Posts

Showing posts with the label Goodwin

New Requirements for DoD Consulting Contractors

Bottom Line Up Front On October 24, 2025, the Department of Defense (DoD)  DFARS Case 2024-D007  (“the final rule”) goes into effect, which amends the Defense Federal Acquisition Regulation Supplement (DFARS) to address national security concerns that may arise when a company provides consulting services to both the DoD and a foreign adversary . Going forward, a company that is providing or seeking to provide management, scientific, and technical consulting services to the DoD must now certify that neither it, nor its affiliates or subsidiaries, are providing consulting services to covered foreign entities. If they cannot make this certification, the company will need to have an approved conflict-of-interest mitigation plan in order to be awarded a DoD contract. The final rule and the DFARS amendment are intended to ensure that contractors advising the DoD are not simultaneously involved in activities that could negatively impact U.S. national security interests. Covered For...

Multistate Privacy Enforcement Sweep Puts Global Privacy Control in the Spotlight

Recent enforcement actions and announcements from the California Privacy Protection Agency (CPPA) and state Attorneys-General (AGs) in California, Colorado and Connecticut, and a California bill that passed the state legislature, signal a new phase of heightened enforcement, focused on honoring consumers’ opt out requests, including through cookie banners and the Global Privacy Control (GPC). Two critical developments stand out from our review of these actions and announcements: a crackdown on non-functional opt-out tools, highlighted by a multi-million dollar settlement and a multi-state investigative sweep; and a renewed emphasis on mandatory risk assessments for data “selling” and “sharing,” including for online advertising practices that are commonplace. Key Takeaways Recent enforcement actions, including a  record-setting settlement with Healthline Media , demonstrate that the California AG and the CPPA are closely scrutinizing whether companies’ technical implementations of c...

CFPB Advises Employers to Comply With the FCRA When Using AI-Powered Employee Monitoring Reports

  According to a recent policy statement issued by the Consumer Financial Protection Bureau (the CFPB), employers that purchase or use certain reports generated about current or prospective employees—including those using AI-powered technologies to assess employees’ productivity—are required to comply with various requirements of the Fair Credit Reporting Act (the FCRA), including obtaining consent from employees prior to purchasing such reports and providing notices to employees before taking adverse employment actions based on such reports. What does the CFPB’s policy statement say? On October 24, 2024, the CFPB issued its latest circular ( Circular 2024-06 ). Many employers are familiar with the FCRA’s requirements in the context of employee background checks and credit reports. Circular 2024-06 states that the FCRA also applies to the use of other types of third-party employee reports. S pecifically, Circular 2024-06 describes various types of reports generated and sold by thir...