Mike Pierides, a partner in our technology, outsourcing, and commercial transactions practice, will be presenting a session titled “Procuring RegTech – Best Practices for Sourcing Compliance-related Technology from Third Party Vendors” at the 6th International Compliance Forum.
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
The UK Financial Conduct Authority (FCA) announced on July 8 that the guidelines issued by the European Insurance and Occupational Pension Authority (EIOPA) on outsourcing to cloud service providers are not applicable to regulated activities (in this instance, insurance and reinsurance undertakings) within the UK jurisdiction.
In its statement, the FCA noted that this is due to the fact that the EIOPA guidelines will enter into force on January 1, 2021, which is after the end of the EU withdrawal transition period.
The European Securities and Markets Authority (ESMA) published its draft guidelines on outsourcing to cloud service providers on June 3. Steven Maijoor, the chair of ESMA, indicated that the purpose of the guidelines is to “help firms understand and mitigate the risks that they are exposed to when outsourcing to cloud service providers.”
In April, we shared a LawFlash Outsourcing and Managed Services Agreements During COVID-19: Our Perspective. With the continued and unprecedented impact of the coronavirus (COVID-19) pandemic on business operations, we thought it would be timely to provide a brief update on five top-of-mind issues that we are addressing with outsourcing and managed services clients.
- Many outsourcing and managed services agreements include strict requirements on the location of personnel, including the location of certain personnel onsite at a customer site and/or the location of offshore personnel at secure delivery centers with no permitted remote working. These physical location restrictions often are coupled with requirements with respect to the type of technology that can be used when connecting to or accessing the customer’s systems or interacting with end users (such as hardened desktops only, no personal devices), security requirements and detailed connectivity and bandwidth requirements (particularly if there are end user facing activities such as call centers).
The unprecedented conditions created by the coronavirus (COVID-19) pandemic and resulting government shutdown orders have placed significant roadblocks for the last step of documenting a contract or other legal document: authentication. The steps to overcome these roadblocks are highlighted two recent Morgan Lewis LawFlashes.
In COVID-19: How to Notarize Documents During a Pandemic, Jeannine Bishop and Kathleen Keyser describe both existing and recent emergency legislation that allows either temporary or permanent remote online notarization (RON) so that documents can be effectively notarized.
Morgan Lewis recently published an article on the 2019 Novel Coronavirus (COVID-19) outbreak and its effect on General Data Protection Regulation (GDPR) in the European Union. This article discusses the nature of the temporary suspension of some data-protection rights in times of crisis, and how the need to address the ongoing health crisis is being balanced with data-protection rights in Italy, France, and Germany.
Trainee associate Valeria Gaikovich contributed to this post.
Following adoption of the law on the preinstallation of Russian software on electronic devices in December 2019, the Russian Federal Antimonopoly Service (FAS) has developed draft guidelines to determine the types of electronic devices that will be subject to the new regulations, as well as the deadlines and procedures for the preinstallation of domestic software. The draft guidelines will not apply to electronic devices manufactured or released into circulation in Russia before July 1, 2020.
According to the draft guidelines, as of the dates set forth below, all touchscreen electronic devices with two or more functions (e.g., smartphones, tablets, smart watches) must have the following apps preinstalled:
The United States and the United Kingdom entered into the world’s first ever Clarifying Lawful Overseas Use of Data Act (CLOUD Act) agreement on October 3, 2019 (the Agreement). The Agreement, which will enter into force later this year after review by lawmakers in both countries, allows each country’s law enforcement agencies to demand, with proper authorization, electronic data regarding serious crime (defined in Article 1 of the Agreement as an offense punishable by a maximum term of imprisonment of at least three years) directly from technology companies based in the other country.
The German Federal Office for Information Security (BSI) has determined the suitability of an industry-specific security standard (B3S) with which hospitals can align their IT security measures. The B3S standard was developed by the German Hospital Association (DKG).
The EU Commission issued its report on the third annual review of the functioning of the EU-US Privacy Shield (Privacy Shield) on October 23. The annual review and corresponding report is required of the Commission by the its July 2016 adequacy decision in which it found that the Privacy Shield ensures an adequate level of protection for personal data that has been transferred from the European Union (EU) to the United States. The goal of the review is to evaluate and publicly report on all aspects of the functioning of the Privacy Shield Framework.