Search Results for: NS0-404 Schulungsunterlagen 🩱 NS0-404 Fragen&Antworten 🍕 NS0-404 Zertifikatsfragen 🚋 ➠ www.itzert.com 🠰 ist die beste Webseite um den kostenlosen Download von ⮆ NS0-404 ⮄ zu erhalten 🦗NS0-404 Fragen Antworten

Posted
By

Given how busy the privacy world has been recently, we thought we’d take this “extra day” to catch up on some of the bigger recent developments:

  • The White House unveiled its Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy (see the White House “Fact-Sheet” on the proposal here). The Framework contains five key elements: a “Consumer Privacy Bill of Rights” (CPBoR); a “stakeholder-driven” process to specify how the principles in the CPBoR apply in particular business contexts; stronger enforcement by the FTC and states Attorneys General; a commitment to increase interoperability between the US privacy framework and those of the international partners of the United States; and various proposals and recommendations for data privacy legislation, including a call for a national standard for security breach notification.
  • Google was accused of circumventing privacy protections in the Safari and Internet Explorer browsers, and the fallout continued from Google’s announcement of its new harmonized privacy policy in advance of its March 1 implementation.
  • The California Attorney General announced its agreement with the largest mobile app providers (Google, Facebook, Hewlett Packard, Research in Motion/Blackberry) under which these companies have committed to provide mobile app purchasers with access to a clear, conspicuous, privacy policy before they download an app from the relevant provider’s site. At the same time, the mobile provider trade association GSMA announced a set of Privacy Design Guidelines for Mobile Application Development.
  • The 11th Circuit held that being forced to reveal the password for an encrypted drive would violate the 5th Amendment. This is the first time this issue has been considered at the Circuit Court level.

WHITE HOUSE PRIVACY FRAMEWORK

Consumer Privacy Bill of Rights

  • Broad Definition of “Personal Data”The proposed CPBoR defines “personal data” as any data or aggregations of data that are linkable to a specific individual. This is a change from the more limited approach generally taken under US laws, and this definition is very similar to the definition used by the EU Data Protection Directive and the recently-proposed revisions to the EU Data Protection Regulation. As proposed, “personal data” could also include data that is linked to a specific computer or other device, which could include IP addresses or other device identifiers.

  • Seven PrinciplesThe CPBoR is a comprehensive statement of the rights that consumers should expect, and the obligations to which companies should commit. Treating privacy as a right is also a new approach for the US and, again, is similar to the approach taken in the EU. The CPBoR is based on the Fair Information Practice Principles (FIPPs) and identifies seven fundamental consumer rights:

  • Individual Control: Consumers have a right to exercise control over what personal data companies collect and how they use the data;

  • Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices;

  • Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which the consumers provide the data;

  • Security: Consumers have a right to secure and responsible handling of personal data.

  • Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate;

  • Focused Collection: consumers have a right to reasonable limits on the personal data that companies collect and retain; and

  • Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the CPBoR.

Multi-stakeholder Processes to Develop Enforceable Codes of Conduct

Part of the Administration’s legislative proposal is to work with Congress to enact comprehensive privacy legislation based on rights outlined in the CPBoR to promote trust in the digital economy and extend baseline privacy protections to commercial sectors that existing federal privacy laws do not cover. In an election year, and in an environment where Republicans have adopted the mantra “job-killing regulations” to describe virtually everything the Administration has proposed, it will be interesting to see whether privacy can be a bi-partisan effort.

Since legislation might not happen, the Framework also outlines a process to produce enforceable voluntary codes of conduct that implement the CPBoR. The Commerce Department’s National Telecommunications and Information Administration (NTIA) will convene open industry and privacy advocates to develop enforceable codes of conduct that implement the CPBoR for specific industry sectors.

Strengthening FTC and State AG Enforcement

As another part of the Administration’s legislative proposals, the Administration encourages Congress to provide the FTC with specific authority to enforce the CPBoR, and proposes that Congress give the FTC the authority to create a “safe harbor” for companies that comply with an FTC-approved code of conduct. Even without such authority, the “voluntary” but enforceable codes of conduct come with a carrot and an eventual stick. The “carrot” is that if an industry adopts any voluntary code that is developed, then in any investigation or enforcement based on an FTC Section 5 unfair and deceptive trade practices action, the FTC would likely consider a company’s adherence to the voluntary codes favorably. In a few weeks the FTC is expected to release the final version of its Staff Report on Consumer Privacy, which is expected to be in sync with the Administration’s blueprint. Failure to comply with the findings in the Final FTC Staff Report could be used as evidence of a Section 5 violation, even in the absence of any general privacy federal legislation.

Improving Global Interoperability

The Framework also lays the groundwork for increasing interoperability between the US data privacy framework and that of its global trading partners, as a means to provide consistent, low-barrier rules for personal data in the user-driven and decentralized Internet environment. Two key principles are promoted: mutual recognition and enforcement cooperation. According to the Framework, mutual recognition depends on effective enforcement and well-defined accountability mechanisms, and enforcement cooperation helps to ensure that countries are able to protect their citizen’s rights when personal data crosses national boundaries. A perceived lack of such enforcement in the US has been at the core of many EU criticisms of the Safe Harbor Framework.

Data Privacy Legislation

In addition to the legislation discussed in previous sections, the Framework calls on Congress to:

  • Create comprehensive privacy protections without duplicating burdens already in place under existing privacy regimes, but the Framework notes, for example, that exempting entities that are subject to GLBA from complying with the CPBoR requirements with respect to non-public personal information covered by GLBA would permit an exception to swallow the rule.

  • Amend laws that create inconsistent or confusing requirements. The Administration notes that existing Federal laws treat similar technologies within the communications sector differently and cites to various different laws that require telecommunications carriers, satellite carriers and cable services to protect customers’ personal information. The Administration proposes making the FTC responsible for enforcing the CPBoR against all types of communications providers.

