TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

Cybersecurity continues to be an issue at the forefront of many of our contract negotiations. Though not typically included in the “data security” section of an agreement, the level and scope of cyberinsurance coverage often plays an important factor in the discussions between customer and vendor.

On this topic, Morgan Lewis partners Mark Krotoski and Jeffrey Raskin will present an upcoming webinar as part of our firm’s Cyber Insurance Webinar Series to discuss ongoing developments in the cyberinsurance space, with a focus on the critical factors your company can consider as part of its overall cybersecurity protection strategy. The one-hour webinar, Cyber Insurance: Is Your Company Covered?, will take place on Tuesday, September 17, at 2:00 pm ET.

As 2018 comes to a close, we have once again compiled all the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips. If you don’t see a topic you are interested in below, please let us know, and we may feature it in a future Contract Corner.

A significant fine imposed by the UK’s Financial Conduct Authority (FCA) on an established UK insurer is further evidence of the increased scrutiny being placed on outsourcing arrangements by the financial services regulator, and also of the importance the regulator places on issues that directly impact retail customers.

The FCA is the UK’s “conduct” regulator, with a focus primarily on the regular business conduct of financial services businesses, as compared to the “macro” focus (safety and soundness) of the Prudential Regulatory Authority (PRA) – although there is overlap between the stated remits of the FCA and the PRA, and outsourcing arrangements are subject to scrutiny by both bodies.

On October 24, 2017, during a joint meeting of the National Association of Insurance Commissioners (NAIC) Executive (EX) Committee and Plenary, the NAIC officially adopted the Insurance Data Security Model Law (Model Law) to establish standards for data security and the investigation of and notification requirements following a cybersecurity event.

Previously, the Model Law had advanced through the NAIC Innovation and Technology Task Force and the Cybersecurity Working Group during the NAIC's 2017 Summer National Meeting on August 7.