Can I Sue for for the Michigan Coach Data Breach?

What are My Legal Rights if I Received the FBI Letter or DOJ Letter?
Several student athletes from around the United States received a letter from the FBI about former University of Michigan football coach Matt Weiss.  Other victims received an email from the U.S. Department to Justice Victims Notification System to advise them about the computer hack that allowed the coach to access personal photos and videos for the athletes. Coach Weiss was recently arrested and charged with computer crimes. He is out on bond and further criminal proceedings are scheduled for him criminal case.
The big question is “what are my legal rights if I received the FBI letter regarding the Michigan coach data breach?” If you received the letter from the FBI advising you that your personal photos and information were unlawfully accessed, you may have a claim for compensation.
What are my Legal Options to Pursue Compensation?
There are two legal cases arising out of the Matt Weiss data breach and computer hacking incident. First, there is the criminal proceeding for his unlawful conduct.
Criminal matters are being handled by the U.S. Attorney General Office and these charges seek criminal penalties, like incarceration, probation, and fines against the coach himself. He is entitled to a presumption of innocence, and his fate will be decided by a judge or jury.
Victims who received the FBI letter can also pursue a civil lawsuit against Matt Weiss and the University of Michigan. There may be additional defendants who were responsible for preventing computer hacks and unlawful data access from the university computers.
How Does a Hacking Victim File a Claim for Compensation?
If you received the FBI letter or the U.S. Department of Justice email  saying that your social media accounts were hacked by Matt Weiss, you can file a civil claim for compensation. A Michigan data breach lawsuit lawyer can help if you were a computer crime victim by Matt Weiss, Michigan’s co-offensive coordinator.
The FBI has so far determined that Matt Weiss used University of Michigan computers to unlawfully access over 3,300 student athletes. Victims of the breach can pursue civil lawsuits for damages and institutions can also be held liable if they fail to protect sensitive data, underscoring the importance of robust legal protections. Invasion of privacy is a basis for civil lawsuits.
What is Invasion of Privacy?
Invasion of privacy involves infringement upon an individual’s right to privacy by several intrusive or unwanted actions. These invasions of privacy can include:’

Physical encroachments on a person’s private property
Taking unauthorized photos and videos of a person
Accessing a person’s private e-mail or text messages
Unauthorized access to a person’s private social media accounts

Access to this information, even if not disclosed to others, has a profound effect on the victims’ mental and emotional state. Private, personal, and intimate photos and information accessed by an unauthorized person causes embarrassment, humiliation, and other emotional harm.
Suing the University of Michigan for Invasion of Privacy
You may be able to sue the University of Michigan for invasion of privacy if your personal accounts were hacked and accessed by Matt Weiss. Much work and investigation must be done to determine if this cybercrime attack was preventable by the school with proper oversight and procedures to protect against its computers being used for criminal purposes.
Victims of digital abuse have several avenues to seek justice and compensation. They can pursue civil claims for damages related to privacy violations, emotional suffering, and even potential medical expenses linked to the breaches. These lawsuits can provide financial relief and hold perpetrators accountable for their actions.
Moreover, institutions that failed to protect sensitive information can also be held liable. Victims can seek financial compensation through civil lawsuits against universities and vendors if it can be demonstrated that these entities neglected their duty to safeguard private data. This dual approach not only addresses immediate harm but also promotes systemic change to prevent future breaches.
How Do I File a U of M Data Breach Lawsuit?
There will likely be a class action lawsuit filed against The University of Michigan and separate lawsuits filed by individuals. With over 3,000 victims, there will be many legal procedural obstacles to navigate to file and qualify for a settlement.
If you received a letter from the FBI or any other entity advising you that Matt Weiss unlawfully accessed your personal data, photos, or video, you should contact our award-winning law firm today. We will protect your legal rights and pursue claims on your behalf.
Is there a Coach Weiss Class Action Lawsuit?
A class action lawsuit has not been filed as of March 25, 2025, for invasion of privacy claims against the University of Michigan for the Coach Matt Weiss computer hacking incidents. A class action case may be filed shortly, and you may be able to join if you were a victim.

Kryptofonds in Deutschland – Was Verwahrstellen und Kapitalverwaltungsgesellschaften (voraussichtlich) beachten müssen

