Tech & Sourcing @ Morgan Lewis

Despite general awareness regarding phishing (we have written about phishing in a prior post), it still remains one of the most common ways to accomplish cyberattacks. It should be no surprise that cybercriminals are constantly coming up with more elaborate and sophisticated ways to gain access to sensitive systems and data. A recent CIO.com article lists three measures designed to deter phishing and related attacks, which we have summarized below.

The US Treasury Department has issued a request for public comment on a federal cyberinsurance program that would aim to cover the costs associated with severe cyberattacks. The Federal Insurance Office (FIO) and the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) are currently conducting a joint assessment for Congress. Because cyberattacks are occurring at such frequent rates, rates for cyberinsurance coverage have soared, making it difficult for businesses to afford coverage if it is even available. The proposed federal program would focus on critical infrastructure and be used as a backstop.

In a recent LawFlash, a team of Morgan Lewis lawyers reviewed the US Securities and Exchange Commission’s proposal for a new rule and rule amendments that, if adopted as proposed, would require registered investment advisers to meet certain requirements when outsourcing “Covered Services.” The rule includes heightened requirements for due diligence, monitoring, and reporting, including amendments to Form ADV.

The White House Office of Science and Technology recently published The Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People (the Blueprint), a set of five principles to help guide designers, developers, and deployers of AI in the design, use, and deployment of automated systems with the goal of protecting the public’s rights.

In any service relationship, continuity of service provider personnel often impacts service quality. Excessive personnel turnover on an account can negatively impact day-to-day operations and the ability to respond to issues. Assignment and management of personnel are primarily business issues that are the responsibility of the service provider. However, there are important provisions that can be included in service agreements that can help address these issues.

US President Joseph Biden issued an Executive Order On Enhancing Safeguards for United States Signals Intelligence Activities on October 7, which establishes safeguards relating to the handling of personal information in the course of signals intelligence activities. In this edition of our Spotlight Series, we welcome Morgan Lewis special legal consultant Dr. Axel Spies, based in Washington, DC, to discuss the scope of this Executive Order and its implications.

In this post, we discuss the various aspects of domain name registration in the United Arab Emirates (UAE).

Effective management of intellectual property is crucial in the contracting stages of technology projects. Various types of intellectual property can be subject to protection in an agreement and may receive different types of treatment. For example, copyright protection, patent protection, and know-how (trade secrets) are all subject to different rules when it comes to contracting.

The UAE enacted a new Federal Law No. 38 of 2021 concerning copyright and neighboring rights (New Law) that replaced the old Federal Law No. 7 of 2002 (Old Law) and came into force in January 2022. The New Law provides a clearer framework in an increasing digital environment for businesses.

In March 2022, President Joseph Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which tasked the Cybersecurity and Infrastructure Security Agency (CISA) with developing and implementing regulations around cyber incident and ransom payment reporting. Under the act, the CISA is to gather the information it receives from covered entities and analyze it to the extent that such information can be used to help identify ways to avoid similar incidents in the future, or minimize the harmful potential impacts.