Sourcing Speak

How to Fail in the Internet of Things

Posted February 11, 2015

Innovation is prized in the growing space of the Internet of Things. But an innovative product design is not enough, and potential pitfalls abound. As demonstrated in a report published by the Federal Trade Commission, privacy and security need to be at the forefront of developers’ minds. Here are five lessons on what not to do when developing a connected product.

The Internet of Things (“IoT”) is an expanding ecosystem of everyday objects that are embedded with technology, allowing them to connect, communicate, and transfer information about users and their surroundings to each other. IoT products boast beneficial effects such as increasing economic productivity and efficiency, encouraging robust innovation, and tailoring user experiences. However, by virtue of being connected to the Internet, IoT products also carry privacy and security risks. On January 27, 2015, the Federal Trade Commission (“FTC”) published a report focusing on privacy and security concerns for IoT devices sold to consumers.

Given the growing interest in how embedded computing advancements affect security and privacy issues, this Alert identifies what developers, investors, and entrepreneurs should avoid when entering the IoT market.

Potential Pitfalls in Data Licensing and Big Data Analytics

By Brooke L. Daniels

Posted February 6, 2015

Brooke L. Daniels

The trend in Big Data analytics among companies shows no sign in abating, with companies covetously collecting vast amounts of data with the hopes of harvesting market differentiators. A study by open-source research firm Wikibon, for instance, forecasts an annual Big Data software growth rate of 45% through 2017. But what tools are companies using to implement Big Data solutions? For purposes of this article, let’s set aside for a moment the intended outcome of whatever Big Data project your company has planned in the coming year (whether it be predicting the outcome of Supreme Court cases or helping a baffled spouse pick out the right lingerie set), and instead let’s focus on the tools available in the industry (and some of the associated pitfalls) in getting your company from concept to solution.

First, consider how you are going store and analyze the data. For companies with significant internal resources and focus on Big Data, it may make sense to hire an in-house analytics team and invest in the requisite infrastructure and tools. However, there are many options in the marketplace that require less investment in order to gain actionable insights:

§ Database Marketing Outsourcing: An end to end service often used by retailers in which a supplier licenses data and provides data mining analytics, marketing campaign sales management and analysis, and other ancillary functions.

EU Cybersecurity Regulations – The Costs of Financial Market Infrastructure Resiliency

By Pillsbury's Global Sourcing Team

Posted January 20, 2015

Pillsbury's Global Sourcing Team

Any company that uses information technology is a potential target for data theft, advanced malware and other cyber threats. Cyber threats have emerged as a growing systemic risk particularly to the financial sector in which Financial Market Infrastructures (“FMIs”) are increasingly under attack from a wide range of players, at greater frequency and growing levels of sophistication. Regulators, standards bodies and other authorities around the world are giving a high priority to cybersecurity for these reasons. This post summarizes what regulators are doing in the Europe to address these threats and describes some of the actions companies everywhere can take to minimize their exposure.

What are EU regulators proposing to improve FMI cybersecurity?

The European Commission has initiated a push to “protect open internet and online freedom and opportunity” by 2020. This initiative includes combatting cyber-attacks against information systems, establishing an EU cybercrime centre and coordinating Emergency Response teams, cyber-attack simulations and national alerts among all EU Member States. These efforts are also intended to align with the international fight against cybercrime. The next five years will see an increase in costs as FMIs and regulators pay to rapidly update single FMIs and solidify an EU-wide cybersecurity structure.

Global App Enforcement Sweep – Lessons For Developers

By Steven Farmer

Posted November 7, 2014

Steven Farmer

A recent survey of over 1,200 of the top mobile apps in 19 countries by the Global Privacy Enforcement Network (“GPEN”) has found that 85% of the apps reviewed were non-compliant, failing to provide even the most basic privacy information to users.

In addition, 43% failed in their obligation to tailor privacy notices to smaller screens and almost 30% unlawfully requested excessive personal data from users.

Concerns for users are compounded given the lightning speed at which new apps are hitting the market. Last year, for example, in excess of 1 million apps were reported to be available via Apple’s iOS App Store.

Should developers care about these findings?

In short, yes, especially given that the UK privacy regulator, the Information Commissioner’s Office (“ICO”), has recently conducted research that demonstrates that around half of app users have decided against downloading an app due to privacy concerns at some point in time.

Risk for developers does not stop there either.

You’ve been fired!

By Pillsbury's Global Sourcing Team

Posted October 27, 2014

Pillsbury's Global Sourcing Team

It isn’t often that a supplier “fires” its customer, but it’s not unknown. I have worked with two clients recently whose suppliers have given notice of termination without cause.

