From CFIUS, With Love: The FIRRMA Regulations

The most pressing question around the new FIRRMA regulations is “Will my transaction be covered?” To provide a bit of guidance on that point, we present an illustration from our upcoming Second Edition of The CFIUS Book due out in March of this year. Continue Reading

Getting Prepared for a Decade of Privacy

As we get settled into the reality of living with both CCPA and GDPR, companies are looking for new approaches for keeping their privacy houses in order. CCPA reminds us that there is no end to new legislation: proposals are already coming in from states as varied as Nebraska, New Hampshire and Virginia. Similar legislative trends exist around the globe. How can companies be prepared to address this ever shifting legislative landscape? There are a few essential steps privacy officers can take, including (1) aligning the privacy team’s efforts with the underlying corporate mission, (2) having a clear understanding of both the company’s data and its use practices, and (3) having infrastructure in place that will allow for updates to notices and rights. Continue Reading

Potential Impact of U.S.-France Trade Tension on U.S. Imports of French Products and Luxury Goods

On December 2, 2019, the U.S. Trade Representative (USTR) announced that in response to a digital services tax law passed in France, it would be retaliating with stringent tariffs on luxury products coming from France. The potential tariffs could target up to $2.4 billion worth of French imports into the United States, with duties as high as 100%.[1] Continue Reading

U.S. Visas – A Pocket Guide for Employers and Entrepreneurs

Hiring the best talent can maximize the success of your company. Sometimes that means hiring a foreign national on a work visa. We prepared this booklet to help you navigate the complex U.S. employment-based visa options. This guide provides general information and we encourage you to contact us for more substantive guidance. At Sheppard Mullin, we stand ready to help you grow your company. Continue Reading

Employee Privacy by Design: Guidance for Employers Beginning to Comply with the California Consumer Privacy Act

On September 13, 2019, the California Senate and Assembly unanimously passed an amendment to the California Consumer Privacy Act (“CCPA”) that places onerous obligations on employers and entitles employees to statutory damages for data breaches.  The landmark measure—AB 25—awaits Governor Newsom’s signature (or veto).  Regardless of whether AB 25 is signed into law, CCPA applies to employee data and employers have until January 1, 2020 to comply.  This article explores how the California Consumer Privacy Act impacts existing employee privacy rights and how employers can begin to develop a holistic privacy compliance program.

Continue Reading

CFIUS Proposes Rules to Implement FIRRMA

Key Takeaways:

  • Technology Infrastructure and Data. CFIUS will focus its review on investments in critical Technology, critical Infrastructure, and sensitive personal Data (“TID Businesses”).
    • Critical technologies is defined to include certain items subject to export controls along with emerging and foundational technologies under the Export Control Reform Act of 2018.
    • CFIUS provides a very helpful list of critical infrastructure and functions to help assess whether any business is a TID Business. We reproduce most of this list at the end of this blog article. (Sneak preview: telecom, utilities, energy, and transportation dominate the list.)
    • The proposed regulations provide much-needed guidance on what constitutes sensitive personal data and also seek to limit the reach of the definition so it does not cast too wide a net over transactions in which CFIUS really should have no national security concern.
  • Exceptions for Certain Countries. Investors from certain countries may be excepted from CFIUS jurisdiction when making non-controlling investments.
  • New Set of Rules for Real Estate. In a companion piece, CFIUS proposed for the first time a detailed set of rules related to investments in real estate. We will cover this in a separate blog article to be published in the near future.
  • Expansion of Short-Form Declaration Use. The proposed rules provide parties the choice to use a short-form declaration for any transaction under CFIUS jurisdiction in lieu of a long-form notice.
  • Comments Due by October 17, 2019. Members of the public may submit comments on the proposed regulations any time between now and October 17, 2019. Final regulations must be adopted by CFIUS and become effective no later than February 13, 2020.

Continue Reading

French Regulator Says “Oui” to GDPR Fines for Under-Protected and Over-Retained Data

CNIL, the French data privacy regulator, issued a 400,000 euro ($448,358) fine against a company for GDPR violations stemming from sensitive information collected on its website. Investigating a complaint, the CNIL discovered that the online real estate company Sergic allowed customer information to be freely accessed online and kept that information longer than needed. By editing the text of a certain URL, a Sergic user could retrieve sensitive files that another home rental candidate had uploaded into the website. This security defect led the trove of nearly 300,000 tax and identity documents to be accessible to anyone who thought to change the text of that URL. The CNIL said that this website design flaw affected the confidentiality of data in violation of Article 32(1)(ii) of GDPR. Continue Reading

The Benefits of the International Commercial Courts of Paris in French-American Commercial Litigations

On February 7, 2018, the Commercial and Appellate Courts of Paris officialized the creation, for each of them, of a chamber dedicated to resolving international commercial litigations. These chambers are known as the International Commercial Courts of Paris (the “ICCP”).

Proceedings before the ICCP have been revised recently to better meet the specific needs of foreign parties involved in international commercial litigations taking place in Paris, in a move to strengthen foreign investments in France, especially in the context of Brexit with a commercial litigation market that represented in 2016 $17.2 billion in the United Kingdom. Continue Reading

Revised EIN Application Process Permits only Individuals to Serve as the “Responsible Party”

An entity operating in the U.S. needs a U.S. Federal employer identification numbers (“EIN”) in order to open a bank account in the United States, act as an employer, file a tax return and complete certain other corporate tasks.

As of May 13, 2019, entities, other than governmental entities, applying for an EIN must list an individual as the responsible party on the application and in some instances must provide that individual’s Social Security number (SSN) or individual taxpayer identification number (ITIN). Prior to this, common practice had been to list an entity that already had an EIN (such as a parent entity) as the responsible party. Continue Reading

LexBlog