Das Inkrafttreten des Zukunftsfinanzierungsgesetzes markierte bereits 2023 die Geburtsstunde der „Kryptofonds“ in Deutschland, indem die unmittelbare Anlage in Kryptowerte auch für Publikumsfonds (i.S.d. §§ 221 bzw. 261 KAGB) ermöglicht wurde. Mit dem Ende 2024 in Kraft getretenen Finanzmarktdigitalisierungsgesetz hat man diese Idee vor dem Hintergrund der MiCAR mit einem Verweis auf dessen Kryptowerte-Begriff nun vollendet.
Da ein Investment in Kryptowerte mit neuen, spezifischen Risiken einhergeht, hat die BaFin den ersten Entwurf eines Rundschreibens zu den Pflichten von Verwahrstelle und Kapitalverwaltungsgesellschaft bei in Kryptowerte investierenden Investmentvermögen zur Konsultation (06/25) gestellt. Es soll einen grundlegenden Rahmen an regulatorischen Mindestanforderungen für Direktinvestitionen in Kryptowerte durch Fonds setzen und ist damit höchst praxisrelevant. Als Rundschreiben hat es nicht die Qualität einer echten Rechtsnorm bildet aber die von der BaFin angewandte Verwaltungspraxis ab.
Pflichten der Verwahrstelle
Grundsätzlich gelten die Pflichten der Verwahrstelle, die sich bereits aus dem Gesetz und dem Verwahrstellenrundschreiben ergeben, weiterhin und sollen durch das Rundschreiben ggf. vorrangig ergänzt werden.
Zusätzlich verlangt die BaFin laut dem Rundschreiben außerdem:
• Pflichten bereits vor der Übernahme eines Mandats. Insofern seien – angesichts der hohen Volatilität von Kryptowerten – bereits im Vorfeld Prozesse zu schaffen, die der Verwahrstelle ermöglichen, informiert das Marktrisiko zu erfassen und kontinuierlich zu bewerten.• Ausreichende sachliche und personelle Ressourcen. Dies betreffe grundsätzlich alle Ebenen und in besonderem Maße die fachliche Eignung der Geschäftsleiter. Hier erkennt die BaFin an, dass insbesondere praktische Vorerfahrungen in Bezug auf eine solch junge Asset-Klasse regelmäßig nur eingeschränkt vorhanden seien. Sie ermöglicht daher einen auf theoretischem Wissen fundierten Aufbau über einen Zeitraum von 6 Monaten.• Geeignete organisatorische Vorkehrungen und zwingend technische Vorkehrungen. Dies schließe IT-Systeme und -Prozesse ein und gelte in besonderem Maße, wenn die Verwahrstelle private Schlüssel zu den Kryptowerten verwahrt. Dann bedürfe es eines darauf ausgerichteten speziellen „Kryptokonzepts“.
Außerdem sei, wie auch bei anderen Assets, zu unterscheiden, je nachdem ob die Kryptowerte verwahrfähig i.S.d. §§ 72 bzw. 81 KAGB sind. Maßgeblich wird es hier auf die Einzelfallprüfung ankommen. Insofern fällt auf, dass die BaFin in ihrem Rundschreiben einen weiten „Kryptowert“-Begriff anwendet und etwa MiFID-Finanzinstrumente i.S.d. Artikel 2 Abs. 4 MiCAR nicht bereits von vornherein aussteuert. Die MiCAR unterscheidet hier konsequent zwischen „Kryptowerten“ und (ggf. auch auf DLT-Basis emittierten MiFID-)„Finanzinstrumenten“, für die die MiCAR entsprechend nicht gilt. Die überwiegend aus 2022 stammenden und inzwischen längst überholten Ausführungen der BaFin zu ihrem Verständnis von „Kryptotoken“, auf die die BaFin im Rundschreiben verweist, sind entsprechend wenig hilfreich.
Gleiches gilt mit Blick auf die Ausführungen zur Verwahrung von (BaFin-)Kryptowerten, weil eine begrifflich klare Unterscheidung verdeutlichen würde, dass DLT-basierte MiFID-Finanzinstrumente gleichsam MiFID-Finanzinstrumente und eben keine MiCAR-Kryptowerte sind. Wo das KAGB und die AIFMD auf den Begriff der MiFID-Finanzinstrumente zur Annahme der Verwahrfähigkeit abstellen, hätte es hier keiner Erörterungen bedurft.
Schließlich weist die BaFin darauf hin, dass ggf. zusätzliche Erlaubnisse erforderlich sein können, insbesondere für eine etwaige Erbringung des Kryptoverwahrgeschäfts in Bezug auf MiCAR-Kryptowerte.
Lautet das Ergebnis der Einzelfallprüfung, dass es sich um nicht verwahrfähige (MiCAR-)Kryptowerte handele, träfen die Verwahrstelle entsprechend die Pflichten für nicht-verwahrfähige Assets aus § 81 Abs. 1 Nr. 2 KAGB (bzw. § 72 Abs. 1 Nr. 2 KAGB). Diese umfassen eine Feststellungspflicht bzgl. des Eigentums bzw. einer entsprechenden Rechtsposition, die Prüfung und Sicherstellung der Zuordnung und Zugriffsmöglichkeiten des Kryptowerts (einschließlich etwaiger Rechte Dritter), die Erfassung in einem kontinuierlich gepflegten Bestandsverzeichnis. Zudem sei ggf. vertraglich sicherzustellen, dass die Verwahrstelle Zugang zu den Systemen des Kryptoverwahrers erhält.
Daneben würden die allgemeinen Kontrollpflichten der Verwahrstelle (vgl. §§ 76 und 83 KAGB) gelten. So müsse sie insbesondere prüfen, ob ein Erwerb von Kryptowerten mit den Anlagebedingungen vereinbar und ob die Erwerbsgeschäfte marktgerecht sind.
Pflichten der Kapitalverwaltungsgesellschaft
Die Kapitalverwaltungsgesellschaft („KVG“) muss den gleichen Risiken Rechnung tragen wie die Verwahrstelle, sodass in Bezug auf einen Direkterwerb von Kryptowerten auch ähnliche Konsequenzen folgen.
Zunächst sei ggf. eine Erweiterung der Erlaubnis zu beantragen, die den direkten Erwerb von Kryptowerten umfasst, weil bisherige Erlaubnisse auf andere Vermögensgegenstände lauten dürften. Insofern stellt die BaFin hier klar, dass der Katalog nach ihrem Verständnis statisch sei und Änderungen nicht von einer bisherigen Erlaubnis gedeckt seien. Insofern sei auch zu beachten, dass eine Verwahrung durch die KVG selbst nicht möglich wäre.
Auch in der KVG seien entsprechend hinreichende Ressourcen und Kenntnisse und Erfahrungen des Personals, ggf. unter Einstellung fachkundiger, externer Experten, sicherzustellen. Auch müssten die Geschäftsleiter ausreichende fachliche Eignung haben, wobei die gleiche Frist von sechs Monaten gelte wie für Geschäftsleiter der Verwahrstelle.
Zudem seien die Prozesse der KVG entsprechend anzupassen und zwingend vor der erstmaligen Investition in Kryptowerte ein Neue-Produkte-Prozess durchzuführen. Dieser müsste vor allem die einhergehenden ggf. erhöhten Risiken und deren Management abbilden sowie Vorgaben zur Best Execution und der Marktgerechtigkeitskontrolle und Wertermittlung machen.
Rundschreiben als Leitplanke
Sowohl Verwahrstellen als auch Kapitalverwaltungsgesellschaften, vor allem wenn sie bereits etablierte Prozesse für andere Finanzinstrumente haben, sollten anhand der Vorgaben des Rundschreibens als Leitplanke und unter Berücksichtigung der spezifischen Risiken von Kryptowerten funktionierende und aufsichtsfeste Strukturen für Direktinvestments schaffen können.
Wer Kryptofonds in Deutschland anbieten will, sollte zunächst prüfen, ob die dahingehende Erlaubnis ausreicht. Besonderes Augenmerk ist dann auf die (technischen) Ressourcen und das Know-How der Mitarbeiter zu legen – und darauf, in welcher Form der Entwurf nach Abschluss der Konsultation veröffentlicht wird.

“Glass Ceilings Have Been Shattered”: Analysing the Impact of Kirsty Coventry’s Election as the Next IOC President

“Seismic”, “groundbreaking”, “landmark”. These are all words that have been used to describe Kirsty Coventry’s appointment as the next IOC President, after she swept to victory in the leadership election on 20 March 2025, winning more votes than the other six male candidates combined. The 41-year-old Zimbabwean will become the second youngest[1], first female and first African to hold the role in the IOC’s 130-year history.
“I hope that this vote will be an inspiration to many people… Glass ceilings have been shattered today, and I am fully aware of my responsibilities as a role model.”
(Kirsty Coventry, 20 March 2025)

The reaction of the global sports community to Ms Coventry’s election has largely been positive, with her rivals magnanimous in defeat. However, as outlined below, there are some commentators who point to the alleged airbrushing of political controversies, and others who say that her appointment will ensure a “continuation of the same” given that Ms Coventry is already on the IOC Executive Board[2] and was acknowledged as the favoured candidate of outgoing President Thomas Bach.
In this article I will examine:

Why Ms Coventry’s electoral success has divided opinion in some quarters;
The bases on which she campaigned, and how her manifesto differed to those of her rivals;
The potential impact of her appointment on a practical level; and
What Ms Coventry’s immediate challenges may be when she formally takes up the IOC Presidency in June.

