As we all try to keep up with the Metaverse and as the healthcare system wilts under a data deluge, the convergence of realities in a shared online space is not merely a chance for practitioners and patients to find each other and interact in new ways, it’s also a rare opportunity to help a new paradigm sprout. The answers to detangling some sticky wickets of Health 2.0, like ensuring efficient, secure communications and exchanges between participants, may share a common thread: clear out (not just debug) the cobwebs and flip the crypt.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
The US Securities and Exchange Commission (SEC) on March 9 proposed new rules to enhance and standardize disclosures relating to the risk management, strategy, governance, and incident reporting requirements of cybersecurity applicable to public companies (registrants).
The unfolding conflict in Eastern Europe is likely going to cause a wide-ranging impact to companies with business operations or personnel in the region. For technology and commercial contracting professionals, this means potential contract disputes, force majeure issues, business continuity implications, and cybersecurity concerns.
Spotlight
In this edition of our Spotlight series, we welcome David Plotinsky to discuss key issues that technology lawyers and professionals should keep in mind regarding tech transactions, foreign investment, and review by the Committee on Foreign Investment in the United States (CFIUS).
We have heard time and time again that we should not reuse passwords across accounts—if a cybercriminal were to obtain access to the password of one account, they could then use such password to access multiple accounts. This use of stolen passwords and other credentials has led to a rise in credential stuffing attacks. A new guide released this month by New York Attorney General Letitia James investigates the rise in credential stuffing attacks and best practices designed to prevent such attacks.
Contract Corner
As 2021 comes to a close, we have once again compiled all the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips.
Broad awareness has been made about cyberattacks in the form of phishing that typically use email messages to lure victims into divulging sensitive information or opening a link that allows malware to infiltrate their device. Companies have learned how to combat phishing by training employees to recognize such scam attempts and report them as phishing to protect their organizations. “Vishing” is another tactic used by scammers that, while less familiar, is no less invasive and dangerous.
Contract Corner
With the exponential growth of cyber threats, cloud computing and remote working, contract provisions regarding data security requirements have also expanded in size and frequency. It has become common practice to prepare schedules to detail (and limit) security requirements. Customers and vendors both have a vested interest in clearly identifying expectations and obligations for such requirements. In this week’s Contract Corner, we explore considerations when it comes to drafting security schedules.
According to recent guidance from the US Federal Trade Commission (FTC), providers of health apps and connected devices that collect consumers’ health information must comply with the FTC’s Health Breach Notification Rule, 16 CFR Part 318, and therefore are required to notify consumers and others when their health data is breached.
It has become increasingly clear that improving cybersecurity will be a main focus, and important goal, of the Biden-Harris administration.