Author Archives: ab12757

SEC Continues Focus on AI and Cyber-Risk Related Enforcement Cases

by Brendan F. Quigley and Matthew R. Baker

photos of authors

Left to right: Brendan F. Quigley and Matthew R. Baker. (Photos courtesy of Baker Botts)

The SEC kicked off its fiscal year by bringing enforcement actions focused on AI and cyber disclosures. As discussed in more detail below:

  • These actions again show SEC Enforcement prioritizing “hot button” issues like AI and cyber, highlighting, for example, a company’s statements about its use of AI in what otherwise appeared to be a fairly garden-variety securities fraud case.
  • The actions largely involve well-worn principles of securities law applied in the context of emerging technologies, including (i) while there may be no obligation to speak on a particular issue (such as AI), if a company does speak, its statements must be full, complete, and not misleading and (ii) companies’ obligation to consider whether existing disclosures need to be updated in light of recent events (such as a cyberattack).
  • The cyber-disclosure actions prompted a lengthy, two-commissioner dissent, accusing the commission of playing “Monday morning quarterback” by bringing the case, highlighting the potential for the upcoming election (and the appointment of commissioners under a new administration) to impact the SEC’s enforcement posture.
  • The dissent in the cyber cases also undertook a lengthy analysis, comparing the allegations in the settled cases to allegations against another company, arising out of the same series of cyberattacks, in an action the SEC litigated in federal district court. As we discussed here and as pointed out by the dissent, the federal district court dismissed many of those allegations. While deciding to settle with the SEC (or any government agency) is always a complicated, multi-faceted decision, the dissent’s comparison of the litigated case and the settled actions shows the need for parties under investigation to seriously consider the merits of potentially litigating cases when appropriate.

Continue reading

From Art to Science: Unveiling the Transformative Power of AI in Surveys and Interviews

by Madison Leonard, Michael Costa, and Jonny Frank

Left to right: Madison Leonard, Michael Costa and Jonny Frank. (Photos courtesy of StoneTurn)

Far from mere tools, employee surveys and interviews serve as key indicators of an organization’s overall health and success. They play a pivotal role in assessing corporate culture, gauging satisfaction, gathering feedback, improving retention, and measuring diversity. Surveys can quantify sentiment—often over multiple periods and population segments. Interviews supplement surveys by offering nuance, context, the opportunity to follow up and even multiple perspectives on a single topic. These qualitative responses are essential for identifying subtle concerns, uncovering issues not explicitly covered by standard questions, and understanding employee sentiment. Without these insights, assessments risk missing critical information about how employees feel about governance, compliance and other key topics.

Despite their importance, surveys and interviews come with their own set of challenges. They are resource-intensive and susceptible to human error. The process of choosing survey topics and questions is a delicate one. While quantitative survey results are clear-cut, the qualitative feedback from interviews and focus groups, often in the form of lengthy, nuanced responses, demands significant mental effort to categorize and interpret. The larger the dataset, the higher the risk of confirmation bias, where reviewers may focus on responses that align with their expectations or miss critical patterns in the data. This bias, coupled with the sheer volume of information to be processed, makes it difficult to conduct thorough and objective assessments, especially under time and budget constraints.

Artificial Intelligence (AI), specifically Large Language Models (LLMS), presents a compelling solution to these challenges. By automating both quantitative and qualitative data analysis, AI models can swiftly sift through large datasets, identifying patterns, contradictions, and sentiment across thousands of responses in a fraction of the time it would take a human reviewer. This time-saving aspect of AI is particularly beneficial in today’s fast-paced business environment, where efficiency and productivity are paramount.

In addition to speed, AI helps mitigate the risk of human error and bias. It allows professionals to review qualitative data thoroughly and impartially. Unlike the human eye, a well-trained AI model can efficiently process voluminous and complex text, uncovering insights without overlooking critical information.

But, as powerful as AI may be, human judgment and experience remain critical. Human input is necessary to refine, train and ultimately verify the accuracy of an AI model.

Continue reading

The FTC Finalizes Sweeping Changes to HSR Reporting Obligations

by Ilene Knable Gotts, Christina C. Ma, Monica L. Smith and Gray W. Decker

From left to right: Ilene Knable Gotts, Christina C. Ma, Monica L. Smith and Gray W. Decker. (Photos courtesy of Wachtell, Lipton, Rosen & Katz)

On October 10, 2024, the Federal Trade Commission (“FTC”), with the concurrence of the Antitrust Division of the Department of Justice (“DOJ”), announced the FTC’s unanimous vote to adopt a final rule implementing significant changes to the reporting obligations under the Hart-Scott-Rodino Antitrust Improvement Act (“HSR Act”).  Though not as extensive and burdensome as the original proposed changes (see our prior memo analyzing the proposed changes), these changes will increase parties’ filing burden and limit their ability to file quickly, even in non-problematic transactions.  Absent judicial intervention, the final rule will become effective 90 days after it is published in the Federal Register (i.e., approximately mid-January 2025).  The FTC also announced that, once the final rule goes into effect, it will lift the three-and-a-half-year “temporary suspension” of granting early termination of the HSR waiting period in transactions not needing further agency investigation.

Continue reading

T-Mobile to Spend 31.5 Million Dollars to Settle Multiple FCC Investigations Related to Recent Data Breaches

by Lisa Sotto and Jennie Cunningham

Photos of the speakers

Left to right: Lisa Sotto and Jennie Cunningham. (Photos courtesy of Hunton Andrews Kurth LLP)

On September 30, 2024, the Federal Communications Commission announced that T-Mobile has entered into an agreement to settle multiple data protection and cybersecurity investigations stemming from data breaches in 2021, 2022 and 2023. The breaches involved the personal information of millions of current, former, and prospective T-Mobile customers and end-user customers of T-Mobile wireless network operators, and resulted from various threat vectors, including a 2021 cyberattack, a 2022 platform access incident, a 2023 sales application incident, and a 2023 API incident. T-Mobile previously settled class action claims in federal district court related to the 2021 cyberattack. In addition to a $15.75 million penalty, T-Mobile also will be required to spend $15.75 million over the next two years to strengthen its cybersecurity program and implement a plan to protect consumers from similar future breaches. Continue reading

Three – No, Four – Important Revisions to the Department’s Policy on the Evaluation of Corporate Compliance Efforts

by Bethany Hengsbach and Steve Solow

From left to right: Bethany Hengsbach, and Steve Solow. Photos courtesy of the authors.

In a speech at the Program on Corporate Compliance and Enforcement at NYU School of Law, Nicole Argentieri, Acting Assistant Attorney General of the Criminal Division, announced key revisions to the March 2023 Evaluation of Corporate Compliance Programs (ECCP). The September 17, 2024 speech was followed by the release of the updated ECCP on the DOJ website. The revised ECCP converts leading edge compliance efforts into standard operating procedures (SOPs) against which companies will be judged by the Department of Justice (DOJ) when making prosecution decisions. The primary changes include three new areas of focus, and a fourth important expansion of a pre-existing idea: Continue reading