TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

New York’s Department of Financial Services (DFS) issued guidance on April 13 alerting regulated entities of the significant increase in cybercrime during the coronavirus (COVID-19) pandemic.

Specifically, DFS noted several cybersecurity risks resulting from the realities of a remote workforce. With the increase of remote working, companies have issued new devices to employees and in many cases allow employees to use their personal devices to remotely access company information. These practices understandably subject companies to increased risk of phishing attacks and the leak of confidential information. Remote connections need to be as secure as possible using mechanisms like Multi-Factor Authentication and secure VPN connections so that data is safely and properly encrypted in transit. Regulated entities should be sure that all devices have the necessary and proper security software and that employees are trained properly on how to use applications securely.

One of the major changes introduced by the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which was signed into New York law last year, is scheduled to take effect this week.

The SHIELD Act modernized New York’s laws by (1) expanding the data elements that may trigger data breach notification to include certain biometric information, user names or email addresses, and account, credit card, or debit card numbers, if circumstances would permit account access without a security code or other information; (2) broadening the definition of a breach to include unauthorized “access” (in addition to unauthorized “acquisition”); and (3) creating a new reasonable security requirement for companies to “develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of” the private information of New York residents. The first two changes took effect on October 23, 2019, while the third will take effect on March 21, 2020.

Trainee associate Valeria Gaikovich contributed to this post.

Following adoption of the law on the preinstallation of Russian software on electronic devices in December 2019, the Russian Federal Antimonopoly Service (FAS) has developed draft guidelines to determine the types of electronic devices that will be subject to the new regulations, as well as the deadlines and procedures for the preinstallation of domestic software. The draft guidelines will not apply to electronic devices manufactured or released into circulation in Russia before July 1, 2020.

According to the draft guidelines, as of the dates set forth below, all touchscreen electronic devices with two or more functions (e.g., smartphones, tablets, smart watches) must have the following apps preinstalled:

Please join us in our Philadelphia office for our annual Technology, Outsourcing & Commercial Contracts Networking Roundtable. The roundtable will feature an in-depth discussion of hot topics relating to the increased connectivity of our businesses, including privacy concerns, data rights, cloud solutions, and contracting for the use of connected devices. Stay connected with us at the networking reception following the discussions.

We hope you’ll join us in Philadelphia on Thursday, April 16, 2020, from 3:30–5:30 pm ET.

Register now >>

Please join us for an in-depth discussion of subcontracting provisions and their effect on commercial transactions with technology, outsourcing, and commercial transactions of counsel Emily Lowe. Topics will include:

  • Flow-down obligations
  • Royalties and compensation
  • Termination

We hope you’ll join us on Wednesday, March 11, 2020, from 12:00–1:00 pm ET.

Register now >>

Please join us on February 26 for the next installment of the Morgan Lewis M&A Academy, where technology, outsourcing, and commercial transactions partners Mike Pierides and Anastasia Dergacheva, and intellectual property partner Ksenia Andreeva will discuss the intricacies of drafting data protection provisions in outsourcing and other services transactions.

Please join us on February 25 for the next installment of the Morgan Lewis M&A Academy, where technology, outsourcing, and commercial transactions partners Vito Petretti and David G. Glazer will discuss key considerations in structuring and negotiating transition services agreements in the context of M&A transactions.

Morgan Lewis has recently issued several LawFlashes on the 2019 Novel Coronavirus (COVID-19) outbreak, providing a number of resources for businesses across the globe dealing with various compliance challenges and unanswered questions. In this rapidly changing situation, for example, employers must carefully balance concerns related to employee and public safety with protecting employees from unnecessary medical inquiries, harassment, and discrimination.

To help guide companies through this multifaceted public health crisis, Morgan Lewis has launched Responding to the 2019 Novel Coronavirus to keep on top of developments as they unfold.

Please join us on February 18 for the next installment of the Morgan Lewis M&A Academy, where technology, outsourcing, and commercial transactions partner Doneld G. Shelkey, litigation partner Ezra D. Church, and labor and employment partner Lee Harding will discuss key privacy and security issues in both corporate and commercial contexts. Topics will include:

  • Regulated industries
  • Impact on cross-border deals
  • Security issues in M&A deals
  • Privacy issues in M&A deals

The Morgan Lewis M&A Academy, a 24-part series of tailored webinars led by a diverse team of firm lawyers, provides a comprehensive M&A overview and is ideal for learning about the latest M&A issues and developments. It is geared not only toward M&A professionals but also toward specialists with particular areas of focus (e.g., benefits, intellectual property, tax), whether they deal with M&A issues regularly or occasionally.

We hope you’ll join us on Tuesday, February 18, 2020, from 12:30–1:30 pm ET.

Register now >>

The US Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) published a report on January 27 outlining various industry practices and approaches to managing and combating cybersecurity risks and maintaining operation resiliency. The OCIE observed these practices through conducting thousands of examinations, and hopes that organizations can use the report to enhance their own cybersecurity preparedness and operational resiliency.