Corporate Investigations

Insider trading law has remained a subject of significant debate and attention, including with a recent Second Circuit decision addressing the use of 18 U.S.C. §§ 1343 (wire fraud) and 1348 (securities fraud) in insider trading cases[1] and a new insider trading bill that passed the U.S. House of Representatives in December by an overwhelming majority.  Yesterday, a blue ribbon task force headed by Preet Bharara, the former U.S. Attorney for the Southern District of New York, published a report studying the history and current state of insider trading law and proposing reforms that would bring greater clarity and certainty to the law.
Continue Reading Task Force Led By Preet Bharara and Cleary Gottlieb’s Joon H. Kim Issues Report Recommending Reforms to Insider Trading Law

On Tuesday, November 12, 2019, the U.S. Federal Trade Commission (“FTC” or “Commission”) announced a proposed settlement with InfoTrax Systems, L.C. (“InfoTrax”), a third-party service provider, regarding multiple data security failures.  As a result of these security shortcomings, a hacker accessed about one million consumers’ sensitive personal information after more than twenty intrusions into InfoTrax’s network.  This settlement marks one of the first instances in which the FTC has alleged a violation of the FTC Act predicated solely upon the failure to maintain reasonable security measures by a third-party service provider.  The settlement is also notable for a Commissioner’s concurring statement criticizing the settlement’s standard twenty-year term.
Continue Reading Latest FTC Data Privacy Settlement May Signal More Direct Approach to Regulating Data Security

Have the right policies in place

– Ensure clear, readily accessible, and (where necessary) country-specific policies are in place indicating the permitted uses of company devices and other IT equipment, including messaging services. If you allow employees to use their own devices to perform work, make sure your policies adequately address issues of access in the context of investigations.
Continue Reading Be Prepared: How to Proactively Account for Data Privacy

Many investigations, particularly those that are cross-border in nature, are likely to present data privacy issues, and managing these issues is frequently a key consideration in an investigation.  By keeping data privacy laws in mind as soon as an investigation starts, an organization will avoid the risk that it has failed to satisfy certain requirements, thereby exposing itself to the possibility of a fine or sanction from a regulator.
Continue Reading Incorporating Data Privacy Considerations Into Investigations

When a company receives a request for information from an investigating authority, one initial issue is whether to cooperate with the request or to assume an adversarial (or at least non-cooperative) position.  Even if the company ultimately decides to contest the authority’s characterization of the conduct, it is often in the company’s best interest to agree to cooperate with the investigation and the authority’s requests (to the extent they are reasonable and lawful).  In this vein, there are three important ways to establish and maintain a cooperative posture with an investigating authority, while also protecting the company’s interests in the process.
Continue Reading Best Practices for Negotiating the Scope of an Investigative Request

One critical issue to consider in responding to an investigative request is whether by producing the requested data, the company will be waiving a privilege or violating legal confidentiality obligations, including data privacy restrictions.
Continue Reading Before You Press Send: Protecting Privilege and Complying With Limitations on Data Dissemination When Responding to an Investigative Request

In an increasingly global, regulated, and litigious environment, companies face unanticipated and potentially destabilizing events that often play out in the public eye.  Frequently, the issues organizations face during large-scale, often public, crises require more than exclusively legal skills, but also communications skills.  Below we discuss three key steps in the process for handling the public relations aspects of any crisis: (1) assembling a crisis-response team, (2) deciding whether or not to make a public statement, and (3) crafting the public message.
Continue Reading Public Relations Considerations When Managing a Crisis

On August 26, 2019, New York Governor Andrew Cuomo signed into law legislation extending the statute of limitations for claims brought under the Martin Act from three to six years. The statute reverses a New York Court of Appeals decision holding that Martin Act claims must be brought within three years.
Continue Reading New York States Extends the Statute of Limitations for Claims Brought Under Martin Act to Six Years

The Dodd-Frank Wall Street Reform and Consumer Protection Act goes further than other statutes in providing protection to whistleblowers.  In addition to broadening prohibitions against retaliation, the Securities and Exchange Commission promulgated Rule 21F-17 to ensure companies could not interfere with an individual’s efforts to raise concerns and communicate directly with the SEC.
Continue Reading Rule 21F–17: Guidance on Drafting Confidentiality and Non-Disclosure Agreements

U.S. whistleblower protections broadly provide public and private sector employees with protection from retaliation for reporting potential concerns about misconduct. Companies that are ill-prepared to handle complaints internally not only face potential lawsuits from whistleblowers, but also open themselves up to substantial regulatory scrutiny and perhaps enforcement actions.
Continue Reading Five Building Blocks for Effective Internal Controls to Comply with U.S. Whistleblower Protections