On July 8, 2022, the U.S. Department of Justice announced a $9 million
settlement with federal government contractor Aerojet Rocketdyne, Inc. for
alleged violations of the False Claims Act in a case pending in the Eastern
District of California. The settlement results from alleged false
statements by Aerojet related to compliance with Department of Defense

In 2021, the Health Information Technology for Economic and Clinical Health Act (HITECH) was amended to add “recognized cybersecurity practices” as a mitigating factor when determining fines, audits and remedies against covered entities and business associates for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Department of Health and Human

On March 8, the U.S. Department of Justice announced a $930,000 settlement with Comprehensive Health Services, LLC for alleged violations of the False Claims Act. As DOJ’s first resolution of a False Claims Act enforcement action involving cyber fraud since launching its Civil Cyber-Fraud Initiative in October 2021, this settlement signals the DOJ’s eagerness to

Investing in artificial intelligence (AI) companies has become a riskier and more involved process than in previous years.  Companies need new processes and tools to follow the more stringent AI regulations that are on the horizon (at least in Europe and the United States).  Regulators are discussing how best to structure AI regulations in order to align risk management with optimizing the potential value creation of these technologies.  Investors should take a similar approach in their investment strategy. Read on for a discussion of the considerations investors should keep in mind as they vet their investment pipeline.

Continue Reading Tech Investing Part III: Investing in AI

Threats to cybersecurity and data privacy are constantly increasing both in volume and complexity.  This trend is expected to continue in 2022.  In a bid to protect cybersecurity and ensure data is properly safeguarded, countries around the world are introducing new laws focused on cybersecurity and data protection.  Armed with new legal frameworks, regulators and law enforcement are placing onerous obligations on organisations who fall victim to cybersecurity breaches.  There are shorter deadlines in which to notify the authorities of data breaches and ever increasing fines and penalties for businesses that fail to respond swiftly and appropriately to a cyberattack.

In this ever-changing area what is on the horizon for 2022?

Continue Reading Cybersecurity and Data Privacy – What to expect in 2022

On Nov. 4, the Department of Defense announced significant changes to the Cybersecurity Maturity Model Certification program, intended to simplify the certification standard and prioritize protection of certain types of controlled defense information.

Read on for an overview of the changes, a timeline for their implementation and implications for defense contractors.

Amazon’s financial records have revealed that the Luxembourg data protection supervisory authority, the Commission Nationale pour la Protection des Données (“CNPD”), is fining the retailer’s European arm (Amazon Europe Core S.à.r.l.) an eyewatering 746 million euros (£636m or $838m) for breaches of the EU’s General Data Protection Regulation (“GDPR”).

When the GDPR was introduced in May 2018, the potential for huge financial sanctions grabbed many headlines: it gives European supervisory authorities the power to impose fines of up to 20 million euros or 4% of annual global turnover (whichever is greater) for breaches of the GDPR. There have been some undeniably sizeable fines issued under the GDPR in the last three years. But the level of this particular fine is extraordinary: it’s the largest GDPR fine issued to date by a considerable margin. The second largest fine ever imposed under the GDPR was a comparatively paltry 50 million euros, levied against Google by CNIL (the French supervisory authority) in early 2019 (which you can read about here).

Continue Reading CNPD v. Amazon, the largest GDPR fine on record – what do we know so far?

New York City’s recently enacted biometric privacy law took effect July 9, 2021. While the law is vague as to exactly who must abide by certain subsections, it is undoubtedly consumer-focused. However, even if employers escape New York City’s biometric ordinance, a looming New York state law may soon impose more expansive biometric requirements on