Posted

Much has been said about the EU “Cookie” laws introduced by an amendment to the Privacy and Electronic Communications Directive in 2011.  Companies with European customers (including those in the US) have grappled with the law’s requirement to obtain informed consent from visitors to their websites before cookies can be used.

Not only being the subject of much academic debate, European regulators have also issued a series of guidance papers on the issue, including recent publications from the UK’s Information Commissioner’s Office and from the Article 29 Working Party, the group made up of representatives from the various EU privacy regulators.  These provide layers of at times arguably conflicting commentary on how to comply with the law.

Whilst question marks hang over key issues (e.g.

Posted

This article was originally published on February 27, 2014 and is reprinted with permission from Corporate Compliance Insight.

lookout-300x187.jpg
Managing third-party suppliers presents significant compliance challenges that often span an organization, raising legal, insurance, human resources and technology concerns, to name just a few. Corporations will continue to wrestle with these risks in the year ahead, but the convergence of external threats, abundance of valuable corporate data and the current regulatory environment has highlighted the importance of corporate cybersecurity practices. Cybersecurity is perhaps one of the hottest topics being discussed in boardrooms today.  The Cybersecurity Framework,

anticipated legislation and litany of high-profile data breaches have resulted in even more heightened scrutiny.

Posted
By

Mario Dottori is quoted in Stephanie Overby’s recent CIO.com article discussing 8 Tips to Deal With Liability When Outsourcing to Multiple IT Vendors.

“In theory, a multi-provider service delivery environment should not create additional complexities in terms of liability. The contracts — entered into separately between the customer and each supplier — should, if well constructed, clearly delineate the liabilities between the parties,” says Mario Dottori, leader of the global sourcing practice in Pillsbury’s Washington, D.C. office.

One tip offered is to create operation level agreements, “OLAs state how particular parties involved in the process of delivering IT services will interact with each other in order to maintain performance, and can help all parties ‘see the forest for the trees,’ says Dottori.  ‘These arrangements offer the opportunity for enhanced visibility of the service regime as a whole and helps to reduce — or better arm the parties with solutions for — missed hand-offs and finger pointing.’ One caveat: Most providers will not agree to take on additional liability in OLAs. But such an agreement can be an effective preventative measure.”

Posted

On February 12, 2014, the National Institute of Standards and Technology (“NIST“) released the final version of its Framework for Improving Critical Infrastructure Cybersecurity (the “Cybersecurity Framework” or “Framework“)

and the companion NIST Roadmap for Improving Critical Infrastructure Cybersecurity (the “Roadmap“).

The final version is the result of a year-long development process which included the release of multiple iterations for public comment and working sessions with the private sector and security stakeholders. The most significant change from previous working versions is the removal of a separate privacy appendix criticized as being overly prescriptive and costly to implement in favor of a more general set of recommended privacy practices that should be “considered” by companies.

Posted

Background

In response to the financial crisis and recession in the United States that began in 2007, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (now commonly known as “Dodd-Frank”). Dodd-Frank created a vast array of new financial regulations, including the new and independent Bureau of Consumer Financial Protection designed to “regulate the offering and provision of consumer financial products or services under the Federal consumer financial laws.”

Now known by its alphabet soup moniker, the CFPB has jurisdiction to enforce one of the simplest, yet most powerful, provisions in Dodd-Frank: “It shall be unlawful for any covered person or service provider to engage in any unfair, deceptive, or abusive act or practice.” These “unfair, deceptive, or abusive” acts or practices have become commonly known in the legal and financial industries as “UDAAPs.” The CFPB has not implemented formal rulemaking with respect to the prohibition on UDAAPs. Instead, it has made the conscious decision to largely implement its UDAAP rules via its enforcement actions and a series of guidance documents, including the “Supervision and Examination Manual,” which articulates CFPB’s expectations for how this law is to be enforced.

Posted

“How does a large software project get to be one year late?  One day at a time!”  

-Fred Brooks, former IBM employee and OS/360 developer

2013 was not a stellar year for public sector outsourcing.  As we reported in an earlier blog article, Indiana is appealing judgment in an ongoing court battle with IBM over a troubled welfare claims processing project.  Agencies in Pennsylvania, Massachusetts and Australia also hit the news.

