Posted
By

Those of us who have been grappling with how best to approach GDPR compliance in outsourcing and other commercial contracts will be all too familiar with Article 28 of the GDPR. Article 28.3 builds on the limited obligations that existed under the existing regime but also include some significant enhancements to the minimum processor obligations to be addressed head on in the contract.

Processor’s obligation to notify infringing instructions

One requirement of Article 28.3 in particular, has provided clients and counsel alike with a degree of angst since the final draft of the GDPR was published in May 2016, and further back still for those of us who had followed the negotiations and multiple redrafts of the GDPR prior to its final publication.

Continue reading

Posted
By and

Global In-House Centers (GICs) were first seen in India in the 1990s as an alternative to IT outsourcing arrangements with third-party vendors. The principal driver was labor-cost arbitrage between the United States or Europe and India. The banking, financial services and insurance industries were early adopters. In their original iteration, GICs were known as “offshore captive centers.” A number of these captives were later sold to outsourcing vendors, particularly in the years following the Great Recession.

In recent years, there has been a resurgence of interest in GICs in India across a wider range of industries, including transportation, telecom, media, manufacturing, medical devices, oil & gas, aerospace, retail and hospitality. In “Global In-House Centers in India, v2.0,” Pillsbury partners Jeff Hutchings  and Craig de Ridder explore how GICs in India are evolving from cost-saving platforms into Innovation Centers for emerging digital technologies that can provide a competitive advantage.

Posted
By

Toll-free telephone numbers celebrated their 50th birthday this year (frankly, without much fanfare). These numbers allow callers to reach businesses without being charged for the call. When long distance calling was expensive, these numbers were enticing marketing tools used by businesses to encourage customer calls and provide a single number for nationwide customer service—for example, hotel, airline or car rental reservations.

Toll-free numbers are most valuable to businesses when they are easy to remember because they spell a word (1-877-DENTIST) or have a simple dialing pattern (1-855-222-2222). Like all telephone numbers, however, the FCC considers toll-free numbers to be a public resource, not owned by any single person, business or telephone company. Toll-free numbers are assigned on a first-come, first-served basis, primarily by telecommunications carriers known as Responsible Organizations. The FCC even has rules that prohibit hoarding (keeping more than you need) or selling toll-free numbers.

But the rules will change if the FCC adopts its recent proposal to assign toll-free numbers by auction as it prepares to open access to its new “833” toll-free numbers. The Notice of Proposed Rulemaking issued last week proposes to auction off approximately 17,000 toll-free numbers for which there have been competing requests. The proceeds of these auctions would then be used to reduce the costs of administering toll-free numbers.

Continue reading

Posted
By

Imagine dialing 911 and hearing an automated voice tell you that what you have dialed is not a valid number; or reaching a 911 call center only to have emergency personnel dispatched to the wrong location. In response to such problems, the FCC yesterday released a Notice of Inquiry (NOI) asking a broad range of questions about the capability of enterprise-based communications systems (ECS)—internal phone systems used in places like office buildings, campuses and hotels—to provide access for 911 calls.

According to the FCC, certain of these systems may not support direct 911 dialing, may not have the capability to route calls to the appropriate 911 call center, or may not provide accurate information on the caller’s location. The NOI seeks public comment on consumer expectations regarding the ability to access 911 call centers when calling from an ECS, and seeks ways, including regulation if needed, to improve the capabilities of ECS to provide direct access for 911 calls.

The FCC generally requires telephone service providers to offer enhanced 911 service, which basically means that the provider will forward the caller’s telephone number and registered location to the appropriate public safety answering point (PSAP), which should be the 911 call center closest to the caller. Call takers at the PSAP are then responsible for dispatching the appropriate emergency responder—police, fire or ambulance.