Immediate reaction to Ms Coventry’s “landslide” victory
Only one round of voting was required for Ms Coventry, a five-time Olympic swimmer herself, to win the election outright. She secured more than 50% (49 votes of the total 97 votes), with Juan Antonio Samaranch Jr (28 votes) and Lord Sebastian Coe (8 votes) second and third respectively. Whilst Ms Coventry was one of the favourites, the emphatic nature of the result did come as a surprise to many.
Few, if anyone, can deny that the appointment of a woman from Africa to the most senior executive position in international sport sends a positive message.  In the immediate aftermath of the election, Ms Coventry herself remarked that “it’s a really powerful signal; a signal that we’re truly global, and that we have evolved into an organisation that is truly open to diversity.”
Amongst those who have publicly praised Ms Coventry’s appointment have been:

President of the New Zealand Olympic Committee, Liz Dawson, who commented that “her fresh perspective and innovative approach will enhance the Olympic Movement and strengthen its global influence“.
President of the Brisbane 2032 Organising Committee, Andrew Liveris, who said that the vote was a “resounding proclamation of [Ms Coventry’s] leadership” and that she had “been incredibly positive, supportive and instrumental in promoting Brisbane 2032’s progress across the IOC movement and beyond”.
The African Paralympic Committee, who stated: “her election to the highest office in the global sports community is a source of pride for Africa. As the continent’s first daughter and a former athlete, [she] symbolise[s] the resilience of African women, breaking barriers and inspiring generations across the continent and beyond”.

However, not everyone has been so effusive. Questions have been raised about to her connections to the Zimbabwean Government, a regime that remains under both UK and US sanctions. First, she reportedly accepted a $100,000 cash reward from former President Robert Mugabe for winning four medals (including Gold in the 200m backstroke) at the 2008 Beijing Olympics. And then, in September 2018, she accepted a governmental position as Zimbabwe’s Minister of Youth, Sport, Arts and Recreation under current President Emmerson Mnangagwa[3].  The risk of being tarnished by association is a real one, but Ms Coventry has defended her connection with President Mnangagwa’s government, publicly stating:
“I don’t believe you can really create change if you don’t have a seat at the table… Having to navigate very sensitive issues has definitely given me extra ‘armour’ if I can put it that way for what [the IOC] will face in in the future, and we’re going to have to navigate difficult leaders that have different opinions on things.” 

Away from Zimbabwean politics, some have questioned Ms Coventry’s impact within IOC circles to date, particularly as a member of the IOC’s Athletes’ Commission (which she chaired from 2018-2021). Indeed, notwithstanding that Ms Coventry has pledged to protect the female category (see below), former British swimmer Sharron Davies MBE took aim at her apparent passivity on this issue, stating “sadly for me Kirsty Coventry has… not spoken up before to protect female athletes coming behind her”.
Ms Coventry’s manifesto vs her rivals
Ms Coventry’s election manifesto, titled “Unleashing the Transformative Power of Sport” (with an accompanying strapline, “A Stronger, Sustainable, Relevant Olympic Movement”) emphasised challenging the status quo, embracing modernity, promoting sustainability and, in particular, protecting female sport.  Below are key elements she campaigned on:

Empowering and protecting female athletes: Implementing stronger safeguards against gender-based violence and increased support for athlete mothers, including facilities like dedicated nursing rooms during the Games. On the complex issue of transgender participation, she advocated for policies that ensure fairness in women’s competitions based on current scientific research.
Technological integration: Emphasis on the integration of new technologies, such as online streaming and artificial intelligence, to keep the Olympics relevant and accessible to a broader audience.
Financial prioritisation: Reallocation of prize money to programmes that benefit a larger segment of the athlete community, focusing on access to training, health, and mental health support.
Inclusive participation: Highlighting the importance of IOC neutrality, she opposes the exclusion of athletes from the Olympics due to their nationality.
Embracing new regions: Expanding Olympic hosting regions, particularly in Africa and the Middle East. This would increase global engagement, create new revenue opportunities and make the Olympics more inclusive.

Unsurprisingly, there was a degree of overlap between most of the candidates’ campaigns on certain issues, with almost all highlighting environmental sustainability and recognising the challenges to hosting the Games in a changing climate. Nevertheless, each manifesto had its own particular focus or USP, as summarised below:

Juan Antonio Samaranch Jr (IOC Member and son of a former IOC President, 28 votes): Focused on strengthening the role of IOC members, ensuring sustainability, and maintaining political neutrality. He proposed extending the retirement age of IOC members, conducting operational reviews to optimise resources, and creating a $1 billion investment fund for the IOC’s sustainability.
Lord Sebastian Coe (President of World Athletics, 8 votes): Proposed decentralising power within the IOC, leveraging the talents of its members, and enhancing the organisation’s efficiency. He also focused on sport as a powerful social tool and highlighted his extensive experience in athletics and sports administration.
David Lappartient (Head of International Cycling Union and French NOC, 4 votes): Advocated for greater involvement of IOC members in decision-making processes and proposed achieving gender parity among the IOC membership by 2036. He also emphasised the need for the IOC to lead on sustainability and climate initiatives, arguing that it should tie financial support to international federations, at least in part, to their commitment to climate issues.
Morinari Watanabe (President of International Gymnastic Federation, 4 votes): Offered unique ideas, such as hosting the Summer Games across five cities on five continents simultaneously to reduce the burden on host cities and provide continuous global coverage. He also proposed a bicameral governance system within the IOC to enhance decision-making processes.
Prince Feisal al Hussein (President of Jordan Olympic Committee, 2 votes): His manifesto centred on modernising the Olympic movement through technology and innovation. He proposed integrating esports into the Olympic framework, utilising artificial intelligence to improve sports experiences, and engaging youth throughout the Olympic cycle.
Johan Eliasch (President of International Ski Federation, 2 votes): The only candidate to broach the idea of a rotational Winter Games to address environmental concerns and ensure the event’s future viability. He offered the most “restrictive” proposal regarding the ring-fencing of women’s sport, proposing that only athletes born female should be permitted to compete in that category.

