Data Rights

DOJ Launches New Data Security Program—What Your Company Needs to Know

By Erin Prest, Zachary Myers & Alexis Martinez on January 6, 2026

Posted in Compliance, Cybersecurity, Data Rights, DOJ, Executive Orders, Export Controls, Federal Government, Regulations, Regulatory Compliance and Claims

The US Department of Justice’s (DOJ) new Data Security Program (DSP), designed to protect sensitive information and national security-related data from misuse by foreign actors, took full effect on October 6, 2025. The program introduces new restrictions on how companies handle and share sensitive US personal data and government-related data, especially when certain foreign entities are involved. With enforcement underway, companies should understand who is covered, what activities are restricted, and what compliance measures are required. Failure to comply with the rules can result in civil or criminal penalties.Continue Reading DOJ Launches New Data Security Program—What Your Company Needs to Know

Check Your Process or Pay Your Fine: Recent 6-Figure Fines from the California Privacy Protection Agency

By Erin Prest on May 13, 2025

Posted in Cybersecurity, Data Privacy, Data Rights

The California Privacy Protection Agency (CPPA) recently fined clothing retailer Todd Snyder almost $350,000 for two types of consumer privacy errors. Due to technical errors during a 40-day period, it was impossible for Todd Snyder website users to request to opt out of having their information sold or shared. When users clicked the button for the Cookie Preferences Center, the consent banner would appear but instantly disappear, thus making it impossible for anyone to actually opt out. For those who were able to actually access the preferences center, Todd Snyder over-collected information from its users who wanted to opt out of having their information sold or shared. Todd Snyder’s data request form required users to verify their identity by submitting a photograph of themselves holding their identity document, even when they wanted to opt out.Continue Reading Check Your Process or Pay Your Fine: Recent 6-Figure Fines from the California Privacy Protection Agency

Follow the Breadcrumbs: Where Does Consumer Data Go as 23andMe Goes Bankrupt?

By Erin Prest & Katarina Overberg on April 15, 2025

Posted in Data Privacy, Data Rights

23andMe, a pioneer in the DNA testing kit industry, announced that it has filed for Chapter 11 bankruptcy protection and recently asked to select an independent customer data representative regarding any sale of user data. Its bankruptcy raises issues about data privacy and what companies must do to protect that data for the benefit of their customers and to protect themselves from litigation or violations of US and international privacy laws.Continue Reading Follow the Breadcrumbs: Where Does Consumer Data Go as 23andMe Goes Bankrupt?

OMB Issues Guidance to Agencies on Responsible Artificial Intelligence Acquisitions

By Alex Major & Philip Lee on October 29, 2024

Posted in Artificial Intelligence, Commercial Items, Competition, Data Rights, Federal Contractors, Federal Government, Information Technology, Intellectual Property, IT Acquisition, Software, Software Acquisition

Contractors interested in offering federal agencies artificial intelligence (AI) can now glean insight into how agencies are expected to conduct AI acquisitions. On September 24, 2024, the Office of Management and Budget (OMB) issued Memorandum M-24-18, Advancing the Responsible Acquisition of Artificial Intelligence in Government (the Memorandum), providing guidance and directing agencies “to improve their capacity for the responsible acquisition of AI” systems or services, including subcomponents. The Memorandum builds on the White House’s Executive Order 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, and OMB Memorandum M-24-10, Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence. Taking effect on March 23, 2025, M-24-18 will apply to all solicitations and contract option exercises for AI systems covered under the Memorandum.Continue Reading OMB Issues Guidance to Agencies on Responsible Artificial Intelligence Acquisitions

iEdison’s 2020 New Year’s Resolution – Improvement! Time to Submit Your Comments

By Cara Wulf on January 24, 2020

Posted in Bayh-Dole, Data Rights, Government Contracts Regulatory Compliance, Patents

The Interagency Edison (“iEdison”) system is the principal mechanism for preserving rights to title in Government-funded inventions. Its use is now mandatory per 37 CFR 401.16, and we expect FAR 52.227-11, Patent Rights – Ownership by the Contractor, to see parallel amendments soon. Despite its use by multiple agencies to satisfy the reporting obligations imposed on funding recipients under the Bayh-Dole Act, most agree and recognize that the system is broken…badly broken.
Continue Reading iEdison’s 2020 New Year’s Resolution – Improvement! Time to Submit Your Comments

Restricted Rights Under DFARS 252.227-7014: Practitioner Advice for Avoiding DoD Licensing Pitfalls

By McCarter & English on August 15, 2017

Posted in DOD, Federal Government, Regulations

This article focuses on contractor licenses that grant “Restricted Rights” in “Noncommercial Software” to the federal Government under Defense Federal Acquisition Regulation Supplement (“DFARS”) 252.227-7014. DFARS 252.227-7014 only applies to “Noncommercial Computer Software,” meaning software that is licensed to or developed for the Government, but that is not also licensed to the public. In contrast to the commercial world, where software licensors generally set the terms under which they wish to license their products, DFARS 252.227-7014 dictates such terms, and codifies required license grants for software developed for the U.S. Department of Defense (“DoD”). Under DFARS 252.227-7014, even if a licensor develops Noncommercial Software at private expense, the licensor must at least grant Restricted Rights to the Government — although title and ownership of the software always remain with the contractor licensor.
Continue Reading Restricted Rights Under DFARS 252.227-7014: Practitioner Advice for Avoiding DoD Licensing Pitfalls

U.S. Government Open Source Software: OMB’s Memorandum on Federal Source Code Policy Exposes IP Ownership Risk

By Zack Hadzismajlovic, Alex Major, Franklin Turner & David Himelfarb on December 2, 2016

Posted in Bid Protests, Federal Government, GSA, Regulations

On August 8, 2016, the U.S. Office of Management and Budget (“OMB”) promulgated an Open Source Software (“OSS”) policy via the Memorandum for the Heads of Departments and Agencies, M-16-21 (“Memorandum” or “M-16-21”). The high-level purposes of the Memorandum are to promote reuse of federal contractor and employee custom-developed code, and to improve the quality of such software through public participation. To these ends, the Memorandum has two major directives: (1) all custom-developed code must be broadly available for reuse across the federal government subject to limited exceptions (e.g., for national security and defense) and (2) under a three-year pilot program, federal agencies are required to release at least 20% of their custom-developed code to the public as OSS. The intent here is to enable continual quality improvements to the code as a result of broader public community efforts. As discussed below, the requirement to release custom-developed code as OSS may effectively reduce the creator’s ownership rights, and have economic impacts on both the value of ownership and pricing when bidding on government contracts.
Continue Reading U.S. Government Open Source Software: OMB’s Memorandum on Federal Source Code Policy Exposes IP Ownership Risk

MENU

Government Contracts Law