2024 Year in Review: Data Breach Litigation

by Kirk Nahra, Molly Jennings, Ali Jessani, and Rachel Greene

Photos of the authors

Left to Right: Kirk Nahra, Molly Jennings, Ali Jessani and Rachel Greene. (Photos courtesy of WilmerHale)

One of the main risks for a company in the event of a data breach is the threat of litigation. Data breach litigation continued to proliferate in 2024, as it has in prior years.

In the past year, plaintiffs continued to seek relief following data breaches under state common-law doctrines, and the Alabama Supreme Court joined the other state courts of last resort who have addressed data-breach litigation in published decisions.  Federal data breach plaintiffs contended with standing issues in the wake of the Supreme Court’s decision in TransUnion LLC v. Ramirez, and an apparent circuit split between the Tenth and Eleventh Circuits deepened when the Third Circuit weighed in.  The District of New Jersey also provided further guidance to companies on the scope of the attorney-client privilege when responding to data breaches.  This post examines these trends.  

Continue reading

PCCE Hosts Successful 2025 Spring Conference on Maintaining Effective Ethics and Compliance Programs in a Changing Regulatory Landscape

Photos of conference attendees

On Friday, April 11, 2025, the NYU Law Program on Corporate Compliance and Enforcement (PCCE) hosted its annual spring compliance conference on “Managing Effective Ethics and Compliance Programs in a Changing Regulatory Landscape.” The full-day event, which drew a standing-room-only crowd of senior in-house legal and compliance professionals, academics, expert external counsel, and regulators featured off-the-record discussions of the future of compliance and ethics programs in a time of rapid regulatory change, with a focus on maintaining an ethical culture, encouraging employees to speak-up and report potential misconduct, and how to manage risk in the use and development of Artificial Intelligence. Keynote speakers included Adrienne Harris, Superintendent, New York Department of Financial Services and Therese Chambers, Joint Executive Director of Enforcement and Market Oversight, U.K. Financial Conduct Authority. More details of and photos from the conference below.  To sign up for PCCE’s mailing list for future events, please click here.

SAVE THE DATE: PCCE’s 5th Annual Directors’ Academy for board directors and C-Suite legal and compliance professionals will be held on October 9-10, 2025, at NYU School of Law. Learn more about our past Directors’ Academies here. Register to receive an invitation to this year’s Directors’ Academy here.

Continue reading

President Trump Announces Then Suspends Reciprocal Tariffs, Defers Tariffs on Certain Electronics, and Increases Tariffs on China

by Lauren Mandell, David J. Ross, Neena Shenai, Rhonda K. Schmidtlein, Heather E. Hedges, and Mark Kim

Photos of the authors

Top left to right: Lauren Mandell, David J. Ross, Neena Shenai, Bottom left to right: Rhonda K. Schmidtlein, Heather E. Hedges and Mark Kim (Photos courtesy of Wilmer Cutler Pickering Hale and Dorr LLP)

On April 2, 2025, President Donald Trump issued an executive order (the Reciprocal Tariffs Executive Order or Executive Order) announcing a 10% baseline reciprocal tariff on nearly all U.S. trading partners, effective April 5, and an additional reciprocal tariff on 57 countries, effective April 9. Seven of the United States’ top ten trading partners are among the 57 countries the Order states will face an additional reciprocal tariff: 34% for China (including the baseline tariff and the additional tariff), 20% for the European Union, 46% for Vietnam, 32% for Taiwan, 24% for Japan, 27% for India, and 26% for South Korea. Other than exemptions for duties imposed pursuant to Section 232 actions and for certain enumerated products, the tariffs are additive.

However, on April 10, the President suspended country-specific reciprocal tariff for all countries except China for a period of 90 days, until July 8, 2025.  On the same day, after days of escalation, the President increased the Chinese reciprocal tariff to 125%.

On April 11, the President excluded from the reciprocal tariffs a host of electronics, including smartphones, laptops, televisions.  This relief appears to be temporary because on April 14, the U.S. Commerce Department announced new Section 232 investigations of semiconductors, as well as pharmaceuticals, that could result in tariffs.

Continue reading

European Union, United Kingdom Competition and Markets Authority Impose More Than €549 Million in Fines on Major Car Manufacturers for 15-Year Cartel Involving Vehicle Recycling

by Jonathan J. Rusch

photo of author

Photo courtesy of the author

On April 1, the European Commission (EC) and the United Kingdom Competition and Markets Authority (CMA) simultaneously announced that they had imposed fines collectively totaling more than €549 million against a total of 17 leading car manufacturers and two trade groups, the European Automobiles Manufacturers’ Association (ACEA) and the Society of Motor Manufacturers & Traders (SMMT), for conducting a more than 15-year cartel pertaining to “end-of-life” vehicle recycling.[1]

Continue reading

SEC Now Requires Commission Approval for Subpoenas, but Says It Is Not ‘Walking Away’ From Enforcement

by Andrew Goldstein, Elizabeth Skey, and Bingxin Wu

Photos of the authors

Left to right: Andrew Goldstein, Elizabeth Skey and Bingxin Wu (photos courtesy of Cooley LLP)

On March 10, 2025, the US Securities and Exchange Commission (SEC) adopted a final rule that will require a majority of the commissioners to agree before the SEC formally opens an investigation. For the past 15 years, that power had been delegated to the SEC’s director of enforcement – enabling SEC staff attorneys to issue subpoenas to companies and individuals without approval of the commission. The new rule will make it more difficult for staff to gain subpoena power, adding a bureaucratic hurdle that could slow investigations down. At the same time, however, Acting Deputy Director of the Division of Enforcement Antonia Apps has insisted publicly that the SEC is not “walking away” from enforcement, but will focus on core areas, such as fraud and deceptive market practices.

