Data Privacy

If your supply chain crosses a border, your FAR 52.222-90 flowdown is probably already wrong. Either it overpromises in ways an EU, UK, or South African supplier cannot sign without violating local law, or it underpromises and creates False Claims Act (FCA) exposure on the US side. Both versions of the problem land on the same desk, and they land on a clock.

As we covered in a prior post, FAR 52.222-90 is not a routine flowdown. It reaches subcontract administration, records access, reporting obligations, bilateral modifications, suspension and debarment, and FCA materiality. In cross-border scenarios, those same hooks meet a thicket of foreign equality, pay-transparency, sustainability, human-rights, privacy, and disclosure-blocking regimes. The result is predictable confusion, and confusion in this clause is expensive.

Continue Reading FAR 52.222-90 Goes Global: Cross-Border Supply Chains and the Limits of a US Flowdown

The California Privacy Protection Agency (CPPA) recently fined clothing retailer Todd Snyder almost $350,000 for two types of consumer privacy errors. Due to technical errors during a 40-day period, it was impossible for Todd Snyder website users to request to opt out of having their information sold or shared. When users clicked the button for the Cookie Preferences Center, the consent banner would appear but instantly disappear, thus making it impossible for anyone to actually opt out. For those who were able to actually access the preferences center, Todd Snyder over-collected information from its users who wanted to opt out of having their information sold or shared. Todd Snyder’s data request form required users to verify their identity by submitting a photograph of themselves holding their identity document, even when they wanted to opt out.

Continue Reading Check Your Process or Pay Your Fine: Recent 6-Figure Fines from the California Privacy Protection Agency

Zachary Myers, the former United States Attorney for the Southern District of Indiana, has officially joined McCarter & English’s Indianapolis office as a partner in the Business Litigation group. He will also serve as a co-leader of the firm’s multidisciplinary Cybersecurity & Data Privacy team. Zach brings extensive experience in high-stakes litigation and cybersecurity. As part of his practice, he will counsel clients in navigating federal government issues, including congressional inquiries and regulatory matters.

Continue Reading Former US Attorney Zach Myers Joins McCarter & English

WASHINGTON (March 25, 2025) – McCarter & English today announced that Erin Prest, former FBI Privacy & Civil Liberties Officer and Deputy General Counsel has joined the firm’s cybersecurity team as a partner in the firm’s Washington, DC office. Prest joins following an exemplary 18-year career at the FBI, where she oversaw the agency’s data security and privacy protection practices, its responses to breaches and cybersecurity events impacting FBI information, and provided guidance to FBI executives to protect the civil liberties of individuals under investigation. As Deputy General Counsel, she also oversaw the legal guidance related to criminal investigative activities, crisis response, procurement, criminal history information, and DNA matters among others.

Continue Reading McCarter & English Welcomes Erin Prest Former Privacy & Civil Liberties Officer and Deputy General Counsel of FBI to Cybersecurity and Data Privacy Practice