Posted
By

As customers continue to embrace Software as a Service (SAAS) solutions that are hosted in the cloud, rather than traditional software solutions that are loaded onto and hosted on the customer’s own environment, they should closely review the contract that will govern their relationship with their SAAS provider. Frequently, we see SAAS contracts that are missing certain basic (and key) requirements that serve to protect SAAS customers.

In the first of a two-part series, we offer the following critical contract protections that SAAS customers should keep in mind, before signing any SAAS agreement. Alternatively, if a customer already has a SAAS agreement that omits any of the following terms, the customer should explore amending its current agreement to include these protections, during its next contract renegotiation.

Implementation Schedule If a SAAS solution is being put into service for the first time for a customer, the customer should make sure that the contract lists the expected schedule for the implementation, including the milestones that must be met and hard dates (not wishy-washy “we hope to get it done” or “we will use reasonable efforts to try and get it done” by a certain date) by which the milestones must be met. If the milestones are not attached to hard dates, then arguably, an implementation that is over one year behind schedule may be “late” in terms of what everyone expected, but it may not be late in terms of the specific guarantees in the contract.

Continue reading

Posted
By

On 1 January 2013, over 4 years after the idea was first discussed, new Binding Corporate Rules (BCRs) for data processors were launched following a meeting of European data protection authorities.

BCRs are internal codes of conduct which companies within a group can “sign up to” regarding data privacy and security to ensure that transfers of personal data outside of Europe will meet European rules on data protection. Whilst BCRs have been an option for data controllers to ensure compliant transfers from Europe for some time, the introduction of BCRs for processors have been welcomed with open arms by both data controllers and data processors alike.

As a result of this change, processors, such as IT outsourcing providers, cloud providers and data centre providers, who implement BCRs will be able to receive data in Europe from their controller clients and then transfer that data within their group, outside of Europe, whilst complying with European privacy rules. For processors who choose BCRs to ensure compliance, this development could significantly reduce managerial time (and paper) spent negotiating often complicated, data protection safeguards for each and every data processing activity they carry out, whilst also doing away with the supervision associated with such contracts once they are up and running. At the same time, this development offers controllers’ clients comfort in the sense that controllers will be able to more simply demonstrate that their processing activities comply with European laws by pointing to an approved set of BCRs.

Continue reading

Posted
By

Tim Wright and Craig Wolff, partners in Pillsbury’s Global Sourcing practice and Jack Barufka, partner in the IP practice, explain Legal Process Outsourcing.

Whatever your viewpoint, there’s no denying that Legal Process Outsourcing (LPO) is undergoing a boom, with regular reports in the legal press of its use by law firms and corporate clients alike. Companies, as well as law firms themselves are now looking to outsource legal processes for many of the same reasons that saw them already outsource an increasingly wide array of other corporate functions previously performed in-house – to achieve compelling cost reductions and faster turnaround times, to free up scarce in-house resources to focus on more strategic and higher value activities, and to refocus the company’s energies on its core business activities.

As a result of this phenomenon, a rapidly growing cadre of LPO service providers has sprung up in countries that are able to offer the right mix of a suitably educated workforce with good English language skills, modern telecommunications capabilities, a substantially lower wage structure than Western industrialised countries, and a reasonably well developed legal system which is typically based on English law. Favoured LPO destinations currently include India, the Philippines, Sri Lanka, South Africa, Singapore and Canada.

Continue reading

Posted
By

The end of 2012 saw a flurry of activity in the area of privacy enforcement. In July, Kamala Harris, the Attorney General of California, announced the formation of California’s own state agency, Attorney General Kamala D. Harris Announces Privacy Enforcement and Protection Unit to investigate and enforce the state’s robust privacy laws. By the end of the year, Harris made it clear that she did not intend this new unit to sit on the sidelines. On December 6th, Harris filed a groundbreaking civil suit against Delta Air Lines alleging a violation of the California Online Privacy Protection Act for the company’s failure to include a privacy policy on its “Fly Delta” mobile app. The State of California is seeking up to $2,500 in penalties from Delta for each violation of the California law.

California is not the only government entity that is ramping up its privacy enforcement efforts. The Federal Trade Commission has signaled that it plans to get in on the action as well. On August 9th, the FTC announced a record $22.5 million civil penalty to be paid by Google in order to settle charges that the company made misrepresentations with respect to how it planned to track users’ online activity.

