Posted
By

Technology continues to infuse our homes, businesses, and places of employment. For example, the “Internet of Things” – as it is sometimes called – brings a lot of promise to a wide variety of industries and sectors, including farming, government, natural resources, and manufacturing. The list goes on.

Even though it often gets the (unwarranted) reputation as being slow to innovate, the real estate industry has joined the technological trend. Real estate developers, property managers, and construction firms are constantly on the lookout for new ways to incorporate the promises of new technology into the design, development, and maintenance of their projects and properties.

For example, automated parking garages have become an efficient way to maximize parking in markets where automobile space is at a premium. Some hotel chains are doing away with keys and permitting guests to access their rooms with smartphone apps. Homes and apartments are following suit. Construction firms are starting to gain FAA approval for drone use in connection with their projects. And finally, there is a smartphone app for just about every sector of the real estate industry.

Continue reading

Posted
By

Managed security services are often a natural “add-on” when outsourcing IT services given that data protection is integral to application development, software as a service, and cloud storage, among other services. More recently, managed security services has become a “niche” sourcing alternative that many companies are considering as they seek to leverage supplier’s expertise in cyber threat assessment, detection and response. One critical consideration to keep in mind prior to outsourcing your cybersecurity is that you cannot outsource your regulatory responsibilities. In a sense, you may hire a supplier to protect your and your clients’ data and cyber infrastructure to the degree required of your organization under the law, but if those legal standards are not met by the supplier, your organization remains liable.

Under U.S. laws such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act, the Federal Information Security Management Act (FISMA), executive orders and state-specific regulations, or the UK Data Protection Act, you may outsource day-to-day information management; you may not outsource your regulatory liability. If a breach occurs, your organization must notify your own clients, state Attorneys General and federal agencies, as applicable. Enforcement actions may be taken against your organization based on violation by a supplier, regardless of your organization’s knowledge, involvement, or lack thereof. For example, the Consumer Financial Protection Bureau (CFPB), a relatively new federal agency formed in 2011 under The Dodd-Frank Act, explicitly targets its enforcement powers at the conduct of both financial institutions and their service providers.

As of 2012, the CFPB announced that it expects “supervised banks and nonbanks to oversee their business relationships with service providers in a manner that ensures compliance with federal consumer financial law” and avoids harm to consumers. And what is one of the biggest risks of harm facing consumers in 2015? Loss or improper disclosure of consumers’ personal and financial data, which may occur over the Internet, via smart-devices and related applications, at merchant points of sale when making card payments, or even at the hands of a rogue employee within your organization or that of your supplier. If the CFPB investigates your organization, as a matter of course they will likely investigate your service provider(s), if any, and focus on areas of consumer data security and risk of identity fraud.

Continue reading

Posted
By

Commercial lawyers ink thousands of contracts every day. Faced with an ever-shortening business cycle, they often do not have the luxury of seeking perfection in the contracting process. Fortunately, very few contracts ultimately end up in a formal legal dispute, but when they do, the fine points of the terms and conditions can become pivotal to litigation success or failure. There are things we can do to increase the odds that our contracts will work for us, rather than against us, if there is a dispute. Based on our experience in negotiating, implementing, disputing and litigating these kinds of agreements, this article suggests some areas of a typical service agreements that should not be overlooked during the contracting process.

To read the full article as published in Business Law News click here.

Posted
By

Computer Weekly recently published the article NHS Care.data: The security concerns by Mike Pierides and Sarah Atkinson, Global Sourcing attorneys in Pillsbury’s London office. In the article, Pierides and Atkinson consider how England’s National Health Service is implementing a controversial programme to share patient data with the private sector, how the Care.data programme is intended to work, its legislative background, and the data security concerns that surround it.

Click here to read the full article

Posted
By

Be careful what you’ve promised your customers … or what has been promised about data you buy!

In today’s world, consumer data is a huge asset for companies across all industries, in particular those in technology-focused spaces like social media, apps, wearables, and retailers involved in e-commerce. The value of such data, however, is at least partly dependent on the extent to which the data can be transferred to third parties without restrictions on use. The ability of a company to sell or otherwise transfer its consumer data, whether in a merger, acquisition or otherwise, typically ties back directly to statements made in the company’s privacy policy. As illustrated by RadioShack’s recent bankruptcy sale, the latest in a series of high-profile examples over the years on this topic, promising not to share consumer information can create a significant obstacle for future asset sale transactions.

For more information, check out our Client Alert.

Posted
By

Nearly every website, app or online service posts a set of Terms of Use outlining company policies for users (sometimes called Terms of Service) (“Terms”), but many companies do not know if their Terms are enforceable in court. Do you? Online platform use has increased quickly, and companies have tried a variety of methods to present these Terms to users. Not every method works—some companies have been dragged into unfavorable litigation when courts hold their Terms unenforceable, a situation which can result in a tremendous drain on time and resources. Today, appropriate website design and Terms content are crucial for addressing the enforceability of your company’s policies, reducing uncertainty, and minimizing future costs.

I. Importance of Terms of Service

Clearly communicating Terms of Use to users is critical to reducing liability and demonstrating transparency to customers. Terms of Use outline a company’s expectations and the types of penalties that can be imposed for violations. If a third party brings a claim against your company based on their or another’s use of your service, Terms can serve to protect your interests and reduce litigation costs by designating on the front end which state’s laws will apply or possibly requiring arbitration. When properly coordinated with a Privacy Policy, your company can also minimize liability involving use by children, copyright or intellectual property infringement, and the performance or security of your service.

Continue reading

Posted
By

Last year we wrote about the EU’s adoption of an individual’s “right to be forgotten”, which gives Europeans the right to require search engines to remove information about them from search results for their own names, if the information is inaccurate, inadequate, irrelevant or excessive. We also wrote that neither Congress nor the U.S. courts have shown much of an appetite for adopting a stance similar to the EU, so there was little chance that the right to be forgotten would be established in the United States. This is still the case, but there appears to be some (albeit small) momentum building among consumer groups and companies to take steps toward the EU approach.

On July 7th, a consumer advocacy group, Consumer Watchdog, filed a formal complaint with the Federal Trade Commission, arguing that Internet users in the United States should also have a similar right as EU citizens have available to them. Consumer Watchdog argues that Google’s current practices are both “unfair and deceptive, violating Section 5 of the Federal Trade Commission Act.” The letter urges the FTC to “investigate and act” on Google’s practices.

Separately, Google already has taken steps in the U.S. to remove certain types of information at the request of users. However, the types of information are fairly limited and in most cases it is very clear when the information should be removed in compliance with Google’s policies. For example, social security numbers can be removed. Google also has a policy that permits the removal of offensive images, which is more subjective but it is set at such a base level of “offensive” that it still offers a fairly bright line test (e.g., child sexual abuse imagery and, more recently, “revenge porn”). At the time of our post last year, Google had received 91,000 requests to remove links in the EU. Since then Google has evaluated over 1,000,000 URLs, which does not include the number of requests from individuals that require more information in order for Google to even perform the evaluation. The volume of links that Google is evaluating is not slowing down, and it would no doubt spike tremendously if the “right to be forgotten” was implemented in the United States.

Continue reading

Posted
By

On 24 June, the UK’s National Outsourcing Association hosted its annual symposium in London.  This is one of the best attended and most prestigious sourcing industry events in the UK, and is well attended by suppliers, customers and advisors.

Pillsbury sponsored this year’s event, and hosted a breakout session on transition and change in outsourcing, chaired by Aaron Oser, and Tim Wright.  Guest speaker was Andrew Cubitt, Senior Commercial Lead at Transport for London.  The session focused on how customers’ and suppliers’ priorities during a transition programme can often conflict in respect of the key matters of scope, pricing and performance, and the challenges that arise from such conflict.  Working in break-outs with the attendees, the Pillsbury team identified several key recurring themes such as relationship breakdowns exacerbated by poor governance and challenges in balancing incentivisation with punishment.

More information about the event, including the slides prepared by the Pillsbury team for the transition session and the materials prepared by the other symposium speakers on topics such as robotics and digitalisation, can be found via this link: http://www.noa.co.uk/event/noa-symposium-2015/.

Posted
By

There is no doubt cloud computing has delivered multiple benefits to the IT organization. However, without proper management and controls, these benefits could become a non-trivial expense to the organization. In a Wall Street Journal article earlier this year The Hidden Waste and Expense of Cloud Computing, Clint Boulton outlines the pitfalls of buying too much and not tightly controlling what is bought. ISG just released a Cloud Comparison Index which is described in Stanton Jones’ blog posting and makes many of the same points.

As Boulton rightly points out, after the cloud purchase is made, another big cost management opportunity remains: managing demand and shutting down compute resources when they’re not being used. Paying for unused resources can turn a good financial decision into a bad one.

Continue reading

Posted
By

On June 3, 2015 the State Department’s Directorate of Defense Trade Controls (DDTC) and the Commerce Department’s Bureau of Industry and Security (BIS) published proposed regulations which would change the definition of the term “export” in each agency’s regulations to allow cloud storage of information in servers located in foreign countries if the information is appropriately encrypted. These changes, if ultimately adopted, would substantially alleviate concerns that companies seeking to take advantage of the efficiencies of cloud computing could run afoul of export controls. However, it would still be important for cloud users and cloud storage providers to ensure that appropriate encryption is being used.

For more information, please see our Client Alert, Proposed Change to Export Controls Would Allow Use of the Cloud for Encrypted Data.