Photo of Jonathan S. Kolodner

Jonathan S. Kolodner’s practice focuses on white-collar criminal enforcement and regulatory matters as well as complex commercial litigation.

As the COVID-19 pandemic continues to rapidly unfold, with breathtaking effects on everyday life barely imaginable just weeks ago, enforcement agencies have responded with pronouncements prioritizing investigations into COVID-19-related frauds and have proceeded with some significant non-COVID-19 law enforcement actions likely planned before the full impact of the pandemic could have been predicted.  At the same time, enforcement agencies are having to respond to the same practical challenges and constraints that the rest of society and other large organizations around the world face.  They, like the rest of us, are facing severe travel restrictions, learning to work remotely, and dealing with colleagues and family members who are sick from the virus.  Over the coming weeks and months, enforcement agencies will be managing the COVID-19-focused enforcement priorities and moving forward with their existing matters, while they deal with the practical realities and uncertainties presented by the pandemic.
Continue Reading

On March 20, 2020, news outlets reported that four U.S. Senators sold millions of dollars in stock following classified briefings to the Senate on the threat of a COVID-19 outbreak.  Three days later, the Co-Directors of the Securities and Exchange Commission’s (“SEC”) Division of Enforcement, Stephanie Avakian and Steven Peikin, issued a statement reminding market participants of their obligations with respect to material non-public information (“MNPI”) and of the SEC’s commitment to protecting investors from fraud and ensuring market integrity.[1]
Continue Reading

The Second Circuit has made it easier for federal prosecutors to bring insider-trading cases.  In United States v. Blaszczak, decided on December 30, 2019, the Court held that the personal-benefit test—a judge-made rule that the government must prove a tipper expected to receive some benefit in exchange for disclosing confidential information—does not apply to

On Tuesday, November 12, 2019, the U.S. Federal Trade Commission (“FTC” or “Commission”) announced a proposed settlement with InfoTrax Systems, L.C. (“InfoTrax”), a third-party service provider, regarding multiple data security failures.  As a result of these security shortcomings, a hacker accessed about one million consumers’ sensitive personal information after more than twenty intrusions into InfoTrax’s network.  This settlement marks one of the first instances in which the FTC has alleged a violation of the FTC Act predicated solely upon the failure to maintain reasonable security measures by a third-party service provider.  The settlement is also notable for a Commissioner’s concurring statement criticizing the settlement’s standard twenty-year term.
Continue Reading

The final version of the California Consumer Privacy Act of 2018 is coming into view.

On October 10, California’s Attorney General released the long-anticipated draft regulations to implement the CCPA, and on October 12, the Governor signed into law five amendments to the CCPA passed during the 2019 legislative session.  (We previously discussed the CCPA 

On October 3, 2019, the governments of the United Kingdom and United States signed the first-ever executive agreement governing cross-border data requests (the “Agreement”) pursuant to the US Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”).[1]  As contemplated by the CLOUD Act, the Agreement provides a mechanism for the governments to access and share data stored abroad by electronic communications services providers (“CSP”) in their respective countries in a timely manner.  The Agreement will enter into effect following a 180 day Congressional review period required by the CLOUD Act and a similar review by the UK Parliament.   
Continue Reading

In late July 2019, U.S. federal and state regulators announced three headline‑grabbing data privacy and cybersecurity enforcement actions against Equifax and Facebook.  Although coverage of these cases has focused largely on their striking financial penalties, as important are the terms the settlements imposed on the companies’ operations as well as their officers, directors, and compliance professionals—and what they signal about potential future enforcement activity to come.
Continue Reading

On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act” or the “Act”), which expands data breach notification obligations under New York law and for the first time imposes affirmative cybersecurity obligations on covered entities.

The Act makes five principal changes

As discussed in our most recent blog post, on April 30, 2019, the Criminal Division of the U.S. Department of Justice (“DOJ” or “the Department”) announced updated guidance for the Criminal Division’s Evaluation of Corporate Compliance Programs (“the Guidance”).  The Guidance is relevant to the exercise of prosecutorial discretion in conducting an investigation of a corporation, determining whether to bring charges, negotiating plea or other agreements, applying sentencing guidelines and appointing monitors.[1]  The Guidance focuses on familiar factors: the adoption of a well-designed compliance program that addresses the greatest compliance risks to the company, the effective implementation of the company’s compliance policies and procedures, and the adequacy of the compliance program at the time of any misconduct and the response to that misconduct.  The Guidance makes clear that there is no one-size-fits-all compliance program and that primary responsibility for the compliance program will lie with senior and middle management and those in control functions.
Continue Reading

On April 30, 2019, the Criminal Division of the U.S. Department of Justice announced updated guidance for the Criminal Division’s Evaluation of Corporate Compliance Programs (“the Guidance”) in charging and resolving criminal cases.  This memorandum highlights key updates and discusses the themes present across versions of the Guidance.  Overall, this newest version places greater emphasis