Tag Archives: David Sarratt

CCPA Enforcement Update: California AG Announces a New Enforcement Sweep Targeting Customer Loyalty Programs

by David Sarratt, H Jacqueline Brehmer, and Christopher Ford

On January 28, 2022, California Attorney General Rob Bonta announced that his office sent notices alleging noncompliance with the California Consumer Privacy Act (“CCPA”) to a number of companies operating customer loyalty programs. This sweep of notices follows the Attorney General’s initial round issued on July 1, 2020 and was summarized in the Attorney General’s July 2021 enforcement examples, which we analyzed on the Debevoise Data Blog.

Continue reading

Key Takeaways from the First Year of CCPA Enforcement

by Jeremy Feigelson, David Sarratt, Jim Pastore, Johanna N. Skrzypczyk, H. Jacqueline Brehmer, and Christopher S. Ford

On July 19, 2021, California Attorney General Rob Bonta announced his first-year enforcement update on the California Consumer Privacy Act (CCPA), and unveiled a tool to help the Attorney General’s office (CAAG)—the primary enforcer of the CCPA until the California Privacy Protection Agency takes over—identify CCPA violations. 

Over a year ago, on July 1, 2020, the first day of enforcement, the CAAG sent a number of statutorily-required violation notices to companies, making clear that the CAAG planned to aggressively enforce the statute.  Last week’s update is a clear continuation of this trend, with the CAAG introducing a new tool that California residents can use to easily report violations to the Attorney General’s office.  The CAAG also put the market on notice by providing enforcement statistics and examples of potential enforcement actions.  Both the tool and examples provide much-needed guidance on the CAAG’s enforcement priorities for the CCPA.    

Continue reading

DOJ Updates Guidance on Evaluating Corporate Compliance Programs

by Matthew L. Biben, Kara Brockmeyer, Helen V. Cantwell, Andrew J. Ceresney, Andrew M. Levine, David A. O’Neil, David Sarratt, Jonathan R. Tuttle, Mary Jo White, Bruce E. Yannett, Lisa Zornberg, Ryan M. Kusmin, and Jil Simon

On April 30, 2019, Assistant Attorney General Brian Benczkowski announced an updated version of the Evaluation of Corporate Compliance Programs (the “Updated Guidance”).[1] This Updated Guidance supersedes a document of the same name that the Fraud Section of DOJ’s Criminal Division published online in February 2017 without any formal announcement (the “2017 Guidance”). Although not breaking much new ground, we believe the Updated Guidance can serve as a valuable resource for those grappling with how best to design, implement, and monitor an effective corporate compliance program.

In contrast to the 2017 Guidance—which listed dozens of questions to consider in evaluating a compliance program without providing much context—the Updated Guidance employs a more holistic approach. It focuses on three fundamental questions drawn from the Justice Manual:

  • Is the corporation’s compliance program well designed?
  • Is the program implemented effectively?
  • Does the program work in practice?[2]

Continue reading