Tag Archives: Anthony J. Lewis

President Biden Issues Executive Order Granting Authorities to Regulate the Transfer of Sensitive U.S. Data to Countries of National Security Concern

by Eric J. Kadel Jr., Sharon Cohen Levin, Nicole Friedlander, Anthony J. Lewis, Andrew J. DeFilippis, Joshua Spiegel, and George L. McMillan

photos of authors

Top left to right: Eric J. Kadel Jr., Sharon Cohen Levin, Nicole Friedlander, Anthony J. Lewis.
Bottom left to right: Andrew J. DeFilippis, Joshua Spiegel and George L. McMillan. (Photos courtesy of Sullivan & Cromwell LLP).

SUMMARY

On February 28, 2024, President Biden issued Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” (the “Executive Order”), delegating new authorities to the U.S. Department of Justice (“DOJ”) and other agencies to regulate the transfer of sensitive U.S. data to countries of national security concern. The Executive Order focuses primarily on personal and other sensitive information, such as U.S. persons’ financial information, biometric data, personal health data, geolocation data, and information relating to government personnel and facilities.[1]

Continue reading

SEC Charges SolarWinds and Its CISO with Fraud and Internal Controls Failures

by Nicole Friedlander, Anthony J. Lewis, Robert W. Reeder, John B. Sarlitto, Michael S. Drell, and Paulena B. Prager

Photos of the authors

Left to right: Nicole Friedlander, Anthony J. Lewis, Robert W. Reeder, John B. Sarlitto, Michael S. Drell, and Paulena B. Prager (Photos courtesy of Sullivan & Cromwell LLP)

Complaint Alleges Knowledge and Concealment of Poor Cybersecurity Practices and Heightened Cyber Risks

SUMMARY

On October 30, 2023, the Securities and Exchange Commission (“SEC”) filed a complaint against SolarWinds Corporation (“SolarWinds”) and its Chief Information Security Officer (“CISO”), alleging securities fraud and failures of reporting, internal control over financial reporting, and disclosure controls and procedures, in connection with a compromise of the company’s software product that was publicly revealed in December 2020.[1] The complaint (“Complaint”), filed in the Southern District of New York, alleges that SolarWinds and its CISO misled investors and customers about known, material cybersecurity weaknesses and risks, including several that allegedly enabled the compromise, through which U.S. government networks and corporations were infiltrated in a cyber espionage campaign by the Russian government. The SEC alleges that the defendants made materially false and misleading statements and omitted material facts on SolarWinds’ website and in its blog posts, press releases, initial registration statement (“Form S-1”), quarterly and annual SEC reports, and the current report on Form 8-K in which SolarWinds first disclosed the compromise. The SEC seeks declaratory and injunctive relief, disgorgement, a civil monetary penalty in an unspecified amount, and an order permanently prohibiting the CISO from acting as an officer or director of a public company.

Continue reading

DOJ, BIS and OFAC Release Guidance on Voluntary Self-Disclosures

By Eric J. Kadel, Sharon Cohen Levin, Anthony J. Lewis, Shari D. Leventhal, and Edoardo Saravalle

Photos of the authors

Left to right: Eric J. Kadel, Sharon Cohen Levin, Anthony J. Lewis, Shari D. Leventhal, and Edoardo Saravalle (Photos courtesy of Sullivan & Cromwell LLP)

DOJ, BIS and OFAC Issue Joint Guidance on Policies Relating to Voluntary Self-Disclosures of Potential Violations of Sanctions, Export Controls and Other National Security Laws

Summary

On July 26, 2023, the Department of Justice, the Department of Commerce and the Department of the Treasury released a Tri-Seal Compliance Note describing voluntary self-disclosure and whistleblower policies applicable to U.S. sanctions, export controls and other national security laws.  The release does not impose new obligations, but provides an overview that (i) clarifies the salient aspects of the agencies’ voluntary self-disclosure policies (particularly following recent updates to these policies), (ii) suggests the differences between each agency’s approach to voluntary self-disclosures (including with respect to the mitigation of civil or criminal liability) and (iii) underscores the agencies’ goal of shifting the private sector’s risk calculus toward greater voluntary self-disclosures.

Continue reading