The likely impact of Ms Coventry’s election on a practical level
For all the talk of, to use Ms Coventry’s own phrase, “challenging the status quo”, a common thread in the media is that her success was built on positioning herself as a “continuity candidate”, rather than a “reformer”. She has fulfilled a number of IOC roles[4] (including being on the IOC Executive Board) since first becoming a member in 2013, and is therefore regarded as an “IOC insider”. Reuters journalist Karolos Grohmann suggested that Ms Coventry’s election ensures “smooth continuity for the IOC after Bach” as she has “towed the company line and is not expected to rock the IOC boat”.
That said, Ms Coventry should certainly enable the IOC to present itself as a progressive, diverse and “relevant” organisation. We know sport can have a unifying power, some of which can be intangible and difficult to measure, at least in the short term.
It obviously remains to be seen which elements of her manifesto she will prioritise (curating proposals can be much easier than implementation), but one area we might expect to see robust action concerns the protection of women’s sport.  As it stands, the IOC permits each international federation to set its own gender eligibility rules, which has led to a range of approaches as they try to navigate inclusion on one hand, and concerns regarding fairness and safety on the other. 
Ms Coventry has pledged to implement a ban on transgender athletes competing in the women’s category at the Olympics, stating in February 2025:
“I want to ensure that front and foremost, we protect (the) female category. I don’t believe that transgender female athletes should be competing at the Olympic Games [in female categories]”… I do believe everyone has the right to play sport, 100%, but when it comes to the Olympic Games … being a former female athlete and having two young girls, I want to ensure that category is protected.”

Although Ms Coventry has previously not been as outspoken on gender issues as the likes of Lord Coe[5], her position on transgender Olympic participation is an emphatic one, drawing on her own experiences as a former female athlete.  In the short-term, we know that she intends to set up a taskforce to address how best to protect women’s sport. Looking further ahead, it would not be surprising if the IOC decided to take some of the decision-making authority away from the international federations and implement tighter, more uniform, rules.
In terms of the impact on the continent of Africa, Michael Payne, the former IOC Director of Marketing, commented: “there is no doubt that the influence of Africa in world sport will grow because of [Ms Coventry’s] appointment.”  Historically, African nations have faced challenges in influencing Olympic policies, but Ms Coventry’s leadership could bring more attention to the continent’s needs and priorities, including the development of grassroots and youth programmes. One of her key manifesto points was expanding the Olympic hosting regions and her leadership could accelerate efforts to bring major sporting events (and ultimately, maybe even an Olympic Games) to her home continent, improving infrastructure and investment in African sports.
The immediate challenges
When Ms Coventry takes up her new role in June, the 2026 Milan-Cortina Winter Olympics will be just eight months away. The climate crisis has raised a number of existential questions for winter sports, as well as the need for greater flexibility around scheduling major events within the existing sporting calendar. Amongst other pressing items in her in-tray will be the selection of the host nation for the 2036 Summer Olympics (India, Qatar, Turkey, South Africa and others have all expressed interest) – specifically, how that process will work.
Perhaps her biggest immediate challenge of all will be one of diplomacy, given the complex and unpredictable geopolitical landscape she will be inheriting. It is virtually impossible to divorce sport and politics, regardless of Olympic ideals around neutrality, and the status of Russia and Belarus continues to loom large. Ms Coventry’s manifesto expressly referenced her opposition to banning any countries from the Games but, as it stands, only a handful of Russians will be competing as neutral athletes in the 2026 Winter Olympics. Sean Ingle, writing in The Guardian, contemplated whether Russia’s reintegration into Olympic sport could be part of a potential peace deal with Ukraine.
And finally, of course, Ms Coventry will need to engage, and build a relationship with, President Donald Trump ahead of the 2028 Los Angeles Games. The US President has reportedly threatened permanent visa bans on trans athletes based on sex markers. When asked about the prospect of engaging with Trump, Ms Coventry said “I have been dealing with, let’s say, difficult men in high positions since I was 20 years old… we will not waiver from our values”. 
Ms Coventry’s meteoric rise from swimmer to IOC President has been remarkable and is widely welcomed, but even bigger challenges lie ahead. 

[1] Pierre de Coubertin was 33 years old when he was appointed the second President of the IOC in 1896.
[2] Ms Coventry has been on the IOC Executive Board from 2018-2021 and 2023-present.
[3] Ms Coventry was re-appointed to the role in September 2023, following President Mnangagwa’s re-election.  Ahead of the 2023 election, Human Rights Watch found that “rights critical for Zimbabwe’s election, such as to freedom of expression, association, and assembly, [were] imperilled… the environment for a credible, free, and fair election has been grossly diminished.”
[4] The full roster of Ms Coventry’s IOC roles since 2013 are set out on page 2 of her manifesto, which include: IOC Executive Board Member (2018-2021, 2023-present), Chair of the Coordination Commission for the 2032 Brisbane Olympic Games (2021-present), Chair of the Games Optimisation Working Gorup (2022-present), and Chair of the Athlete Commission (2018-2021).
[5] Oliver Brown, ‘Lord Coe’s defeat by “Mugabe’s golden girl” proves IOC has no desire to change’ (The Telegraph, 21 March 2025): “[Lord Coe] has consistently argued that biology trumps gender, while accusing the IOC of caving in to “second-rate sociologists” in its pursuit of inclusion of all costs.”

OFAC Final Rule Extends Recordkeeping Requirements to 10 Years

Highlights

U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) published a new final rule to extend recordkeeping requirements to 10 years, effective March 21, 2025
The new recordkeeping requirement is consistent with last year’s statute of limitations extension for most OFAC violations from five years to 10 years
OFAC affirmed that a conflict such as EU regulations mandating a shorter recordkeeping period would not excuse compliance

On April 24, 2024, former President Joe Biden signed into law the 21st Century Peace through Strength Act. Section 3111 of the Act extends the statute of limitations for civil and criminal violations of the International Emergency Economic Powers Act (IEEPA) and the Trading with the Enemy Act (TWEA) from five years to 10 years. These two statutes govern most sanctions programs enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC).
Pursuant to this executive order, OFAC issued a final rule on March 21, 2025, extending recordkeeping requirements for covered parties from five to 10 years. This final rule, which was effectively immediately, followed an interim final rule published by OFAC in September 2024 soliciting public comment.
The newly extended recordkeeping requirements apply to all companies and persons engaging in transactions and holding blocked property subject to OFAC oversight. Such persons are required to keep a full and accurate record of transactions and blocked property and to ensure that these records are available for examination for at least 10 years.
OFAC also made clear that a conflict in law would not excuse compliance with these requirements. The final rule specifically addresses a scenario in which the 10-year recordkeeping period may conflict with the European Union’s regulations on anti-money laundering and counterterrorism financing that mandate deletion of records after five years. In such a scenario, OFAC points to its prior guidance that said although it would consider a conflict of law on a case-by-case basis when determining the appropriate administrative action or penalty, full compliance with OFAC requirements is still expected.
Takeaways
This rule is the most recent example of the U.S. government’s increasing use of sanctions in recent years in support of its foreign policy and national security objectives. Companies may experience higher costs related to compliance with this rule, especially as standard business record retention periods are usually shorter. Additionally, companies should consider updating training, compliance programs, and due diligence checklists to reflect the extended recordkeeping period.

Are the Days of OSHA’s Rulemaking and Reliance on Consensus Standards Numbered?

Since Representative Andy Biggs (R-AZ) first introduced the “Nullify the Occupational Safety and Health Administration Act” or “NOSHA Act” (H.R. 86), there has been immense speculation about the future of the Occupational Safety and Health Administration (OSHA). The inauguration of President Donald Trump served to increase scrutiny of the agency, and actions by the Department of Government Efficiency (DOGE) have caused speculation to run rampant.
The focus on the NOSHA Act, what the administration might do, and how DOGE might impact OSHA may be distractions from a bigger threat facing OSHA and the way it regulates workplace health and safety.
Quick Hits

The introduction of the “Nullify the Occupational Safety and Health Administration Act” bill by Representative Biggs (R-AZ) has sparked significant speculation about the future of OSHA, especially under the Trump administration.
Justice Thomas’s dissent to the denial of certiorari in Allstates Refractory Contractors, LLC hinted at a potential Supreme Court shift regarding the constitutionality of delegations of rulemaking authority.
On March 26, 2025, the Supreme Court heard arguments in consolidated cases challenging the Telecommunications Act of 1996’s delegation of authority to the FCC and USAC that could have broader implications for how administrative agencies such as OSHA operate.

Justice Clarence Thomas’s dissent to the denial of certiorari in Allstates Refractory Contractors, LLC, v. Su at the end of the 2023–2024 term of the Supreme Court of the United States portended a potential change to the manner that the delegation of rulemaking authority might be addressed by the Court. Specifically, Justice Thomas was concerned about whether this broad grant of rulemaking authority violated Article I, Section 1 of the U.S. Constitution, which states:
All legislative Powers herein granted shall be vested in a Congress of the United States, which shall consist of a Senate and House of Representatives.

This term, the Court has taken up a pair of cases relating to the Telecommunications Act of 1996, the Universal Service Fund (USF), and the Universal Service Administrative Company (USAC), which is focused on whether the legislation violates Article I, Section 1 of the Constitution.
The Telecommunications Act of 1996 was the first substantive revision of the Communications Act of 1934 post–deregulation and modernization of American telecommunications markets and technologies. Local markets were opened to competition, and though there always had been funding for universal services, it developed a new system for funding those universal services. The revisions, per the Federal Communications Commission (FCC), set forth five principles:

“Promote the availability of quality services at just, reasonable and affordable rates for all consumers”
“Increase nationwide access to advanced telecommunications services”
“Advance the availability of such services to all consumers, including those in low income, rural, insular, and high cost areas, at rates that are reasonably comparable to those charged in urban areas”
“Increase access to telecommunications and advanced services in schools, libraries and rural health care facilities”
“Provide equitable and non-discriminatory contributions from all providers of telecommunications services for the fund supporting universal service programs”

In addition, the Telecommunications Act of 1996 directed the FCC to formalize what services must be provided to receive support from the USF, expanded the number of companies required to pay into the fund, and created USAC. USAC is described by the FCC as “an independent, not-for-profit corporation designated as the administrator of the federal Universal Service Fund by the FCC.”
The Supreme Court, on March 26, 2025, heard argument in Federal Communications Commission v. Consumers’ Research, No. 24-354, and Schools, Health & Libraries Broadband Coalition v. Consumers’ Research, No. 24-422. Both cases relate to the Fifth Circuit Court of Appeals’ en banc decision in Consumers’ Research v. Federal Communications Commission that “the combination of Congress’s sweeping delegation to FCC and FCC’s unauthorized subdelegation to USAC violates the [Constitution].”
More specifically, the Fifth Circuit Court of Appeals stated:
American telecommunications consumers are subject to a multibillion-dollar tax nobody voted for. The size of that tax is de facto determined by a trade group staffed by industry insiders with no semblance of accountability to the public. And the trade group in turn relies on projections made by its private, for-profit constituent companies, all of which stand to profit from every single tax increase. This combination of delegations, subdelegations, and obfuscations of the USF Tax mechanism offends Article I, § 1 of the Constitution.

While Justice Thomas, in Allstates Refractory, certainly suggested that a majority of the Court was of a like mind with respect to the delegation of rulemaking authority granted to administrative agencies, like OSHA, he did not address the delegation of rulemaking to “nonprofits,” such as the American National Standards Institute (ANSI), the American Society of Mechanical Engineers (ASME), and other organizations that publish the consensus standards cited by OSHA in its regulations and when applying the Occupational Safety and Health (OSH) Act’s “General Duty Clause.”
Given his description of the rulemaking authority contained within the OSH Act as being among the broadest to any administrative agency, it is conceivable that a ruling that confirms the Fifth Circuit’s decision in Federal Communications Commission v. Consumers’ Research, would compel Congress to act and actually legislate the workplace health and safety regulations OSHA would enforce. Arguably, reliance on “national standards,” which is built into the OSH Act, would have to be replaced with rules contained within legislation, thereby compelling Congress to have a much more active role with respect to workplace health and safety.

SEC Abandons Defense of Brobdingnagian Climate Change Disclosure Rule

Three years ago, the Securities and Exchange Commission issued a nearly 500 page rule proposal that would require registrants to provide certain climate-related information in their registration statements and annual reports.  At the time, I argued. albeit to no avail, that the sheer prolixity of the release militated against adoption of the rule. Two years later, the SEC adopted a final rule in a nearly 900 page adopting release. 
Expectedly, the rule was challenged in court.  National Legal and Policy Center v. Securities and Exchange Commission (8th Cir., Case No. 24-1685).  The SEC previously stayed effectiveness of the rules pending completion of that litigation.   Yesterday, the SEC through in the towel, announcing that it had voted to no longer defend the rules.  

Other Transactions: A Flexible and Efficient Acquisition Tool for the Department of Defense

On March 6, 2025, the Defense Secretary released a memorandum directing the Department of Defense (“DoD”) to adopt the Software Acquisition Pathway (“SWP”) to speed up the development, procurement, and delivery of software needed for weapons and business systems. Specifically, the memorandum directed DoD to use Commercial Solutions Openings and Other Transactions (“OTs”) as the default solicitation and award approaches for acquiring capabilities under the SWP. As a result, we are likely to see an expansion in DoD’s use of OTs. Thus, contractors should be aware of the rules and regulations regarding OTs.
Background
While OTs have been in the news a lot these days, they are not a new concept. OTs date back to 1958, when Congress granted the National Aeronautics and Space Administration (“NASA”) the authority to enter into transactions other than contracts, grants, or cooperative agreements in order to foster innovation and speed in the space race.
Since then, Congress has granted OT authority to several other federal agencies, including the Department of Energy, the Department of Health and Human Services, the Department of Homeland Security, the Transportation Security Administration, and the Department of Transportation. However, the most significant and frequent user of OTs has been the DoD.
What is an OT?
An OT is a legally binding agreement that is not subject to most of the federal laws and regulations governing procurement contracts, such as the Federal Acquisition Regulation, the Competition in Contracting Act, the Cost Accounting Standards, and the Contract Disputes Act. An OT can be structured in various ways, depending on the type, purpose, and scope of the project, as well as the needs and interests of the parties. This means that DoD has more discretion and flexibility to negotiate the terms and conditions of an OT, and to tailor them to the specific needs and objectives of the project. This also means that the participants have more freedom and autonomy to conduct their work, and to avoid most of the compliance burdens and administrative costs associated with procurement contracts.
An OT is still subject to certain statutory requirements, such as the Anti-Deficiency Act, the Freedom of Information Act, the False Claims Act, the Anti-Kickback Act, and the Procurement Integrity Act. An OT is also subject to certain policy and oversight considerations, such as the public interest; the protection of human subjects; the safeguarding of classified information; the prevention of fraud, waste, and abuse; and the audit and review by DoD and other agencies. Moreover, an OT—while not a procurement contract—is still a contract in the eyes of the law, and can be enforced and challenged in the courts. As we recently discussed, the Court of Federal Claims (“COFC”) appears to be taking a broader view of its jurisdiction over OTs than it has previously, so we may see more post-award protests for OTs at the COFC.
Because an OT is not subject to many of the federal laws and regulations applicable to procurement contracts, an OT does not automatically provide the same rights and remedies that are available under procurement contracts, such as those relating to equitable adjustments, claims, appeals, protests, and termination settlements. Therefore, the parties to an OT need to carefully consider and negotiate the terms and conditions of their agreement, and also address the risks and responsibilities that may arise during the performance and administration of the project. For example, in addition to basic terms such as the scope of work, deliverables, performance milestones, and payment provisions, the parties may want to negotiate clauses addressing data rights, intellectual property rights, dispute resolution mechanisms, termination procedures, and audit rights.
Types of DoD OTs
The DoD has two main types of OTs: Research and Development OTs and Prototype OTs, the latter of which can lead to production contracts.
Research and Development OTs
Research and Development OTs are utilized for basic, applied, and advanced research projects.10 U.S.C. § 4021(a). Research OTs may be used to pursue research and development of technology with dual-use application (commercial and government). Research OTs may also be used to advance new technologies and processes to evaluate the feasibility or utility of a technology. However, unlike Prototype OTs, DoD cannot transition a Research OT to a follow-on production contract.
Prototype OTs
A Prototype OT can be used for a broad range of projects, including but not limited to (A) a proof of concept, model, or process, including a business process; (B) reverse engineering to address obsolescence; (C) a pilot or novel application of commercial technologies for defense purposes; (D) agile development activity; (E) the creation, design, development, or demonstration of operational utility; or (F) any combination of subparagraphs (A) through (E). 10 U.S.C. § 4022(e)(5). And, for a Prototype OT to be awarded, one of the following conditions must be met: (i) significant participation by a nontraditional defense contractor or a nonprofit research institution; (ii) all significant participants being small businesses or nontraditional defense contractors; (iii) at least one-third of the total cost being covered by non-federal parties; or (iv) exceptional circumstances that justify the use of innovative business arrangements or structures. 10 U.S.C. § 4022(d).
Note that successful completion of a Prototype OT can result in a follow-on production contract without further competition, provided the prototype OT was competitively awarded, and the solicitation and agreement included the possibility of a production contract. This streamlined transition from prototype to production can allow for rapid fielding of new technologies and capabilities—once a prototype has proven its value and effectiveness, DoD can quickly move to production, ensuring that contractors are able to start working on delivering critical technologies without the delays often associated with competitive procurements.
Key Takeaways
DoD’s use of OTs has been steadily growing in recent years, both in terms of the number and the value of agreements. This is only expected to increase further under the current administration. Thus, contractors should keep in mind the following:

Embrace the Flexibility: Recognize that OTs offer a flexible framework that allows for innovative and collaborative agreements. This flexibility can be leveraged to tailor agreements that meet specific project needs without the constraints of traditional procurement regulations.
 
Leverage Nontraditional Partnerships: Consider forming partnerships with nontraditional defense contractors, research institutions, and consortia. These collaborations can bring diverse expertise and innovative solutions to the table, enhancing the project’s success.
 
Stay Informed on Legal Requirements: While OTs are exempt from many procurement laws, they are still subject to certain statutory and policy requirements. Ensure compliance with these requirements to avoid legal pitfalls.
 
Monitor Emerging Trends: Keep an eye on emerging technology areas where the DoD is increasing its use of OTs and position your organization to take advantage of opportunities in these high-priority areas.
Seek Legal Counsel: Given the unique nature of OTs and their legal implications, it is important to consult counsel with experience in federal contracting and OTs to assist in navigating complex legal landscapes and mitigate risks.

CFTC Accepting Whistleblower Award Claims for Financial Grooming Scam

On March 26, the CFTC posted a Notice of Covered Action for a $2.3 million enforcement action taken against a purported digital asset platform for an alleged online romance scam, signaling that the Commissions is accepting whistleblower award claims for the case.
Key Takeaways:

A court judgement found Debiex liable for misappropriating over $2 million in customers’ funds in an online romance fraud scheme
Online romance fraud schemes, including “pig butchering,” are a focus of the CFTC
Qualified CFTC whistleblowers are eligible to receive awards of 10-30% of the funds collected in connection with their disclosure

