Choose Site
TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

With high-profile ransomware attacks occurring over the last few months, cybersecurity is back on the agenda in Washington, DC. We invite you to an upcoming webinar during which Morgan Lewis partners Ezra Church, Kristin Hadgis, and Daniel Skees will review recent actions taken by the Biden-Harris administration to address cybersecurity threats to critical infrastructure and to enhance the protection of sensitive data. They will also consider how the administration’s approach could affect future regulatory initiatives.

We recently issued a reminder of the September 1 effective date of China’s new Data Security Law (DSL) and its potential impact on all business operators in China, including multinational corporations. But the DSL is not the only development from Chinese regulators that affects technology companies operating in the country, specifically ecommerce companies.

As the availability and variety of digital health tools continue to increase, evidence is also being presented that those tools are having a meaningful impact on health outcomes. A recent report, Digital Health Trends 2021: Innovation, Evidence, Regulation, and Adoption, offered by the IQVIA Institute for Human Data Science, looks at the proliferation of digital health tools, recent innovations in the market, and contributions and barriers to their adoption.

Spotlight
As part of our Spotlight series, we connect with Jeff Boujoukos, the leader of Morgan Lewis’s securities enforcement practice, to discuss the current and future state of affairs of the regulation and enforcement activities of the US Securities and Exchange Commission (SEC) regarding cryptocurrency and initial coin offerings. Jeff points to recent cases and statements that may impact and shape the cryptocurrency market going forward.
Spotlight
As part of our Spotlight series, we connect with Andrew J. Gray IV, a partner in Morgan Lewis’s IP-Technology group, to discuss the recent focus on embedded copyright cases based on a court’s unwillingness to apply the server test. Andrew gives us his thoughts on recent developments and what companies may want to think about when embedding social media content (or other content) into its own.
We recently highlighted the Morgan Lewis financial services team’s overview of proposed guidance released by the three federal banking agencies with respect to third-party relationships within the fintech industry. The federal banking agencies, though, are not alone when it comes to guidance on third-party vendors.

As further guidance and regulations are proposed and begin to take shape with respect to relationships between banking organizations and third parties, including those in the fintech industry, our multidisciplinary teams here at Morgan Lewis are tracking each development. In July, shortly after the three federal banking agencies (the Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency) released their proposed risk management guidance regarding third-party relationships, our banking and financial services team provided a general overview highlighting the key takeaways from the proposal. If you have any specific questions, please reach out to your Morgan Lewis team for assistance.

As a reminder, China’s new Data Security Law (DSL), which entails more expansive and restrictive requirements on data localization, mandatory security level certification, and severe penalties for unauthorized foreign transfer of data, will come into effect on September 1, 2021. The DSL will potentially affect all business operators in China, including multinational corporations. Our privacy and cybersecurity team recently published a more detailed analysis of the DSL. If you have any specific questions, don’t hesitate to reach out to your Morgan Lewis contact for assistance.

Read the full LawFlash >>

Through legislation, Connecticut has incentivized businesses to conform to one or more industry recognized cybersecurity frameworks. As we recently discussed, cybersecurity incidents and risks are taking centerstage. Under Connecticut’s recently enacted Public Act No. 21-119, An Act Incentivizing the Adoption of Cybersecurity Standards for Business (the Act), as further described below, a business that implements a qualifying cybersecurity program is shielded from punitive damages in connection with any data breach-related tort claim that is brought in, or under the laws of, Connecticut.
Contract Corner
With the recent onslaught of ransomware attacks, it’s time to revisit force majeure clauses (again). Earlier in the pandemic, we reviewed how COVID-19 could impact force majeure provisions. Since then, there has been a flurry of analyzing, renegotiating, and testing contractual language, as parties work through, or anticipate, pandemic-related difficulties. While contracting parties focus on striking a balance of when, and to what extent, a party’s performance will be excused due to pandemic-related circumstances, a different threat could follow a similar trajectory.