate landscape.

If you have any questions, please feel free to contact the authors listed below or your regular contacts at the firm.
Continue Reading What to Expect From the Biden Administration

Cleary Gottlieb and Tiantong & Partners 天同律师事务所 continue their collaboration to produce joint analyses regarding some of the current U.S. regulatory challenges for Chinese companies.  This fourth analysis is based on a case study of U.S. sanctions imposed against China Ocean Shipping Company (COSCO), one of the world’s largest shipping companies, and considers sanctions risk

Cleary Gottlieb and Tiantong & Partners 天同律师事务所 continue their collaboration to produce joint analyses regarding some of the current U.S. regulatory challenges for Chinese companies.  In light of renewed interest in China on the topic of U.S. long-arm jurisdiction, this third analysis reviews lessons learned on civil personal jurisdiction from cases involving the Bank of

Cleary Gottlieb and Tiantong & Partners 天同律师事务所 are continuing their collaboration to produce joint analyses regarding some of the current U.S. regulatory challenges for Chinese companies.  This second analysis is based on a case study of U.S. efforts to extradite Huawei’s CFO, Meng Wanzhou, from Canada, and considers risk mitigation for Chinese corporate executives travelling

Cleary Gottlieb and TianTong Law Firm recently produced a joint analysis regarding some of the current U.S. regulatory challenges for Chinese companies.  The analysis is based on a case study of the national security review concerning the video sharing network TikTok, and an analysis of the Chinese government’s powers under Chinese law to obtain and

Have the right policies in place

– Ensure clear, readily accessible, and (where necessary) country-specific policies are in place indicating the permitted uses of company devices and other IT equipment, including messaging services. If you allow employees to use their own devices to perform work, make sure your policies adequately address issues of access in the context of investigations.
Continue Reading Be Prepared: How to Proactively Account for Data Privacy

Many investigations, particularly those that are cross-border in nature, are likely to present data privacy issues, and managing these issues is frequently a key consideration in an investigation.  By keeping data privacy laws in mind as soon as an investigation starts, an organization will avoid the risk that it has failed to satisfy certain requirements, thereby exposing itself to the possibility of a fine or sanction from a regulator.
Continue Reading Incorporating Data Privacy Considerations Into Investigations

When a company receives a request for information from an investigating authority, one initial issue is whether to cooperate with the request or to assume an adversarial (or at least non-cooperative) position.  Even if the company ultimately decides to contest the authority’s characterization of the conduct, it is often in the company’s best interest to agree to cooperate with the investigation and the authority’s requests (to the extent they are reasonable and lawful).  In this vein, there are three important ways to establish and maintain a cooperative posture with an investigating authority, while also protecting the company’s interests in the process.
Continue Reading Best Practices for Negotiating the Scope of an Investigative Request

One critical issue to consider in responding to an investigative request is whether by producing the requested data, the company will be waiving a privilege or violating legal confidentiality obligations, including data privacy restrictions.
Continue Reading Before You Press Send: Protecting Privilege and Complying With Limitations on Data Dissemination When Responding to an Investigative Request