The UK government recently released a policy paper outlining proposed requirements for makers of Internet of Things (IoT) devices to take certain actions to better protect IoT devices from growing cybersecurity threats. Secure by Design: Improving the cyber security of consumer Internet of Things Report was released by the UK’s Department for Digital, Culture, Media & Sport and contains a draft Code of Practice for manufacturers of consumer IoT devices and services.

On Monday, March 5, Morgan Lewis partners Barbara Murphy Melby and Anastasia Dergacheva and associates Ksenia Andreeva and Valentina Semenikhina will present on the webinar “Spotlight Russia: A Briefing for Russian Companies on Key Contracting Issues in Software and IT Services Transactions,” where they will discuss key issues that companies in Russia should consider when contracting for software and technology services. Topics will include the following:

  • A review of the top 20 issues to consider when licensing commercially available software
  • Tips on drafting performance and ownership provisions consistent with business requirements that also protect the company’s interests
  • A primer for the company considering outsourcing as a business strategy

Learn more and register >

If you’re like most business leaders, according to a recent survey conducted by Ernst & Young, the privacy compliance elephant in the room should no longer be ignored.

As we previously discussed, the General Data Protection Regulation (GDPR) will take effect in May 2018, significantly changing how companies may collect and use personal data about web users in Europe. Although the May deadline is rapidly approaching and the penalties for GDPR violations—up to the greater of 4% of the company’s global revenue or 20 million Euros—are by no means trivial, it seems that executives around the world are perfecting their ostrich impersonations. Survey findings include that only one-third of respondents have GDPR compliance plans in place. In the Americas and the Asia Pacific, where less than 15% of respondents indicated their GDPR readiness, procrastination is astoundingly acute.

As 2017 comes to a close, we have once again compiled all the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips. If you don’t see a topic you are interested in below, please let us know, and we may feature it in a future Contract Corner. These posts cover many different provisions and aspects of drafting commercial, outsourcing, and technology contracts:

Assignment and Delegation

Data owners and processors are working hard to make sure they have compliance programs in place by the time the European Union’s General Data Protection Regulation (GDPR) goes into force on May 25, 2018. To that end, a new resource was released last week to help evaluate the level of data protection offered by cloud service providers (CSPs).

On November 21, the Cloud Security Alliance (CSA), an organization dedicated to defining and raising awareness of best practices for a secure cloud computing environment, released the CSA Code of Conduct for GDPR Compliance (CoC) to provide CSPs and current and potential cloud customers with guidance on compliance obligations under the GDPR. The CSA also launched the GDPR Resource Center, a “community-driven website with tools and resources to help educate” CSPs and enterprises on the GDPR.

In a positive development for companies relying on transatlantic data transfers, the European Commission (the Commission) recently announced that one year into the program, the EU-US Privacy Shield framework is functioning as intended.


The Privacy Shield is a framework between the United States and the European Union (and the United States and Switzerland) that arranges for the protection of personal data that is transferred from the European Union to the United States for commercial purposes. The Privacy Shield was borne out of the Shrems case where the European Court of Justice invalidated the prior Safe Harbor framework designed to protect personal data transferred from the European Union to the United States

Morgan Lewis partner Rahul Kapoor and associate Parikhit Sarma will serve as panelists at the Indian Corporate Counsel Association’s International Summit. Rahul will chair the panel titled “Standard Setting Organizations and Standard Essential Patents,” while Parikhit will speak on “Managing Risks In M&A – Perspective From India and Overseas.”

October 5, 2017
9:00–9:30 am | Registration
5:15–6:00 pm | Standard Setting Organizations and Standard Essential Patents

October 6, 2017
11:00–12:00 am | Managing Risks In M&A – Perspective From India and Overseas

The Leela Palace
Africa Avenue, Chanakyapuri, Diplomatic Enclave
New Delhi, Delhi 110023, India

The General Data Protection Regulation (GDPR), EU legislation that will take effect in May 2018, will drastically change how companies can collect and use personal data about web users in Europe. Among other things, the GDPR will require that users browsing the internet give unambiguous consent to the collection of their personal data every time they visit websites.

The top seven India-based outsourcing companies received approximately 7,000 new H-1B visa petitions for initial employment in fiscal year 2016, representing a decrease of 37% between fiscal year 2015 and fiscal year 2016, according to a report published by the National Foundation of American Policy (NFAP). Each year, 85,000 H-1B visas, reserved for highly skilled foreign workers, are available, and due to heavy demand, they are awarded by lottery. In recent months the H-1B program has come under scrutiny by US President Donald Trump and members of Congress.