  • Set a national standard for security breach notification. The Administration’s proposed cybersecurity package included a recommendation for creating a national standard for security breach notification that would replace the roughly fifty different state/territory-level data breach notification laws currently in place in the U.S.

Analysis

If the CPBoR and the ideas outlined in the Framework are implemented, US companies will have clearer guidelines on how they should handle consumers’ personal data online, but that’s not all the data they handle.

Although this proposal may solve some of the issues associated with the collection and processing of consumer information, it is not clear how it would affect to other forms of collection or use of personal information. While this approach broadens the coverage of US policy from the truly sectoral approach taken under GLBA, HIPAA, COPPA and others, it still creates multiple classes of information distinguishing, for example, between consumer information and employee data. Nor is it clear whether the rules would cover information collected in connection with business-to-business relationships, such as when a company collects the personal information of prospective customers’ employees in the context of CRM systems.

Thus, while the proposed CPBoR principles would create a data protection framework that is closer (both conceptually and practically) to that which is in effect in Europe and many other countries around the world, there will still be a gap between the US data protection regime and the data protection laws elsewhere related to information collected as part of employment or as part of a business relationship.

GOOGLE

The Wall Street Journal recently reported that Google has been bypassing privacy settings in Safari, and installing cookies to track the browsing habits of millions of users who didn’t know about the tracking. According to the WSJ, Google stopped the practice upon being contacted by the WSJ.

Now, According to ArsTecnica a class-action complaint has been filed against Google in US District Court. The complaint alleges that Google willfully violated the Federal Wiretap Act, which explicitly prohibits companies from monitoring communications without permission. To make matters potentially much worse, last year, as part of a far-reaching legal settlement with the FTC associated with Google Buzz, Google pledged not to “misrepresent” its privacy practices to consumers. The fine for violating the agreement is $16,000 per violation, per day. So far, the FTC has declined to comment on the findings.

In addition to the class-action suit, a complaint has also been filed with the FTC, and just yesterday, Microsoft claimed that Google also bypassed privacy settings in Microsoft Internet Explorer.

With all this going on, Google is continuing the countdown to the launch of its harmonized, cross-site privacy policy on March 1. The Center for Digital Democracy (CDD) has filed a complaint with the FTC claiming that Google’s move to consolidate its dozens of privacy policies violates the Google Buzz settlement agreement. The CDD complaint joins those from the Electronic Privacy Information Center (EPIC), the World Privacy Forum and Consumer Watchdog. If that weren’t enough, the National Association of Attorneys General (NAAG) sent a letter signed by 36 state and territorial Attorneys General to Google expressing concern over the new privacy policy.

The criticism of Google’s move is not limited to the US. On February 2nd the Chairman of the Article 29 Working Party wrote a letter to Google requesting a delay the launch of the consolidated privacy policy, and, more recently, the French data protection authority CNIL has notified Google that it will lead a European investigation into whether Google’s consolidated privacy policy violates European privacy laws.

MOBILE APP PRIVACY

The agreement with the California AG requires app providers to have a privacy policy and to give users the chance to review the policy before they download the app. Under the agreement, the policies will always appear in the same place on the app download screen. The agreement also requires smartphone apps to obtain users’ permission before accessing information from their address books.

The app industry has faced significant criticism in recent weeks over its handling of consumer privacy, starting on Feb. 7, when a blogger discovered and reported that an iPhone app for the social network Path had uploaded his contact book without his permission. Twitter has since acknowledged it stores phone numbers and email addresses from contact books for up to 18 months after users sign up for the service.

Under the agreement, app platform operators will establish a way for users to report apps that are not following the new rules, and the platform operators committed to work to teach developers about their obligations to inform consumers about the information they collect and the third parties with whom they share it.

No specific deadline has been specified for app developers to comply with the agreement.

The GSMA mobile app development guidelines are available here.

ENCRYPTION AND THE 5TH AMENDMENT

Several courts have looked at the question of whether being forced to reveal a password is testimony that would be protected by the right against self-incrimination.

Last week the 11th Circuit Court of Appeals became the latest court to rule on the issue, and the three judge panel came down firmly on the side of the 5th Amendment.

District Courts in Vermont and Colorado have ruled that the government may compel suspects to decrypt storage devices or computers in Federal criminal investigations, in certain circumstances. In 2009 the Vermont court ordered a suspect in a child pornography case to produce an unencrypted version of a drive on his laptop. In January of this year, a District Court in Colorado ordered a woman charged with bank fraud to decrypt her computer. The Denver-based U.S. Court of Appeals for the 10th Circuit declined to rule on the order before the case was tried. In the Colorado case, Federal prosecutors argued that “public interests will be harmed absent requiring defendants to make available unencrypted contents in circumstances like these.”

In this most recent case, investigators who suspected that the man, identified in court documents only as John Doe because he has not been charged, possessed child pornography seized computers and hard drives from Doe’s hotel room in October 2010. According to court documents, Doe’s hard drives were encrypted with a program called “TrueCrypt.” As a result, the Justice Department couldn’t find any files and couldn’t even prove that any existed on hidden portions of the drives. Doe was served with a subpoena in April 2011 to appear before a federal grand jury in Florida and produce the unencrypted contents of his laptop hard drives and five external hard drives. Doe refused, invoking his right against self-incrimination. A Federal judge held Doe in contempt of court and ordered him imprisoned. Doe appealed the contempt finding to the 11th Circuit.

Unlike the Vermont case, where investigators had seen evidence of child pornography in the suspect’s computers, in this case the government could only show that the storage space on the drives could hold files that number in the millions — but not that they actually did. According to Judge Gerald Bard Tjoflat writing for the three-judge panel, “It is not enough for the Government to argue that the encrypted drives are capable of storing vast amounts of data, some of which may be incriminating. Just as a vault is capable of storing mountains of incriminating documents, that alone does not mean that it contains incriminating documents, or anything at all.”

