Choose Site

The Illinois Biometric Information Privacy Act (IBIPA) has been grabbing headlines of late as class action lawsuits under IBIPA’s private right of action are piling up, but an Illinois state appeals court recently held that a plaintiff “must allege some actual harm,” potentially stemming the flood of litigation.


Noting that biometric identifiers are biologically unique and permanent (unlike, for example, passwords) and thus irreparably problematic if compromised, IBIPA regulates the collection, retention, disclosure, and destruction of biometric identifiers and biometric information.

Under the statute, “biometric identifiers” are retina or iris scans, fingerprints, voiceprints, and hand or face geometry scans. Some exceptions, such as writing samples, written signatures, and physical descriptions, are specifically listed. The second category of regulated data, “biometric information,” broadly includes any information “based on an individual’s biometric identifier used to identify an individual.” Companies, therefore, can’t evade the purview of the law by converting a biometric identifier into a new identifier—say, a unique number.

On Thursday, June 22, Morgan Lewis partners W. Reece Hirsch and Mark L. Krotoski and associate Jacob J. Harper will discuss best practices for defending against data breaches involving protected health information. Topics will include the following:

  • Implementing an effective security breach response plan
  • Responding to the threat of ransomware such as WannaCry
  • Lessons learned from recent Office for Civil Rights (OCR) enforcement actions
  • What the HIPAA Phase 2 audits can tell us about OCR’s breach response expectations

Learn more and register >

On October 6, Federal Communications Commission (FCC) Chairman Tom Wheeler released a factsheet outlining proposed rules aimed at protecting broadband consumers’ privacy. The proposed rules would apply to internet service providers (ISPs) and cover data collection, usage, security, and breach notification.

If adopted, ISPs would need to notify their consumers about the types of data being collected, when and how collected consumer data can be shared, and the types of entities with which ISPs can share the information. ISPs would also be required to adopt reasonable measures to protect consumer data from data breaches and other vulnerabilities.

As of September 30, Russian state authorities now reject tender submissions for supply of certain foreign electronic equipment if there are two concurrent submissions for supply of locally produced equipment. The ban applies to 113 types of equipment, including personal computers, printers, memory cards, mobile and landline phones, TV sets, cameras, microphones, and cash and ATM machines.

Electronic equipment may qualify as local if it is produced under a special investment contract between an investor and federal or regional government or if it is fully manufactured or significantly reprocessed in Russia. Some additional localization criteria specific for certain equipment also applies.

As part of our Sourcing and Technology Lunchtime Series, partners Michael Pillion and Peter Watt-Morse recently spoke during their webinar “The Next Frontier: How Robots and Automation are Changing Outsourcing and Technology Agreements.”

The webinar highlighted the emerging market for robotic process automation and artificial intelligence software and the adjustments to services, pricing models, and contractual provisions that arise from adopting this technology.

Listen to the webinar and review the PowerPoint presentation >>

Last week, Morgan Lewis kicked off the sixth annual Technology May-rathon, a series of over 20 programs focusing on critical trends, developments, and issues in the technology industry.

This year’s programming includes a variety of webinars and panel discussions that highlight key topics such as privacy and data security, telehealth, the new EU General Data Protection Regulation, encryption, digital health products, telecom transactions, employment law issues, copyright infringement, and e-commerce. There are two webinars scheduled for this week, and the series continues with programs throughout the month of May.

Be sure to check out the complete schedule of events where you can register for the programs that interest you.

For good observations on outsourcing developments and expectations for the biopharmaceutical industry, check out the recently released results of the 2014–2015 Pharmaceutical and Biotechnology Survey from the appropriately named Nice Insight.

The survey results show that the average number of services outsourced per company and total outsourcing expenditures in the biopharma industry continued to increase in 2014. A primary driver of the increased spending was found to be a decreased emphasis on affordability as a factor when companies select a provider. Nice Insight interprets these results as consistent with a new pattern in biopharma outsourcing: rather than focusing on the bottom line, companies are aiming to obtain scientific expertise not possessed in-house in more of a true partnership model of outsourcing.

As a result of new regulations, the Food and Drug Administration (FDA) has greater authority to regulate drug manufacturers for failing to have adequate controls around supply chain management, including the authority to impose penalties. This authority is derived from new part 711 of the Food and Drug Administration Safety and Innovation Act, which was signed in 2012 to expand the FDA’s authorities and strengthen its ability to safeguard public health.