Author Archives: Alicyn Cooley

New York State Department of Financial Services (“DFS”) Uses New Powers to Investigate Alleged Price Spikes in COVID-19 Medicines, Where Targeted Pharma Manufacturers Are Not DFS Licensees

by Matthew Levine

Continuing its focus on consumer protection enforcement, the New York State Department of Financial Services (“DFS”) recently announced an investigation into alleged price spikes for six drugs connected to treatments of COVID-19 medical conditions.[1]  According to DFS, its newly-formed Office of Pharmacy Benefits (“OPB”) commenced the investigations under Insurance Law § 111 into what it characterizes as “anomalously large spikes” in the prices of the six drugs, occurring since the onset of the COVID-19 pandemic.  These medications are Ascor, Budesonide, Dexonto, Mytesi, Duramorph and Chloroquine phosphate, each of which has some actual or claimed therapeutic use for COVID-19 conditions.

Continue reading

NYDFS Uses New Powers to Investigate Alleged Price Spikes in COVID-19 Medicines, Where Targeted Pharma Manufacturers Are Not NYDFS Licensees

by Matthew Levine

Continuing its focus on consumer protection enforcement, the New York State Department of Financial Services (“DFS”) recently announced an investigation into alleged price spikes for six drugs connected to treatments of COVID-19 medical conditions.[1]  According to DFS, its newly-formed Office of Pharmacy Benefits (“OPB”) commenced the investigations under Insurance Law § 111 into what it characterizes as “anomalously large spikes” in the prices of the six drugs, occurring since the onset of the COVID-19 pandemic.  These medications are Ascor, Budesonide, Dexonto, Mytesi, Duramorph and Chloroquine phosphate, each of which has some actual or claimed therapeutic use for COVID-19 conditions.

Continue reading

Superintendent Linda Lacewell Announces Release of New York State Department of Financial Services’ Report on Its Investigation into the July 15, 2020 Hack of High-Profile Twitter Accounts

by Alicyn Cooley

In her keynote session on October 14, 2020, the first day of the fall 2020 conference of New York University School of Law’s Program on Corporate Compliance and Enforcement, titled, Confronting Cybersecurity and Data Privacy Challenges in Times of Unprecedented Change, Superintendent Linda Lacewell of the New York State Department of Financial Services (DFS) announced the simultaneous release of DFS’s report on its investigation into the July 15, 2020 hack into the Twitter accounts of cryptocurrency firms and public figures.

Continue reading

Request for Submissions on Eradicating Racism in the Corporate Compliance and Enforcement Contexts

We at NYU School of Law’s Program on Corporate Compliance and Enforcement strongly condemn the violence and injustices perpetrated by police and others against countless Black Americans. We join in the movement to combat systemic racism, and seek to create more space for discussion of how to eradicate it in the compliance and enforcement contexts. Toward that end, we are requesting submissions (1,200 to 1,800 words in length) to be published on our blog, Compliance & Enforcement, identifying what corporate officers, corporate boards, or enforcement or regulatory authorities can do to detect and root out racism and discrimination (including in their own ranks). Please send submissions or ideas to julie.copeland@nyu.edu

Unstable Coins: Cryptoassets, Financial Regulation and Preventing Financial Crime in the Emerging Market for Digital Assets

by Therese Chambers

Keynote address delivered at the March 4, 2020 conference of New York University School of Law’s Program on Corporate Compliance and Enforcement, titled, The Advancement of Digital Assets and Addressing Financial Crime Risk

Many thanks for inviting me to speak to you about “digital assets” and preventing financial crime risks in this emergent market. In the UK, we have made the decision to refer to these as “cryptoassets”, which includes “cryptocurrencies” such as Bitcoin, Litecoin or Ethereum and I will refer to them as such for the rest of this speech which focusses on cryptoassets only in the context of the UK’s Money Laundering Regulations (MLRs).

I will cover:

  • the origins of cryptoassets, how this influences the unique financial crime risks arising from this technology in the market today.
  • moving from the technology itself to the regulation in the UK, and how we look to maximise the benefits of innovation while tackling these financial crime risks.
  • how our approach differs from the regulatory landscape in the United States; I will touch on similarities and areas where there is scope for us to work together.

Continue reading

The Risks of Fraudulent CCPA Access Requests – Guidance from a $10.7 Million GDPR Fine for Poor Customer Authentication

by Avi Gesser, Daniel Forester, Will Schildknecht, Jennifer Leather, and Dr. Carolin Raspé (Hengeler Mueller) 

Both the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”) require companies to respond to customer data access requests. But how do you know that the person making the request is actually who they say they are? As we have previously noted on Davis Polk’s Cyber Blog, significant amounts of personal information are publicly available as a result of major data breaches, and that stolen data can be used to make fraudulent access requests. So, how can a company avoid turning a good-faith effort to comply with its GDPR or CCPA access rights obligations into a privacy violation by unknowingly providing the personal information of customer X to someone pretending to be customer X? A recent GDPR enforcement action in Germany, as well as guidance from German and California regulators, shows that companies must exercise diligence in making sure that they have properly authenticated the data subject who is making the access request. Continue reading

Should Protection of Personal Data Be Regulated Using a Property Model, Rather Than a Privacy Model? Probably Not.

by Avi Gesser and Michelle Adler

As public pressure increases on legislators to better protect the personal information that organizations collect, interest has grown in using a property framework, rather than the current privacy model. On October 1, U.S. presidential candidate Andrew Yang became the latest policymaker to advocate for a data security framework that treats personal information as property. Yang released a policy proposal entitled “Data as a Property Right.” The paper starts by listing several common concerns that individuals have about their personal electronic data: Continue reading

Lack of In-House Cyber Expertise, a Growing Concern for Regulators, Leads to $1.5M CFTC Penalty

by Avi Gesser and Clara Y. Kim

As regulators ramp up their cybersecurity enforcement, one area of increasing focus is in-house expertise.  Regulators are starting to explicitly require companies to have qualified data protection personnel.  For example, the New York Department of Financial Services (NYDFS) cyber rules require that companies’ cybersecurity personnel be qualified to manage the company’s cybersecurity risks, receive cybersecurity updates and training, and maintain current knowledge of cybersecurity issues. Continue reading

Before You Press Send: Protecting Privilege and Complying With Limitations on Data Dissemination When Responding to an Investigative Request

by Cleary Gottlieb Steen & Hamilton LLP

One critical issue to consider in responding to an investigative request is whether by producing the requested data, the company will be waiving a privilege or violating legal confidentiality obligations, including data privacy restrictions.  To avoid inadvertently waiving protections over the company’s information or violating any legal restrictions on the production, companies should consider whether any of the following are implicated by the information requested by the authority: Continue reading