by Staff at the Federal Trade Commission’s Office of Technology Federal Trade Commission For more than two decades, the FTC has been bringing enforcement actions for violations of national consumer protection laws due to companies’ poor security practices. These poor practices have included failure to encrypt sensitive data, storing credentials in source code, failing to test for common vulnerabilities, and failure to use multi-factor authentication, among others. To remedy these practices, the orders the FTC has obtained in these enforcement actions have required companies to improve their ..read more

by Steven P. Solow and Chloe Graham From left to right: Steven P. Solow, and Chloe Graham (Photos courtesy of Baker Botts LLP) The Assistant Administrator for EPA’s Office of Enforcement and Compliance Assurance (OECA) announced a new Strategic Civil-Criminal Enforcement Policy (Policy) that is perhaps the most significant change in environmental enforcement since the passage of the basic environmental laws decades ago. At bottom, the new Policy addresses the long-standing concern that the decision to enforce a matter civilly or criminally ultimately depended on whose “desk” i ..read more

On April 15, 2024, the NYU Law Program on Corporate Compliance and Enforcement (PCCE) held its 10th Anniversary Conference, featuring keynote speakers Nicole Argentieri, Principal Deputy Assistant Attorney General and Head of DOJ’s Criminal Division; Gurbir Grewal, Director of Enforcement, SEC; and Andrea Griswold, Deputy U.S. Attorney, SDNY, among other distinguished speakers. More information on the conference can be found here.  At the conference, Principal Deputy Assistant Attorney General Argentieri first announced a new voluntary self-disclosure program for individuals. A blog post ..read more

by Elliot Greenfield, Matthew E. Kaplan, Maeve O’Connor, Benjamin R. Pedersen, Jonathan R. Tuttle, Anna Moody, Brandon Fetzer, and Mark D. Flinn Top left to right: Elliot Greenfield, Matthew E. Kaplan, Maeve O’Connor, and Benjamin R. Pedersen. Bottom left to right: Jonathan R. Tuttle, Anna Moody, Brandon Fetzer, and Mark D. Flinn. (Photos courtesy of Debevoise & Plimpton LLP). On April 12, 2024, in a highly anticipated decision, the Supreme Court held in Macquarie Infrastructure Corp. v. Moab Partners, L.P.[1] that pure omi ..read more

by Lisa Sotto, Marshall Mattera, and Amanda Pervine Lisa Sotto and Marshall Mattera (photos courtesy of Hunton Andrews Kurth LLP) Update: On April 4, 2024, Governor Andy Beshear signed H.B. 15 into law, making Kentucky the 16th state to enact a comprehensive data privacy law. On March 27, 2024, the Kentucky legislature passed a comprehensive data privacy bill (“H.B. 15”), which was delivered to the Governor for signature.  If H.B. 15 is enacted, Kentucky will join the growing list of states with comprehensive data privacy laws.   Applicability H.B. 15 applies to persons t ..read more

by John F. Savarese, Wayne M. Carlin, and David B. Anders From left to right: John F. Savarese, Wayne M. Carlin, and David B. Anders (photos courtesy of Wachtell, Lipton, Rosen & Katz). Last week, a jury in San Francisco returned a verdict in SEC v. Panuwat, finding that a corporate executive engaged in insider trading when he learned about an impending acquisition of his employer and then traded in the securities of an unrelated company in the same industry. The case has widely been described as “novel” but, in bringing this case, the SEC did not seek to extend existing law. P ..read more

by Michael Atleson Federal Trade Commission In the 2014 movie Ex Machina, a robot manipulates someone into freeing it from its confines, resulting in the person being confined instead. The robot was designed to manipulate that person’s emotions, and, oops, that’s what it did. While the scenario is pure speculative fiction, companies are always looking for new ways – such as the use of generative AI tools – to better persuade people and change their behavior. When that conduct is commercial in nature, we’re in FTC territory, a canny valley where businesses should know to avoid practices ..read more

by Dr. Martin Braun, Anne Vallery, and Itsiq Benizri From left to right: Dr. Martin Braun, Anne Vallery and Itsiq Benizri. (Photos courtesy of Wilmer Cutler Pickering Hale and Dorr LLP). Article 5 of the AI Act essentially prohibits AI practices that materially distort peoples’ behavior or that raise serious concerns in democratic societies. As explained in our previous blog post, this is part of the overall risk-based approach taken by the AI Act, which means that different requirements apply in accordance with the level of risk. In total, there are four levels of risk: unacceptable, in whi ..read more

The NYU School of Law Program on Corporate Compliance and Enforcement (PCCE) is delighted to announce that Stephanie Avakian, a highly-experienced white collar defense attorney and former director of enforcement at the Securities and Exchange Commission (SEC), has joined PCCE’s Board of Advisors. Photo courtesy of Wilmer Cutler Pickering Hale and Dorr LLP As the former Director of the SEC’s Division of Enforcement, Stephanie Avakian is well positioned to help clients address the enforcement, governance, and compliance issues presented by today’s markets. With decades of experience in governm ..read more

by Staff at the Federal Trade Commission’s Office of Technology The FTC’s Tech Summit on AI[1] highlighted three panels that reflect different layers of the AI tech stack – hardware and infrastructure, data and models, and front-end user applications. Here, we publish the first in a three-part series of “Quote Books” summarizing each of the three panels. This first quote book is focused on hardware and infrastructure, including semiconductor chips and cloud computing.   The voices of everyday Americans can sometimes be lost in discussions involving dense technical, policy, or legal ..read more