What exactly is the ‘"best" solution for an international business needing to handle and transfer personal data across borders?

Recent months and the EU January announcement have seen very major data protection law changes that affect not just UK or EU companies but any companies (particularly US) which are deemed to be caught by “processing” EU data.

Creating value isn’t easy. Creating value through strategic outsourcing is no exception. Whether the scope is regional or global, there is no single deal structure, delivery model or sourcing process that works in every situation. Pillsbury Global Sourcing tailors our approach to fit your business’ unique circumstances and goals.

As part of the wider Retail Distribution Review, the Financial Services Authority recently launched a consultation which follows its August 2011 Policy Statement outlining its proposed ban on commission payments by product providers to platform providers and cash rebates to consumers. Tim Wright, a Partner at Pillsbury Winthrop Shaw Pittman LLP, reviews the new rules proposed by the FSA.

Given the great interest in “the cloud” from a business perspective, as well as Microsoft’s popularization of the concept with its "To the Cloud!” advertising campaign, it’s no wonder that many game providers are looking to the cloud as the next viable and profitable gaming platform. The cloud movement not only provides economic incentives through various subscription and pay-to-play models, but also helps defeat piracy by locking down game code and other intellectual property from potential thieves.

Pillsbury is monitoring the progress of the proposed America Invents Act (AIA) legislation being considered in the U.S. House of Representatives. Northern Virginia partner Patrick A. Doody recently presented his analysis of the proposed legislation.

Top-ranked IT and outsourcing lawyer Michael Murphy, nationally recognized outsourcing lawyer Joshua Konvisser and Pillsbury senior counsel Yusuf Safdari, along with Nishith Desai and Joseph Chan, explain U.S. bankruptcy law principles and issues most relevant to customers of insolvent outsourcing service providers. The authors provide a comparison of those principles with the insolvency frameworks in India and China in order to put customers in the best position to navigate the complexities of local insolvency laws. This article originally appeared in the PLC Cross-border Outsourcing Handbook 2011/12

In 2007, six federal agencies² issued final Rules on Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions (FACT) Act of 2003.³ The Rules implement Section 114 and Section 315 of the FACT Act, which specifically call for “establishment of procedures for the identification of possible instances of identity theft” and “reconciling addresses.”⁴ Guidelines and supplemental information were released to assist FTC-regulated entities who were originally required to comply by November 1, 2008. However, FTC-regulated entities now have until December 31, 2010 to comply. This new deadline, representing an extension of over two years from the initial compliance date, was requested by members of Congress to allow for time to clarify which industries should be covered by the rules. Meanwhile, a court has excluded attorneys from coverage, and the medical profession is seeking a similar exclusion.

Nearly two years ago, six federal agencies¹ issued final Rules on Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions (FACT) Act of 2003.² The Rules implement Section 114 and Section 315 of the FACT Act, which specifically call for “establishment of procedures for the identification of possible instances of identity theft” and “reconciling addresses.”³ Guidelines and supplemental information were released to assist FTC-regulated entities who were originally required to comply by November 1, 2008. However, FTC-regulated entities now have until June 1, 2010 to comply. This new deadline represents an extension of nearly one and a half years from the initial compliance date, and comes as Congress has raised questions regarding the breadth of the regulations and a court has excluded law firms from coverage by the rules.

The initial September 16, 2009 deadline for submitting the preliminary application for the recently announced Manufacturing Investment Tax Credit (MTC) program is fast approaching. The MTC provides a 30% federal investment tax credit for new, expanded or re-equipped domestic manufacturing facilities for the production of a broad range of renewable energy technologies. Up to $2.3 billion has been allocated for the MTC program. The MTC, authorized under the American Recovery and Reinvestment Act of 2009 (Recovery Act), is subject to a competitive certification and allocation process requiring that the preliminary application be submitted to the Department of Energy (DOE) on or before September 16, 2009. Final applications must be submitted to the DOE on or before October 16, 2009. The tax credit and application process is detailed in the Internal Revenue Service's (IRS) Notice 2009-72 (Notice).

On January 1, 2008, six federal agencies¹ issued final Rules on Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions (FACT) Act of 2003.² The Rules implement § 114 and § 315 of the FACT Act, which specifically call for “establishment of procedures for the identification of possible instances of identity theft” and “reconciling addresses.”³ Guidelines and supplemental information were released to assist entities who were originally required to comply by November 1, 2008. Companies under FTC jurisdiction have been granted two extensions to date and enforcement was set to begin on August 1, 2009. However, the deadline has been extended again. FTC-regulated companies now have until November 1, 2009 to comply.