On March 26, the Commodity Futures Trading Commission (CFTC) posted a Notice of Covered Action (NCA) for a $2.3 million enforcement action taken against a purported digital asset platform for an alleged online romance scam. The NCA signals that the Commission is now accepting whistleblower award claims for the case.
Debiex Pig Butchering Case
The CFTC announced on March 21 that the U.S. District Court for the District of Arizona issued a default judgment against Debiex in response to the CFTC’s enforcement action. The judgement finds Debiex liable for misappropriating over $2 million in customers’ funds.
According to the CFTC, “Debiex’s unidentified officers and/or managers cultivated friendly or romantic relationships with potential customers by communicating falsehoods to gain trust, and then solicited them to open and fund trading accounts with Debiex.”
“Unbeknownst to the customers, and as alleged, the Debiex websites merely mimicked the features of a legitimate live trading platform and the ‘trading accounts’ depicted on the websites were a complete ruse,” the CFTC further claims. “No actual digital asset trading took place on the customers’ behalf.”
The type of online romance scam carried out by Debiex is known as “Sha Zhu Pan” or “Pig Butchering.”
“As the graphic name suggests, these schemes liken the practice of soliciting consumers to participate in a fraudulent investment opportunity to ‘fattening up’ an unsuspecting pig prior to slaughtering it,” CFTC Commissioner Kristin N. Johnson explained in a January statement announcing the charges against Debiex.
The court order bans Debiex from trading in any CFTC regulated markets or registering with the CFTC and requires Debiex to pay a $221,466 civil monetary penalty and over $2.2 million in restitution.
“This judgment demonstrates the CFTC’s ongoing commitment to protecting U.S. citizens from online scams,” said Director of Enforcement Brian Young.
Notice of Covered Action and CFTC Whistleblower Program
The Notice of Covered Action posted by the CFTC for this enforcement action signals that individuals have 90 days to file a whistleblower award claim for the case.
Under the CFTC Whistleblower Program, qualified whistleblowers, individuals who voluntarily provide original information which leads to a successful enforcement action, are eligible to receive monetary awards of 10-30% of the funds collected in the action.
In 2023, the CFTC Whistleblower Office published a whistleblower alert on the ability to anonymously blow the whistle on romance investment frauds and qualify for awards and protections.
“Under the Whistleblower Program of the Commodity Futures Trading Commission (CFTC), individuals may become eligible for both financial awards and certain protections by assisting the CFTC with identifying perpetrators and facilitators of romance investment frauds under the CFTC’s jurisdiction, such as solicitations related to digital assets, precious metals, and/or over-the-counter foreign currency exchange (forex) trading,” the alert reads.
Since issuing its first award in 2014, the CFTC Whistleblower Program has awarded nearly $390 million to qualified whistleblowers. In the 2023 Fiscal Year, the CFTC received a record 1,744 whistleblower tips and issued 12 award orders, the most it has granted in a single year.

Commercial Insurance Offerings to Mitigate Fire-Related Risks

Businesses and people around the world are reeling from the aftermath of shutting down Heathrow Airport in London—one of the world’s busiest travel hubs—due to a fire at a nearby electrical sub-station. Early projections of the economic fallout and related travel disruptions are staggering. The fire at the sub-station not only disrupted travel plans for passengers, but also interrupted countless businesses that rely on the airport, such as airlines, logistics and freight companies, and retailers. Fortunately, these businesses may be able to mitigate their losses through their commercial property policies and policies covering supply chain disruptions. We discuss some of the insurance offerings that may respond to fire-related losses (as well as other losses from other perils) and ways to maximize coverage.
Property Coverage—Covering Physical and Economic Losses From Fire Damage to Your Property
Physical damage to a business’s property imposes costs to repair or replace the damaged property and can disrupt the business resulting in economic losses. Fortunately, many commercial property policies provide “all risks” coverage, meaning any cause of physical loss or damage—fire, wind, hail, etc.—is covered unless it is otherwise excluded. In addition, many commercial property policies also cover the loss of profits resulting from disruption to the business caused by the covered peril. In the case of the electrical fire at the sub-station, the policyholder may be covered for the cost of repairing the damaged property and the profit that would have been earned if the fire did not occur.
Contingent Business Interruption (CBI) Coverage—Covering Economic Losses Resulting From Fire Damage to Someone Else’s Property
Even if a business’s property is not physically damaged, it may be able to recover economic losses resulting from disruptions to another business on which it depended. This type of coverage is commonly known as contingent business interruption coverage, and it is triggered when physical loss or damage to another business causes a disruption to the policyholder’s business resulting in economic loss. Issues may arise, however, concerning which third-party businesses qualify as suppliers or customers on which the policyholder is dependent; this issue often turns on whether the impacted business had a “direct” relationship with the insured business and the specific policy language. Businesses reliant on Heathrow Airport to fulfill their business obligations may have a claim if they experienced a loss due to, for example, delivery delays, order cancellations or the need to arrange for other ways to transport cargo.
Extra Expense Coverage—Covering the Added Costs Incurred as a Result of the Fire Damage to Your or Someone Else’s Property
Many commercial property policies also cover the “extra expenses” a policyholder incurs after it sustains a direct physical loss or damage, or when it sustains a covered contingent business interruption loss. “Extra expenses” are those added expenses that the policyholder incurred as a result of the covered event. For example, extra expenses can include the added costs to receive goods for sale or replacement goods, as well as increased transportation, labor and logistical costs. In the case of the fire at the electrical sub-station that shutdown Heathrow Airport, extra expense coverage could pay for temporary relocation, and costs associated with alternative logistical arrangements like the rerouting of goods.
Supply Chain Coverage
When a business that serves as an element in a supply chain experiences a disruption, the result is usually delays and the need to reassess logistics and operations that rely on the impacted business for deliveries, transactions and just-in-time inventory. While there is no “standard” form for “supply chain insurance,” this insurance is available as an “all risks”-type coverage. Besides covering disruptions caused by property damage to a supplier or a dependent property, supply chain insurance can be customized to cover losses caused by a wide range of events, including production issues (e.g., supplier assembly line malfunctions). For example, supply chain insurance may respond to events like natural disasters and regulatory changes that disrupt a business’s operations.
Tips to Maximize Insurance if Loss Occurs

Ensure You Have Proper Limits: Policyholders should review their commercial insurance policies to make sure, for instance, that all structures (including new ones) are covered, the amount of coverage provided has kept pace with the increasing costs to rebuild property in the area, and the available policy limits can cover the value of the inventory currently at hand. Policyholders should also consider identifying the third-party businesses on which their businesses depend so they can avoid an after-the-fact dispute over whether a business qualifies. Policyholders should also leverage brokers and other business partners to ensure that their coverage aligns with industry standards.
Consult Outside Coverage Counsel: Policyholders should engage coverage counsel that can help analyze insurance terminology, and provide specialized guidance and assistance on improving policies’ terms and conditions to maximize coverage if a loss occurs. Increased limits are helpful only if the underlying coverage terms are strong and there are no problematic exclusions to allow the policyholder to access the full limits.
Document All Aspects of the Loss: Policyholders should keep records on the losses suffered, including documenting all physical damage, the amounts paid to prevent further damage or to remedy existing damage, and the amounts lost because of the disruption of business activities, including lost income.
Document All Claim-Related Communications: Policyholders should also keep a record on all claim-related conversations and communications with insurers and other parties involved in handling the insurance claim. This can be helpful, for example, if litigation is necessary.
Mitigate the Losses: Policyholders should consider taking all reasonable efforts to mitigate the property and business losses following a loss as such efforts can be a condition to coverage. Policyholders should also keep track of and document all those mitigation efforts.
Be on Time: Insurance policies generally place a time limit on filing claims. Indeed, insurers commonly cite late notice of a claim as the basis for denying a claim. Policyholders should thus submit insurance claims within the time periods identified by their policies and pay particular attention to other policy deadlines, such as the time to submit proof of loss and suit limitations provisions.

