New York’s Department of Financial Services (DFS) issued guidance on April 13 alerting regulated entities of the significant increase in cybercrime during the coronavirus (COVID-19) pandemic.

Specifically, DFS noted several cybersecurity risks resulting from the realities of a remote workforce. With the increase of remote working, companies have issued new devices to employees and in many cases allow employees to use their personal devices to remotely access company information. These practices understandably subject companies to increased risk of phishing attacks and the leak of confidential information. Remote connections need to be as secure as possible using mechanisms like Multi-Factor Authentication and secure VPN connections so that data is safely and properly encrypted in transit. Regulated entities should be sure that all devices have the necessary and proper security software and that employees are trained properly on how to use applications securely.

Read More

Please join us in our Philadelphia office for our annual Technology, Outsourcing & Commercial Contracts Networking Roundtable. The roundtable will feature an in-depth discussion of hot topics relating to the increased connectivity of our businesses, including privacy concerns, data rights, cloud solutions, and contracting for the use of connected devices. Stay connected with us at the networking reception following the discussions.

We hope you’ll join us in Philadelphia on Thursday, April 16, 2020, from 3:30–5:30 pm ET.

Register now >>

Please join us for an in-depth discussion of subcontracting provisions and their effect on commercial transactions with technology, outsourcing, and commercial transactions of counsel Emily Lowe. Topics will include:

• Flow-down obligations
• Royalties and compensation
• Termination

We hope you’ll join us on Wednesday, March 11, 2020, from 12:00–1:00 pm ET.

Register now >>

Please join us on February 26 for the next installment of the Morgan Lewis M&A Academy, where technology, outsourcing, and commercial transactions partners Mike Pierides and Anastasia Dergacheva, and intellectual property partner Ksenia Andreeva will discuss the intricacies of drafting data protection provisions in outsourcing and other services transactions.

Read More

Please join us on February 25 for the next installment of the Morgan Lewis M&A Academy, where technology, outsourcing, and commercial transactions partners Vito Petretti and David G. Glazer will discuss key considerations in structuring and negotiating transition services agreements in the context of M&A transactions.

Read More

Morgan Lewis has recently issued several LawFlashes on the 2019 Novel Coronavirus (COVID-19) outbreak, providing a number of resources for businesses across the globe dealing with various compliance challenges and unanswered questions. In this rapidly changing situation, for example, employers must carefully balance concerns related to employee and public safety with protecting employees from unnecessary medical inquiries, harassment, and discrimination.

To help guide companies through this multifaceted public health crisis, Morgan Lewis has launched Responding to the 2019 Novel Coronavirus to keep on top of developments as they unfold.

Read More

Please join us on February 18 for the next installment of the Morgan Lewis M&A Academy, where technology, outsourcing, and commercial transactions partner Doneld G. Shelkey, litigation partner Ezra D. Church, and labor and employment partner Lee Harding will discuss key privacy and security issues in both corporate and commercial contexts. Topics will include:

• Regulated industries
• Impact on cross-border deals
• Security issues in M&A deals
• Privacy issues in M&A deals

The Morgan Lewis M&A Academy, a 24-part series of tailored webinars led by a diverse team of firm lawyers, provides a comprehensive M&A overview and is ideal for learning about the latest M&A issues and developments. It is geared not only toward M&A professionals but also toward specialists with particular areas of focus (e.g., benefits, intellectual property, tax), whether they deal with M&A issues regularly or occasionally.

We hope you’ll join us on Tuesday, February 18, 2020, from 12:30–1:30 pm ET.

Register now >>

The EU Council Presidency on September 18 put forward to member states an 88-page compromise proposal on the Eprivacy Regulation with considerable changes and amendments. There are several proposed changes to the provisions on email marketing and cookie use that we think readers may find relevant. Here is the proposal of the Finnish Presidency. The main areas that were modified by the current proposal are:

• Email marketing
• The definition of direct marketing
• Procedures around direct marketing calls
• End user consent for cookies

Read More

The Pittsburgh session of the annual Cyberlaw Update for the Pennsylvania Bar Institute (PBI) will take place on Tuesday, July 17. Moderated by Morgan Lewis partner Peter Watt-Morse, the update enters its 21st year and this year’s seminar will focus on current hot-button issues including blockchain and cryptocurrency and security and privacy concerns related to social media, IOT, GDPR, and the Dark Web.

Speakers at the all-day event include Mr. Watt-Morse and of counsel Emily Lowe, who will be speaking on privacy and security concerns regarding social media from both a policy and regulatory standpoint in the wake of the disclosures related to Cambridge Analytics; and associate Ben Klaber who will be reviewing such concerns as they apply to the burgeoning market of Internet of Things (IoT) devices.

Read More

The Hamburg Data Protection Agency (DPA) recently fined three companies for not having appropriate replacements for the Safe Harbor in place after the expiration of the permitted grace period. While the amounts of these fines are not particularly concerning, the precedent and potential for future, more burdensome fines is significant.

As we discussed in a previous post, in the landmark case Maximillian Schrems v. Data Protection Commissioner, the European Court of Justice (ECJ) ruled that the Safe Harbor program (which had dictated the conditions of the transfer of personal data from the European Union to the United States since 2000) is invalid. The European DPAs granted companies a transitory period to migrate from the Safe Harbor to other legal tools for their international data transfers, in particular by implementing Binding Corporate Rules (BCRs) or the Model Contractual Clauses. This transitory period expired in February. Since that time, some proactive DPAs, including the Hamburg DPA in Germany, have launched their own inquiries to ensure that the companies under their jurisdiction are in compliance.

Read More