This Sidley Practice Note highlights certain key disclosure considerations for preparing your annual report on Form 10-K for fiscal year 2020, including recent amendments to U.S. Securities and Exchange Commission (SEC) disclosure rules and other developments that will affect 2020 Form 10-K filings as well as certain significant disclosure trends and current areas of SEC staff focus for disclosures. Appendix A to this Practice Note sets forth a summary checklist of significant Regulation S-K amendments affecting 2020 Form 10-K filings, which are discussed in further detail. As always, we invite you to contact us with any questions on these topics or any other SEC reporting and compliance matters.
Congratulations to our 28 colleagues, including Clayton Northouse, for their election to the Sidley Austin partnership. Clay represents companies that have suffered cybersecurity attacks and consumer privacy incidents and has developed multidimensional defenses to litigation, congressional inquiries, and regulatory investigations. He has experience in the use of cybersecurity forensics and the investigation of sophisticated international incidents. In addition to counseling companies regarding their compliance with the full range of data protection laws, Clay also helps companies assess the legal implications of deploying novel communication and digital technologies. Clay has been a driving force in guiding Sidley’s privacy and cybersecurity diligence for significant M&A and private equity transactions.
The seventh edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection, and cybersecurity landscape in a time of unique workplace challenges, new dimensions to cybercrime, significant new data protection regimes coming into effect around the world, and increased scrutiny from regulators, Boards of Directors and customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law.
On November 20, 2020, the Singapore Personal Data Protection Commission (PDPC) published a set of draft advisory guidelines (the Advisory Guidelines) to provide clarification on recent amendments to the Personal Data Protection Act (the PDPA Amendments). We have summarized the PDPA Amendments in our previous client Update. The Advisory Guidelines address operational details on key amendments, as summarized below.
In recognition of the exceptional caliber of the firm’s work, Who’s Who Legal honored Sidley with two “Firm of the Year” awards and two “Country Firm of the Year” awards at its 2020 Who’s Who Legal Awards. The annual ceremony identifies the firms that stand apart from others in practice areas of law.
The results are in, and California voters have approved the California Privacy Rights Act (CPRA) which was listed on the ballot as Proposition 24. The law, most of which does not go into effect until January 1, 2023, will substantially overhaul and amend the California Consumer Privacy Act (CCPA) which went into effect just this year, on January 1, 2020, with final regulations issued just a few months ago, on August 14, 2020. And indeed, CCPA obligations continue to evolve, with proposed amendments to the regulations proposed by the Attorney General’s Office mid-October 2020.
Washington, D.C. – Sidley is pleased to announce that Sujit Raman joined the firm as a partner in its Washington, D.C. office. Mr. Raman will be a member of the Privacy and Cybersecurity practice group, and will contribute to the firm’s globally regarded litigation, national security, and trade practices.
In a decision with significant implications for international trade and cross-border data flows, the EU’s highest court – the Court of Justice of the European Union (“CJEU”) ruled on 16 July 2020 that a key legal mechanism (called the EU-US Privacy Shield program) used to enable transfers of personal data from the European Union (“EU”) was invalid, while also potentially requiring additional protections to be implemented when another key transfer mechanism (called Standard Contractual Clauses) is used. The case – Data Protection Commissioner v. Facebook Ireland, Max Schrems (“Schrems II”) – considered the validity of the EU-US Privacy Shield (“Privacy Shield”) program (a privacy certification made available for US organizations through an agreement between the European Commission and the US government) and Standard Contractual Clauses (“SCC”) (a form of international data transfer agreement made available for use by the European Commission).
*Article first appeared in The Hill on June 13, 2020.
Concerns over the use of location tracking and contact tracing of infected individuals to help mitigate the spread of COVID-19 have once again placed “privacy” at the forefront of public attention. And even though Congress declared privacy to be a fundamental right in 1974, it established no cabinet office or institutional framework to focus on the role of data protection and digital technology in our society. Consequently, during these days of COVID-19, there is no senior government official responsible for taking account of and balancing the trade-offs between privacy and public health.
On June 1, 2020, the Criminal Division of the U.S. Department of Justice (DOJ) publicized an updated version of its “Evaluation of Corporate Compliance Program” guidance. This is the third version of the document, with the DOJ having issued the guidance in 2017 (which we analyzed here) and revised it in April 2019 (which we analyzed here). This further revision is another reminder of the DOJ’s heightened focus and increasing sophistication regarding evaluating compliance programs during investigations. While the overall structure of the guidance generally remains consistent with the last version, the revisions provide additional insight into the DOJ’s expectations for corporate compliance programs. More specifically, the revisions highlight the importance of an adequately resourced and empowered compliance department, a constantly evolving compliance program based on the company’s current risk profile and relevant compliance issues, and the use of key compliance metrics to test the effectiveness of a compliance program.