The CARES Act has far-reaching considerations for affected businesses, ranging from tax, employment, and even telehealth. Businesses that grant the federal government equity stakes in return for certain financial assistance could find themselves needing to comply with additional privacy and data security regulatory burdens, including the Privacy Act and the Federal Information Security Management Act.
The Privacy Act establishes a Code of Fair Information Practice, including governing how federal agencies are able to disseminate, use and collect certain personally identifiable information maintained by federal agencies. FISMA provides a framework for providing and managing information security that must be followed by federal government agencies and many federal government contractors. Both could apply a business that grants the federal government equity stakes that could be seen to give the government control of the business.