How can you avoid or, if it does happen, manage through a supplier-initiated termination?

Obviously, the best position from a customer’s perspective is not to give your supplier a contractual right to terminate, except if there is an uncured material breach. However, in many negotiations in which I have been involved over recent years, suppliers are demanding a right to terminate for convenience, or a right to give notice of non-renewal at the end of an initial term, or a subsequent renewal term (which pretty much amounts to a termination for convenience).

The “Subjective” SLA – Key Stakeholder Satisfaction

By Jeffrey D. Hutchings

Posted October 13, 2014

Jeffrey D. Hutchings

Quantitative measures of supplier performance in the form of service levels are critical in any outsourcing relationship. However, they provide an incomplete picture of how well the supplier is performing and meeting the client’s business and IT objectives. A common complaint is that the service levels are green each month, but the client is dissatisfied with the supplier’s performance – typically due to the supplier failing in areas that are difficult to measure quantitatively.

To fill this gap, we recommend to our clients that a quarterly “key stakeholder satisfaction survey” be included in the outsourcing contract as a service level. This service level is a subjective determination by the client of its level of satisfaction with the supplier’s performance. A meaningful service level credit applies if the supplier fails to achieve an acceptable rating.

FCA issues considerations on the procurement of off the shelf technology solutions (United Kingdom)

By Pillsbury's Global Sourcing Team

Posted September 12, 2014

Pillsbury's Global Sourcing Team

In July, the Financial Conduct Authority (FCA – the financial regulatory body in the United Kingdom) issued a paper titled “Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions” (the Considerations). The Considerations contain about five pages of checklist “Areas of interest” and related notes, which are stated to be things a firm subject to regulation by the FCA should consider when procuring ‘off the shelf’ technology solutions.

When do the Considerations apply?
We view the application of the Considerations as two-fold. First, they supplement the existing IT-related banking regulations. Second, they are intended to apply to procurements where firms might not ordinarily consider applying FCA-originating guidelines.

BYOD: No Such Thing as a Free Lunch

By Joshua B. Konvisser

Posted September 4, 2014

Joshua B. Konvisser

It seems intuitive that, by and large, employees prefer to use their own mobile devices, carrying only a single device for personal and work purposes, and having choice over the device to be used (please don’t take away my iPhone). There has also been a hypothesis that there could be cost savings for companies that allow employees to BYOD because of the ability to defer the cost of the devices and service to the employee.

In fact, maintenance of a BYOD program (we have previously reported on legal issues surrounding Bring Your Own Device and the importance of BYOD policies), including the need to manage across non-standard devices and platforms, may actually result in a BYOD program being more costly than having a standard corporate-liable program. Add to those costs a recent California ruling that requires companies to reimburse employees for wireless service. Although the case raised more questions than it answered about what level of reimbursement is required, it seems clear that companies will bear a larger portion of the cost of BYOD programs than they had previously borne.

FCA warns firms on use of social media to promote financial products

By Pillsbury's Global Sourcing Team

Posted August 7, 2014

Pillsbury's Global Sourcing Team

The UK financial services regulator, the Financial Conduct Authority (FCA), has launched a guidance consultation in order to clarify and confirm its approach to the supervision of financial promotions in social media, including the use of character-limited forms (Examples of character-limited formats are Twitter (which limits tweets to 120 characters) and Vine (which limits videos to six-second loops).

The FCA has identified an increase in the use of character-limited social media (and social media generally) and warned of confusion among firms over the inclusion of regulatory information such as risk warnings (in compliance with the financial promotion rules) when communicating through social sites such as Twitter, Pinterest and Vine. And, as the FCA makes clear, every communication (e.g. each tweet, Facebook page or insertion) must be considered individually and comply with the relevant rules.

The EU’s Right to be Forgotten: Overly Burdensome?

By Brooke L. Daniels

Posted August 4, 2014

Brooke L. Daniels

In May earlier this year, the European Union’s top court held in favor of an individual who requested that Google remove the search results associated with his name. In this particular case, a Spanish citizen requested that Google Spain remove an auction notice of his repossessed home from its search results, as the proceedings had been resolved for a number of years. The court held that individuals have the right to require search engines to remove personal information about them if the information is “inaccurate, inadequate, irrelevant or excessive.” This precedent established the “right to be forgotten,” which gives Europeans the right to require search engines to remove information about them from search results for their own names. The ruling has not been met with universal applause, and in fact a U.K. House of Lords subcommittee recently declared the right to be forgotten misguided in principle and unworkable in practice.