Posted

In previous posts (Proposed Changes to UK’s TUPE will impact outsourcing deals, The UK Government consults on proposed changes to the TUPE regulations) we highlighted the UK Government’s proposed changes to the Transfer of Undertakings (Protection of Employment) Regulations 2006 (“TUPE 2006“). The UK Government has now finalised these changes,

resulting in the Collective Redundancies and Transfer of Undertakings (Protection of Employment) (Amendment) Regulations 2014 (“Amended TUPE Regulations“). 

The Department for Business, Innovation and Skills (BIS) also published useful guidance which helps to explain the changes made to TUPE 2006.  Generally speaking, the Amended TUPE Regulations brought into effect the changes discussed in our previous post,

Posted
By

In a look forward at 2014, Joe Nash commented in Stephanie Overby’s CIO.com article on what to expect in the year head. He said:

At the very least, expect an increase in automation generally. ‘With the cost benefits of labor arbitrage being largely harvested and labor costs inevitably on the rise, CIOs will need to look for alternative opportunities to reduce or contain operating costs,’ says Joe Nash,

principal in Pillsbury’s global sourcing group. ‘That means looking for ways through automation to reduce the amount of work it takes to complete an IT function or service, not the cost of the labor to do it.’

By
Posted In:
Posted
Updated:

Posted

Labor arbitrage has long been a feature of ITOs . With off-shore to on-shore staffing ratios in the 65:35 to 75:25 range, suppliers have long used arbitrage to deliver significantly lower pricing. IT organizations have made many a CFO happy when recommending deals featuring 20%+ savings, especially done under the pressure of corporate “blood” drives to cut costs. Unescapably, however, corporate “blood” drives are a lot like the girl scout cookie sales season, just when you think you gotten everyone happy, here comes the next guy trying to boost his kid’s financial performance.

Unfortunately, our one trick pony is also a one-time pony, especially with deals where off to on shore ratios have been maximized. When the CFO next comes calling, our pony is fresh out of tricks; there is no more arbitrage to be had — at least not from the same delivery market. What is next? Shall we pack our bags in Bangalore and head off to a Chinese Model City or perhaps see what kind of benefit stream enrichment can be had in Ghana or Mauritius? Most buyers, we suspect, will not find this an appealing prospect when viewed through an operating risk management lens.

Maybe it is time for a change in approach. Instead of continuing to try to derive benefit from pushing on the P lever, maybe some answer can be found by putting pressure onto the Q factor in the equation. Rather than buying cheaper labor, how about we find a way to use less labor. One way to reduce labor demand is to gain leverage through standardization (ala Google and Amazon), but heterogeneous installed bases, which reflect most of our clients’ environments, are notoriously resistant to standardization efforts. Good idea, best practice even, just not responsive to the CFO demand for results sooner rather than later. So then why not turn to the reason why we have computers in the first place — to do things faster and cheaper than people can do them. How about the shoemaker’s children taking some of their own medicine and using their own technology on themselves? Why not use technology to automate IT business processes and reduce the number of people needed to operate these complex infrastructure configurations? Assuming we can keep labor rates in roughly the same range, fewer people equals a lower labor cost, which equals lower prices, which means happier CFOs. And happier CFOs are a good thing for CIOs.

Posted
By

In a look back at 2013, Mario Dottori commented in Stephanie Overby’s CIO.com article on grading our initial 2013 IT Outsourcing predictions that we discussed last December.

Third-Generation Deals Enter Uncharted Territory It was true that many of the latest generation of outsourcing deals were more complex. But the advantage did not go to the incumbents. Quite the opposite came to pass. “Incumbents are always ‘sticky’ because of high — or perceived high — barriers to exit,” says Mario Dottori, partner in the global sourcing practice at law firm Pillsbury. “However, we have seen more movement away from incumbents where there are lower barriers to exist. Customers are balancing the switching costs and risks with significant improved service delivery and meaningful reduction in spend.”

Check out the full article in CIO.com

By
Posted In:
Posted
Updated: