In our March 2024 blog post Study Finds Average Cost of Data Breaches Continued to Rise in 2023, we highlighted the key findings of the Ponemon Institute’s Cost of a Data Breach Report 2023. Each year, the report sets forth a vast dataset analyzing data breaches at hundreds of organizations to spot trends and developments in security risks and best practices. The Ponemon Institute recently published its Cost of a Data Breach Report 2024, showing an increase in data breach costs in many areas of business.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
We are excited to welcome Mathilde Carle as a partner in Morgan Lewis’s Paris office and as a guest contributor to our Tech & Sourcing Spotlight series to discuss intellectual property (IP) protection and other related issues in agreements to design, build, license, host, and support digital solutions, including automation, AI, and software as a service (SaaS) products.
As noted in our recent blog, business process outsourcing (BPO) providers are promising big savings and improved outputs tied to the design and implementation of digital solutions that will monitor, quality check, facilitate, and sometimes perform the applicable business processes.
Data issues—collection, usage, optimization, commercialization, and protection—are at the forefront of more and more transactions in the sports industry.
Artificial intelligence (AI) is reshaping modern society, enabling the automation and modification of routine human activities and, consequently, enhancing efficiency and productivity. Like any technological development, AI presents both benefits and risks. Concerns include potential biases, privacy intrusions, and ethical dilemmas.
While artificial intelligence has not quite yet achieved singularity, the last fortnight brought about a substantial update to the AI regulatory landscape. As of February 2, Chapters I and II of the EU AI Act have entered into force. This includes Article 5, which prohibits certain AI systems whose use may intrude upon an individual’s privacy. This includes certain AI systems relating to emotion recognition in the workplace, subliminal manipulation, and predictive policing. Separately, EU AI Act obligations relating to AI literacy have also gone into effect.
In our latest blog post, we shared a few considerations for compliance in the context of complex outsourcing contracts. Continuing on this theme, we take a look into the matter of data protection compliance.
Mike Pierides and James Mulligan co-authored an article in the Journal of Securities Operations & Custody which explores key themes of outsourcing and third-party risk management regimes that apply to financial entities and their service providers. The article serves as a compendium of key differences between regulatory expectations on resiliency and outsourcing, highlights key best practices and challenges to implementing these expectations, and, finally, considers the impact of artificial intelligence solutions on such regulatory expectations.
On January 14, the UK government published a consultation on new measures to tackle the increasing threat of ransomware attacks. Ransomware is malicious software (malware) that infects a victim’s computer system and prevents the victim from accessing IT systems, significantly impairs their use of ICT systems, and/or facilitates the theft of sensitive data. A ransom is then demanded for restoration of use and/or data and, as we previously noted, the cost of ransomware attacks is increasing nearly 20% year-on-year.
European regulators recently published clarifications on the scope of ICT services under the EU Digital Operational Resilience Act (DORA), prepared by the European Commission, which confirms previous guidance and enables financial entities to take out of scope certain services which form part of regulated financial services.