Posted
By

The topic of the day appears to be “big data,” meaning the aggregation, mining, and analysis of data. This data analytics helps determine customer profiles so that companies can tune their offerings and sell more of the right things to the right customers. As recently reported in the New York Times Magazine, Target, through the use of such analytics, was able to determine that a teen was pregnant by her purchases before her father knew she was pregnant. This allowed Target to adjust its coupon offers based on Target’s knowledge of buying practices of mothers-to-be. But, at what cost does this analytics come?

Caribou Honig, writing on Forbes.com, makes a case “In Defense of Small Data” that collecting, storing, and processing mounds of data is costly and provides no more–and perhaps less–useful data than analyzing only the limited data set that really matters. In addition, storing this volume of data has its own direct costs.

And this is only half of the story . . . There are also legal costs and risks to big data.

Continue reading
By
Posted In: Industry Trends
Posted
Updated:

Posted
By

According to a report in the Economic Times of India, the Indian government has demanded that the European Union designate her as a data secure country. The request came in the context of current bilateral free trade agreement negotiations. An Indian government official is reported saying “Recognition as a data secure country is vital for India to ensure meaningful access in cross border supply.” The official goes on the state that “we have made adequate changes in our domestic data protection laws to ensure high security of data that flows in.”

Seasoned India-watchers may disagree. Traditionally India has had no dedicated privacy or data protection laws, with various statutory aspects scattered under a number of enactments, such as India’s cyber law, The Information Technology Act 2000. In 2011, India finally enacted the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 to implement parts of the Information Technology (Amendment) Act 2008. The 2011 Rules cover a subset of personal data (referred to as sensitive personal data, but unhelpfully the meaning of this term differs from that used in the Data Projection Directive) and lay down security practices and procedures that must be followed by organisations dealing with such sensitive personal data.

The 2011 Rules were broad in scope and ambiguously drafted. The impact on the outsourcing sector was unclear and subsequent clarifications had to be rushed through by the Indian government. These clarifications helped somewhat but were still found wanting, with one commentator describing them as “half baked.”

Continue reading

Posted
By

Transition Services Agreements (TSAs) have become common (and more complex) in corporate divestitures, mergers, and spin-offs due to the increasing operational complexity of the environments impacted by these transactions. And if M&A activity increases as expected, despite a slow start in 2012, these agreements will continue to play an important (but often undervalued) role in the success of the transaction (especially after the closing dust settles).

Transition services typically are provided by the seller to the buyer (or by the former parent to the spun-off enterprise) to ensure business continuity and interim operational support for the impacted business during a “transitional” period after closing. Transition services may also be required from the buyer or divested enterprise where, for example, commingled tools, operations, software products, and know how need to be leveraged by the seller or former parent for some period of time. These “reverse” transition services are often overlooked.

In effect, transition services are a form of outsourcing where the processes that were previously handled internally are performed by the formerly affiliated enterprise during the transition period. Sounds simple, right? Isn’t it just maintaining the status quo for a short time?

Continue reading

Posted
By

Not too long ago a major supplier asked us what we are seeing in the cloud space. We thought the interchange might be of interest to readers of the blog — so here are some selected questions and our responses.

What impact have you seen or expect to see Cloud will have on the CIO Agenda?

We’ve seen:

Continue reading

Posted
By

Since the start of the 112th Congress, there has been a heightened focus on cybersecurity. Congress has not passed new cybersecurity related legislation since 2002 when the Federal Information Security Management Act was enacted. In 2011, the Obama Administration announced its cybersecurity proposal, and a number of bills are currently active in both the House and Senate that focus on different aspects of cybersecurity and the mechanisms to protect private infrastructure and networks against cyber threats. One of the major philosophical differences between the various bills is which government entity should be responsible for cybersecurity – the Department of Homeland Security (DHS) or the National Security Agency (NSA). The Administration’s proposal favors DHS over NSA.

The most widely supported proposal is the bipartisan Cybersecurity Act of 2012 sponsored by Sens. Joe Lieberman (I-Conn) and Susan Collins (R-Maine). The hallmark of this Bill is the requirement that companies notify DHS of intrusions into their networks and the creation of mandatory compliance with industry specific cybersecurity standards. Senator John McCain (R-AZ) has a competing bill in the Senate, the Secure IT Act (S.2151), that focuses on self-regulation by the private sector rather than imposing government standards.

In the House, there are three notable active bills: (i) The Secure IT Act (H.R. 4263) , (ii) the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act “PRECISE Act” (H.R. 3674), and (iii) the Cyber Intelligence Sharing and Protection Act of 2011(H.R. 3523). The House Secure IT Act was introduced on March 27, 2012, and mirrors Sen. McCain’s version of the bill. The two other bills set cybersecurity standards for critical private networks and focus on information sharing mechanisms between the government (notably the NSA) and internet service providers so that threatening traffic can be blocked before causing harm.

Continue reading

Posted
By

In 2009, the EU issued Directive 2009/136/EC of the European Parliament. The Directive concerns the ‘regulatory framework for electronic communications networks’ and includes what has come to be known as the “EU Cookie Rule”; the part concerning the use of cookies is just a small part of the whole Directive. Other articles of the Directive included accessibility for disabled users, provision of public telephones, and the universality of affordable internet connections at a reasonable connection speed.

All EU Member States were to have implemented new laws to comply with the Cookie Rule by May 26, 2011, but not all have. In the case of the UK, the Directive was implemented and the government immediately suspended enforcement for 12 months to provide organizations with time to comply. We’re now about 10 weeks from May 26, 2012, when websites selling goods or services to individuals in the UK must comply with the UK implementation of the Cookie Rule or face investigation by the Information Commissioner’s Office with the potential for fines of up to £500,000.

If you operate a website that provides goods or services to residents of the EU, and the UK in particular, before May 26, 2012, you should download and read the UK ICO’s Guidance on the New Cookies Regulations (the “Cookie Guidance”), which sets out the steps you need to take now to ensure you comply. In particular, you should (if you haven’t already):

Continue reading

Posted
By

After deciding recently that peeking cautiously at quarterly brokerage statements might not be the best investment strategy, I can now say that while I’ve been sleeping at the investing switch for the last couple of years, innovation has been working overtime.

Having scoffed for a while at what “good paying green jobs” might have meant, it didn’t take a lot of poking around in the battery, fuel cell, natural gas and chemical industries, to paint a more vivid and alluring picture. As an investor waking up from a long hibernation, I only wish this was a party where I had shown up unfashionably early.

Despite most of us having spent the last few years of the economic meltdown hunkered down, reducing our expenses and keeping a low profile, there have been some brave souls that have been hard at work reinventing how the world might work in this century.

Continue reading
By
Posted In: Industry Trends
Posted
Updated:

Posted
By

Given how busy the privacy world has been recently, we thought we’d take this “extra day” to catch up on some of the bigger recent developments:

  • The White House unveiled its Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy (see the White House “Fact-Sheet” on the proposal here). The Framework contains five key elements: a “Consumer Privacy Bill of Rights” (CPBoR); a “stakeholder-driven” process to specify how the principles in the CPBoR apply in particular business contexts; stronger enforcement by the FTC and states Attorneys General; a commitment to increase interoperability between the US privacy framework and those of the international partners of the United States; and various proposals and recommendations for data privacy legislation, including a call for a national standard for security breach notification.
  • Google was accused of circumventing privacy protections in the Safari and Internet Explorer browsers, and the fallout continued from Google’s announcement of its new harmonized privacy policy in advance of its March 1 implementation.
Continue reading

Posted
By

The last outstanding requirement of the 2010 Massachusetts Data Protection Law relates to third-party service provider compliance and will take effect on March 1, 2012.

Section 17.03(2)(f)(2) of the Law mandates that entities holding Massachusetts’ residents’ personal information require their third-party service providers to contractually commit to implementing and maintaining security measures for personal information. The Law defines a service provider as

“any person that receives, stores, maintains, processes, or otherwise is permitted access to personal information through its provision of services directly to a person that is subject to [the Massachusetts] regulation.”

Continue reading

Posted
By and

Enterprises that undertake serial M&A or outsourcing activity can find themselves with a diverse workforce with differences in pay and other terms and conditions of employment applying to different categories of employees across the business. This can lead to inefficiencies such as the cost of administering different benefit plans as well as dissatisfaction amongst groups of employees who consider themselves to be, rightly or wrongly, worse off than their colleagues. For this reason, we are often asked to help with developing and implementing plans designed to harmonise terms and conditions of employment across a client’s business.

Each harmonisation plan must be carefully considered. In the UK an employer’s ability to make changes to an employee’s terms and conditions of employment has always been challenging, particularly where an employee transfers pursuant to the Transfer of Undertakings (Protection of Employment) Regulations (“TUPE Regulations”). (Similar laws apply across the European Community although there can be marked differences.) This can be frustrating for an employer trying to integrate the new transferred employees into its existing workforce – because managing employees on different terms can often lead to issues in the workplace – and employers also need to provide a pay and benefits system which is not unlawfully discriminatory.

The UK government purported to provide a solution to this problem when it revised the TUPE Regulations in 2006. The 2006 regulations allow changes to be made to an employee’s contract (albeit with the employee’s consent) if they are unconnected to the transfer. Alternatively, if the changes are connected to the transfer they are still permitted if they are for an economical, technical or organisational (“ETO”) reason entailing a change in the workforce. However, the reality is that the employer’s ability to make changes to terms and conditions of employment for the purpose of harmonisation is very limited. The desire to achieve harmonisation is usually connected to the transfer itself and the ETO defence will not apply unless the employer can point to a workforce reduction or change in the employee’s function.

Continue reading