Tech & Sourcing @ Morgan Lewis

Contract Corner
As consumer products and services companies continually seek to find ways to market to their consumer base, over the last several years, many companies have begun relying on social media influencers to promote their products and services online. In this post, we’ll discuss some key areas a contract drafter may consider when drafting a social media influencer agreement on behalf of a company.
Please join us on Wednesday, April 10, 2024 from 12:00–1:00 pm ET, as partners Kristin Hadgis and Don Shelkey and of counsel Eric Pennesi discuss the latest trends in commercial contracts negotiations, including negotiating artificial intelligence (AI) provisions and recent trends in privacy and security.
New ICT incident reporting requirements under Circular 24/847 (Circular) of the Commission de Surveillance du Secteur Financier (CSSF), Luxembourg’s financial regulator, will come into effect on April 1. This introduces a new ICT-related incident reporting framework and underscores the critical importance of proactive measures in safeguarding financial institutions against ICT and cyber threats.
“March Madness” started early this year as the US District Court for the Eastern District of Tennessee recently granted a preliminary injunction enjoining the National Collegiate Athletic Association (NCAA) from enforcing rules prohibiting student-athletes from negotiating name, image, and likeness (NIL) agreements with third parties, including NIL collectives (i.e., “organizations created by alumni, boosters, or businesses with the purpose of providing NIL opportunities to their school’s athletes”), before the student-athlete enrolls in a particular college or university.
The European Central Bank (ECB) has published data showing that banks are increasingly using third-party providers to support their critical functions. However, more than 10% of outsourcing contracts covering critical functions are not compliant with the relevant regulations. During a key year for EU financial institutions and their critical service providers—with implementation projects for the Digital Operational Resilience Act (DORA) well underway—the ECB signals that outsourcing and resiliency, particularly risks associated with cloud outsourcing and concentration risks, will be a top priority on its supervisory agenda.
In our January 2023 blog post, Study Finds Average Cost of Data Breaches Reaches All-Time High in 2022, we highlighted the key findings of the Ponemon Institute’s Cost of a Data Breach Report 2022. Each year, the report sets forth a vast dataset analyzing data breaches at hundreds of organizations to spot trends and developments in security risks and best practices. Recently, Ponemon Institute published its Cost of a Data Breach Report 2023, showing an increase in data breach costs in many areas of business.
The Court of Appeal of the State of California (the Court of Appeals) recently ruled that Proposition 24, the California Privacy Rights Act of 2020 (CPRA), is enforceable without any further delay. The CPRA contains important changes to the California Consumer Privacy Act, including with respect to online advertising.
Join partners Don Shelkey, Kirstin Hadgis, and Ezra Church at 11:30 am–1:00 pm ET on Tuesday, February 27, 2024 as they discuss key considerations that may impact M&A transactions related to privacy and data security. The session will include a spotlight on the impact of artificial intelligence on such transactions.
An ever-increasing number of companies are choosing to use chatbots on their website, in their sales organizations, and to help with customer service. In fact, according to Vantage Market Research, the chatbot market will grow over 23% by 2030. A chatbot can provide a useful tool for consumers who are looking for quick and easy access to information as well as companies looking to provide a high level of attention and service, while allowing its employees to focus on other demands. However, companies should remain aware of and monitor the information the chatbot is sharing.
Although the healthcare industry is often focused on the Health Insurance Portability and Accountability Act (HIPAA) and compliance with its privacy regulations, there are many companies that service HIPAA-regulated entities that are not subject to such HIPAA regulations themselves, such as consumer-directed digital health companies, including those providing healthcare-related or focused mobile applications. Given the complexities of complying with various privacy rules, for those working with the healthcare industry or adjacent industries, evaluating their own and their vendor’s compliance with laws when HIPAA does not apply should be an ongoing process as privacy laws evolve.