Tech & Sourcing @ Morgan Lewis

The US Department of Labor (DOL) recently announced guidance for plan sponsors, plan fiduciaries, recordkeepers and plan participants on cybersecurity best practices. The guidance focuses on three areas: (1) tips for hiring a service provider; (2) cybersecurity program best practices; and (3) online security tips. In this post, we will focus on the DOL’s tips for plan sponsors and plan fiduciaries in selecting a service provider.

As part of its five-year, £1.9 billion ($2.65 million) national cybersecurity strategy, the UK government on February 9 announced the launch of the UK Cyber Security Council (Council), a new independent body to support career opportunities and set professional standards for the UK’s cybersecurity sector. The Council will be formally launched on March 31, 2021.

Welcome to the second post in our Spotlight series, where we talk with a leader in a particular field or emerging area of interest to technology and sourcing lawyers and professionals.

Cybersecurity has earned its place at the top of organizations’ risk concerns during the COVID-19 pandemic. Remote working, an array of communication solutions and hardware being used by organizations, and the accelerated leveraging of cloud-based outsourcing solutions have increased the chain of potential vulnerabilities to cyberattacks.

As we noted in our Outsourcing 2021 webinar last week, a lot has happened and changed in the last 12 months since January 2020. There have been significant and unprecedented changes in the way our companies do business, the way we engage and interact with colleagues, and the way we interact with external parties, including how our companies and each of us leverage technology to market, process transactions, and otherwise communicate.

The Internet of Things Cybersecurity Improvement Act of 2020 was signed into law on December 4, resulting in the first federal regulation of the Internet of Things (IoT).

The UK Information Commissioner’s Office (ICO) has recently handed down two of the largest fines relating to a data breach in UK history.

The US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) recently issued an advisory to remind US businesses about some aspects of ransomware scams and attacks. The advisory addresses (1) the process of making ransomware payments; (2) trends in ransomware attacks; (3) “financial red flag indicators” of ransomware activity; and (4) how to report and share information related to ransomware attacks. In the advisory, FinCEN used information from its analysis of cyber- and ransomware-related Bank Secrecy Act data, open source reporting, and law enforcement partners.

In response to the coronavirus (COVID-19) pandemic, technology companies and public health authorities around the world have been developing contact tracing apps as a way to track and thus slow the spread of the virus. Implementation of those apps, however, can raise privacy and cybersecurity considerations.

The California state attorney general issued a press release on August 14 stating that the Office of Administrative Law (OAL) has approved the California Department of Justice’s regulations regarding the California Consumer Privacy Act (CCPA) and filed them with the California secretary of state, making the regulations effective immediately.