TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
With the COVID-19 pandemic, many industries experienced a major shift in how the personnel of key suppliers worked, with “nonessential” personnel in large part working remotely. When this shift to remote work first happened (rather abruptly for many companies), security was a critical consideration, but one that was handled in many instances outside the supplier contract, with both parties focusing on keeping business operations going with must-have data and security safeguards in place.
As we all try to keep up with the Metaverse and as the healthcare system wilts under a data deluge, the convergence of realities in a shared online space is not merely a chance for practitioners and patients to find each other and interact in new ways, it’s also a rare opportunity to help a new paradigm sprout. The answers to detangling some sticky wickets of Health 2.0, like ensuring efficient, secure communications and exchanges between participants, may share a common thread: clear out (not just debug) the cobwebs and flip the crypt.
When two parties engage in a merger or acquisition, there are several processes that must take place before the transaction can be completed, including due diligence of the seller’s assets—and particularly the seller’s relevant and material intellectual property (IP).

Join partners Mark L. Krotoski, Charles M. Horn and associate Martin Hirschprung at 1:00 pm ET on March 15, 2022 as they provide a summary of the existing and developing requirements faced by “banking organizations” following the publication of a final rule to notify their primary federal regulator within 36 hours in the event of certain kinds of computer-security-related incidents.

The German Conference of DPAs (the DSK) has released new (legally non-binding) detailed Guidelines dated February 18, 2022 with respect to direct marketing in Germany.
As technology and the use of the internet continue to evolve, lawmakers remain focused on setting a legal framework for businesses operating “online” in Russia. In 2021, the Russian regulatory landscape underwent significant changes, which will no doubt have an impact on how tech and media companies conduct their business in Russia.
We have heard time and time again that we should not reuse passwords across accounts—if a cybercriminal were to obtain access to the password of one account, they could then use such password to access multiple accounts. This use of stolen passwords and other credentials has led to a rise in credential stuffing attacks. A new guide released this month by New York Attorney General Letitia James investigates the rise in credential stuffing attacks and best practices designed to prevent such attacks.

As we start 2022, as part of our Spotlight series, we connect with Reece Hirsch, the co-head of Morgan Lewis’s privacy and cybersecurity practice, to discuss the recent policy statement issued by the US Federal Trade Commission regarding the Health Breach Notification Rule and how it applies to health app developers that handle consumers’ sensitive health information. Our Tech & Sourcing @ Morgan Lewis blog also published a summary of the policy statement.

As 2021 comes to a close, we have once again compiled all the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips.