Posted
By

The UK government has issued a consultation on proposed changes to the Transfer of Undertakings (Protection of Employment) Regulations 2006 (SI 2006/246) (TUPE).

TUPE is the UK’s implementation of the Acquired Rights Directive (2001/23/EC) (ARD) and, broadly speaking, protects employees when the business or undertaking for which they work transfers to a new employer. Critics of TUPE (which revoked the 1981 TUPE regulations) have raised concerns that it ‘gold plates’ the ARD (i.e. it does more than is strictly required by the Directive) and is too bureaucratic. They also cite a number of practical difficulties. In November 2011, the UK government responded by publishing a Call for evidence on the effectiveness of TUPE, subsequently concluding that the gold plating aspects of TUPE should be removed and the operation of the regulation be made more practical.

What does this mean for outsourcing and other long-term service arrangements? The most significant change being proposed is the repeal of the regulations relating to “service provision changes.” The “service provision changes” provisions were introduced in 2006 in an attempt to avoid uncertainty as to when TUPE applied. The 2006 Regulation expressly states that TUPE applies at the end of a services relationship in the same way that it already applied under the earlier TUPE regulation to a “relevant transfer” at the outset. Thus, in certain circumstances (which have had to be clarified recently by a number of employment tribunal and decisions and appeals), an automatic transfer of the staff working on delivering outsourced services would take place under TUPE at the end of an outsourcing deal, regardless of whether the work is taken on by another third party as a successor to the original supplier or is brought back in-house by the customer.

Continue reading

Posted
By

We have written before on this blog about the visa issues that offshore service providers face when bringing talented resourced to the U.S. from other countries. Since there are a finite number of H1-B visas that can be issued each year, some service providers have sidestepped the limit by obtaining B-1 visas, which contemplate a more short term engagement than most outsourcing contracts envision.

In response to a host of immigration issues, the Senate has recently introduced a bill that would not only increase the number of H1-B visas that can be issued each year, but would also include an automatic increase to a maximum of 300,000 visas annually if there is sufficient demand. Currently, the United States has an H-1B visa cap of 65,000, and the proposed legislation would increase the cap to 115,000, with the potential to rise to 300,000.

The proposed legislation would certainly ease the visa restrictions on offshore service providers that are seeking to bring top talent to the United States. A recent report in the Economist has noted that there is an increasing trend in customers bringing offshored services closer to home in the United States, and this proposed legislation would make it easier for offshore suppliers to staff in the U.S. using foreign workers. In particular, the Economist noted that Infosys has opened new offices in the U.S. in order to accommodate its customer’s requirements for on-shore offices. With the trend of customers moving IT services back closer to home, the relaxed visa restrictions will put offshore service providers in a better position to win business with their top talent located in the U.S.

Continue reading

Posted
By

It pays to closely read the payment terms in your software license. Or rather, it costs if you don’t read them closely enough.

I was reviewing a software license for a client recently and came across this term:

“We may increase the license fee in a renewal term by giving you notice at least 60 days prior to the commencement of that term by an amount considered by us to be reasonable if we determine that the existing license fee does not give us an appropriate return when compared to returns from other of our customers, but in no event will any such increase be greater than 10% of the renewal License Fee.”

Continue reading

Posted
By

As customers continue to embrace Software as a Service (SAAS) solutions that are hosted in the cloud, rather than traditional software solutions that are loaded onto and hosted on the customer’s own environment, they should closely review the contract that will govern their relationship with their SAAS provider. Frequently, we see SAAS contracts that are missing certain basic (and key) requirements that serve to protect SAAS customers.

In Part 2 of our two-part series, we continue our list from Part 1 of the critical contract protections that SAAS customers should keep in mind, before signing any SAAS agreement. Alternatively, if a customer already has a SAAS agreement that omits any of the following terms, the customer should explore amending its current agreement to include these protections, during its next contract renegotiation.

Who May Use the SAAS Solution? SAAS customers should think about who they need to access and/or use the SAAS solution. SAAS agreements frequently place limits on those who are allowed to access the solution. Make sure that the contract allows access and/or use by all of the necessary categories of users. Will the persons accessing the solution only be employees of the customer? What about employees of a customer’s affiliates? What about a customer’s customers – are there any VIP, downstream customers who need access rights? And what about agents, subcontractors and independent contractors, whether they work for the customer itself, an affiliate, or a customer’s customer? (More about the last category directly below).

Continue reading

Posted
By

As customers continue to embrace Software as a Service (SAAS) solutions that are hosted in the cloud, rather than traditional software solutions that are loaded onto and hosted on the customer’s own environment, they should closely review the contract that will govern their relationship with their SAAS provider. Frequently, we see SAAS contracts that are missing certain basic (and key) requirements that serve to protect SAAS customers.

In the first of a two-part series, we offer the following critical contract protections that SAAS customers should keep in mind, before signing any SAAS agreement. Alternatively, if a customer already has a SAAS agreement that omits any of the following terms, the customer should explore amending its current agreement to include these protections, during its next contract renegotiation.

Implementation Schedule If a SAAS solution is being put into service for the first time for a customer, the customer should make sure that the contract lists the expected schedule for the implementation, including the milestones that must be met and hard dates (not wishy-washy “we hope to get it done” or “we will use reasonable efforts to try and get it done” by a certain date) by which the milestones must be met. If the milestones are not attached to hard dates, then arguably, an implementation that is over one year behind schedule may be “late” in terms of what everyone expected, but it may not be late in terms of the specific guarantees in the contract.

Continue reading

Posted
By

On 1 January 2013, over 4 years after the idea was first discussed, new Binding Corporate Rules (BCRs) for data processors were launched following a meeting of European data protection authorities.

BCRs are internal codes of conduct which companies within a group can “sign up to” regarding data privacy and security to ensure that transfers of personal data outside of Europe will meet European rules on data protection. Whilst BCRs have been an option for data controllers to ensure compliant transfers from Europe for some time, the introduction of BCRs for processors have been welcomed with open arms by both data controllers and data processors alike.

As a result of this change, processors, such as IT outsourcing providers, cloud providers and data centre providers, who implement BCRs will be able to receive data in Europe from their controller clients and then transfer that data within their group, outside of Europe, whilst complying with European privacy rules. For processors who choose BCRs to ensure compliance, this development could significantly reduce managerial time (and paper) spent negotiating often complicated, data protection safeguards for each and every data processing activity they carry out, whilst also doing away with the supervision associated with such contracts once they are up and running. At the same time, this development offers controllers’ clients comfort in the sense that controllers will be able to more simply demonstrate that their processing activities comply with European laws by pointing to an approved set of BCRs.

Continue reading

Posted
By

Tim Wright and Craig Wolff, partners in Pillsbury’s Global Sourcing practice and Jack Barufka, partner in the IP practice, explain Legal Process Outsourcing.

Whatever your viewpoint, there’s no denying that Legal Process Outsourcing (LPO) is undergoing a boom, with regular reports in the legal press of its use by law firms and corporate clients alike. Companies, as well as law firms themselves are now looking to outsource legal processes for many of the same reasons that saw them already outsource an increasingly wide array of other corporate functions previously performed in-house – to achieve compelling cost reductions and faster turnaround times, to free up scarce in-house resources to focus on more strategic and higher value activities, and to refocus the company’s energies on its core business activities.

As a result of this phenomenon, a rapidly growing cadre of LPO service providers has sprung up in countries that are able to offer the right mix of a suitably educated workforce with good English language skills, modern telecommunications capabilities, a substantially lower wage structure than Western industrialised countries, and a reasonably well developed legal system which is typically based on English law. Favoured LPO destinations currently include India, the Philippines, Sri Lanka, South Africa, Singapore and Canada.

Continue reading

Posted
By

The end of 2012 saw a flurry of activity in the area of privacy enforcement. In July, Kamala Harris, the Attorney General of California, announced the formation of California’s own state agency, Attorney General Kamala D. Harris Announces Privacy Enforcement and Protection Unit to investigate and enforce the state’s robust privacy laws. By the end of the year, Harris made it clear that she did not intend this new unit to sit on the sidelines. On December 6th, Harris filed a groundbreaking civil suit against Delta Air Lines alleging a violation of the California Online Privacy Protection Act for the company’s failure to include a privacy policy on its “Fly Delta” mobile app. The State of California is seeking up to $2,500 in penalties from Delta for each violation of the California law.

California is not the only government entity that is ramping up its privacy enforcement efforts. The Federal Trade Commission has signaled that it plans to get in on the action as well. On August 9th, the FTC announced a record $22.5 million civil penalty to be paid by Google in order to settle charges that the company made misrepresentations with respect to how it planned to track users’ online activity.

On December 10th, the FTC published a report following up on a year-long investigation in which it found only 20% of mobile apps targeting children properly disclosed how the apps collected and shared personal data. The FTC announced it would be launching multiple investigations to determine whether certain companies have violated the Children’s Online Privacy Protection Act (COPPA), which requires operators of online services (including mobile apps) directed to children under the age of 13 to provide notice and obtain parental consent before collecting personal information from children. The FTC’s record settlement with Google suggests that these investigations could yield serious penalties.

Continue reading

Posted
By

In a look forward, Aaron Oser was recently quoted in Stephanie Overby’s other recent CIO.com article, “9 IT Outsourcing Trends to Watch in 2013.”  One of the trends he suggests to look out for in 2013 is troubled transitions and their potential for disputes. He says, “Customers and suppliers will continue to close deals without fleshing out transition and transformation details and plans. Failed or delayed transitions and transformations will [become the] number one area of disputes between customers and suppliers.”

Check out Aaron’s other comments on what to look out for next year and the full article in CIO.com here.

Posted
By

The FSA has written a ‘Dear CEO Letter’ expressing concern that the asset management industry may not have “effective recovery and resolution plans” in place should an outsourcing provider face financial distress or severe operational disruption which could lead to client detriment. The full text of the 11 December 2012 letter appears here.

The FSA states that firms’ Boards must consider the implications of outsourcing to a third party supplier and the regulatory requirements that apply. The FSA calls on firms to exercise “due skill and care and diligence” whenever they enter into, manage or terminate any outsourcing arrangement.

The FSA’s letter highlights its growing concern about the risks associated with asset management firms which outsource operational activities to third party providers. The FSA has been looking at firms’ contingency plans and has concerns about a number of them. These concerns include asset managers relying on the fact that an outsourcing firm is part of a financial institution that is deemed too big to fail. The FSA says that this approach is imprudent, as the FSA might actually allow such institutions to fail.

Continue reading