TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

The California Consumer Privacy Act (CCPA) was signed into law this summer, as described in our prior post and this LawFlash. The CCPA creates a variety of new consumer privacy rights and will require many companies to reassess and modify their business processes in the collection and use of personal information. This comprehensive new privacy law, similar in some ways to the EU’s General Data Protection Regulation (GDPR), will therefore require many organizations doing business in California to implement new policies and procedures to be in compliance by the January 1, 2020, deadline.

The landmark CCPA is also a work in progress. To help guide companies and institutions through the challenges presented by the CCPA, Morgan Lewis has set up a CCPA resource center that will be continuously updated with content as new developments arise.

One such development is a recent set of amendments passed by the California Legislature. To help explain the current state of the CCPA, the recent amendments, and issues that remain to be debated and clarified, our colleagues Reece Hirsch, Mark Krotoski, and Carla Oakley will be hosting a webinar on October 16 at 1:00–2:00 pm ET.

We hope you register for this webinar and visit the CCPA resource center to stay up to date on important developments in this new regulatory environment.

London partner Pulina Whitaker recently published a LawFlash discussing how the United Kingdom’s exit from the European Union will make the UK a “third country”—meaning that unrestricted cross-border transfers of data will no longer automatically be able to take place between the UK and the EU—and considers whether the UK will be “adequate” after Brexit.

The first edition of Blockchain & Cryptocurrency Regulation 2019, published by Global Legal Insights, provides in-depth analysis of the developing arena of the regulation of blockchain and cryptocurrency, and country-by-country analysis of issues including government attitudes and definition, cryptocurrency regulation, sales regulation, taxation, money transmission laws and anti-money laundering requirements, promotion and testing, ownership and licensing requirements, mining, and border restrictions.

Continuing the firm’s thought leadership in this emerging field, Morgan Lewis lawyers Vasilisa Strizh, Anastasia Kiseleva, and Dmitry Dmitriev have written the chapter providing insight on the approach in Russia.

Nearly every form of service agreement contains a provision restricting the ability of one or both parties to subcontract their obligations. A typical provision (with a standard quick and dirty markup) might look like this:

“Vendor shall not subcontract any of its obligations under this Agreement without the express prior written consent of Customer, which such consent shall not be unreasonably withheld. The subcontractors set forth on Schedule X are hereby approved by Customer.

These limitations are often included as a standard part of the legal boilerplate without much thought, but can present significant problems, especially given the broad use and incorporation of third-party technologies and services.

It seems that there are many forces at play that are almost designed to create or exacerbate change anxiety. Professionals in industries whose business models depend on stoking our change anxiety bombard us with article after article on social media. Industry conferences that consistently display whichever adoption curve you’re supposed to be on at the moment—hinting that you’re seriously behind where you should be, with the looming possibility that you’re about to go out of business because of it. Yesterday it was the cloud, today it’s RPA and AI (or IA depending upon whom you ask), and tomorrow it will be something else.

But even with all of this change coming at us, perhaps most troubling is that feeling that if you just stop for a minute to think and reflect, you may be labeled as entrenched, unwilling to adapt, a dinosaur, or something worse.

The transformational programs that we work on tend to reveal many of the stresses that permeate our clients’ professional lives. In deal work, one of the first places you see this is when a request for proposal (RFP) is being drafted that is supposed to reflect a progressive vision.

President Donald Trump signed the NIST Small Business Cybersecurity Act, S. 770 (formally known as the “Min Street Cybersecurity Act”) into law on August 14.

The new act amends the National Institute of Standards and Technology Act requiring it within the next year, in consultation with the heads of other appropriate federal agencies, to “disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks” and to require the National Institute of Standards and Technology (NIST) to consider small businesses when it “facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.”

As detailed in a prior blog post, California’s new privacy law, commonly referred to as the CCPA, seeks to impose tougher privacy requirements on companies that collect and use consumer data. Although the law does not go into effect until 2020, California’s attorney general has already called into question his office’s ability to comply with the operational obligations of the CCPA and raised questions about its potential modification of California’s Unfair Competition Law, and businesses are working to find ways to narrow their impending disclosure obligations prior to the law’s enactment. Concerns about the breadth of the law and the ability to enforce it will continue to be weighed against the current push to expand consumer privacy protection.

The US Department of Homeland Security (DHS) hosted the first National Security Summit on July 31 in New York City. In attendance were US Vice President Mike Pence, senior members of the DHS and other federal agencies, as well as industry leaders from sectors including telecom, finance, and energy. One of the major announcements to come out of this summit was the formation of the National Risk Management Center, including a new supply chain risk management task force.

Website terms of use are often copied and pasted from other sites, and viewed as “standard” or “boilerplate” terms to protect site operators and set forth the basic rules governing the relationship between the site operator and the user. It’s important for a site operator to make sure these terms give it the protections it needs, are enforceable, and comply with laws, so from time to time the terms should be reviewed and updated to align with the business practices of the site operator and applicable law.

A frequent point of contention between parties negotiating the allocation of risk related to intellectual property rights in connection with the acquisition of intellectual property is the interplay between the warranty and indemnification sections. Below we break down what to look for in these sections and how minor changes in the language can significantly change the rights a party is granting or receiving.

Intellectual Property Warranties

An intellectual property warranty generally provides that the intellectual property rights being licensed or assigned constitute all intellectual property rights owned or controlled by a party prior to the effective date of the transaction, and that those rights are all the rights necessary for the conduct of the business (as it is currently conducted) after the effective date of the transaction. A warranty may also go on to say such intellectual property does not infringe third-party intellectual property rights. The following versions of this clause demonstrate how this clause can be worded to strengthen or weaken the warranty.