Judge Tjoflat stated, “We conclude that the decryption and production would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files.”

————————————————————————————–

With all this going on, March looks to be an interesting month.
A5D59NPCY4NB

Posted
By

The last outstanding requirement of the 2010 Massachusetts Data Protection Law relates to third-party service provider compliance and will take effect on March 1, 2012.

Section 17.03(2)(f)(2) of the Law mandates that entities holding Massachusetts’ residents’ personal information require their third-party service providers to contractually commit to implementing and maintaining security measures for personal information. The Law defines a service provider as

“any person that receives, stores, maintains, processes, or otherwise is permitted access to personal information through its provision of services directly to a person that is subject to [the Massachusetts] regulation.”

Companies subject to the Law should validate that any agreements with service providers that fall within this definition address the Massachusetts requirements, and any gaps in contract language should be immediately corrected.

As a matter of good information security practice, contracts with service providers should also include: (i) security audit rights, (ii) terms requiring that the service provider immediately notify the contracting partner of any data breach, and (iii) language requiring that all personal information be returned or destroyed upon the termination of the contract.
For additional background on the Massachusetts Data Protection Law see here.

Posted
By and

Enterprises that undertake serial M&A or outsourcing activity can find themselves with a diverse workforce with differences in pay and other terms and conditions of employment applying to different categories of employees across the business. This can lead to inefficiencies such as the cost of administering different benefit plans as well as dissatisfaction amongst groups of employees who consider themselves to be, rightly or wrongly, worse off than their colleagues. For this reason, we are often asked to help with developing and implementing plans designed to harmonise terms and conditions of employment across a client’s business.

Each harmonisation plan must be carefully considered. In the UK an employer’s ability to make changes to an employee’s terms and conditions of employment has always been challenging, particularly where an employee transfers pursuant to the Transfer of Undertakings (Protection of Employment) Regulations (“TUPE Regulations”). (Similar laws apply across the European Community although there can be marked differences.) This can be frustrating for an employer trying to integrate the new transferred employees into its existing workforce – because managing employees on different terms can often lead to issues in the workplace – and employers also need to provide a pay and benefits system which is not unlawfully discriminatory.

The UK government purported to provide a solution to this problem when it revised the TUPE Regulations in 2006. The 2006 regulations allow changes to be made to an employee’s contract (albeit with the employee’s consent) if they are unconnected to the transfer. Alternatively, if the changes are connected to the transfer they are still permitted if they are for an economical, technical or organisational (“ETO”) reason entailing a change in the workforce. However, the reality is that the employer’s ability to make changes to terms and conditions of employment for the purpose of harmonisation is very limited. The desire to achieve harmonisation is usually connected to the transfer itself and the ETO defence will not apply unless the employer can point to a workforce reduction or change in the employee’s function.

The recent decision of the Employment Appeal Tribunal (EAT) in Enterprise Managed Services Ltd v Dance & others UKEAT/0200/11 provides some hope to employers that, in certain circumstances, contract changes which lead to harmonisation of employment terms and conditions can be made if the sole or principal reason for making the change is unconnected to the transfer. In this case, the employer required changes to the transferring employees’ terms and conditions relating to their hours and performance related pay to meet a pre-transfer productivity requirement under the service contract. The employer dismissed those employees who did not agree to the changes.

At the Employment Tribunal, the employer argued that there were sound business reasons for making the changes and that the changes were not connected to the transfer. On appeal, the Employment Appeal Tribunal (EAT) found that the majority Tribunal decision was flawed because it was inconsistent. The majority Tribunal had found that that employees were automatically unfairly dismissed because the employer wanted to harmonise the employment terms and conditions (which as a consequence would improve productivity) even though it also found that the requirement to improve productivity was a pre-transfer requirement under the service contract. Instead, the EAT agreed with the minority tribunal decision that the changes to the employees’ terms were to improve productivity and were not driven by the desire to harmonise terms and conditions of employment, even though this was the consequence. Essentially this was a reversal of the sequence of events put forward by the majority Tribunal judges. However, the EAT did not substitute the Tribunal decision with its own finding but instead remitted the case to a fresh employment tribunal to decide, leaving it open for another tribunal to come to a different decision.

While there will also come a time when it will be safe to make agreed changes to employees’ contracts on the basis that with the passage of time the link to the transfer is broken, there is no ‘rule of thumb’ or defined period of time used by the courts or specified in the TUPE Regulations after which it is safe to make this assumption. In the case of London Metropolitan University v Sackur 2009 the court held that a two-year interval was not sufficient to break the link between the contract change and the transfer, and the desire to harmonise terms and conditions could be traced back to the original transfer.

Until the courts or government are prepared to provide clearer guidance on when it is safe for employers to harmonise terms and conditions of employment following a TUPE transfer, employers embarking on this exercise should proceed with caution. While beneficial changes or giving employees some form of consideration may keep them happy and minimise the risk of claims but, if challenged, any change made solely or principally because of the transfer or a reason connected with the transfer that is not for an ETO reason entailing a change in the workforce will be void, even if the employee had consented to the changes. If such changes result in dismissal, the employees would be automatically entitled to claim unfair dismissal.

Posted
By

The following headline recently caught my attention:
Bill would OK secret privatization, outsourcing of Florida agency functions”
What is not news is that State and Local Governments (SLGs) are struggling to maintain the services their electorates are accustomed to. Blame declining tax revenues caused by the housing market bust and the “Great Recession”. But unlike the Federal Government, SLGs do not have unlimited resources to deal with budget shortfalls. So officials find themselves playing with the unpopular options of cutting services and/or raising taxes. In the search for a silver bullet, the concept of Private-public partnerships (PPPs) is garnering increased interest.

The idea behind a PPP is that the private sector (typically a consortium of companies that provides the development, operation and financing of the venture) will assume control of, and delivery risk for, a given public project or service. In many cases, the PPP deal includes the privatization of public assets. Reimbursement is provided by the public, either through payments from the SLG entity (funded by the taxpayer) or by the users of the service itself (e.g., tolls, parking meter fees). Of course, there are many variations possible (the government may have a stake in the consortium, the payments may be a mix of government funding and usage fees, etc), but the general concept is the holistic outsourcing of government function(s).
PPPs are expected to:

  • Decrease the cost of services and improve service quality, because private enterprises can apply proven processes, technologies and capabilities that the public sector (especially at the SLG scale) was never chartered to develop
  • Provide SLGs with immediate access to funds in the short term through the monetization of public assets and/or an up-front cash payment amortized over the life of the deal (in the form of increased downstream payments to the vendor)
  • Transform the way governments do business, by leveraging innovation and funding not available to the public sector (think automation of manual processes (e-Government initiatives) and capital for development projects (new roads, power generation facilities, public transportation, water systems and other public facilities, etc.))

Having worked government IT procurements both in the role of service provider and sourcing advisor, I can see potential benefits and risks with PPPs. Because initiatives of this nature are, in the view of many, likely to become more prevalent going forward, it’s important that our elected officials structure procurements that strike the right balance between expediency in the short term and protecting the public good in the long term. It’s also important for service providers to anticipate how increased use of PPPs will change SLG sales cycles.

First question: Are PPPs a good idea?
It’s easy to be pessimistic. Look at the recent press: The City of Paris decides not to renew its water outsourcing contract; the UK NHS cancels its National Programme for IT; two major state IT outsourcing deals – Texas and Virginia – have suffered major disputes (with payments being withheld); the Chicago Parking deal continues to cause controversy (most recently, a $13.5m bill presented to the City for cars displaying disabled plates and placards); state agency outsourcings in Texas and Indiana are cancelled.

But in fairness, there are countless SLG outsourcing deals that reportedly do work out (e.g., City of Minneapolis, Oklahoma Dept. of Human Services, UK South West Water). Also, while not as high in terms of publicity, we all know that in the commercial sector cancelled ERP projects and failed outsourcing deals (check recent headlines) are all too commonplace.

So, like any outsourcing initiative, PPPs are only as good (or as bad) as the degree to which they:

  • Meet the needs of the client (i.e., the SLG and its citizenry)
  • Provide value beyond what the client (the SLG entity) could achieve itself
  • Are supported by agreements reflecting outsourcing best practice, especially including reasonable flexibility for both parties (I highlight this point because some PPP deals have terms that are unheard of in the commercial world. For example, the Chicago Parking deal’s term is 75 years!)
  • Have the appropriate governance mechanisms in place to deal with the typical considerations for an outsourcing agreement, such as operational and commercial issues and changes in requirements, plus be equipped to account for the political dimensions of a PPP arrangement.

Second question: How should SLGs approach PPPs?
The Florida Bill cited at the beginning of this post allows for outsourcing of State agency functions to be performed without public disclosure. From the perspective of a citizen, I’ll leave it to the reader to decide whether the potential lack of transparency and opportunity for public input is acceptable public policy. From the perspective of outsourcing, however, there are measures that Florida, or any SLG entity, should consider to improve the efficiency of PPPs.

Anyone who has responded to a government RFP or worked with a government agency to prepare RFP documentation knows first-hand that there is a fair amount of bureaucracy and stringent procurement procedures to contend with. While this kind of rigor was developed to ensure “fair and open” competition, it significantly lengthens the time (and expense) required for government agencies to prepare procurements, for service providers to respond to these procurements, and for evaluation, down-selection and negotiation of an agreement.

Another challenge with public sector procurements is the specter of protests. In a recent outsourcing on which I was working with a major US municipality, procurement rules forced the city to cancel and re-issue an RFP when the city’s requirements significantly changed. In the commercial world, however, we could have addressed this merely with an RFP supplement issued to the participating bidders notifying them of the change, and perhaps extending the submission timeframe. This aspect of public sector initiatives significantly restricts the flexibility of SLG officials, who must be careful not to put their outsourcing initiative at risk of significant disruption. For example, in the HUD HITS project, Lockheed protested the award to EDS, and EDS later filed its own protest. After an 18-month delay due to these protests, it was reported that HUD ended up splitting the deal between to two parties just to move forward with the program.

While SLGs should be encouraged to adopt the best practices of the commercial sector, they also must retain the safeguards necessary to protect the public good. After all, in the commercial world, we as consumers can “vote with our feet” and use another product or service if we are dissatisfied. As employees, we can (albeit not without pain), choose to work for another employer if we disagree with the company’s direction. As citizens, however, most government services are monopolistic in nature (think roadways, health and human services, correctional facilities, police and fire, water and sewer). These functions serve the public good, so if there is a bad deal done (which, as we’ve stated above, does happen), citizens may have no alternative, save for moving to another jurisdiction (hardly a practical solution for most – especially in this economy). So the ideal scenario is to retain the structures that promote “fair and open” competition, while loosening the procurement rules to permit greater flexibility and agility.

Final question: What are the ramifications of PPPs on the Service Provider community?
Outsourcing by all levels of government is nothing new, but the outsourcing of the past has been more at the level of a specific program or function (e.g., State Welfare Eligibility and Claims processing). With sustained economic pressures, don’t be surprised to a see a trend towards outsourcing of larger components of business functions (perhaps entire business functions, in some cases), along with some form of privatization of the applicable public assets that support them. Yesterday, it was sufficient for Service Providers to build relationships with public officials to influence the direction of upcoming SLG outsourcing initiatives. Tomorrow, governments will be looking to the private sector for solutions, not services. This will require a more entrepreneurial mindset on the part of service providers and their SLG sales teams, with an emphasis on:

  1. Understanding a broader set of goals and objectives at a “whole of government” level (e.g., job creation components)
  2. Building consortia that include entities to manage risk (insurance), physical assets and venture capital or other forms of financing
  3. Developing “out-of-the-box” solutions that can serve as an alternative to the more typically mandated “level” government procurement playing field
  4. Acquiring the savvy to understand political positioning and management of public perception, because PPPs expose service providers to the public in our everyday lives (not only when a back-office deal goes bad enough to make the headlines).

PPPs, if managed well by both SLGs and service providers, can offer significant benefits to both parties, and ultimately the public-at-large. Realizing this potential will require changes in paradigms and behaviors on both sides of the table (SLGs acting more like businesses; service providers acting more like entrepreneurs). Those who are ready to embrace the future will be well-positioned to catch this building wave.

By
Posted In: Industry Trends
Posted
Updated:

Posted
By

Unfortunately, the new year does not hold much hope for reversing the disturbing trend of increasing federal, state and local taxes and surcharges that are applied to telecommunications services. It’s not unusual for enterprise customers to pay an additional 25-30 percent on their bill, depending on the types and locations of services purchased. The worst of these offenders is the Federal Universal Service Fund (FUSF) charge, which is administered through the FCC and applied by telecom carriers to interstate and international service charges, and is now almost 18 percent. The FCC is expected to review the FUSF contribution requirements this year, but may try to expand FUSF contributions to include broadband connections (Internet access), which are currently not subject to the charge. These would lower the percentage rate, but will likely not decrease total payments.

Thousands of state, county and local governments are faced with tightening budgets and decreasing revenue sources. These taxing authorities set their sights on telecommunications transactions to help replenish their coffers. In many jurisdictions, the idea of “updating” telecom taxes generally means revising existing statutes to include new technologies and services, such as Voice over Internet Protocol (VOIP) or prepaid wireless. For years, carriers have tried to get a national, uniform tax policy for telecom, but to no avail.

These taxes may be referred to on your invoice as sales taxes, gross receipts taxes, 911 fees, or communications services taxes. There may also be line items for regulatory administrative fees or property tax fees, which are imposed by some carriers but not required to be collected by any government agency.

Enterprise customers should closely review their telecom invoices to determine if the myriad of taxes and fees are accurately applied and consistent with their telecom contracts.

In the old days, tax policy was used to influence behavior. So if society didn’t want people to drink, smoke or drive their cars, high taxes were imposed on alcohol, cigarettes and gasoline. So, when did it become a sin to make a phone call?

Posted
By

Outsourcing attorneys spend many hours negotiating complex terms and conditions governing the delivery of IT outsourcing (ITO) and business process outsourcing (BPO) services. As good outsourcing counsel, we spend a lot of time imagining ugly scenarios and allocating the associated risks and liabilities. Often as not, the result is an outsourcing contract that looks more like a phone book than anything you would use to guide the development and management of an outsourcing relationship.

It’s no wonder business people want to lock these contracts in the bottom drawer.

Industry-standard contracts have ballooned to hundreds of pages and yet, despite over two decades of maturation, the outsourcing industry continues to produce more than its fair share of disappointments: failed implementations, misaligned service delivery models, spotty operational performance, billing disputes, cost blowouts.

With all the scenario modeling and risk analysis that goes into creating doorstop contracts, why don’t they deliver better results? Are negotiations focusing on the wrong stuff?

A recent international survey of sourcing professionals suggests that this is so. In its Top Terms in Negotiation report, the International Association of Contracting and Commercial Management (IACCM) offered some blunt observations about the contracting process and its weaknesses:

“As a result of late involvement or fragmented negotiations, the contracts and legal experts focus on ‘protection’; business people see this as negative behavior, and therefore seek to delay or minimize their involvement. Indeed, this negativity flows through to the contracting process in its entirety, so we lose the ability to properly define projects and to frame them with an appropriate definition of oversight and management structure.”

And later this:

“We enter contracts because we believe that there is mutual benefit to be achieved. A focus on the consequences of failure undermines the probability of success. In part, it damages trust and collaboration but more importantly, it results in key areas of the contract content being overlooked or paid inadequate attention – specifically, clarity over scope and goals and over the on-going governance and management procedures for the relationship.”

These observations ring true in the outsourcing world. Too often, buyers encrust an already-complicated relationship with additional complexity. If this complexity were benign we could ignore it. It isn’t. In a world of limited resources, time spent negotiating risk allocations down to the gnat’s eyelash means time not spent exploring and addressing operational and strategic issues that are far more likely to bite.

We have spent much of this decade working to simplify outsourcing transactions while focusing the parties on the relationship issues that are fundamental to success. Guiding us in that journey is a careful attention to the things our clients tell us are important:

  • Seeing an outsourcing project as part of a delivery strategy and not an isolated transaction.
  • Completing projects faster, recognizing that the outsourcing life cycle has shortened and that restructurings and renegotiations are now more routine.
  • Getting to a fair price quickly – without relying solely on a competitive bidding process to drive price negotiations.
  • Avoiding scope confusion by moving the parties’ understanding of their roles from fuzzy to crisp in short order.
  • Maintaining flexibility to respond to changes in business conditions and priorities.
  • Managing risk in a more pragmatic way – without boiling the ocean.

The IACCM report suggests that the industry still has a way to go.

Posted
By

Background on Economic Pricing Adjustments

Outsourcing contracts often include mechanisms to adjust prices for inflation. Among the factors of production, the cost of labor is the most critical and is often subject to these adjustments.

To account for rising production costs in a particular market,** service providers will typically ask for an annual price increase that is pegged to a standard cost of living benchmark, such as a public consumer price index (CPI). Some onshoring and offshoring examples:

  • For services performed in the United States, the parties may have chosen for prices to be adjusted in accordance with the Consumer Price Index for All Urban Consumers, U.S. City Average (1982-84 = 100) published by the Bureau of Labor Statistics of the United States Department of Labor.
  • For services performed in the Philippines, the parties may chosen for prices to be adjusted in accordance with National Capital Region Index.
  • For services performed in India, the parties may have chosen for prices to be adjusted in accordance with the India Wholesale Price Index.

Another key aspect of a proper pricing adjustment calculation is the appropriate “sensitivity factor” negotiated between the contracting parties. The sensitivity factor results in a more accurate measurement since it seeks to carve out non-cost of living sensitive components reflected in the pricing methodology. In other words, the sensitivity factor may exclude amortizing start-up costs or fixed costs such as facilities. I will reserve discussions on how to properly consider sensitivity factors for another day, but remember that it is a key component of properly managing rising costs in the outsourcing relationship.

Which Index?
Which inflation index should you use? The debate often focuses on one or both of a sector-specific employment cost index and a broadly defined consumer price index such as the US CPI published by the US Department of Labor. The US CPI is accurate, and it is arguably the most transparent index since the Department of Labor publishes scores of historical data along with tools to help read and interpret the data.

Most importantly, from the customer’s perspective, inflation in the United States has been historically modest – for the last two decades, U.S. inflation has generally hovered between 2% and 4% (the recent recession notwithstanding). The US CPI typically lacks wild swings and is marked by small increases, which gives an outsourcing customer certainty and stability in analyzing its long term base case. This is in contrast to the U.S. Employment Cost Index (ECI), which service providers will sometimes ask for in labor-only transactions. The ECI is a quarterly report of compensation costs that accounts for changes in wages, bonuses, and benefits. The ECI, however, fluctuates more widely and is more uncertain than US CPI; therefore, customers ought to insist on pegging any pricing adjustments to the US CPI.

Sometimes, however, circumstances dictate that contracting parties may agree to the CPI of a different country. For example, if a service provider not only provides, but also delivers all of its services in India, then a service provider may have a valid argument for pegging its pricing to an Indian CPI (or whichever country has services being delivered). Unquestionably, however, customers should do their research before agreeing to use such an index since India has a history of high inflation, and continued inflation in this market could result in vast price increases during the term of a customer’s outsourcing contract. One mechanism to avoid such increases and more effectively manage the risk profile is by placing a cap on the pricing adjustments due to foreign country inflation (e.g., a 3% cap would be considered reasonable).

Out with the Old: India WPI & India CPI-UNME
Until recently, contracting parties employing an Indian index have had two choices: the Consumer Price Index – Urban Non-Manual Employees (CPI-UNME) and the Wholesale Price Index (WPI). The WPI is India’s oldest economic indicator and is published by the Office of the Economic Adviser to the Government of India. The WPI was restructured as recently as 2009 by replacing its prior 1993-1994 base year with a 2004-2005 base year among other changes. The WPI reflects the price of a wholesale basket of goods, which is currently made up of 676 items that include tires, toothbrushes, ice-cream, mineral water, flowers, microwave ovens, washing machines, gold and silver. Since the WPI only measures the price of commodities, however, this index poorly reflects the reality of pricing in the services sector, which now makes up 60% of the Indian economy.

When taking into account services, a more accurate index has been the CPI-UNME, which was instead published by the Government of India Ministry of Statistics & Programme Implementation, Central Statistical Organization (MOSPI). This index not only depicted the changes in the level of average retail prices of goods, but it also included services consumed by the urban segment of the population. Urban families who derived a large portion of income from non-manual occupations in the non-agricultural sector were the target group of this index. But because of its outdated base year (1984-1985) and its limited scope, MOSPI decided in 2008 to discontinue publishing the CPI-UNME once it was able to collect sufficient data for a new, broader index.

In with the New: New India CPI
In January 2011, MOSPI implemented the new index as planned, which is being referred to as the “new” CPI. As the Wall Street Journal reported last year, “[t]he move is part of a wider effort by the [Indian] government to address inefficient and archaic data-collection processes and outdated inputs that have hampered obtaining timely and accurate readings of price trends essential to central bankers, government officials and financial market participants.” So far, figures have been published each month over the past year, but the first annual figures will soon be published this month.

Some of the changes to the new index include:

  • The new CPI has a base year of 2010, but word has it that the base year will be shifted to 2011-2012 once the data for this period has been compiled. The old CPI-UNME had a base year of 1984-1985.
  • Unlike the CPI-UNME, which focused solely on the urban population, the new CPI provides statistics for urban, rural, and “combined” populations. By including rural and a “combined” populations, economists expect the new index to better account for India’s diverse economy, where consumption can vary widely across India’s many regions.
  • The new CPI measures more data. The old CPI-UNME listed one index for each of the five pricing categories (food, fuel, clothing, housing, and miscellaneous). The new CPI, however, includes more data within each of the five categories. For example, the “miscellaneous” category now includes subcategories of: education, medical care, recreation, transportation, personal care, and household requisites. In addition, the new CPI provides an index for each of the 35 Indian territories/states as well as a general “All India” index. This breakdown allows for greater precision and transparency in measuring price changes in the Indian economy.

Recommendations
India’s goal is to turn the new index into its gold standard CPI measurement. Customers who have current outsourcing agreements in which economic pricing adjustments are tied to either the WPI or the CPI-UNME should take heed – those out of date metrics will soon be (if not already) discontinued. Therefore, customers should review their existing contracts with Indian service providers to determine whether the new CPI changes will require changes to the contracts.

Remember that the base year for the new CPI is currently 2010 (and soon to be 2011-2012); therefore, there is little “look back” in order to assess historical patterns in the new CPI. At least until the new CPI has more historical data, customers may be better served by a more established index.

