Category Archives: State Attorneys General

White-Collar and Regulatory Enforcement: What Mattered in 2023 and What to Expect in 2024

by John F. Savarese, Ralph M. Levene, Wayne M. Carlin, David B. Anders, Sarah K. Eddy, Randall W. Jackson, and Kevin S. Schwartz

Photos of Authors

Top left to right: John F. Savarese, Ralph M. Levene, Wayne M. Carlin, and David B. Anders.
Bottom left to right: Sarah K. Eddy, Randall W. Jackson, and Kevin S. Schwartz. (Photos courtesy of Wachtell, Lipton, Rosen & Katz)

This past year was yet another notable and intensely active one across the entire range of white-collar criminal and regulatory enforcement areas. We heard continued tough talk from law enforcement authorities, especially concerning the government’s desire to bring more enforcement actions against individuals and on the need to keep ramping up corporate fines and penalties. The government largely lived up to its talking points about increasing the numbers of individual prosecutions and proceedings, particularly with respect to senior executives in the cryptoasset industry. But there were some notable stumbles. The most striking example of this was DOJ’s failure to secure convictions in cases where it attempted to extend criminal antitrust enforcement in unprecedented areas, such as no-poach employment agreements and against certain vertical arrangements—neither of which has historically been viewed as involving per se violations of the federal antitrust laws. And, as in years past, many state attorneys general remained active throughout 2023, using broad state consumer-protection statutes to bring blockbuster cases across a wide array of industries, from ridesharing and vaping to opioids and consumer technology offerings.

Continue reading

The New York Attorney General Issues Guidance on Data Security Best Practices

by Avi Gesser, Erez Liebermann, Stephanie D. Thomas, and Basil Fawaz

Photos of the authors

Avi Gesser, Erez Liebermann, Stephanie D. Thomas, and Basil Fawaz. (Photos courtesy of Debevoise & Plimpton LLP)

On April 19, 2023, the New York Attorney General (the “NYAG”) published new guidance (the “Guide”) recommending security measures for companies entrusted with consumers’ personal information. The Guide supplements the reasonable safeguards already outlined in the New York Shield Act, which, in part, requires covered entities to maintain reasonable security measures when handling personal information related to New York residents. The Guide reinforces practices that regulators have focused on, such as authentication, encryption, third-party risk management, and data governance. While the Guide’s recommendations are only advisory, it details the NYAG’s Shield Act enforcement actions on the issues, and the Guide is meant to put companies “on notice that they must take their data security obligations seriously.” Following its issuance, the NYAG announced additional Shield Act enforcement actions, including with Practicefirst Medical Management Solutions, that highlighted many of the security concerns highlighted in the Guide.

Continue reading

NY Attorney General Seeks Broad Authority Over Digital Assets

by Luigi L. De Ghenghi, Boaz B. Goldwater, Randall D. Guynn, Joseph A. Hall, Justin Levine, Daniel E. NewmanDavid L. Portilla, Gabriel D. Rosenberg, Margaret E. Tahyar, and Zachary J. Zweihorn

Photos of the authors

From top left to right: Luigi L. De Ghenghi, Boaz B. Goldwater, Randall D. Guynn, Joseph A. Hall, and Justin Levine.
From bottom left to right: Daniel E. Newman, David L. Portilla, Gabriel D. Rosenberg, Margaret E. Tahyar, and Zachary J. Zweihorn. (photos courtesy of Davis Polk & Wardwell LLP)

The NY Attorney General is seeking legislation that would significantly expand the state’s reach over digital assets and require wholesale changes to the operation of digital asset businesses that choose to remain in New York.

Letitia James, the Attorney General of the State of New York (NYAG), released a proposed bill that—if taken up by the state legislature and enacted—would create the most comprehensive and restrictive digital asset regulatory regime in the United States.

Continue reading

CFPB Issues Policy Statement Taking Expansive View of “Abusive” Practices

by Susanna M. Buergel, Roberto J. Gonzalez, Brad S. Karp, Loretta E. Lynch, Elizabeth M. Sacksteder, Kannon K. Shanmugam, Alexander Beer, and O’Ryan H. Moore

Author photographs

Top row from left to right: Susanna M. Buergel, Roberto J. Gonzalez, Brad S. Karp, and Loretta E. Lynch. Bottom row from left to right: Elizabeth M. Sacksteder, Kannon K. Shanmugam, Alexander Beer, and O’Ryan H. Moore (Photos courtesy of Paul, Weiss, Rifkind, Wharton & Garrison LLP)

On April 3, 2023, the Consumer Financial Protection Bureau (“CFPB”) released a policy statement (the “Policy Statement”) outlining its broad interpretation of the “abusive” component of the prohibition on unfair, deceptive, or abusive acts and practices (“UDAAP”).[1] The Policy Statement replaces a prior statement that adopted a restrained posture towards enforcing the prohibition on abusive acts and practices, which the CFPB rescinded in March 2021.[2]

Continue reading