Consumer Privacy and the Danger of Parallel Investigations
The blazing-fast process of parallel investigations immediately exposes the organization to risk it was not expecting, and can spread in unpredictable ways.
March 29, 2019 at 07:00 AM
5 minute read
Following an explosive Wall Street Journal report regarding how app developers accessed deeply private data on a social media platform—such as users' medical and health information—regulators, enforcement agencies, grassroots organizations, and lawmakers pounced. This report and its fallout illustrate the risk that private innovators face from fickle and fast-moving government scrutiny. Companies can take steps to prepare for the unpredictable.
|It Only Takes a Spark
In the case of the social media apps, New York Governor Andrew Cuomo mounted an extraordinarily aggressive response to the report, by ordering a multitude of state agencies to investigate the underlying charges and calling on federal regulators to do the same. He was able to get the attention of sympathizers in Congress and has laid a foundation for continued scrutiny. Governor Cuomo's move touched nearly every level of government.
In response, the New York Department of Financial Services wasted no time. Within days of the Governor's order, it issued letters to request information from the social media platform and a group of 11 app developers.
This type of blazing fast process—with the spark of an investigative report (or even a social media posting by an influencer)—can quickly consume a company. It immediately exposes the organization to risk it was not expecting, and can spread in unpredictable ways. This is true even if the company is found, and known, to have done absolutely nothing wrong.
|The Risk is High
There is no way to prevent these types of investigative inquiries. This is true because so many companies and/or industries now are immersed in enterprises that can often involve “a deluge of data.” In other words, just by being in the data game, companies face a heightened risk of being called for quick fouls.
The stakes are higher and scrutiny comes faster these days across the economy, but particularly for companies in areas of higher regulatory risk. Hot areas include data monetization and targeted marketing, connected products, communications media, and artificial intelligence, to name a few. Privacy and security practices are sensitive. And heightened supply chain concerns make international business dealings fodder for scrutiny.
|Preparation is Key
While a company cannot prevent itself from becoming a target, it can prepare to survive. As with any crisis, it takes preparation, preparation, and preparation, before a crisis hits to help mitigate risk. More specifically, organizations should take several important steps to prepare for a rapidly moving investigation that invariably becomes a parallel investigation, involving multiple state, local, federal, congressional investigators.
1. Define your team and your internal and external communications channels. Before crises hit, it's important to have the silos of any organization—communications, public affairs, in-house counsel, outside counsel, the C-suite, board of directors, investor relations, government relations, employee relations—all able to sing from the same sheet of music. This means making clear exactly what the lines of communication and authority are in responding to any crisis, and mapping out information and data flow so that it is channeled appropriately.
2. Know your regulators and law enforcement agencies. As is the case with any relationship, it is important to establish credibility with regulators and law enforcement agencies far before a crisis hits, rather than have someone else establish (or tarnish) your credibility before you have the opportunity to do so (such as the news media).
3. Retain counsel with regulatory/law enforcement landscape fluency. State regulators operate differently from federal regulators. There are different lines of authority, decision-makers, and personalities. There are also different substantive and procedural legal issues and investigative tools that can be invoked. The same is true for state and federal law enforcement. It is therefore important to have counsel who understand each of these nuances, who can ascertain appropriately how to address, and possibly fight, investigative inquiries.
4. Establish relationships with counsel with subject matter fluency. To enhance credibility with regulators/enforcers, it is important to ensure that counsel has mastery of the facts. This means counsel who know how to conduct efficient and adequate investigations, as well as counsel who possess sophistication with respect to the underlying technology or industry at issue and its broader dynamics.
Companies may not be able to keep themselves out of the crosshairs of government oversight or media conflagrations. But, they can take prudent steps to prepare to respond and limit the damage.
Megan L. Brown is a Partner in the Telecom, Media and Technology and Privacy and Cybersecurity practices at Wiley Rein LLP in Washington, D.C. She is former counsel to the attorney general at the U.S. Department of Justice, serves on the U.S. Chamber of Commerce Cybersecurity Leadership Council and is a 2018 fellow at George Mason University's National Security Institute. She can be reached at [email protected]. Peter Hyun, a Partner in Wiley Rein's White Collar Defense & Government Investigations Practice, is a former Assistant U.S. Attorney in the Eastern District of Virginia's U.S. Attorney's Office, Assistant Attorney General in the New York Attorney General's office, and Chief Counsel to U.S. Senator Dianne Feinstein on the U.S. Senate Committee on the Judiciary. He can be reached at [email protected].
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Jury Says $118M: Netlist Wins Another Patent Verdict Against Samsung
- 2Big Law Communications, Media Attorneys Brace For Changes Under Trump
- 3Will England Accept that Digital Assets Are ‘Property’?
- 4Congress and Courts Are Considering Litigation Financing: Is Disclosure Imminent?
- 5Bar Report — Nov. 25, 2024
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