On December 10th, the FTC published a report following up on a year-long investigation in which it found only 20% of mobile apps targeting children properly disclosed how the apps collected and shared personal data. The FTC announced it would be launching multiple investigations to determine whether certain companies have violated the Children’s Online Privacy Protection Act (COPPA), which requires operators of online services (including mobile apps) directed to children under the age of 13 to provide notice and obtain parental consent before collecting personal information from children. The FTC’s record settlement with Google suggests that these investigations could yield serious penalties.

Continue reading

Posted
By

In a look forward, Aaron Oser was recently quoted in Stephanie Overby’s other recent CIO.com article, “9 IT Outsourcing Trends to Watch in 2013.”  One of the trends he suggests to look out for in 2013 is troubled transitions and their potential for disputes. He says, “Customers and suppliers will continue to close deals without fleshing out transition and transformation details and plans. Failed or delayed transitions and transformations will [become the] number one area of disputes between customers and suppliers.”

Check out Aaron’s other comments on what to look out for next year and the full article in CIO.com here.

Posted
By

The FSA has written a ‘Dear CEO Letter’ expressing concern that the asset management industry may not have “effective recovery and resolution plans” in place should an outsourcing provider face financial distress or severe operational disruption which could lead to client detriment. The full text of the 11 December 2012 letter appears here.

The FSA states that firms’ Boards must consider the implications of outsourcing to a third party supplier and the regulatory requirements that apply. The FSA calls on firms to exercise “due skill and care and diligence” whenever they enter into, manage or terminate any outsourcing arrangement.

The FSA’s letter highlights its growing concern about the risks associated with asset management firms which outsource operational activities to third party providers. The FSA has been looking at firms’ contingency plans and has concerns about a number of them. These concerns include asset managers relying on the fact that an outsourcing firm is part of a financial institution that is deemed too big to fail. The FSA says that this approach is imprudent, as the FSA might actually allow such institutions to fail.

Continue reading

Posted
By

The timelines of most strategic IT or sourcing projects are punctuated with key moments that can make or break the deal. These include defining the customer’s strategic objectives, determining which suppliers will be asked to compete (assuming it’s not a sole source deal) and, of course, executing the contract. Another critical juncture is downselection. This is when the customer eliminates competition by choosing a “winning” supplier and focusing on getting a contract signed.

Customers should manage the downselection process thoughtfully. Here are some factors to think about:

1. Timing.

Continue reading

Posted
By

“Everywhere you look, the quantity of information in the world is soaring.”

ICD has predicted that, by 2012, mankind will have created 2.7 zettabytes of data! The numbers are mind boggling – a zettabyte is a 1 billion terabytes. With all of that data comes the Next Big Thing – namely, Big Data.

What is Big Data?

Continue reading

Posted
By and

Want to learn more about the insourcing trend and pointers for the proper process to follow for those tempted by that trend? Please check out our article in Computers & Law Online here.

Posted
By , , , , and

As the Thanksgiving holiday approaches, we are all juggling a whole host of “to-dos”, such as working out family travel logistics, making sure the turkey is thawing, and shopping for all of the “fixins”. Many of us are also starting to contemplate our impending consumption of too much turkey, stuffing and pie. Yes, we know everyone tries to be strong and resist temptation, but we generally just give in. Fortunately, we can all take solace in the fact that calories consumed during a holiday don’t count as much as non-holiday calories – well, at least that is the wise advice I got from my Aunt Simone (which, by definition, makes it a “fact”).

Thanksgiving is also a time when you can sit back and think about those things you are thankful for. In this blog, we decided to reach out to our Pillsbury Global Sourcing group to find out what outsourcing industry trends they were thankful for. Here are a few responses mixing outsourcing trends with Thanksgiving themes – enjoy:

1. We are finally addressing the “messy middle”. You might be misinterpreting this item to be the state of your stomach following dinner. Actually, this refers to IT service integration that is required to align service delivery among multiple players typically found in an IT environment. We refer to the service integration layer as the “middle”, because it usually sits between leadership and service delivery execution. We also refer to it as “messy” because most IT operations are at very low maturity levels in optimizing their service integration capabilities. Implementing a successful service integration framework can be difficult, time consuming and challenging. That said, we are thankful that many of our clients recognize harmonizing the activities of internal IT and multiple of third party providers is critical if they want to be in a position to mitigate operational risk, promptly address incidents and maximize efficiencies in their environment.

Continue reading