TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

London partner Pulina Whitaker recently published a LawFlash discussing how the United Kingdom’s exit from the European Union will make the UK a “third country”—meaning that unrestricted cross-border transfers of data will no longer automatically be able to take place between the UK and the EU—and considers whether the UK will be “adequate” after Brexit.

The first edition of Blockchain & Cryptocurrency Regulation 2019, published by Global Legal Insights, provides in-depth analysis of the developing arena of the regulation of blockchain and cryptocurrency, and country-by-country analysis of issues including government attitudes and definition, cryptocurrency regulation, sales regulation, taxation, money transmission laws and anti-money laundering requirements, promotion and testing, ownership and licensing requirements, mining, and border restrictions.

Continuing the firm’s thought leadership in this emerging field, Morgan Lewis lawyers Vasilisa Strizh, Anastasia Kiseleva, and Dmitry Dmitriev have written the chapter providing insight on the approach in Russia.

President Donald Trump signed the NIST Small Business Cybersecurity Act, S. 770 (formally known as the “Min Street Cybersecurity Act”) into law on August 14.

The new act amends the National Institute of Standards and Technology Act requiring it within the next year, in consultation with the heads of other appropriate federal agencies, to “disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks” and to require the National Institute of Standards and Technology (NIST) to consider small businesses when it “facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.”

As detailed in a prior blog post, California’s new privacy law, commonly referred to as the CCPA, seeks to impose tougher privacy requirements on companies that collect and use consumer data. Although the law does not go into effect until 2020, California’s attorney general has already called into question his office’s ability to comply with the operational obligations of the CCPA and raised questions about its potential modification of California’s Unfair Competition Law, and businesses are working to find ways to narrow their impending disclosure obligations prior to the law’s enactment. Concerns about the breadth of the law and the ability to enforce it will continue to be weighed against the current push to expand consumer privacy protection.

The US Department of Homeland Security (DHS) hosted the first National Security Summit on July 31 in New York City. In attendance were US Vice President Mike Pence, senior members of the DHS and other federal agencies, as well as industry leaders from sectors including telecom, finance, and energy. One of the major announcements to come out of this summit was the formation of the National Risk Management Center, including a new supply chain risk management task force.

The World Bank announced on August 10 that 70 years after its first bond transaction, it will be issuing the first bond to use entirely blockchain technology, in part to help the bank gain experience in the use of blockchain. The World Bank’s innovation lab partnered with the Commonwealth Bank of Australia (CBAUF) and Microsoft on this endeavor almost a year in the making.

Blockchain is a growing list of records, or “blocks” linked using cryptography and resistant to modification since it is essentially an open, distributed ledger that can record transactions between two parties efficiently and verifiable in a permanent way. This means that once data is recorded, the data in a block cannot be altered without altering all later blocks, which requires majority consensus of the network. Just imagine all the people around the world agreeing to verify a single block and all subsequent blocks!

This July, the 2018 Cost of Data Breach Study: A Global Overview was released as an independent study by Ponemon Institute, LLC, sponsored by IBM Security. The study breaks down the rising costs of data breaches and the likelihood of an organization experiencing a future data breach, with information derived through interviews with more than 2,200 professionals from 477 organizations that have experienced a breach in the last 12 months.

The study does not focus on “mega breaches,” which are breaches that exceed 1 million records. However, for the first time this year the annual study offers separate insights into data breaches that resulted in the exposure of more than 1 million compromised records:

  • Mega breaches of 1 million records yield an average total cost of $40 million
  • Mega breaches of 50 million records yield an average total cost of $350 million

Moscow partners Anastasia Dergacheva and Brian L. Zimbler and associate Kseniya Lopatkina recently published a LawFlash on the new rules in Russia for platforms that aggregate information from online stores. Federal Law No. 250-FZ, signed on July 29, 2018, provides additional protection for consumers acquiring goods and services through online platforms. For more information on the effects of this new law, read the LawFlash.

The Pittsburgh session of the annual Cyberlaw Update for the Pennsylvania Bar Institute (PBI) will take place on Tuesday, July 17. Moderated by Morgan Lewis partner Peter Watt-Morse, the update enters its 21st year and this year’s seminar will focus on current hot-button issues including blockchain and cryptocurrency and security and privacy concerns related to social media, IOT, GDPR, and the Dark Web.

Speakers at the all-day event include Mr. Watt-Morse and of counsel Emily Lowe, who will be speaking on privacy and security concerns regarding social media from both a policy and regulatory standpoint in the wake of the disclosures related to Cambridge Analytics; and associate Ben Klaber who will be reviewing such concerns as they apply to the burgeoning market of Internet of Things (IoT) devices.

In Part 1 of this two-part series, we discussed some of the Federal Aviation Administration (FAA) requirements for commercial use of unmanned aerial vehicles (also known as UAVs or drones). In this Part 2, we discuss some of the other considerations that commercial drone operators must consider, including privacy laws, local regulation, and certain business considerations.

Drones and Privacy Laws

At present, there are no federal laws specifically regulating drone use and privacy. The FAA was tasked with drafting a comprehensive rule for drone use. Some have interpreted the FAA’s mandate to include a requirement to implement privacy protections. The FAA, however, has taken the position that it is a safety regulator and privacy issues are outside its authority. In the meantime, the National Telecommunications and Information Administration (NTIA) worked with various stakeholders in 2016 to publish its Voluntary Best Practices of UAS Privacy, Transparency and Accountability. These best practices are specific to drone use and are not a legal standard. Nonetheless, drone operators should be aware of potential liabilities for violating any policies they adopt that go beyond the minimum legal standards.