By Jim Sullivan

Karl A. Racine, Attorney General of the District of Columbia, on Monday sued Meta CEO Mark Zuckerberg, accusing him of being personally responsible for decisions that enabled the Cambridge Analytica scandal, in which the personal data of over 87 million Facebook users was harvested without their consent.

The lawsuit argues that Zuckerberg was “personally aware” but “actively disregarded” the potential harms that could result from sharing consumers’ data with third-party apps.

The suit is the latest effort by Racine and other state Attorneys General to take a tougher line against tech companies over misleading privacy practices. It also makes clear that corporate leaders may face increasing personal liability for privacy violations. “This lawsuit is not only warranted, but necessary, and sends a message that corporate leaders, including CEOs, will be held accountable for their actions,” Racine said in a statement.

While it remains to be seen how this new lawsuit will play out, the claims against Zuckerberg serve as an important reminder that, especially when privacy and data protection pose business-critical risks, corporate executives must undertake good-faith efforts to ensure that reasonable data governance systems and controls and procedures are in place.

For more information on the suit, please visit this page.

This was originally posted on

This article first appeared on

By:  Kate Lucente   |  Lori Marsh  |  Lea Lurquin

In its most recent efforts to enforce the California Consumer Privacy Act (CCPA), the Office of California Attorney General Rob Bonta has announced an investigative sweep of businesses offering financial incentives to California residents (“Consumers”) in exchange for the collection, use, or sale of their personal information.

The AG’s Office, in a press release issued on January 28, 2022 (Data Privacy Day), stated that it had sent violation notices to major businesses in the retail, home improvement, travel and food services industries, which will have 30 days from receipt of a notice to cure any alleged CCPA violations, such as the failure to provide Consumers with adequate disclosures regarding financial incentives.

Under the CCPA, financial incentives may include commonly offered incentive programs, such as loyalty, rewards, benefit or membership programs related to the collection or sale of personal information. Continue Reading California Attorney General issues non-compliance notices regarding loyalty program requirements under the CCPA

DLA Piper Partner and former Delaware Attorney General Matt Denn interviews Iowa Attorney General Tom Miller, the new president of the National Association of Attorneys General. Matt and General Miller talk about General Miller’s priorities as the new head of the nation’s State AGs, and about General Miller’s perspective on current events as the longest serving Attorney General in US history.

This podcast can also be downloaded from iTunes and Spotify.

DLA Piper partner and former Delaware Attorney General Matt Denn interviews Pennsylvania Attorney General Josh Shapiro about challenges in his first term, his insight on running for office in a politically divided state and country, and how his work in public office will change under the new administration.

This podcast can also be downloaded from iTunes and Spotify.

By: Scott R. Wilson | Jeffrey L. HareJesse Medlong | Dante Alessandri

In a recent letter, the New York State Department of Financial Services (NYDFS) called on state-regulated financial institutions to integrate climate-related financial risks into their governance frameworks, risk management processes, and business strategies.

Investors increasingly view climate as an area of business risk, and this confirms regulators are beginning to view it as a supervisory risk as well. Incorporating climate change risk analysis can help financial institutions to better understand risks to their portfolios and clients, and to meet regulatory expectations. Now, with NYDFS announcing its “expectation” that institutions within its purview account for climate change in their risk assessments, New York has signaled a new approach in its efforts to combat climate change.

Learn more here.

DLA Piper partner and former Delaware Attorney General Matt Denn interviews Montana Attorney General Tim Fox about his work in public office and his role as the President of the National Association of Attorneys General, including his initiative for transformational leadership and civility.

Montana Attorney General Tim Fox

by Scott R. Wilson, Peter Karanjia, Jessica Masella and Michael Fluhr

A recent decision by the state appellate court in Manhattan in the New York AG’s long-running investigation into the virtual currency “tether” reaffirms the strength and breadth of the office’s investigative powers under New York’s Martin Act.

The Martin Act, New York’s so-called “blue sky” anti-fraud law, Article 23-A of the General Business Law (“GBL”), has long been one of the most powerful tools in the New York AG’s arsenal. It prohibits, inter alia, fraud in connection with the offer, sale or purchase of securities and commodities within or from New York. High-profile enforcement actions under the Martin Act earned a former New York AG the sobriquet “the Sheriff of Wall Street” in the early 2000s. In the post financial crisis era, the Martin Act was deployed in connection with the federal-state Residential Mortgage Backed Securities (RMBS) Working Group, co-chaired by the New York AG. However, in 2018, during her campaign for office, Attorney General Letitia James told the New York Times, “It’s really critically important that I not be known as the ‘Sheriff on Wall Street,’” in recognition of the variety of important issues deserving of the office’s attention. She observed at the time, “The attorney general cannot be a one-trick pony. I will be laser-focused on taking on Wall Street abuses—I don’t need a moniker for that.”