Finally, customers should pay attention to not only the trends in the inflation indices, but also the service provider’s historical prices. Despite soaring inflation in India, most service providers’ rates have remained flat since they have internal mechanisms to control costs while sustaining their profit margins. For example, service providers will control the labor pool by hiring junior (and lower paid) employees and remove senior (and more highly paid) employees from a customer’s account in order to keep labor costs low. Furthermore, other production costs have decreased markedly over the past decade (e.g., telecom costs), which has helped service providers manage their costs despite rapid inflation. Therefore, if an Indian service provider attempts to tie its prices to the new CPI, but its historical rates for services have remained flat, then using the inflation index might be unwarranted.

**Of course, depending on how these clauses are negotiated, such price adjustments may not always result in a price increase. Pegging charges to the CPI in a particular country could also result in a price reduction if that country experiences deflation; however, such clauses that allow for deflation are rare.

Posted
By

In the waning days of 2011, a measure was introduced in Congress directed at U.S. companies utilizing overseas call centers that may not have attracted much attention. However, given the current economic environment, industry press and at least one foreign government have taken note of the bill.

On December 7, 2011, a bipartisan group of Representatives introduced the United States Call Center Worker and Consumer Protection Act (H.R. 3596) (the “Bill”). The Bill specifically targets U.S. companies relocating call center operations overseas by (1) requiring them to disclose such action to the Secretary of Labor nearly six months prior to the relocation, and (2) making such companies ineligible for Federal grants or loans for a period of five years. Additionally, the Bill mandates that overseas agents fielding customer inquiries for U.S. businesses (regardless of whether the call center arrangement is new or already in existence) to disclose their physical location at the beginning of a communication.

While the Bill appears to be aimed at large customer call centers that field consumer complaints or inquiries, the Bill’s language could apply to instances where internal service help desks (i.e., non-customer facing) are moved overseas. It is not clear from the Bill’s language if these operations are intended to fall within the scope of the Bill but the language as currently drafted does not entirely foreclose the possibility.
Industry groups have noted that the measure seems to have little chance of passing in its current form, but the spirit of the Bill and measures proposed raise important considerations for U.S. companies actively moving call center operations overseas. In particular, companies would have to carefully factor the proposed 120 day advance notice period into any new arrangement to avoid potentially hefty fines (up to $10,000 per day for each violation). Additionally, decisions about the volume of services transitioned may become more relevant since even a partial transition of call center services (30% or more of a center’s total volume) could trigger penalties.

U.S. companies with existing overseas operations or agreements with outsourcers may also be impacted by the requirement in the Bill that overseas operators identify their physical location at the start of any communication (defined to include not only phones calls but also email and online instant messages). The Bill requires certification of compliance with this requirement on an annual basis and leaves open the possibility of fines for non-compliance. Furthermore, upon request, businesses must have the ability to transfer a customer back to an agent physically located in the U.S. This means that businesses or their service providers would be required to maintain a parallel domestic operation capable of managing a volume of calls.

In the current economic climate, measures such as this Bill are viewed as patriotic and often appease constituents notwithstanding the commercial impact on U.S. businesses. Whether or not this Bill can withstand the legislative process remains to be seen. Nonetheless, this will be an interesting piece of legislation for the outsourcing industry to watch as it is marked up and debated in Congress during the upcoming election year.

Posted
By

Making the decision to terminate an outsourcing agreement is often very difficult and is usually only pursued if enforcing existing rights is not sufficient to address a customer’s major concerns or renegotiating the agreement can’t achieve the desired outcome.

If a customer begins to think about terminating an agreement, it is useful for customers at that juncture to undertake a complete review of the agreement in relation to termination options and consequences to help inform the decision. What should such a review entail?

Can you terminate? And what are you terminating?
First, be sure as to what the “agreement” entails. Review all amendments and change notices, and consider whether the parties have varied the agreement through their conduct. Are there any other contracts between the parties which will be affected by a termination, or even terminated automatically as a result?

Second, what termination rights do you have? Outsourcing agreements will usually include rights for a customer to terminate for material breach, for convenience, upon certain events occurring (such as the supplier’s insolvency or change of control), and for certain specified breaches (such as confidentiality and IP breaches). There may also be rights as to partial termination (e.g. by geographies or service tower).

If you are looking to terminate for material breach, is the breach remediable? If so, review the agreement as to the cure period and the process the parties must follow regarding notice of the breach and remediation. How long has it been since the breach occurred? Could the supplier argue that you have waived your right to rely on the breach or acquiesced in the conduct?

In assessing your right to terminate, keep in mind the consequences of getting this wrong. Purporting to terminate an agreement without a valid right to do so may amount to a repudiation of the agreement. This may entitle your supplier to elect whether to accept your repudiation (and sue you for damages for wrongful termination) or affirm the agreement and insist on continued performance.

If your supplier is a foreign counterparty, check whether there are any local mandatory laws which may affect or even override your rights.

The cost of termination?
Prepare your business case as to the cost of termination. Different costs may be triggered depending on the basis of termination. Your business case should also include the cost of engaging with an alternative provider, such as those associated with conducting an RFP process, through to contracting with the supplier, and thereafter the costs of transition and transformation. Here are a few business case components to get you started.

Termination or Express Fees. Are there any fees associated with the termination? These will usually arise with a termination for convenience (often on a sliding scale), but certain breakage or stranded costs may also arise for other types of termination.

Liabilities, Indemnities and Other Cost-Underwriting Clauses. Will any of these bite in the situation you find yourself in? Are you liable to the supplier in any way (considering the accrued rights and obligations of the parties will survive termination)?

Intellectual Property. Upon termination, will you need to make use of software, data or other information owned by the supplier (such as the supplier’s pre-existing IP or IP created independently)? And if so, does the agreement include a right to use these after the termination of the agreement? If not, you will need to either adapt your systems, data and materials to ensure you no longer depend on the supplier’s IP (at your cost), or purchase a licence from the supplier for continued access to the supplier’s IP (which assumes a licence is on offer from the supplier).