For a copy of this publication, please click the link in the adjacent "Downloads" section. 

The U.S. Department of Energy has issued its long-awaited Funding Opportunity Announcement for the Smart Grid Investment Grant Program (SGIG). The SGIG will make available $3.4 billion in matching funds for smart grid projects. Applications will be evaluated in three phases: Phase 1 applications are due August 6, 2009; Phase 2 applications are due November 4, 2009; and Phase 3 applications are due March 3, 2010.

Last week, TJX (the parent company of TJ Maxx and Marshalls) settled an action with 41 state Attorneys General arising out of a 2006 security breach affecting millions of credit cardholders. An information security program required by the settlement covers a significantly broader collection of information than the Payment Card Industry Data Security Standards (PCI DSS) and may serve as a de facto minimum standard for information security compliance. Also, the settlement’s funding of a Data Security Trust Fund anticipates future enforcement activities by the states and creates a precedent for states to look to future breaches as a source of continued funding.

Department of Energy announces $51.5 million in funding for integration of solar energy into energy distribution grid

Armed with data and a sense of the incumbent provider, an outsourced customer can achieve better contractual terms while still maintaining a mutually beneficial relationship with its provider.

North American utilities have been evaluating smart meter and smart grid technologies for years. These implementations are difficult to plan and execute, as utilities grapple with uncertainty surrounding the scalability of existing technologies, the emergence of new technologies, a lack of guidance on future standards and functionality and the risks associated with cost recovery and regulatory support. Today, the development of the smart grid has taken on a new urgency.

On April 16, 2009, the Department of Energy (DOE) issued preliminary announcements to distribute nearly $3.4 billion in grants for development of smart grid technologies and $615 million to support development of regional smart grid demonstration projects, utilizing funds made available by The American  Recovery and Reinvestment Act of 2009 (Recovery Act).  The announcement for the smart grid investment grant program was issued in the form of a notice of intent (NOI) to issue a funding opportunity announcement (FOA), while the announcement for regional smart grid demonstration projects was issued as a “draft FOA.”  Comments on both are due May 6, 2009.

Conventional wisdom was that bankruptcy was not a major consideration when outsourcing to “blue chip” sourcing suppliers. However, with recent market changes characterized by giant corporations effectively disappearing in a cloud of insolvency over a weekend—and with the proliferation of smaller, less well-capitalized suppliers—the rules of the game have changed.

James Alberg, head of Pillsbury's Global Sourcing practice, and Aaron Oser, Global Sourcing partner, co-authored this article, which originally appeared in Buyouts, February 16, 2009.

Last week we alerted clients to the need for a rapid assessment of their exposure to Satyam in the wake of the much-publicized acknowledgement of fraud and mis-reporting of financial results by the company’s founder and former Chairman. In this second Client Alert, we further explore the actions that should be considered to protect Satyam outsourcing customers in a worst-case scenario.

Conventional wisdom was that bankruptcy and insolvency were not major considerations when receiving outsourcing services from reputable, credit-worthy suppliers. Recent market conditions—characterized by even giant corporations disappearing over a weekend in a cloud of insolvency, and an increasing scarcity of operating capital—have changed the rules of the game.

As a longstanding advisor on outsourcing, we believe in the benefits that outsourcing can offer to customers, but do not believe outsourcing is the solution for all companies. If a client’s needs cannot be met by outsourcing (or the business case does not appear to support one), we tell them so. If a client’s needs are best served by outsourcing, we tell them why and help position them for the best result. Given this measured approach, it may come as a surprise that we view the current economic environment as presenting an unusual opportunity for buyers and providers of outsourced services.

The Massachusetts Office of Consumer Affairs & Business Regulation recently published a regulation to implement the provisions of Massachusetts General Law chapter 93H, its security breach statute. Businesses holding personal information about Massachusetts residents must (1) develop a written plan and appoint an employee to manage it and enforce violations, (2) implement firewalls and encrypt information in transit and on portable devices, and (3) train employees on information security. The regulation applies to all entities that own, license, store or maintain personal information about a resident of Massachusetts and goes into effect January 1, 2009.

In Edwards v. Arthur Andersen LLP, the California Supreme Court recently affirmed the principle that employee non-competition agreements are generally void and unenforceable in California, rejecting an earlier line of decisions permitting a “narrow-restraint exception” to the rule. This decision has implications for both the employer/employee relationship and for parties to outsourcing agreements who have agreed to employee non-solicitation provisions.

