Tech & Sourcing @ Morgan Lewis

Please join us on September 9 for a webinar discussing cybersecurity enforcement issues. This webinar is part of our 2020 Data Privacy and Protection Boot Camp series.

Following up on our CCPA post earlier this week, Morgan Lewis privacy lawyers Reece Hirsch and Andrew Gray have put together a webinar to discuss CCPA and how to prepare for 2020 compliance with California's landmark privacy law. Register for the webinar if you or your organization are curious about how the CCPA impacts your industry.

The California state attorney general issued a press release on August 14 stating that the Office of Administrative Law (OAL) has approved the California Department of Justice’s regulations regarding the California Consumer Privacy Act (CCPA) and filed them with the California secretary of state, making the regulations effective immediately.

As companies adjusted to the “new normal” of coronavirus (COVID-19) restrictions, spending on cloud services has seen a boom.

A recent Court of Justice of the European Union (CJEU) ruling—Schrems II—could lead to significant changes for companies that rely on the EU-US Privacy Shield for transferring personal data from the European Economic Area (EEA) to the United States, including increased due diligence on the part of data exporters.

With the world in various states of lockdown, your organization’s online presence is more important than ever…even more so with official enforcement of CCPA beginning last month. It may be a good time to spend an afternoon reviewing and updating the legal boilerplate on your organization’s website. Here is what we recommend for a basic three-part review to get you started:

Companies developing digital therapeutics, clinical decision support apps, and other digital health technologies for use in the coronavirus (COVID-19) pandemic should be mindful of FDA’s quickly evolving policies and guidance affecting such technologies. In our recent LawFlash, FDA Regulation of COVID-19 Apps, Digital Therapeutics, and other Digital Health Technologies, we examine recent FDA developments and their implications for companies in the digital health space.

Adding corporate flexibility to IT-related commercial contracts can make seemingly unrelated mergers and acquisitions (M&A) transactions a bit less complex.

The UK Financial Conduct Authority (FCA) announced on July 8 that the guidelines issued by the European Insurance and Occupational Pension Authority (EIOPA) on outsourcing to cloud service providers are not applicable to regulated activities (in this instance, insurance and reinsurance undertakings) within the UK jurisdiction.

The Business Software Alliance (BSA) recently endorsed principles for building trust in the Internet of Things (IoT), highlighting the need for a risk-based approach that (1) accounts for the various components, capabilities, users, environments, life cycles, and complexities of the IoT ecosystem, and (2) engages the corresponding stakeholders. Given the near boundless opportunities—and risks—deriving from its connectivity, a connected device should not be designed and managed in isolation.