As the digital landscape in the United States evolves, federal courts are reexamining federal cybersecurity laws enacted during an era before individuals, companies, and the government had easy access to computers and the internet. In particular, the Computer Fraud and Abuse Act (CFAA), 18 USC § 1030, a cybersecurity bill enacted in 1986 as an amendment to an existing computer fraud law, has come under significant scrutiny. In this blog post, we will review the CFAA and recent federal court activity regarding the law.
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
In a long-term outsourcing, software as a service (SaaS), or other services agreement, the customer will typically push for a termination right relating to the service provider’s breach, and perhaps for an insolvency event or change in control of the service provider. However, the customer should also consider including the right to terminate for its convenience (without cause), which could cover any of the following situations:
- The customer is not satisfied with the service provider’s performance under the contract even though the provider is meeting its service level and other performance requirements under the contract.
- Many alleged breaches by the service provider are initially “black and white” in the view of the customer, but they turn “gray” when the service provider pushes back and alleges nonperformance, nonresponsiveness, lack of cooperation, and the like on the part of the customer. Adding the customer’s right to termination for convenience can avoid the potential dispute over whether the customer has the right to terminate on other grounds.
Are you about to sign a service agreement with a third-party service provider under which it will access and use technology of your company? Have you checked your applicable third-party contracts to see if you need any consents? The contracts under which your company uses technology every day, from the mundane to the critical, may contain hidden restrictions on the third party’s access and use for your benefit under the services contract.
There is an endless number of arrangements a customer could have with its third-party service providers, but this Contract Corner will discuss the case where the customer authorizes a service provider to access and use licensed software either while remaining at the customer site, or by moving it to the service provider’s site. More specifically, it explores just some of the issues and language in the customer’s license agreements with those third-party software providers to be checked during pre-signing due diligence.
Open Banking is an initiative mandated by the UK’s Competition and Markets Authority (CMA) in 2017. It is intended to facilitate better competition in the banking sector by mandating protocols that facilitate the secure sharing of customer-related data of the nine largest banks in the United Kingdom (CMA9) with third-party providers (TPPs).
Open Banking is developed and delivered in the United Kingdom by the Open Banking Implementation Entity (OBIE). The OBIE was established by the CMA and is funded by the CMA9. The CMA’s UK Retail Banking Market Investigation Order 2017 (Order), which applies only to the CMA9, requires the CMA9 to provide their customers with the ability to access and share their account data on an ongoing basis with TPPs through the use of specified application programme interfaces (APIs). This compliments the reforms under the EU’s Second Payment Directive (as transposed in the United Kingdom primarily by the Payment Services Regulations 2017), which requires all payment account providers to permit open access to payment accounts for authorized TPPs, but which does not specify the means of access or prescribe the scope of access in any detail.
As a follow-up to our recent post on third-party contract due diligence in outsourcing deals, this post focuses on how customers in outsourcing deals handle the disposition of legacy third-party contracts—one of the thorniest and most work-intensive work streams—once diligence has concluded.
The due diligence review of existing third-party contracts is a critical component of any outsourcing deal. For the company that is outsourcing part of its business functions to a third party, reviewing existing third-party contracts for certain key terms is an important part of the outsourcing process. Organization, attention to detail, and diligence are keys to a successful third-party contract review process.
The terms that need to be reviewed will be based on the scope of the outsourcing agreement, e.g., will contracts be assigned, terminated, or made available for the outsourcing provider to use. Once the deal constructs are established, Excel can be a useful tool to guide the review of the third-party contracts, by allowing the reviewer to insert the applicable language from each contract into the appropriate row or column. The Excel chart will become a reference guide for the key provisions and provide an overview and comparison between the third-party contracts.
Additional Information to Include
- Directions for customers to access and update data (e.g., password resets, contact information updates, and mechanisms for unsubscribing)
- Contact details or other means of reaching persons in your organization that can address user queries or concerns
Despite these concerns, many companies’ policies are seemingly insufficient. A recent opinion piece published as part of the New York Times’ Privacy Project assessed 150 privacy policies from various companies and found that the vast majority of them were incomprehensible for the average person. At best, these seem to have been “created by lawyers, for lawyers” rather than as a tool for consumers to understand a company’s practices.
As 2018 comes to a close, we have once again compiled all the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips. If you don’t see a topic you are interested in below, please let us know, and we may feature it in a future Contract Corner.