Posted
By

In the waning days of 2011, a measure was introduced in Congress directed at U.S. companies utilizing overseas call centers that may not have attracted much attention. However, given the current economic environment, industry press and at least one foreign government have taken note of the bill.

On December 7, 2011, a bipartisan group of Representatives introduced the United States Call Center Worker and Consumer Protection Act (H.R. 3596) (the “Bill”). The Bill specifically targets U.S. companies relocating call center operations overseas by (1) requiring them to disclose such action to the Secretary of Labor nearly six months prior to the relocation, and (2) making such companies ineligible for Federal grants or loans for a period of five years. Additionally, the Bill mandates that overseas agents fielding customer inquiries for U.S. businesses (regardless of whether the call center arrangement is new or already in existence) to disclose their physical location at the beginning of a communication.

While the Bill appears to be aimed at large customer call centers that field consumer complaints or inquiries, the Bill’s language could apply to instances where internal service help desks (i.e., non-customer facing) are moved overseas. It is not clear from the Bill’s language if these operations are intended to fall within the scope of the Bill but the language as currently drafted does not entirely foreclose the possibility.

Continue reading

Posted
By

Making the decision to terminate an outsourcing agreement is often very difficult and is usually only pursued if enforcing existing rights is not sufficient to address a customer’s major concerns or renegotiating the agreement can’t achieve the desired outcome.

If a customer begins to think about terminating an agreement, it is useful for customers at that juncture to undertake a complete review of the agreement in relation to termination options and consequences to help inform the decision. What should such a review entail?

Can you terminate? And what are you terminating?

Continue reading

Posted
By

We have previously discussed on this blog the increasing difficulty that offshore service providers are facing in obtaining U.S. visas for its employees that are non-U.S. citizens (see “The Buzz about Visas for Offshore Service Provider Personnel and the Link to On-Shore Hiring“). The rejection rate for H-1B visa applications has skyrocketed over the past two years, which has added to the administrative headaches that offshore service providers face when trying to bring their top talent to their U.S. client sites.

In the midst of this, Infosys has been battling allegations from internal whistleblowers that it has been abusing the visa application process in order to circumvent the administrative hurdles. Whistleblowers claim that Infosys has been applying for B-1 visas for its employees, which contemplate very short term visits (e.g., a visit for a conference) as opposed to the more difficult to obtain H-1B visa, which are required for long term projects and are subject to an annual cap on the number that the U.S. issues. In addition, the B-1 visa doesn’t include the prevailing wage and federal tax requirements that an H-1B visa requires. Infosys has denied abusing the visa system for its own benefits. However, Infosys was dealt a judicial blow recently when one of its employees, who alleged in a lawsuit that Infosys wrongly obtained B-1 visas in its work, won a federal court decision that set aside an arbitration clause and will allow him to bring his case to a jury. The employee, Jack “Jay” Palmer alleges that he was pressured by Infosys to systematically apply for B-1 visas when H-1B visas were required. The federal court held that the arbitration clause Palmer signed as part of his employee agreement is not binding, and Palmer may bring the case in front of a jury.

In response to the decision, computerworld.com stated that Infosys released a statement, which said that while the decision “is not the one we had hoped for, it is one that we have planned for. We take very seriously our obligations under the law and specifically our responsibilities to comply with the immigration laws and visa requirements in all the jurisdictions where we have clients. The fact is that there is not, nor was there ever, a policy to use the B-1 visa program to circumvent the H-1B program.” In addition to the civil suit, Palmer’s allegations have ignited the interest of the U.S. Department of Justice, which has begun a grand jury investigation into Infosys’s tax and immigration practices.

Continue reading

Posted
By

In the wake of some extreme weather during 2011 (earthquakes, tsunamis, tornadoes, hurricanes, and mudslides), what better time to review your disaster recovery and business continuity (DR/BC) solution and planning processes?

In some cases, DR/BC planning is a legal or regulatory requirement, but even where it is not, common sense argues for a sound DR/BC plan for any business. Why?

  • For most businesses, the dependency on computer systems, applications, databases, networks and electronic delivery systems increases daily – to the point where the efficiency and productivity of the business would drop precipitously if these tools are not available.
Continue reading

Posted
By

Because evaluating a service provider’s security posture is more challenging in the cloud, in Part Three of this article we looked at ways to evaluate a cloud service provider’s security prior to signing the contract and some of the issues between customers and suppliers created by the SEC Guidance. In Part Four we’ll look at ways to monitor the provider’s security during the term of the agreement.

Auditing Security

For years customers of outsourced IT services have asked providers for a copy of their SAS 70 Type 2 audit report as a means of evaluating a supplier’s security. Since the SAS 70 wasn’t really designed to be a security audit, it isn’t really suited for this, but in the absence of a more security-specific standard, the SAS 70 was a suitable proxy.

Continue reading

Posted
By

In Parts One and Two of this article we discussed the new Guidance issued by the Securities and Exchange Commission (SEC) Division of Corporation Finance that provides guidance to companies with regard to whether and how a company should disclose the impact of the risk and cost of cybersecurity incidents (both malicious and accidental) on a company.

In particular, the Guidance suggests that companies need to evaluate cyber-related risks including:

  • prior cyber incidents and the severity and frequency of those incidents;
Continue reading

Posted
By

With cloud services now obtaining as much press as the fallout from Kim Kardashian’s wedding, it seems safe to say that clouds are likely to be in the business forecast for the foreseeable future.

A strong answer to every IT infrastructure manager’s prayers, cloud computing can provide both a scalable on-demand combination of hardware, software and services, as well as helping fulfill corporate/social mandates for becoming greener.

The people over at Carbon Disclosure Project decided to commission a study into the potential impact of cloud computing on large US businesses. Released in July 2011, the report was independently produced by Verdantix and sponsored by AT&T.

Continue reading
By
Posted In: Cloud Computing
Posted
Updated:

Posted
By

Hot on the heels of the UK Information Commissioner’s approval of First Data’s binding corporate rules (BCRs), Viviane Reding, the Vice President of the European Commission and EU Justice Commissioner has signalled reform of the BCR scheme aimed at making BCRs even more effective. BCRs are a way of ensuring compliance with the complexities of European data protection law – they are particularly relevant to multinationals with business operations located in the EEA who need to transfer personal data to affiliates in jurisdictions outside of the EEA.

In a speech given to the International Association of Privacy Professionals’ (IAPP) inaugural Europe Data Protection Congress in Paris on 29 November 2011, Reding announced her plans as part of upcoming revisions to the EU data protection framework. Reding’s proposed reforms will be built around on 3 principles: simplification; consistent enforcement; and innovation. Above all, Reding proposes reform “compatible with small innovative companies’ endeavours to operate on a global scale” so that companies of all sizes and operating across all business models will be able to take advantage of BCRs.

Simplification. Under Reding’s proposal the BCR approval process would be streamlined with approval by one Data Protection Authority (DPA) resulting in automatic recognition by DPAs in all other member states without the need for consultation which currently operates across the 19 participating DPAs. This should help to speed up the approval process and reduce the burden on the applicant. Further, once BCRs are approved by a DPA, there would be no need for additional national authorisation prior to transfer, as is currently required in some member states (but not others, such as the UK).

Continue reading

Posted
By

14 November 2011 saw First Data Corporation become the 11th entity to have binding corporate rules (BCRs) approved by the UK’s Information Commissioner’s Office (ICO).

First Data Corporation is a global electronic commerce and payment processing company. As a payment processor, secure handling of data is at the heart of First Data’s business. First Data has business operations in 35 countries and serves more than 6 million merchant locations, thousands of card issuers and millions of consumers worldwide. First Data is the first payment processor to have achieved BCR approval. Time will tell, but while it maintains this distinction, this may give it a significant advantage over its competitors at a time when data privacy issues, including some recent high profile data breaches and regulatory settlements, are never far from the news and the handling of personally identifiable data continues to be subject to a high level of scrutiny by regulators across the globe.

According to First Data’s Chief Executive Officer Jonathan J. Judge: “Data privacy is fundamental to the success of our business, and we’re deeply committed to protecting the information entrusted to us by our clients and employees alike. We have high standards for data privacy, and this recognition from exacting European regulators demonstrates our global leadership in data protection compliance.”

Continue reading

Posted
By

The holiday shopping season in the U.S. started in earnest on Black Friday (or even Thursday for some stores) and online shopping celebrates today with “Cyber Monday.”

Contrary to popular belief that Black Friday is the day that retailers go from being in the “red” to being in the “black” for the year, according to Snopes.com the name Black Friday was actually coined to be a derisive term applied by police and retail workers to the day’s plethora of traffic jams and badly-behaved customers. The popularity of Cyber Monday shows that the problems of high traffic and bad behavior aren’t limited to the brick and mortar environment any more.

According to this article from eweek.com,

Continue reading