Continue reading

Posted
By

The UK’s Financial Conduct Authority (‘FCA’) has now announced the participants in the second cohort of its regulatory sandbox, with the companies involved offering a range of ideas-based payment services and artificial intelligence software. In “The FCA Announces The Second Cohort For Its Regulatory Sandbox“, an article in Payments & FinTech Lawyer, Pillsbury partner Tim Wright provides an overview of the second cohort and their characteristics.

 

Posted
By and

The UK Government has published a statement of intent containing details of its proposed Data Protection Bill. The full text of the Bill is expected in September 2017, when the UK Parliament returns from its summer break.

The Bill will enshrine the EU General Data Protection Regulation (GDPR) into UK domestic law. It will also implement the requirements of EU Directive 2016/680 (The Law Enforcement Directive) which covers the processing of personal data for crime prevention, and the free movement of such data.

Why is a UK bill needed?

Continue reading

Posted
By

Financial Institutions may need to revise consumer contracts to remove class action waivers in preparation for a March 2018 federal rule.

On July 19, the U.S. Consumer Financial Protection Bureau, the federal regulator for a sweeping range of depository and non-depository consumer financial services companies (including the largest of U.S. banks), published a final rule that makes it illegal for many of the CFPB’s regulated entities to include consumer class action waivers in pre-dispute arbitration agreements. The Rule’s effective date is September 18, 2017, and applies to contracts entered into after March 19, 2018. (The Rule does not apply to pre-existing contracts.)

As a result, covered consumer contracts entered into after March 19, 2018, will need to: (a) remove language in pre-dispute arbitration provisions that bars consumers from participating in class actions; and (b) add language informing consumers of their rights to participate in class actions. The Rule will also require such companies to provide information on individual arbitration awards to the CFPB for publication in a public database (redacting consumers’ private financial information). Although the Rule does not outright prohibit pre-dispute arbitration agreements themselves (as many expected the CFPB might), companies will need to reconsider the economics behind offering consumers a full arbitration program in light of a future reality of increased class actions.

Continue reading

Posted
By

Pharmaceutical and Life Sciences companies operate in a demanding environment and face diverse challenges such as pricing pressure, increased regulatory requirements and mounting costs. With this backdrop, they have, starting with non-core functions, such as IT, facilities management, finance and human resources, before moving to secondary core functions, such as research and development, manufacturing, logistics, warehousing and brokerage, increasingly looked to outsourcing so as to better focus on core competencies, access specialized expertise and achieve cost-saving benefits.

In this blog post, a closer look at some of the key challenges faced by those operating in the Pharmaceutical and Life Sciences sector is taken from an outsourcing perspective.

Regulatory Environment

Continue reading

Posted
By

The European Banking Authority (EBA) has opened a consultation on its draft recommendations for financial institutions outsourcing to cloud service providers across all cloud-related domains including infrastructure as a service, platform as a service and software as a service. The recommendations are intended “to clarify the EU-wide supervisory expectations if institutions intend to adopt cloud computing, so as to allow them to leverage the benefits of using cloud services, while ensuring that any related risks are adequately identified and managed.” A public hearing will take place at the EBA’s Canary Wharf, London premises on 20 June 2017 and the consultation will close on 18 August 2017.

Continue reading

Posted
By

A number of major carriers have suffered high-impact IT events in the past several months. Estimates of losses in these cases have exceeded £100m. This is on top of (no doubt significant) remedial costs, reductions in share price and reputational damage.

Such high-impact events are, in theory, unlikely to occur—the result of a series of unlikely events which when taken together have a catastrophic impact. Unfortunately for corporates, the probability of a high impact IT event is increasing. This is partly due to the increasingly interconnected and complex nature of IT infrastructures but also due to heightened cybersecurity risks. Failures tend not to be not localised to a particular geography or business but have global reach.

We advise airlines to consider and revisit their current business continuity and disaster recovery (BCDR) arrangements. In our experience, the reality of BCDR arrangements often falls below the stated requirements or capabilities of such solutions, whether provided by third-party IT providers or in-house.

Continue reading