Continue reading

The Rise of Audits as a Regulatory Tool for Tech

by Janet Kim, Matthew Bruce, Lutz Riede, Tristan Lockwood, Fiona McHugh, Florentine Schulte-Rudzio, and Bhavya Sharma

Photos of the authors

Top left to right: Janet Kim, Matthew Bruce, Lutz Riede, and Tristan Lockwood. Bottom left to right: Fiona McHugh, Florentine Schulte-Rudzio, and Bhavya Sharma (photos courtesy of Freshfields LLP)

As technology evolves, so do challenges in effectively regulating it. In an era where there is increasing focus on effective oversight of digital platforms, legislators are turning to audits as a go-to tool. This blog explores the reasons behind the growing adoption of audits in digital regulation, focusing on key legislative frameworks such as the EU’s Digital Services Act (DSA) and the UK’s Online Safety Act (OSA), and also explores the scope of audits in AI and other digital regulation. It also includes some practical tips for businesses navigating these new audit regimes.

Continue reading

End of the Road: Fincen Adopts Interim Final Rule Virtually Eliminating CTA Filing Requirements

by Matthew Bisanz, Brad A. Resnikoff, Kristin E. Rice-Gonzalez, Marcella Barganz, Courtney C. Seitz, Lorenz A. Taets, and Kelly F. Truesdale

photos of the authors

Top left to right: Matthew Bisanz, Brad A. Resnikoff, Kristin E. Rice-Gonzalez, Marcella Barganz, Bottom left to right: Courtney C. Seitz, Lorenz A. Taets and Kelly F. Truesdale (Photos courtesy of Mayer Brown)

March 21, 2025, the US Financial Crimes Enforcement Network (“FinCEN”) issued an interim final rule (the “IFR”) that exempts all domestic entities from beneficial ownership information reporting requirements under the Corporate Transparency Act (the “CTA”) and its implementing regulations (the “Reporting Rule”). These changes have the effect of eliminating any reporting requirement for more than 99.9% of the entities that were previously required to report[1] and, for domestic entities and US person beneficial owners, marking the end of the yearslong journey towards the CTAs reporting requirements, which were enacted into law in early 2021 and implemented by FinCEN’s original rulemaking  in September 2022.

Continue reading

OCC Affirms Regulated Entities Can Engage in Crypto and Stablecoin Activities

by Arthur S. Long, Parag Patel, Pia Naib, and Deric Behar 

Left to right: Arthur S. Long, Parag Patel, Pia Naib, and Deric Behar (photos courtesy of Latham & Watkins LLP)

In a break from restrictive Biden-era policies, OCC-supervised banks may now engage in crypto activities without supervisory nonobjection, potentially opening new avenues for innovation.

On March 7, 2025, the Office of the Comptroller of the Currency (OCC) reaffirmed that national banks and federal savings associations (collectively, banks) may participate in a range of cryptocurrency activities, including crypto custody, certain stablecoin activities, and participation in independent node verification networks.

Continue reading

CPPA Fines Honda $632,500 for CCPA Violations

by Jenna N. Rode

Photo courtesy of the author

On March 12, 2025, the California Privacy Protection Agency (“CPPA”) announced that it reached a settlement with American Honda Motor Co. (“Honda”) in which Honda will pay a $632,500 fine to resolve claims that the company violated the CCPA. The enforcement action comes as part of the CPPA’s ongoing investigation into connected vehicle manufacturers, which began in 2023.

Continue reading

UK, French, and Swiss Enforcement Authorities Announce New Alliance

by Lloyd Firth, Dr. Jan-S. Wendler, Claire M. Guehenno, Kimberly A. Parker, Jay Holtmeier, Erin G.H. Sloane, Christopher Cestaro, and Lindsey Cullen

Top left to right: Lloyd Firth, Dr. Jan-S. Wendler, Claire M. Guehenno and Kimberly A. Parker. Bottom left to right: Jay Holtmeier, Erin G.H. Sloane, Christopher Cestaro and Lindsey Cullen (Photos courtesy of WilmerHale).

Summary

Anti-bribery and corruption agencies in the UK, France and Switzerland recently announced a shared commitment to tackling international bribery and corruption, by way of a new taskforce intended to strengthen collaboration.

This taskforce was announced by the UK’s Serious Fraud Office (SFO), France’s Parquet National Financier (PNF) and the Office of the Attorney General of Switzerland (OAG) at a meeting in London. Its founding statement notes “the significant threat of bribery and corruption” and states that its members recognise that “success relies on us working closely and effectively together”. It intends to deliver a working group for case cooperation and increased best practice sharing.

Continue reading