Tech & Sourcing @ Morgan Lewis

TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
Contract Corner
With the COVID-19 pandemic, many industries experienced a major shift in how the personnel of key suppliers worked, with “nonessential” personnel in large part working remotely. When this shift to remote work first happened (rather abruptly for many companies), security was a critical consideration, but one that was handled in many instances outside the supplier contract, with both parties focusing on keeping business operations going with must-have data and security safeguards in place.
As we all try to keep up with the Metaverse and as the healthcare system wilts under a data deluge, the convergence of realities in a shared online space is not merely a chance for practitioners and patients to find each other and interact in new ways, it’s also a rare opportunity to help a new paradigm sprout. The answers to detangling some sticky wickets of Health 2.0, like ensuring efficient, secure communications and exchanges between participants, may share a common thread: clear out (not just debug) the cobwebs and flip the crypt.
When two parties engage in a merger or acquisition, there are several processes that must take place before the transaction can be completed, including due diligence of the seller’s assets—and particularly the seller’s relevant and material intellectual property (IP).
The German Conference of DPAs (the DSK) has released new (legally non-binding) detailed Guidelines dated February 18, 2022 with respect to direct marketing in Germany.
As technology and the use of the internet continue to evolve, lawmakers remain focused on setting a legal framework for businesses operating “online” in Russia. In 2021, the Russian regulatory landscape underwent significant changes, which will no doubt have an impact on how tech and media companies conduct their business in Russia.
We have heard time and time again that we should not reuse passwords across accounts—if a cybercriminal were to obtain access to the password of one account, they could then use such password to access multiple accounts. This use of stolen passwords and other credentials has led to a rise in credential stuffing attacks. A new guide released this month by New York Attorney General Letitia James investigates the rise in credential stuffing attacks and best practices designed to prevent such attacks.
Contract Corner
As 2021 comes to a close, we have once again compiled all the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips.
Broad awareness has been made about cyberattacks in the form of phishing that typically use email messages to lure victims into divulging sensitive information or opening a link that allows malware to infiltrate their device. Companies have learned how to combat phishing by training employees to recognize such scam attempts and report them as phishing to protect their organizations. “Vishing” is another tactic used by scammers that, while less familiar, is no less invasive and dangerous.
In our January 2021 blog post The Right to Repair in Massachusetts Rolls Forward, we discussed how Massachusetts voters in November 2021 approved Question One, a ballot initiative amending the commonwealth’s 2012 Right to Repair Law. The amendment provides that motor vehicles sold in Massachusetts, beginning with 2022 models, be required “to equip any such vehicles that use telematics systems—systems that collect and wirelessly transmit mechanical data to a remote server—with a standardized open access data platform. Owners of motor vehicles with telematics systems would get access to mechanical data through a mobile device application.” With authorization of the owner, such telematics data will be available to independent repair facilities and dealerships not otherwise affiliated with the manufacturer of the vehicle, who will “send commands to the vehicle for repair, maintenance, and diagnostic testing.” In turn, a contractual relationship between the manufacturer and the independent repair facility will no longer be required in order for such data to be shared.
According to recent guidance from the US Federal Trade Commission (FTC), providers of health apps and connected devices that collect consumers’ health information must comply with the FTC’s Health Breach Notification Rule, 16 CFR Part 318, and therefore are required to notify consumers and others when their health data is breached.