We have already discussed the increase in data breaches and the need to include data breach provisions in outsourcing contracts, but what should those provisions cover? Below is a list of questions you should ask when choosing how your outsourcing contract will address data breaches:

  • What happens when one party discovers a breach? Typically, the obligation would be to promptly report the breach’s occurrence to the other party, thoroughly investigate what happened, and then disclose the results to the other party.

Recent headlines suggest, and the experiences of most companies demonstrate, the truth about data breaches—they are almost inevitable. Companies have started to realize that it is not a question of if they will have a data breach, it is a question of when. More than 90% of companies responding to a recent survey said they had experienced a data breach in the last few years. Experience indicates that the other 10% may have been less than forthcoming or did not know about breaches that had occurred.

According to the Everest Group, Ukraine’s IT outsourcing industry has been growing by more than 10% annually, and now has more than 25,000 full-time employees. This growth is at risk, however, due to the situation in Ukraine, which is putting outsourcing customers’ services and data in danger of disruption and loss.

Snapchat, a popular smartphone application, recently settled with the Federal Trade Commission (FTC) over allegations that the app misrepresented material elements of its program to the public.

The fog is starting to lift for website operators who have been navigating under murky rules for months. California’s Office of the Attorney General recently published recommendations for meaningful online privacy policy statements, reflecting legislation passed in 2013 regarding “do not track” (DNT) signals. The overriding message for operators is to use clear and simple policies. However, as our firm recently reported, specifications for a uniform DNT Web browser mechanism have yet to surface.

After six months of being held up by the lumbering technology world, agile lawmakers see an end in sight. Wait, what?

Since California passed California Assembly Bill 370, commonly referred to as “Do Not Track” legislation, website operators have been struggling to determine what compliance entails. This is particularly troubling considering the law has been effective since January 1, 2014.

As part of Morgan Lewis's Technology May-rathon webinar series, Antitrust partners Will Tom, Clay Everett, and Jonathan Rich will discuss lessons from Bazaaarvoice/PowerReviews, Integrated Device Technologies/PLX Technology, and other challenges to high-tech mergers brought by the Department of Justice and Federal Trade Commission in recent years.

This webinar will be held today, Thursday, May 15, from 1 to 2 p.m. Sign up here >

As the European Union (EU) and Asia-Pacific Economic Cooperation (APEC) issue new rules on data protection, companies need to ensure their policies comply with the applicable regulations in this ever-changing landscape. The increasing requirements placed on companies bring to mind a famous quote: “With great power comes great responsibility.” Yes, Spiderman’s Uncle Ben said that, but the quote has particular applicability to the circumstances faced by multinational companies that have now been equipped with technology to transmit and access data across the world in the blink of an eye. Various data protection requirements have accompanied this “great power” of data transfer, particularly with respect to the transfer of personal data.

Australian businesses and agencies should take note of amendments to Australia’s Privacy Act, which regulates how organizations collect, handle, and disclose personal information within Australia. The new amendments, which took effect on March 12, are described below.

Who is covered under the amended act?

The Privacy Act applies to any private sector business that has a turnover of greater than AUD3 million (USD2.7 million) or that handles personal information for a benefit, service, or advantage or any entity that handles health or other sensitive information.

We hope our readers will join us for our annual outsourcing and commercial transactions event on April 10 at Morgan Lewis’s Philadelphia office. Topics discussed will include innovation and changing technologies, changing sourcing models, and screening requirements in outsourcing and services transactions. The event will offer opportunities to network with outsourcing and commercial transactions lawyers and sourcing professionals from the top companies in the region. Click here for more information.