An English Court of Appeal decision has re-affirmed the principle that pre-contractual negotiations are not admissible in English court proceedings as evidence to help the court interpret any disputed provision of the contract, except where the court is being asked to correct a clear mistake (rectification) or where the parties have used an undefined term in a specific and unusual way (the private dictionary principle). This principle has cost the claimant, Persimmon, £3.5 million.

On 26 May 2008 two new Regulations came into force: the Consumer Protection from Unfair Trading Regulations 2008 (CPRs) and Business Protection from Misleading Marketing Regulations 2008 (BPRs), implementing two important EU Directives and bringing about one of the most major shake-ups of UK law for many years.

Hewlett-Packard (HP) has announced plans to acquire Electronic Data Systems (EDS) in a deal expected to be finalized during the second half of 2008. The announcement signals the most significant change in the information technology services market in a number of years. Clients with active agreements with either HP or EDS have time to assess the impact on their organization. Additionally, there is unlikely to be a significant impact on pending proposal processes since, until the acquisition is finalized, EDS and HP must by law continue operating as separate entities. The creation of this combined services and hardware firm is a positive development for the outsourcing market. HP, along with EDS, has the potential to become a formidable competitor to IBM.

The UK financial services industry regulator, the Financial Services Authority (FSA), has fined Liberata for the maladministration of certain life and pensions policies outsourced to it, which resulted in policyholders not receiving important information about their investments. Service providers in the financial services industry should take note. Although only 161 policyholders suffered a financial loss, which collectively totalled only £17,584 and was promptly paid back by Liberata, the FSA took the failure seriously and fined Liberata £525,000, representing a 2,985% uplift on the original loss.

The Spanish government has enacted a new regulation that further develops its data protection legislation by providing additional detail on the security measures required to comply with existing Spanish law. The new regulation came into force on 19 April, 2008, although currently registered businesses have one year to adapt their existing data procedures to the new security measures. While the law is aimed at implementing data security measures and clarifying data transfer issues that arise from the existing data protection legislation, its critics maintain that it merely introduces further regulatory burdens for companies.

Joshua Konvisser and Vipul Nishawala, partners in Pillsbury's Global Sourcing practice, co-authored this article which originally appeared in FSO Magazine, 1Q 2008.

The authors discuss the new federal rules imposing identity theft-related requirements on financial institutions, creditors, credit and debit card issuers, and users of consumer credit reports, as well as guidelines and supplemental information also issued to assist affected entities.

Tim Wright, head of Pillsbury Winthrop Shaw Pittman's Global Sourcing practice for the firm's London office, authored this article, which first appeared in Insurance Day, January 18, 2008.

John L. Nicholson, senior associate, and Meighan E. O'Reardon, law clerk, both members of Pillsbury Winthrop Shaw Pittman’s Global Sourcing practice, authored this article which originally appeared in the October 2007 issue of Privacy & Data Security Law Journal.

The appetite for investing in clean and green technologies is enormous and not just confined to venture capitalists, according to participants in a panel discussion entitled “Hedge Funds, VCs and Climate Change Converge.”

Phillip Rees, Cynthia Fairweather O’Donoghue and John L. Nicholson, members of Pillsbury Winthrop Shaw Pittman’s Global Sourcing practice, authored this article which originally appeared in E-Commerce, Technology and Communications, February 2007.

Many large enterprises hire external service providers to perform varied tax compliance activities such as data collection, return preparation and forms maintenance. In a typical multinational enterprise, local or regional consultants are engaged to provide "arms and legs" for these compliance tasks within an information and data collection framework dictated by the enterprise's local business unit or subsidiary. Meanwhile, tax planning, tax strategy and tax audit functions are commonly regarded as "core" activities and retained within the enterprise, both at a local and a global level.

More and more organizations are now sourcing information technology, call center, and business-processing services offshore. Offshore sourcing of such services may offer significant benefits in terms of lower costs, increased access to labor pools and relevant skill sets, improved quality of service, and 24/7 operations. But offshore sourcing also poses some legal risks that must be recognized and addressed. Depending on the scope and nature of the foreign-sourced services, it is important to consider both the domestic regulatory and foreign legal compliance risks posed by the transaction. It is also advisable, if not imperative, to obtain a legal opinion from foreign counsel.