On October 20, the US Department of Justice (DOJ) and Federal Trade Commission (FTC) issued guidance titled Antitrust Guidance for Human Resource Professionals, signaling that the agencies will bring enforcement actions for wage-fixing and no-poaching agreements under federal antitrust law. In their LawFlash (FTC and DOJ Issue Antitrust Guidance for HR Professionals), partner Mark Krotoski and associates David Brenneman and Melissa Hughes discuss the significance of this guidance, which may apply to non-solicitation clauses in outsourcing agreements.

Prior to this guidance, the DOJ and FTC only pursued civil cases against companies engaging in wage-fixing or entering into no-poaching agreements. The new guidance changes this approach, stating that the DOJ, which has the authority to enforce criminal violations of antitrust laws, will consider a criminal prosecution against an individual, a company, or both, for engaging in wage-fixing and entering into agreements with no-poaching clauses. The guidance includes specific examples of conduct that the DOJ may now consider prosecuting.

The guidance states that the DOJ and FTC will continue to enforce civil actions against companies involving other types of employment related conduct. The guidance also clarifies that narrowly tailored wage-fixing or no-poaching agreements entered into by companies engaging in certain relationships, such as a joint venture, will be subject to civil, and not criminal, enforcement. 

Read the complete LawFlash >

In a recent interview with Outsource Magazine, Morgan Lewis partner Ed Hansen discusses current trends in the sourcing/outsourcing industry, including the emergence of robotics as a provider solution, and the effect that these trends are having on deal structures and contracting strategies. Ed offers his thoughts on the evolving role of the lawyer in sourcing and outsourcing deals, the importance of building the right team to meet a client’s needs, and his involvement in the SIG Executive Immersion Program, which provides in-person workshops on current topics in the sourcing/outsourcing industry.

Read the complete interview >

UK Secretary of State Karen Bradley recently confirmed that the United Kingdom will implement the European Union’s General Data Protection Regulation (GDPR), the regulation by which the European Commission intends to strengthen data protection for individuals within the European Union. UK companies will be expected to comply with the GDPR when it takes effect in May 2018. Secretary Bradley made the announcement last week during her appearance before the Culture, Media, and Sport Committee. We’ve previously covered data privacy compliance considerations for UK companies and their business partners after the United Kingdom decided to leave the European Union by a referendum vote in June 2016.

On October 19, US banking agencies released an advanced notice of proposed rulemaking (ANPR) seeking comments on enhanced cybersecurity standards. These standards potentially would apply to

  • US bank holding companies and savings and loan holding companies with total consolidated assets of $50 billion or more,
  • foreign banking organizations’ US operations with US assets of $50 billion or more, and
  • other types of entities under the jurisdiction of the ANPR-issuing agencies and such entities' service providers.

The ANPR would create a tiered system of standards aimed at reducing cyber risk and preventing financial sector disruptions because of cyber events.

On October 25, the Federal Trade Commission (FTC) released new guidance for businesses that outlines recommended actions to take when facing a data breach. This data breach response guide (Guide) follows the FTC's prior guidance on data security measures a business should take to prevent data loss and unauthorized access.

The Guide covers three categories of actions: securing operations, fixing vulnerabilities, and notifying the appropriate parties.

Securing Operations. The FTC highlights the importance of identifying the causes of a breach and preventing such vulnerabilities from being exploited again. The Guide recommends that a business handling a data breach immediately establish a response team that includes data forensics experts; legal counsel; information security, information technology, operations, human resources, communications, and investor-relations personnel; and management. Other suggested initial actions include securing affected physical areas, preventing additional data loss by taking equipment offline at an appropriate time, monitoring access, replacing machines, and updating affected credentials. The Guide also recommends taking down stolen data that is posted online, interviewing the individuals who discovered the breach, and properly maintaining evidence.

On October 19, the US Department of Commerce and the Personal Information Protection Commission of Japan announced their commitment to expand the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) system that applies to cross-border data exchanges within the Asia-Pacific region.

In 2011, APEC leaders agreed to design a framework to encourage cross-border data flows, with the CBPR system ensuring common privacy and data protection principles and enforcement coordination. Under the CBPR system, an Accountability Agent (an independent third party verifier that reviews the business's privacy policies and practices) may designate a business that maintains certain minimum privacy standards as CBPR-certified.

The Obama administration's National Science and Technology Council released a report on artificial intelligence (AI) last week that shared findings on the current state of AI and its potential effect on society. The council analyzed how the adoption of AI into existing products (e.g., cars and aircraft) will affect current regulatory schemes and vice versa.

According to the report, the comments submitted in response to the White House’s Office of Science and Technology Policy's June 2016 Request for Information generally contended that existing regulatory structures, with adaptations only when necessary, were sufficient to address AI’s effects and maintain the original policy goals of such existing regulations. The report stressed the importance of the government engaging technical experts when drafting new regulations for AI products. In analyzing the unique challenges of regulating AI in "safety-critical environments," the report explored the relationship between regulations and the adoption and impact of AI in the transportation areas. The report cited several key issues, including translating human responsibilities to software and developing data sets that allow machine-learning systems to encounter rare tests cases. In response to these challenges, the report recommended creating "testbeds" (designated testing areas) to collect vital data and encouraging information sharing among federal and private entities.

On October 6, Federal Communications Commission (FCC) Chairman Tom Wheeler released a factsheet outlining proposed rules aimed at protecting broadband consumers’ privacy. The proposed rules would apply to internet service providers (ISPs) and cover data collection, usage, security, and breach notification.

If adopted, ISPs would need to notify their consumers about the types of data being collected, when and how collected consumer data can be shared, and the types of entities with which ISPs can share the information. ISPs would also be required to adopt reasonable measures to protect consumer data from data breaches and other vulnerabilities.

On October 13, partner Andrew Lipman will present a webinar, “The 2016 Election: Telecom, Media, and Tech Impacts.” The webinar will cover the pre- and post-election legal and regulatory landscapes applicable to the telecom, media, and technology industries.

Andrew will discuss various consequences of the election results on US Congress, federal courts, the Federal Communications Commission (FCC), the US Department of Justice, and other government agencies. He will also specifically cover the FCC’s policies on competition and antitrust, net neutrality, spectrum ownership, broadband deployment and adoption, consumer privacy, and data security.

The webinar will be held October 13, 2016 from 2:00-3:00 pm eastern. To learn more and to sign up, please visit the webinar’s event page.

As of September 30, Russian state authorities now reject tender submissions for supply of certain foreign electronic equipment if there are two concurrent submissions for supply of locally produced equipment. The ban applies to 113 types of equipment, including personal computers, printers, memory cards, mobile and landline phones, TV sets, cameras, microphones, and cash and ATM machines.

Electronic equipment may qualify as local if it is produced under a special investment contract between an investor and federal or regional government or if it is fully manufactured or significantly reprocessed in Russia. Some additional localization criteria specific for certain equipment also applies.