Takeaway
Events like fires at major hubs of global travel and trade can cause significant physical loss or damage, lost profits, extra expenses and supply-chain disruptions. Commercial policyholders operating such businesses must ensure they are able to protect against these events and resultant losses. Policyholders should carefully review their existing insurance policies to determine which coverages exist, and whether additional or modified terms are warranted if a loss occurs. Each line of coverage should be carefully analyzed and, if needed, modified before a fire-related claim arises.

OCR Provides Further Guidance About When DEI Violates Title VI

On February 14, 2025, the Department of Education’s Office for Civil Rights (“OCR”) issued a Dear Colleague Letter (“DCL”) which explained that schools had “discriminated against students on the basis of race, including white and Asian students” and had “justify[ed] their discrimination “under the banner of ‘diversity, equity, and inclusion’ (“DEI”)[.]” Hunton’s analysis of this DCL is available here.
On March 1, 2025, the OCR issued further guidance on Title VI in the form of Frequently Asked Questions (“FAQ”). These FAQs clarified the DCL’s stance toward illegal DEI programming. The FAQ explained that whether DEI programming violates Title VI does not depend on the use of terminology – including “diversity,” “equity,” and “inclusion,” – but rather on whether the DEI programming restricts or discourages access based on race, or creates a race-based hostile environment.
The FAQs explained that, where DEI programming is race-neutral, OCR may consider the following factors to determine whether a school acted with a racially discriminatory purpose:

Whether members of a particular race were treated differently than similarly situated students of other races;
The historical background or administrative history of the policy or decision;
Whether there was a departure from normal procedures in making the policy or decision;
Whether there was a pattern regarding policies or decisions towards members of a particular race;
Statistics demonstrating a pattern of the policy or decision having a greater impact on members of a particular race; and
Whether the school was aware of or could foresee the effect of the policy or decision on members of a particular race.

The DCL is recommended reading for all institutions of higher education seeking to navigate their responsibilities under Title VI, but there are additional key points for colleges and universities to consider as they are navigating these issues.
Access to Educational Opportunities
The DCL referred to race-based affinity spaces, housing, or graduation ceremonies as discriminatory, and the FAQ contextualized this, explaining that such programming is discriminatory if it “allows one race but not another or otherwise separates students, faculty, or staff based on race.”
The DCL referred to curriculum, and the FAQ clarified “nothing in Title VI, its implementing regulations, or the Dear Colleague Letter requires or authorizes a school to restrict any rights otherwise protected by the First Amendment.” In addition, the FAQ balances this statement by reiterating schools’ obligations to prevent a hostile environment and address racial harassment. In determining whether certain curriculum discussing race from a historical and sociological perspective would qualify as creating a hostile environment, the FAQ noted that such discussions may be considered hostile in an elementary school, but not out of place in a university classroom.
Creation of a Hostile Environment based on Race
The FAQ provided examples of school activities that could create a hostile environment by requiring employees or students to:

Engage in political activism such as protests or privilege walks.
Embrace specific perspectives on race-related issues, and investigating or disciplining them if they do not.
Participate in trainings, orientations, coursework, or courses that reinforce racial stereotypes, challenge speech protected under the First Amendment.
Accept different disciplinary measures based on their racial group.

The FAQ clarified that schools are permitted to continue cultural programming and discussions on race-related topics, provided they do not limit access or create a racially hostile environment. In assessing programming, schools should consider whether it would discourage member of all races from attending.
While OCR has tempered its stance on race-related programs and educational access with the FAQ, it is recommended that schools continue to take steps to review policies, procedures, and practices, including those involving admissions and access to academic, extracurricular, and financial support programs to ensure compliance with Title VI.

New Bill Strengthens Protections for Federal Whistleblowers who Make Disclosures to Congress

On March 26, Senator Richard Blumenthal (D-CT) introduced the Congressional Whistleblower Protection Act of 2025. The bill strengthens protections for federal employee whistleblowers who make disclosures to Congress, expanding the types of whistleblowers covered and granting them the right to have their case heard in federal court if there are delays in administrative proceedings.
“This law is a significant step forward for federal employees,” said Stephen M. Kohn, founding partner of Kohn, Kohn & Colapinto and Chairman of the National Whistleblower Center. “Retaliation against whistleblowers who testify before Congress is unacceptable. This law is highly significant and should be passed quickly. It is absolutely necessary if Congress is serious about engaging in meaningful oversight.”
The bill ensures that whistleblowers are able to file an administrative complaint if their right to share information with Congress has been interfered with or denied. It expands the definition of qualified whistleblowers to include former employees, contractors, and job applicants.
Furthermore, the bill allows for whistleblowers to seek relief in federal court if corrective action is not reached within 180 days of filing a complaint. 
Senator Blumenthal previously introduced the Congressional Whistleblower Protection Act during the last session of Congress.
“Whistleblowers must be protected against retaliation when they bravely reveal waste, fraud, and abuse,” Blumenthal stated when introducing the previous version. “This measure will strengthen safeguards for anyone reporting government misconduct and empower them to seek relief if they face retaliation. Congressional whistleblowers are essential to our democracy, and they deserve vigorous protection.”
The Congressional Whistleblower Protection Act is cosponsored by Senators Mazi Hirono (D-HI), Amy Klobuchar (D-MN), Edward Markey (D-MA), Bernie Sanders (I-VT), Adam Schiff (D-CA), Chris Van Hollen (D-MD), Sheldon Whitehouse (D-RI), and Ron Wyden (D-OR).

Privacy Tip #437 – 23andMe Files for Bankruptcy—What to Do If It Has Your Genetic Information

Genetic testing company 23andMe has filed for Chapter 11 bankruptcy protection, and its CEO has resigned. It is seeking to sell “substantially all of its assets” through a reorganization plan that will have to be approved by a federal bankruptcy judge.
Mark Jensen, Chair and member of the Special Committee of the Board of Directors stated: “We are committed to continuing to safeguard customer data and being transparent about the management of user data going forward, and data privacy will be an important consideration in any potential transaction.” The company has also stated that the buyer must comply with applicable law in using the data.
That said, privacy professionals are concerned about the sale of the data in 23andMe’s possession, including the sensitive genetic information of over 15 million people. People often assume that the information is protected by HIPAA or the Genetic Information Nondiscrimination Act, but as my students know, neither applies to genetic information collected and used by a private company. State laws may apply, and consumers could be offered the ability to request the deletion of their data.
The company has said that customers can delete their data and terminate their accounts. The California Attorney General “urgently” suggests that consumers request the deletion of their data and destruction of the genetic materials in its possession and offers a step-by-step guide on how to do so.
Apparently, so many people have followed the suggestion that the 23andMe website crashed. The site is now back up and running, so 23andMe customers may wish to log in and request the deletion of their data and termination of their accounts.