Google will spend the next three years with a separate compliance auditor overseeing its performance in responding to warrants and other government data requests. This and other provisions are part of a settlement agreement with Google, announced by the Department of Justice (“DOJ”) on October 25, 2022, to resolve a four-year dispute over the loss of data that focus on the DOJ search warrant.
The dispute goes back to the warrant the DOJ obtained in 2016 in the US District Court for the Northern District of California for data related to its criminal investigation of the cryptocurrency exchange BTC- e. Google began processing the warrant, but after the Second Circuit ruled that the Securities Exchange Act (“SCA”) did not reach data outside the United States, Google suspended its processing to challenge the validity of the authorization to foreign data based on this decision. As the parties argued, Congress passed subsequent legislation clarifying that the SCA applies to foreign data and litigating the dispute over the scope of the search warrant.
During the intervening period, data targeting the government’s search warrant was inadvertently lost despite Google’s protective efforts. The agreed statement of facts, issued at the same time as the Consent Agreement, describes the extent of the data loss and explains whether Google had the opportunity to retain the data that targeted the verify, these operations have not reached any files.
The settlement agreement in October ended the dispute over the deleted data. In its filing, the DOJ said the requirement in the agreement that the tech giant retain for three years the “primary Special Compliance Professional” is similar in most respects to regulatory oversight that required by the DOJ. as a key component of corporate criminal settlements in securities and corruption cases. Investigators are also active in civil suits for corporate malpractice such as health care fraud, where the Department of Health and Human Services’ Office of the Inspector General similar arrangements under a different name: Civil Rights Initiatives (“CIA”). Google’s dedicated compliance specialist looks like it. Unlike ordinary browsers, Google focuses on maintaining the company’s data by verifying the accuracy of the reports that show its legal compliance program and improvements, which Google must show in its Compliance Management Committee, the Audit and Compliance Committee of the Board of Directors of Alphabet (Google’s parent company), and the government.
This settlement is the latest in a series of aggressive efforts by government agencies to seek penalties for poor data protection practices. In September the Securities and Exchange Commission and the Commodity Futures Trading Commission announced more than $1.8 billion in settlements with financial institutions for violating recordkeeping requirements (as we explained here). SEC Chairman Gary Gensler said the agency continues to scrutinize off-channel business communications among SEC-regulated entities.
A company’s data protection obligations may arise as a result of a special government investigation, specific legal requirement or lawsuit. The decisions and controversies described above show that the government is interested in data retention issues in many contexts, and will be able to use its resources to track and publish the right. conduct against companies it believes have failed in their obligations. Under the government’s eyes, data retention is a big deal. When the government increases the banks in this area, the companies should carefully examine their data obligations obtained from different sources. As data protection requirements and consequences for errors in this area continue to grow, companies will do well to invest in their compliance efforts and ensure adequate protection under the obligations. many – whether it’s a special government investigation, a formal legal requirement, or a lawsuit. or all of the above.