Data Privacy & Protection

Clear and precise recognition and treatment of intellectual property (IP) are critical in government contracting because the ownership and use of preexisting IP, so-called “Background IP,” turn on the timing of, and funding sources for, the development of the IP. Therefore, internal documentation and standardized procedures for tracking and marking IP are crucial in the event of a dispute regarding the development, use, or ownership of IP before, during, and after performance on a government contract.

Continue Reading Don’t Put Your Background IP into It: Protecting What’s Yours

I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror and were suddenly silenced.

When Obi-Wan Kenobi says this in Star Wars: Episode IV – A New Hope, he senses that something profound just changed in the galaxy. A powerful presence has vanished. The balance of power shifting in ways that will ripple far beyond the immediate moment. As Yoda later describes the Force: “Life creates it, makes it grow. Its energy surrounds us, binds us.” In this way, artificial intelligence (AI) is beginning to play a role for the US Defense Industrial Base (DIB) not unlike the Force itself—quietly enhancing the capabilities of engineers, analysts, and compliance professionals across thousands of organizations supporting national defense programs.

So what could happen if a major AI player suddenly disappears from the board?

Continue Reading Orbiting A.I.-deraan? A Disturbance in the Force for the Defense Industrial Base

California Attorney General (AG) Rob Bonta announced the largest settlement under the California Consumer Privacy Act (CCPA) against The Walt Disney Company (Disney) for failing to honor customers’ requests to opt out of the sale or sharing of their data across all devices and streaming services linked to their Disney accounts. Essentially, Disney made it too difficult for consumers.  Businesses should evaluate their internal structure for responding to consumer requests. California has put a hefty price tag to make sure that more than appearances matter. As discussed in prior alerts, this follows the joint investigative sweep announced in September 2025 among California, Connecticut, and Colorado to investigate businesses refusing to honor consumers’ right to opt out of the sale of their personal information.

Continue Reading Opt Me Out! California Lessons on National Privacy Enforcement

On June 6, 2025, President Trump issued a new executive order, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144” (EO), signaling the construction of a fortified cyber defense across federal operations. This directive updates the nation’s digital stronghold, modernizing risk management, defending against quantum and artificial intelligence (AI) threats, and drawing sharper lines in the battle against foreign cyber adversaries. For technology companies and federal suppliers, this is a clarion call to reinforce their digital walls and sharpen their defenses. Agencies will soon build these secure-by-design principles into every contract and procurement decision. In this era of fortress-building, failing to meet these standards not only will leave your gates unguarded but also could bar you from the entire federal marketplace. The EO may read like ordinary policy, but don’t be misled: It’s a direct command for companies to strengthen their cyber defenses or be locked out of federal opportunities altogether.

Continue Reading Building the Cyber Fortress: New Cybersecurity Executive Order Targets Quantum, AI, and Supply Chain Security

The California Privacy Protection Agency (CPPA) recently fined clothing retailer Todd Snyder almost $350,000 for two types of consumer privacy errors. Due to technical errors during a 40-day period, it was impossible for Todd Snyder website users to request to opt out of having their information sold or shared. When users clicked the button for the Cookie Preferences Center, the consent banner would appear but instantly disappear, thus making it impossible for anyone to actually opt out. For those who were able to actually access the preferences center, Todd Snyder over-collected information from its users who wanted to opt out of having their information sold or shared. Todd Snyder’s data request form required users to verify their identity by submitting a photograph of themselves holding their identity document, even when they wanted to opt out.

Continue Reading Check Your Process or Pay Your Fine: Recent 6-Figure Fines from the California Privacy Protection Agency

On April 15, 2025, the Department of Defense (DoD) released official guidance on Organizationally Defined Parameters (ODPs) appearing in the newly published NIST SP 800-171 Revision 3. At the same time, the DoD reaffirmed that contractors must continue complying with Revision 2 thanks to a previously issued class deviation. What does this mean in plain terms? The DoD is slowly pulling back the curtain on the next major shift in cybersecurity compliance. Still, the full prestige hasn’t happened yet.

Continue Reading The “Prestige”: DoD Unveils NIST SP 800-171 Revision 3, Organizationally Defined Parameters

New Hart-Scott-Rodino premerger notification rules, which took effect in February, require that companies now provide more information than ever before about their prospective mergers. Meanwhile, both federal and state antitrust enforcers continue to step up scrutiny of data-related antitrust harms such as information sharing, monopolization, and price coordination, and private litigants are also filing claims. Data has long been used by companies to benchmark performance metrics, from pricing to inventory levels, and to manage revenue. But as data volume has increased, so too has the risk of violating antitrust laws through higher levels of interconnection. Big data could facilitate price coordination, potentially rising to the level of price fixing, and could thus entrench the market power of companies that have amassed data critical to the ability to compete.

Continue Reading Mo’ Data, Mo’ Problems: Antitrust Risk in the Age of Big Data

23andMe, a pioneer in the DNA testing kit industry, announced that it has filed for Chapter 11 bankruptcy protection and recently asked to select an independent customer data representative regarding any sale of user data. Its bankruptcy raises issues about data privacy and what companies must do to protect that data for the benefit of their customers and to protect themselves from litigation or violations of US and international privacy laws.

Continue Reading Follow the Breadcrumbs: Where Does Consumer Data Go as 23andMe Goes Bankrupt?

WASHINGTON (March 25, 2025) – McCarter & English today announced that Erin Prest, former FBI Privacy & Civil Liberties Officer and Deputy General Counsel has joined the firm’s cybersecurity team as a partner in the firm’s Washington, DC office. Prest joins following an exemplary 18-year career at the FBI, where she oversaw the agency’s data security and privacy protection practices, its responses to breaches and cybersecurity events impacting FBI information, and provided guidance to FBI executives to protect the civil liberties of individuals under investigation. As Deputy General Counsel, she also oversaw the legal guidance related to criminal investigative activities, crisis response, procurement, criminal history information, and DNA matters among others.

Continue Reading McCarter & English Welcomes Erin Prest Former Privacy & Civil Liberties Officer and Deputy General Counsel of FBI to Cybersecurity and Data Privacy Practice