Articles Posted in Regulatory and Compliance

Under the previous 1981 Transfer of Undertakings (Protection of Employment) Regulations 1981 (TUPE) and the EU Acquired Rights Directive (ARD) it was not clear whether the definition of a relevant transfer caught “outsourcing” activities where there was a change of service providers or a contracting in or out of services. The UK and European courts used a number of factors to decide whether there was a “transfer of an undertaking” within the meaning of TUPE 1981, which led to a number of conflicting case law decisions on this point.

TUPE 2006 Regulations sought to address the difficulties in applying TUPE 1981 to outsourcing activities by extending the definition of a relevant transfer to include situations where:

• there was a “service provision change” for outsourced or in-sourced activities, or

The U.S. Department of Defense, General Services Administration and the National Aeronautics and Space Administration (NASA) have issued a proposal to amend the Federal Acquisition Regulation (FAR) implementing Executive Order 13495 , which will require government contractors that take over service work from other companies to offer jobs to certain categories of the predecessor’s employees.

The presidential order is intended to aid procurement efficiency and mitigate transition risk by preserving the service continuity of the predecessor’s employees, if the contract is awarded for the same or similar work in the same location. There are many similarities with the long standing protections offered to citizens of the European Union, whose jobs are protected in certain circumstances by the Acquired Rights Directive (ARD). Under the ARD, an employee’s job is safeguarded by requiring a successor contractor to hire the employee from its predecessor on substantially the same terms and conditions (e.g., salary, benefits, years of services) as the employee enjoyed with its predecessor. Notably, the ARD applies to private sector outsourcing transactions, not just to government contracts as is the case under the proposed FAR regulations.

For any company that has sought to outsource its IT or BPO functions on a global basis, the implications of the ARD are impossible to ignore. It requires suppliers to conduct substantial due diligence on the customer’s HR policies and personnel before signing an outsourcing deal, and to make offers to its predecessor’s employees as opposed to using its own employees to perform the services. As a result, the supplier must factor the cost of hiring the new personnel into its solution, and in turn, pass that cost back as a charge to the customer. Although the consequences vary from country to country, ARD non-compliance violations can result in hefty fines for both customers and suppliers as well as potential criminal liability for certain breaches of consultation requirements in countries such as France.

Back in 1999 Kevin Ashton, the British technology pioneer and cofounder of Auto-ID Center at MIT (creators of the global standard system for radio-frequency identification (RFID)), coined the term, the Internet of Things, to describe “uniquely identifiable objects (things) and their virtual representations in an internet-like structure.” Put simply, the Internet of Things refers to networks of everyday objects such as phones, car and household appliances which are wirelessly connected to the internet through smart chips, and can collect and share data.

Now, well over a decade later, the European Commission has issued an online questionnaire which seeks views on the future regulation of the Internet of Things. The Commission sees both opportunity and threat from the exponential growth of interconnected networks, with 50 billion wirelessly connected devices predicted by 2020: “The Internet of Things holds the promise of significant progress in addressing global and societal challenges and to improve daily life. It is also a highly promising economic sector for sustainability, growth, innovation and employment. But it is likely to have a profound impact on society, in areas like privacy, security, ethics, and liability.”

Predicting a future where everyday objects are linked, the Commission has started to gather views on how best to design and shape a regulatory framework which operates in an open manner, enabling a level playing field, whilst ensuring an adequate level of control over the connected devices gathering, processing and storing information. Views on privacy, safety and security, security of infrastructure, ethics, interoperability, governance and standards are sought. Responses to the questionnaire are requested by 12 July 2012. The Commission’s recommendation on the Internet of Things is expected to be published by summer 2013.

The last outstanding requirement of the 2010 Massachusetts Data Protection Law relates to third-party service provider compliance and will take effect on March 1, 2012.

Section 17.03(2)(f)(2) of the Law mandates that entities holding Massachusetts’ residents’ personal information require their third-party service providers to contractually commit to implementing and maintaining security measures for personal information. The Law defines a service provider as

“any person that receives, stores, maintains, processes, or otherwise is permitted access to personal information through its provision of services directly to a person that is subject to [the Massachusetts] regulation.”

In the waning days of 2011, a measure was introduced in Congress directed at U.S. companies utilizing overseas call centers that may not have attracted much attention. However, given the current economic environment, industry press and at least one foreign government have taken note of the bill.

On December 7, 2011, a bipartisan group of Representatives introduced the United States Call Center Worker and Consumer Protection Act (H.R. 3596) (the “Bill”). The Bill specifically targets U.S. companies relocating call center operations overseas by (1) requiring them to disclose such action to the Secretary of Labor nearly six months prior to the relocation, and (2) making such companies ineligible for Federal grants or loans for a period of five years. Additionally, the Bill mandates that overseas agents fielding customer inquiries for U.S. businesses (regardless of whether the call center arrangement is new or already in existence) to disclose their physical location at the beginning of a communication.

While the Bill appears to be aimed at large customer call centers that field consumer complaints or inquiries, the Bill’s language could apply to instances where internal service help desks (i.e., non-customer facing) are moved overseas. It is not clear from the Bill’s language if these operations are intended to fall within the scope of the Bill but the language as currently drafted does not entirely foreclose the possibility.

With the same lack of fanfare that accompanied the April 13 release of the Reasonable Security Practices and Procedures and Sensitive Personal Information rules , today the Indian government released a clarification to those rules to address the most serious concerns arising from ambiguities in the original provisions.

As we noted in our previous post on the new rules, Pillsbury does not provide legal advice on Indian law, but we have been in contact with the Indian legal community and service providers with regard to the new rules.

The Press Note provided on the Indian government’s web site states:

For most enterprise customers, telecommunications regulation is a fact of life, requiring buyers to do what they can during negotiations to mitigate changes in state and federal law that could result in substantial cost increases during the term of the contract. Now, the Federal Communications Commission (FCC) is considering sweeping changes to mostly obscure rules concerning inter-carrier compensation and universal service that could have a large dollar impact on your future telecommunications purchases. These proposed changes come at a time when – and directly as a result of – enterprise customers are converging voice and data over Internet Protocol (IP)-based broadband networks and making greater use of wireless services.

Inter-carrier compensation is basically what carriers charge each other to originate or terminate traffic on another provider’s network. Telecommunications — including voice traffic that transits the public Internet or managed IP networks — is unique in that multiple service providers are usually required to complete a voice call. Rarely do calls (except possibly those in a corporate campus environment) originate and terminate on the same provider’s network. Compensation arrangements vary by geography and technology — with local traffic having one rate, intrastate calls a second rate and interstate calls a third rate. There is a separate compensation structure for wireless traffic, and IP-originated traffic (coming from broadband networks) has created another level of confusion (and a number of lawsuits). Per minute charges range from $0 to $.03 cents. The impact to large customers, is, ultimately, these costs are included within the rates charged to end users.

The FCC would like to rationalize these charges and eventually either make them go away all together or have them at a very low per minute rate — for example, $.0007 per minute, which has been accepted by many in the industry as the default rate for the termination of local traffic. The problem is that many mid-sized and smaller local phone companies claim to use these revenues to subsidize local rates in high cost-service areas. As these often rural local carriers offer more IP-based broadband services, questions arise whether these charges should continue at all.