Choose Site
TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

With the world in various states of lockdown, your organization’s online presence is more important than ever…even more so with official enforcement of CCPA beginning last month. It may be a good time to spend an afternoon reviewing and updating the legal boilerplate on your organization’s website. Here is what we recommend for a basic three-part review to get you started:

  • Privacy Policy. Many clients updated their policy earlier this year to reflect changes required by CCPA. If you fall into this category, then ensuring that the proper version of your privacy policy is reflected on your website, typically in the footer, is a good idea. You would be surprised to know how many clients update their policy, but then fail to actually post the correct version publicly. If you did not recently review your privacy policy, it may be a good time to do so. In addition to seeking advice on changes recommended in light of CCPA, it is also good hygiene to pull the policy and give it a fresh read. Has your organization’s collection practices changed? Has your organization began using or disclosing data differently than it has in the past? A privacy policy only protects your organization to the extent that it is accurate and complete, so periodically spending an hour or so to ensure its accuracy is typically time well spent.

The UK Financial Conduct Authority (FCA) announced on July 8 that the guidelines issued by the European Insurance and Occupational Pension Authority (EIOPA) on outsourcing to cloud service providers are not applicable to regulated activities (in this instance, insurance and reinsurance undertakings) within the UK jurisdiction.

In its statement, the FCA noted that this is due to the fact that the EIOPA guidelines will enter into force on January 1, 2021, which is after the end of the EU withdrawal transition period.

The European Securities and Markets Authority (ESMA) published its draft guidelines on outsourcing to cloud service providers on June 3. Steven Maijoor, the chair of ESMA, indicated that the purpose of the guidelines is to “help firms understand and mitigate the risks that they are exposed to when outsourcing to cloud service providers.”

Although many companies are already revisiting contractual provisions relating to nonperformance, like force majeure clauses, as the coronavirus (COVID-19) pandemic continues to wreak havoc on public health and the economy, other proactive (but less publicized) contractual measures can facilitate early discovery and mitigation of potential nonperformance.

In the wake of the reinvigorated call for equality and greater diversity and inclusion, many companies—largely through their procurement organizations—are taking the opportunity to revisit their diversity supplier programs, including assessing impact and reevaluating best practices for pursuing supplier diversity and tracking the impact of these programs.

Most major companies include a supplier diversity program or mission statement as part of their procurement guidelines, often highlighting such programs on their external supplier portals. Some companies flow these guidelines down to their vendors in large procurement/services contracts, requiring compliance by such vendors with respect to their subcontractors.

In April, we shared a LawFlash Outsourcing and Managed Services Agreements During COVID-19: Our Perspective. With the continued and unprecedented impact of the coronavirus (COVID-19) pandemic on business operations, we thought it would be timely to provide a brief update on five top-of-mind issues that we are addressing with outsourcing and managed services clients.

Remote Working

  • Many outsourcing and managed services agreements include strict requirements on the location of personnel, including the location of certain personnel onsite at a customer site and/or the location of offshore personnel at secure delivery centers with no permitted remote working. These physical location restrictions often are coupled with requirements with respect to the type of technology that can be used when connecting to or accessing the customer’s systems or interacting with end users (such as hardened desktops only, no personal devices), security requirements and detailed connectivity and bandwidth requirements (particularly if there are end user facing activities such as call centers).

The conditions created by the coronavirus (COVID-19) pandemic and resulting government shutdown orders have raised questions across various industries regarding contractual rights and obligations during the crisis. One contract provision in particular is garnering signification attention: the force majeure clause. Recently, these clauses have evolved from boilerplate provisions at the end of a contract to now being front and center in many contract negotiations. In this blog post, we will review considerations for drafting force majeure clauses within the current environment.

When responding to requests for proposals (RFPs), vendors should be conscious that they might be disclosing highly confidential or commercially sensitive material to the potential customer, with no guarantee of securing the proposed contract. Such information could, without any restrictions, be used by the potential customer to assist the vendor’s competitors or to develop solutions in-house.

In light of this, prudent vendors should carefully consider what legal protections they include in their RFP responses alongside operational and commercial details. We have set out some key considerations below.

The Financial Stability Board (FSB) published on December 9, 2019, its report on financial institutions’ increasing reliance on third parties to provide cloud computing services (the Report). Established by the G-20 in April 2009 to promote international financial stability, the FSB is an international body that assesses vulnerabilities in the global financial system and coordinates the work of national financial authorities and international standard-setting organizations to develop and promote appropriate regulatory and supervisory policies.

The Report outlines the benefits from the increasing use of third-party cloud computing services, focusing primarily on cost savings, improved competition and cybersecurity, and increased operational resilience. It notes, though, the new challenges that the current scale of use may pose, such as the significant and systemic effects that an operational failure of critical third-party infrastructure could have. This is due to the highly concentrated cloud computing sector and the increasingly complex network of third-party suppliers and dependencies.

Please join us in our Philadelphia office for our annual Technology, Outsourcing & Commercial Contracts Networking Roundtable. The roundtable will feature an in-depth discussion of hot topics relating to the increased connectivity of our businesses, including privacy concerns, data rights, cloud solutions, and contracting for the use of connected devices. Stay connected with us at the networking reception following the discussions.

We hope you’ll join us in Philadelphia on Thursday, April 16, 2020, from 3:30–5:30 pm ET.

Register now >>