The U.S. Department of Justice (DOJ)’s new data security rule went into effect April 8, 2025. The rule creates what are effectively export controls and requires companies to take measures to prevent U.S. sensitive personal and government-related data from falling into the hands of foreign adversaries. The rule targets transactions (including data brokerage, vendor agreements, employment agreements, and investment agreements) involving access to bulk sensitive personal data or government-related data when those transactions involve identified covered persons or countries of concern (China, Russia, Iran, North Korea, Cuba, and Venezuela).Continue Reading DOJ Announces 90-Day Grace Period for Companies to Comply with New Data Security Rules on Foreign Adversary Access to U.S. Sensitive Data

On March 5, 2025, SuperValu, Inc. (SuperValu), a grocery store chain that operates in-store pharmacies, was cleared of liability by a Central District of Illinois federal jury—finally quashing whistleblower claims that the company improperly over-billed the government and violated the False Claims Act (FCA). This jury verdict came after a long 14-year battle, which included a Supreme Court reversal of lower court decisions on the FCA’s scienter standard.Continue Reading SuperValu Wins False Claims Act Case with a “No Harm, No Foul” Jury Verdict

Just over one month into the second Trump Administration, the crypto industry has notched yet another victory in its longstanding tug-of-war with regulators — perhaps its most significant to date. On February 21, Coinbase Chief Legal Officer Paul Grewal announced via blog post that the U.S. Securities and Exchange Commission (“SEC”) would be dropping its enforcement action against the company. The lawsuit, which claimed that the company had failed to fulfill registration requirements, has been one of the SEC’s highest-profile crypto cases.Continue Reading SEC Withdraws from Prominent Crypto Enforcement Amid Regulatory Shift

Shortly after her confirmation, and just after her swearing-in by Associate Justice Clarence Thomas, U.S. Attorney General Pamela Bondi issued fourteen memoranda that seek to reform the Department of Justice by rescinding prior guidance, issuing new guidance, and establishing new priorities for the nation’s chief law enforcement and prosecuting agency. We examine below the actions taken by Attorney General Bondi. Continue Reading Attorney General Bondi’s Day One Orders for DOJ

In a significant development, the Department of Justice (DOJ) indicted 14 North Korean nationals on December 11, 2024 for their involvement in a sophisticated scheme to defraud U.S. companies and violate international sanctions. This case underscores the persistent threat posed by North Korean cyber actors who pose as residents of the U.S. and exploit global IT networks to funnel money back to the DPRK regime.Continue Reading DOJ Indicts 14 North Korean Nationals in Major Fraudulent IT Worker Scheme

A federal district court in the Middle District of Florida issued a decision on Sept. 30th that threatens the federal government’s continued reliance on the False Claims Act (“FCA”) as the most powerful weapon in the Department of Justice’s enforcement arsenal. U.S. District Judge Kathryn Kimball Mizelle threw out a case against a group of Medicare Advantage organizations and providers on the grounds that an individual whistleblower suing on behalf of the federal government under the FCA, often called a “relator” in a “qui tam” lawsuit, violates the U.S. Constitution’s “appointments clause.” The Court concluded that relators, who are acting on behalf of the federal government, must be considered officers of the government and appointed in a manner consistent with Constitutional requirements. See U.S. ex rel Zafirov v. Florida Medical Associates, LLC, No. 8:19-cv-1236, 2024 U.S. Dist. LEXIS 176626, ECF No. 346 (M.D. Fl. Sept. 30, 2024).Continue Reading FCA Whistleblowers – No More?

In an address this week to the Society of Corporate Compliance and Ethics, Principal Deputy Assistant Attorney General Nicole M. Argentieri of the Department of Justice’s (“DOJ”) Criminal Division, highlighted several updates relevant to corporate compliance programs, including the DOJ’s new whistleblower programs and incentives.Continue Reading DOJ Announces Changes to Guidance on Corporate Compliance Programs, Updates on Whistleblower Program

More than two years after announcing the first round of settlements in the ongoing “off-channel communications” probe, the SEC recently announced another round of settlements with 26 financial firms, totaling $390 million in fines. These most recent settlements are notable for two reasons: (1) they include the SEC’s second settlement with an entity operating solely as a registered investment adviser (“RIA”) with no associated broker-dealer, and (2) the SEC has again explicitly noted that companies that self-reported obtained lower fines.Continue Reading Latest Round of SEC “Off-Channel” Communications Settlements Highlights Risks for Investment Advisers and Benefits of Self-Reporting

On August 22, 2024, the United States Department of Justice (DOJ) filed a Complaint-In-Intervention (the “Complaint”) against the Georgia Institute of Technology (Georgia Tech) and Georgia Tech Research Corp. (GTRC). The 99-page DOJ Complaint alleges the defendants knowingly failed to meet contractual cybersecurity requirements in connection with various Department of Defense (DoD) contracts. The suit raises claims under the False Claims Act and federal common law (including fraud, negligent misrepresentation, breach of contract, unjust enrichment, and payment by mistake). This is the latest DOJ activity relating to its Civil Cyber Fraud Initiative (announced in October 2021), which we previously have written about here, here, and here.Continue Reading DOJ Sues Georgia Tech Entities for Cybersecurity Failures in the Latest Civil Cyber Fraud Initiative (CCFI) Activity