The July 9, 2020 decision by the First Department, Appellate Division, in In re Letitia James v. iFinex Inc. reflects the New York AG’s focus not only on policing traditional Wall Street players like banks, but also on finding novel and aggressive ways to wield Martin Act authority in the FinTech sector.

The New York AG is conducting an investigation concerning representations about the cash reserves backing tether, currently the most traded “stablecoin” currency, and the relationship between the companies that issue tether and their corporate affiliate Bitfinex, a virtual currency trading platform. Stablecoins are cryptocurrencies designed to experience less price volatility than other cryptocurrencies, such as bitcoin, by being pegged to the value of some “stable” asset, such as the US dollar or a precious metal. According to the New York AG, Bitfinex transferred over $850 million in co-mingled client and corporate funds to a Panamanian entity that may have lost or absconded with the funds. To handle customer withdrawals, Bitfinex allegedly swapped these missing deposits for the cash reserves backing tether. In April 2019, the New York AG obtained an order pursuant to Section 354 of the GBL requiring the entities that operate the Bitfinex platform and issue tether to produce documents and testimony under oath in connection with the office’s investigation. On appeal, the respondents challenged the New York AG’s authority to conduct its investigation for lack of personal and subject matter jurisdiction.

In rejecting the appeal, the First Department’s decision underscored the New York AG’s broad authority to investigate securities and commodities fraud under the Martin Act, and held that virtual currencies like tether are commodities within the scope of the statute.

First, noting that the Martin Act prohibits fraud in connection with the offer or sale of commodities “within or from” New York (Section 352 of the GBL), the Court found that the New York AG had multiple bases for exercising its investigative jurisdiction, even though the respondents are incorporated abroad. These included that, within the six-year lookback period under the applicable statute of limitations: New York-based customers were permitted to trade tether on the Bitfinex platform; one of respondents’ executives had resided in and conducted business from New York; and the entities had used bank accounts in New York. (Order at 10-12.) The Court also observed that it was not improper for the New York AG to use a Section 354 order to develop evidence that a company under investigation is in fact doing business in New York. (Id. at 13.) Finally, the Court noted the New York AG can establish personal jurisdiction necessary to exercise its investigative authority by “a far lighter showing” than is required to bring a lawsuit. (Id. at 13.)

Second, summarily rejecting the argument that tether does not fall within the scope of the Martin Act, the Court found that the virtual currency is “easily encompassed” by the statute’s definition of “commodity” and therefore is within the New York AG’s subject matter jurisdiction. (Id. at 8 n.2.) The Court pointed to prior determinations by federal courts and the US Commodities Futures Trading Commission (“CFTC”) that virtual currencies are commodities under the federal Commodities Exchange Act, “which defines the term more narrowly than does the Martin Act.” (Id. at 8.)

The takeaway: the decision is a timely reminder to companies and individuals in the FinTech sector that the New York AG has broad power to investigate suspected fraud in the realm of virtual currencies. Dealing with the New York AG’s Investor Protection Bureau may be a disorienting experience for white collar practitioners used to responding to inquiries by federal regulators. The text of the Martin Act places few clear limits on the New York AG’s investigative authority, and the office is not constrained by the large body of guidance memorialized in the US Department of Justice’s manual for prosecutors and other published federal enforcement guidelines that help practitioners attempt to deal with regulators on a level playing field. Ultimately, the New York AG’s investigation may have implications for the popularity of tether, which remains the most traded stablecoin but which faces growing competition from other cryptocurrencies, such as USD Coin and Gemini Dollar.

By Matthew P. Denn, Scott R. Wilson, Joy G. Kim and Elizabeth Callahan

Across the country, State Attorneys General are encouraging consumers to inform them of price-gouging incidents related to the coronavirus disease 2019 (COVID-19) pandemic and are issuing hundreds of cease-and-desist letters to sellers whom they believe are violating price gouging laws, regulations, and orders. On April 15, 2020, for example, New Jersey Attorney General Gurbir S. Grewal announced that his office had issued 514 cease-and-desist letters and 89 subpoenas to businesses that had been reported by consumers as having engaged in price gouging or other consumer protection violations related to COVID-19.

Learn more here.

Please visit our Coronavirus Resource Center and subscribe to our mailing list to receive alerts, webinar invitations and other publications to help you navigate this challenging time.

The CARES Act, passed in response to the coronavirus disease 2019 (COVID-19) pandemic, is the largest stimulus package in American history and will have an enduring impact for years to come.  Its massive scale raises questions about how the government, in carrying out the stimulus, may attempt to prevent fraud, waste and abuse.

For companies and industries likely to see relief from the stimulus package, several lessons learned from the 2009 American Recovery and Relief Act may be important guides to navigating what  will assuredly be a complex regulatory environment going forward.

Read Jeff Tsai’s article from Law360 here.