Asset Transfer. Are you obliged to purchase, or will you require, any assets upon termination? These may not necessarily be purchased from the supplier under your current arrangement, but may have to be factored into the transition costs with an alternative provider.

Third Party Contracts. To what extent are there any costs with the termination of any subcontracts or third party contracts? Or perhaps the cost of assignment of those contracts to you or your new provider?

People Costs. Your agreement or even local laws may govern the transfer of staff on termination and exit. In the UK the Transfer of Undertakings (Protection of Employment) Regulations 2006 will govern a service provision change. A transfer of UK-based supplier staff engaged in the provision of the services may take place to the customer or an incoming supplier on their current terms of employment. Check whether you have agreed the apportionment of liability and appropriate indemnities in respect of employment issues and related claims in the agreement. And if supplier employees do not transfer to you or the incoming provider by way of law, are there any employees you would like to employ directly? And can you do so without infringing any non-solicitation clauses in the agreement?

What you end up with after termination?
Do you have sufficient information for you to understand how the services are provided and what is required to provide them, including:
• People • Equipment used to provide the services • Software • Data • Third party service providers
• Process and procedures manuals
• Any other intellectual property • Service delivery locations
For each of these issues mentioned above, do you know what you will own or have access to after the termination, and what the supplier will own or retain?

What is the timing for exit and transition? How can you minimise disruptions at critical times for your business (such as year end or other busy periods)? If you are engaging a new supplier, how long will it take you to find the new supplier and for them to be in a position ready to provide services?

What information regarding the incumbent provider and the services are you contractually able to provide to the new supplier?

What is the supplier obliged to assist with in terms of exit planning, migration of services and ongoing service provision? If the transition is not going according to plan, is your provider obliged to extend the period during which it provides termination assistance? And if so, upon what notice period? Alternatively, can you terminate the supplier’s assistance early?

Review the exit plan and the termination assistance provisions of your agreement. If there is anything that needs to be updated, make sure this is done.

Be clear as to the supplier’s obligations to maintain service levels and avoid disruption to the services. Conversely, do you wish to implement any changes to the services or service delivery to assist with migration? For example you may wish to stop all non-critical changes (e.g. software changes, hardware updates or personnel changes), taking into account who bears the costs of such changes and whether there is additional disruption to services.

Issuing notice of termination
Comply with any procedural requirements specified in the agreement for serving notice of termination, including notice periods, form of notice, and means of service. Keep records to demonstrate compliance if required later.

Be clear as to what you are terminating, especially if you are seeking to only terminate part of an agreement or protect certain contracts from the termination. Document your grounds for termination. Where you are terminating for breach, be sure to keep records of the impact of the breach on the business.

Consider if any intellectual property rights need to be asserted, and whether there are any other legal requirements which must be met for an assignment of IP.

And finally, a word of caution. If you are engaged in a dispute with your supplier, ensure that communications are controlled and documented so as to ensure that legal privilege is not waived and that any matter discussed as to termination and exit is without prejudice to any potential litigation.

Posted
By

We have previously discussed on this blog the increasing difficulty that offshore service providers are facing in obtaining U.S. visas for its employees that are non-U.S. citizens (see “The Buzz about Visas for Offshore Service Provider Personnel and the Link to On-Shore Hiring“). The rejection rate for H-1B visa applications has skyrocketed over the past two years, which has added to the administrative headaches that offshore service providers face when trying to bring their top talent to their U.S. client sites.

In the midst of this, Infosys has been battling allegations from internal whistleblowers that it has been abusing the visa application process in order to circumvent the administrative hurdles. Whistleblowers claim that Infosys has been applying for B-1 visas for its employees, which contemplate very short term visits (e.g., a visit for a conference) as opposed to the more difficult to obtain H-1B visa, which are required for long term projects and are subject to an annual cap on the number that the U.S. issues. In addition, the B-1 visa doesn’t include the prevailing wage and federal tax requirements that an H-1B visa requires. Infosys has denied abusing the visa system for its own benefits. However, Infosys was dealt a judicial blow recently when one of its employees, who alleged in a lawsuit that Infosys wrongly obtained B-1 visas in its work, won a federal court decision that set aside an arbitration clause and will allow him to bring his case to a jury. The employee, Jack “Jay” Palmer alleges that he was pressured by Infosys to systematically apply for B-1 visas when H-1B visas were required. The federal court held that the arbitration clause Palmer signed as part of his employee agreement is not binding, and Palmer may bring the case in front of a jury.

In response to the decision, computerworld.com stated that Infosys released a statement, which said that while the decision “is not the one we had hoped for, it is one that we have planned for. We take very seriously our obligations under the law and specifically our responsibilities to comply with the immigration laws and visa requirements in all the jurisdictions where we have clients. The fact is that there is not, nor was there ever, a policy to use the B-1 visa program to circumvent the H-1B program.” In addition to the civil suit, Palmer’s allegations have ignited the interest of the U.S. Department of Justice, which has begun a grand jury investigation into Infosys’s tax and immigration practices.

As for the broader implications of this issue, what should a consumer of IT services be concerned about? While Infosys’s visa application headaches appear on the surface as a purely internal issue to Infosys, if global delivery suppliers are unable to bring top talent to clients in the U.S., their service delivery capability may suffer. Even worse, it is possible that if the visa issue is particularly widespread that suppliers’ currently deployed employees may be in the U.S. illegally and suppliers may be forced to withdraw such personnel from their accounts. As customers, it would be wise to ensure that your services contract with your offshore services provider appropriately warrants that the service provider is obligated to obtain, and maintain, H-1B visas for personnel that are key to the delivery of the services. In addition, clients should scrutinize suppliers’ proposals for staffing on-shore activities with offshore personnel, consider the increased delivery risk that imposes and understand suppliers’ plans for managing this risk.