TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

The UK government has indicated that the UK’s approach to public procurement will fundamentally change post-Brexit. While it remains to be seen whether such a fundamental change will be possible in practice, the UK government’s pronouncements clearly suggest that change is on the way, which will most likely provide a less prescriptive framework for UK contracting authorities to follow.

These changes will almost certainly have a significant impact on how outsourcing and technology providers interact with the UK government, both in the context of their current agreements and also in respect of future contract bids and awards.

Current Regime

The laws that govern the UK’s public procurement regime are largely based on EU rules found in several EU directives and the Treaty on the Functioning of the European Union. Broadly speaking, these rules aim to open up public procurement to EU-wide competition. Public bodies must, for example, award public contracts without discrimination on grounds of nationality and advertise their contracts EU-wide via the Official Journal of the European Union ( OJEU).

The US Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) published a report on January 27 outlining various industry practices and approaches to managing and combating cybersecurity risks and maintaining operation resiliency. The OCIE observed these practices through conducting thousands of examinations, and hopes that organizations can use the report to enhance their own cybersecurity preparedness and operational resiliency.

Washington may be the next state to enact its own data privacy law after a bill was introduced into the Washington State Senate earlier this month. Known as the Washington Privacy Act, the bill’s sponsor, Sen. Reuven Carlyle, stated at a press conference that lawmakers had reached “95 percent agreement in principle on the core elements of the bill.” If enacted, the act would add to the complex regulatory framework governing data privacy, including the California Consumer Privacy Act (CCPA), which took effect on January 1, 2020.

The act would apply to legal entities conducting business or producing products targeted to Washington State residents and that (1) control or process personal data of more than 100,000 consumers or (2) derive 50% of gross revenue from the sale of personal data and process or control the personal data of more than 25,000 consumers.

The US–China trade deal signed on January 15 aims to strengthen intellectual property protection for US intellectual property holders.

The deal increases the scope of actors liable for trade secret misappropriation to include all natural persons, groups of persons, and legal persons. The deal also enumerates additional acts constituting trade secret misappropriation, such as electronic intrusions and a breach or inducement of a breach of duty not to disclose information that is secret or intended to be kept secret. To further strengthen the protection of trade secrets, the deal provides that “China shall prohibit the unauthorized disclosure of undisclosed information, trade secrets, or confidential business information by government personnel or third party experts or advisors in any criminal, civil, administrative, or regulatory proceedings conducted at either the central or sub-central levels of government in which such information is submitted.”

In a recent Wall Street Journal article, cybersecurity journalist Catherine Stupp drew attention to the massive surge in internet-connected devices expected to be in use by the end of 2020. This increase in the Internet of Things, which refers to internet-connected devices ranging from televisions and automobiles to fitness tools and medical devices, presents several challenges to the world of cybersecurity.

The article not only urges manufacturers of internet-connected devices to apply cybersecurity techniques to increase security, but also asks large companies buying devices to incentivize good security practices by only purchasing devices with proper safeguards. The California Consumer Privacy Act, which took effect January 1, 2020, takes a step in the right direction by no longer allowing manufacturers to sell internet-connected devices with weak default passwords. Stay tuned for future developments as cybersecurity races to keep pace with the growth of connected devices.

The terms “reseller” and “distributor” are often used interchangeably to describe entities that purchase goods or services from a manufacturer and then distribute or resell such goods or services to retailers and consumers. However, there are some key differences between a distributor and a reseller and important issues to consider in agreements with resellers and distributors.

The 2019 ISG Momentum Market Trends & Insights Geography Report was recently released and contains valuable insights on how the outsourcing industry is growing and transforming around the world. The report, which was published on December 27, 2019, is authored by Paul Reynolds, partner and chief research officer at ISG.

One of the key highlights of the report focuses on annual contract value, or “ACV.” The report finds that the “number of outsourcing contracts signed continues to rise each year, but the cumulative annual contract value (ACV) of those deals continues to fall.” The report attributes the decline in ACV, which fell for the sixth consecutive year in 2018, to the following three factors: (1) falling prices from commoditized service lines, (2) aggressive pricing policies from new market entrants, and

On January 13, the US Department of the Treasury’s Committee on Foreign Investment in the United States (CFIUS) published the final rules implementing the Foreign Investment Risk Review Modernization Act (FIRRMA). The new rules, effective February 13, make permanent the proposed regulations published in September 2019. The Morgan Lewis CFIUS working group is analyzing these developments and will publish a summary of the new rules and any key changes shortly. For more information, read CFIUS Issues Final Regulations Under FIRRMA.

The United States and the United Kingdom entered into the world’s first ever Clarifying Lawful Overseas Use of Data Act (CLOUD Act) agreement on October 3, 2019 (the Agreement). The Agreement, which will enter into force later this year after review by lawmakers in both countries, allows each country’s law enforcement agencies to demand, with proper authorization, electronic data regarding serious crime (defined in Article 1 of the Agreement as an offense punishable by a maximum term of imprisonment of at least three years) directly from technology companies based in the other country.

Please join us for our first webinar of the year where Morgan Lewis partner Barbara Melby will discuss the top trends that will impact the outsourcing market in 2020. Topics will include:

  • Forecasts of where the outsourcing market is going
  • Outsourcing as a way to disrupt business operations
  • The impact of cloud, automation, and AI on outsourcing transactions
  • A look at the “Partner Ecosystem”
  • Focus on customer experience and outcomes

The webinar will take place on Wednesday, January 15, 2020, from 12:00 to 1:00 pm (Eastern Time). Register for the webinar.