Should what goes out come back in? In a recent guest blog for MRO-Network.com the bringing back in-house of functions that have previously been outsourced. From regaining control of business-critical functions to increased flexibility and simplified purchasing, Mike and Caron examine the benefits and challenges of returning functions to the fold.
The UK’s financial services regulator, the Financial Conduct Authority (FCA), has recently published summaries of the responses it received to a Call for Inputs (CfI) on the use of big data in the retail general insurance (GI) sector as well as outlining its responses to the issues raised. Insurance companies, which are increasingly using big data (gleaned from social media, loyalty cards, aggregator sites and other such sources) to determine risk profiles and set premiums, can rest a little easier given that the FCA says that it has decided not to undertake a full market study or make a reference to the Competition and Markets Authority.
If you operate a website which does business with consumers based in the European Union, read on.
In the recent case, Verein für Konsumenteninformation v Amazon EU Sàrl (28 July 2016), brought by Austrian consumer protection body Verein für Konsumenteninformation (VKI), the Court of Justice of the European Union (ECJ) held that Amazon’s standard terms of business were unfair under the Unfair Terms in Consumer Contracts Directive. As such, an injunction was granted forcing Amazon to change its standard terms.
July 7, 2016, saw the UK’s Financial Conduct Authority (FCA) publish fresh guidance in order to clarify the requirements which apply to the financial services firms it regulates when outsourcing to the cloud. When the FCA talks about the cloud, it is referring to the full range of cloud solutions which have evolved (such as private, public and hybrid cloud) as well as the various “X as a Service” solutions such as IaaS (infrastructure), PaaS (platform) and SaaS (software).
We all know that “cloud computing” is one of the most tired and overused phrases in the technology industry, and it has been for years. Everyone has gone “to the cloud” now, right? Not so fast. When it comes to cloud-based enterprise email, the market has lagged somewhat behind.
A Gartner report published on February 1, 2016, found that “[t]he cloud email market is still in the early stages of adoption with 13 percent of identified publicly listed companies globally using one of the two main cloud email vendors.” Those two leading cloud email vendors are: (a) Microsoft, which offers Microsoft Office 365 and has an 8.5% adoption rate among global companies; and (b) Google, which offers Google Apps for Work and has a 4.7% adoption rate among global companies. There are other providers in this space, including Amazon Web Services and Rackspace, which also provide cloud email solutions.
According to Theresa May, the UK’s recently installed prime minister, Brexit means Brexit. But what this actually means in practice is still unknown. There is still a huge amount of debate over what Brexit will look like, what process should be followed and how long it will take. Some commentators, such as Michael Dougan, Professor of European Law at the University of Liverpool, have suggested that it could take up to 10 years to make all the necessary adjustments.
In the meantime, it’s business-as-usual in the field of commercial contracts, outsourcing and technology deals. That said, there are some key areas that should be considered when putting these deals together, given what we now know (and still don’t know) about Brexit, as well as provisions that should be kept under review as the Brexit story unfolds. This is going to be an evolving area, but, based on discussions with both buyers and sellers over the past couple of weeks, here are my top ten:
In case you missed it, the Great British public caught the world off guard when, on 23 June 2016, a small but significant majority voted in favour of the UK withdrawing from the European Union. Much like the termination of an outsourcing agreement without detailed exit provisions and a well worked out plan, the decision has sparked political and economic chaos, as the UK is plunged into a period of prolonged uncertainty with much wider ramifications for political stability and economic growth across the EU and beyond.
What does this all mean?
From a UK-based outsourcing lawyer’s perspective, it is very much a case of wait and see. The English law regime applicable to outsourcing and procurement remains, for the time being, “as is”. Until parliament moves to repeal or amend the European Communities Act 1972, UK laws, which include the application of the EU Treaties, remain unchanged. Moreover, laws and regulations which have been transposed into English law in response to EU Directives in diverse areas such as working time, agency workers, data protection and TUPE laws will continue until further notice.
The ERISA Advisory Council1 recently announced that, as part of its goals for 2016, it will be focusing on cybersecurity issues affecting retirement plans and, in particular, the extent to which such issues relate to third-party administrators and vendors (TPAs) of retirement plans. To read what our attorneys have to say about this click here.
As stated by Wired, “It’s all the standard advice you’d give a tech novice,” aptly sums up the White House’s Cybersecurity National Action Plan (CNAP) that President Obama unveiled on February 9, 2016. Announced as part of the President’s overall budget proposal, CNAP is a plea within the federal government to implement a sturdier foundation for its cybersecurity strategy. The administration proposes a 35% increase in cybersecurity funding, much of which would go toward creating programs that are intended to leverage private sector expertise to improve the woefully outdated, if not completely nonexistent, federal government cybersecurity infrastructure.
Among other initiatives, CNAP includes an awareness campaign targeted at personal-level cybersecurity habits, a joint government-private sector commission for compiling cybersecurity best practices, and incentives to entice private sector talent to enlist in the government’s ranks. Although these programs anticipate private sector involvement, they are rooted in the government’s pressing concern about its own vulnerabilities to cyberattacks. The standard refrain is that CNAP seeks to raise the level of cybersecurity for the government and the private sector, but the rhetoric around the announcement belies an overwhelming focus on federal government advancement that will likely have little impact on private sector progress, if the program is implemented at all.
Citizens’ Awareness Campaign
Retirement plan sponsors face ever-evolving cyber-related threats to plan assets and participant personal information. To combat such threats, plan sponsors should proactively assess the third-party service providers’ ability to detect, prevent and respond to cyberattacks against the retirement plan. In order to minimize a retirement plan’s overall cyber risk profile, its sponsor(s) must implement a cyber risk management strategy, including focusing on evaluating its third-party service providers’ cybersecurity programs, performing periodic assessments of such programs, and ensuring that the retirement plan has mitigated risks from losses in the event of a cyberattack.
This advisory is the first in a series of advisories dedicated to understanding cybersecurity issues affecting retirement plans.
