The California Privacy Rights Act (CPRA) and Virginia Consumer Data Protection Act (VCDPA) took effect on January 1, 2023, establishing some of the most comprehensive consumer privacy rights within the United States. In this post we highlight these changes in law and provide a checklist to help companies comply with these new legal challenges.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
In our June 2021 blog post, Study Analyzes Costs of a Data Breach, we discussed the Ponemon Institute’s report setting forth a vast dataset that analyzed data breaches at hundreds of organizations to spot trends and developments in security risks and best practices. With the calendar turning to 2023, this blog looks at the increased costs of data breaches in 2022 to anticipate how negotiations for liability caps of such breaches may evolve in the new year.
The European Union (EU) Commission released its Draft Adequacy Decision for the EU-US Data Privacy Framework on December 13, which, in conjunction with President Biden’s executive order issued on October 7, will further facilitate trans-Atlantic data flows. The Draft Adequacy Decision mirrors the executive order, which established safeguards relating to the handling of personal information in the course of signals intelligence activities. If and when adopted, the adequacy decision will impact contractual requirements and processes by restoring data flows through a new Trans-Atlantic Data Privacy Framework.
Despite general awareness regarding phishing (we have written about phishing in a prior post), it still remains one of the most common ways to accomplish cyberattacks. It should be no surprise that cybercriminals are constantly coming up with more elaborate and sophisticated ways to gain access to sensitive systems and data. A recent CIO.com article lists three measures designed to deter phishing and related attacks, which we have summarized below.
The White House Office of Science and Technology recently published The Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People (the Blueprint), a set of five principles to help guide designers, developers, and deployers of AI in the design, use, and deployment of automated systems with the goal of protecting the public’s rights.
US President Joseph Biden issued an Executive Order On Enhancing Safeguards for United States Signals Intelligence Activities on October 7, which establishes safeguards relating to the handling of personal information in the course of signals intelligence activities. In this edition of our Spotlight Series, we welcome Morgan Lewis special legal consultant Dr. Axel Spies, based in Washington, DC, to discuss the scope of this Executive Order and its implications.
Please join us on Thursday, October 27, 2022, at 3:00 pm ET as Morgan Lewis partner Jacob Harper and associates Tesch Leigh West and Sydney Swanson discuss the importance of managing and protecting healthcare data while controlling costs and coordinating care. Topics will include the different types of data sharing agreements and implications of HIPAA and the Anti-Kickback Statute.
The German Higher Regional Court of Karlsruhe (OLG Karlsruhe) recently repealed the July 13, 2022, decision of the Procurement Chamber of the German state of Baden-Württemberg that had argued that the mere risk of access to personal data stored in the European Union by US authorities would constitute a data transfer that would not comply with the EU General Data Protection Regulation (GDPR).
With the COVID-19 pandemic, many industries experienced a major shift in how the personnel of key suppliers worked, with “nonessential” personnel in large part working remotely. When this shift to remote work first happened (rather abruptly for many companies), security was a critical consideration, but one that was handled in many instances outside the supplier contract, with both parties focusing on keeping business operations going with must-have data and security safeguards in place.
As we all try to keep up with the Metaverse and as the healthcare system wilts under a data deluge, the convergence of realities in a shared online space is not merely a chance for practitioners and patients to find each other and interact in new ways, it’s also a rare opportunity to help a new paradigm sprout. The answers to detangling some sticky wickets of Health 2.0, like ensuring efficient, secure communications and exchanges between participants, may share a common thread: clear out (not just debug) the cobwebs and flip the crypt.