Sorry for interrupting, but there is something we need to tell you...

We have updated our Cookie Policy to reflect changes in the law on cookies used on websites in Europe. This website uses cookies to maximize your experience and help us to understand how we can improve it. To find out more click here.

Cookies are text files containing small amounts of data which are downloaded to your computer, or other device, when you visit a website. Cookies allow us to recognize your computer and improve your experience on our website. Some cookies are also necessary for the technical operation of our website. Please read our Cookie Policy which provides important information about the cookies we use, how we use them and how they can be deleted. Please remember that deleting cookies may affect your experience of our website.

Show less.

Accept and hide this message
Pillsbury Pillsbury Pillsbury

Global Sourcing

European “Cookie Sweep” Initiative – 15 - 19 September 2014 – Is Your Website Ready?
Authors: Rafi Azim-Khan, Steven P. Farmer
The European data protection authorities will be conducting a “cookie sweep” later this month, carrying out random spot checks on websites to assess for compliance with EU “cookie” laws. Businesses should therefore be checking their websites and cookie notices now to ensure they are compliant and fix any issues. Even if you are a non-EU (e.g. US) company it may catch you.
National Cybersecurity Framework Released – Has Your Organization Considered the Implications?
Authors: Catherine D. Meyer, Meighan E. O'Reardon, Deborah S. Thoren-Peden, Amy L. Pierce
On February 12, 2014, the National Institute of Standards and Technology (“NIST”) released the final version of its Framework for Improving Critical Infrastructure Cybersecurity (the “Cybersecurity Framework” or “Framework”) and the companion NIST Roadmap for Improving Critical Infrastructure Cybersecurity (the “Roadmap”). The final version is the result of a year-long development process which included the release of multiple iterations for public comment and working sessions with the private sector and security stakeholders. The most significant change from previous working versions is the removal of a separate privacy appendix criticized as being overly prescriptive and costly to implement in favor of a more general set of recommended privacy practices that should be “considered” by companies.
UK Amends TUPE Regulations
Authors: Tim Wright, Amina Adam
The Transfer of Undertakings (Protection of Employment) Regulations 2006 (“TUPE”) has been in the spotlight as part of the UK Government’s Employment Law Review. TUPE implements the EU Acquired Rights Directive (“ARD”) in the United Kingdom. Where TUPE applies, there is an automatic transfer of the employee’s employment – for the affected employees it is as if their employment contracts had originally been made with the new employer, with their continuity of service and, subject to a few exceptions, other employment rights all preserved.
Market Responses to the Affordable Care Act
As the U.S. moves toward full implementation of the Federal Affordable Care Act (ACA, also known as Obamacare), employers are seeing new challenges and opportunities in the provision of health coverage and other benefits to their employees.
UK Employment Law Reforms 2013
Authors: Amina Adam, Tim Wright
There are a number of important reforms being made to UK employment law this year, largely due to the enactment of the Enterprise and Regulatory Reform Act 2013 (“ERRA”). Many of the reforms under ERRA are being implemented over a period of time from 2013 and beyond, following a period of intensive consultation by the UK Government. Keeping track of all the proposed reforms can be a challenge. This Client Alert summarises the key reforms which have recently come into force and provides a timetable for the implementation of other key proposed reforms so that employers can start planning more effectively to accommodate the changes.
Meeting New OTC Swap Reconciliation Rules May Require Better Technology and Processes
Authors: Mike Pierides, Alistair J. Charleton
Although reconciliation of the key terms has been a best practice for over-the-counter derivative trades for some time (particularly with collateralised trades), the scale of the reconciliation exercise imposed by forthcoming regulations in the EU and U.S. has caused many market participants to undertake a fundamental review of the systems and processes in place. For many, compliance can only be achieved by utilising a third party for provision of an appropriate technology platform or an end-to-end service. With imminent compliance deadlines and the late development of the requirements themselves, functionality has understandably been the focus of any sourcing process. However, from a supply chain and outsourcing perspective, a key challenge remains the manner in which the financial services-specific regulations are applied to this type of third-party arrangement.
New Binding Corporate Rules Now Available for Data Processors
Authors: Steven P. Farmer, Meighan E. O'Reardon, Simon J. Lightman
In a further push towards “privacy by design,” the Article 29 Working Party, which is made up of representatives from the various EU data protection authorities, has recently approved the use of Binding Corporate Rules (“BCRs”) for international transfers of personal data by data processors effective as of January 1, 2013.
Pillsbury Global Sourcing Brochure
Better Design. Better Decisions. Better Results. Creating value isn’t easy. Creating value through strategic outsourcing is no exception. Whether the scope is regional or global, there is no single deal structure, delivery model or sourcing process that works in every situation. Pillsbury Global Sourcing tailors our approach to fit your business’ unique circumstances and goals.
Summer 2011
Post-Grant Proceedings at the Patent Office After Passage of the America Invents Act
Author: Patrick A. Doody
Pillsbury is monitoring the progress of the proposed America Invents Act (AIA) legislation being considered in the U.S. House of Representatives. Northern Virginia partner Patrick A. Doody recently presented his analysis of the proposed legislation.
The Good, The Bad and The Downright Ugly of the Internet of Things
From Hacked Fridges and Baby Monitors to Cyber Security as a Crime, Big Brother and Big Data, the Internet of Things (IoT) Certainly Gets Its Fair Share of the Headlines
Source: Information Age
Author: Tim Wright

This article was originally published in Information Age on April 13, 2015.

Regulators around the world are increasingly concerned to ensure that security and privacy issues are taken seriously by device manufacturers.
March 2015
The Gathering Storm
Source: Data Centre News
Authors: Rafi Azim-Khan, Steven P. Farmer
Recent months have seen very major data protection law changes that affect not just UK or EU companies, but any companies which are deemed to be caught by ‘processing’ EU data. With data centres on the hook following these changes, Rafi Azim-Khan and Steven Farmer at Pillsbury Winthrop Shaw Pittman give an insight on what to expect.
Retailers Need to Tackle 'Inevitable' Cyber Threats
Author: Tim Wright
A recent study by IBM showed that although the number of attacks on retailers was down by 50 per cent in 2014, criminals still stole more than 61 million customer records.
Drones in UK Skies: An Increasingly Crowded Regulatory Airspace
Source: Computer Weekly
Author: Tim Wright
With drones or unmanned aerial vehicles (UAVs) becoming commonplace in the UK in both commercial and non-commercial applications, the law has been required to evolve and play catch-up.
February 2015
The U.K. Government’s Draft Codes to Clarify New Legislation on Communications Data Retention and Investigatory Powers
Source: Bloomberg BNA's World Data Protection Report
Authors: Rafi Azim-Khan, Steven P. Farmer

The U.K. government recently consulted on a proposed update of the Acquisition and Disclosure of Communications Data Code of Practice and a draft of a new Retention of Communications Data Code of Practice.

The consultation, which ran from December 9, 2014, to January 20, 2015, has now closed.
Spring 2015
‘Outsourcing Models’ for the Pharma and Biotech Industry
Source: European Pharmaceutical Contractor
Author: Tim Wright
Adopting the right model for any outsourcing is a key consideration. Typically, more time and effort needs to be invested in this key preparatory stage whereas, in practice, organisations, having made the decision to outsource, often rush headlong into engaging with potential suppliers and running the procurement phase. Ill thought out and overly complicated structures will cause the customer, in particular, problems in managing the deal over the term, often exacerbated by the original deal team moving on to new roles.
November 24, 2014
Supply Chain Professionals Need to Take Action on Modern Slavery
Author: Tim Wright

This article was originally published on SupplyManagement on November 24, 2014.

With reports of an increase in the number of reported victims of labour exploitation, the Home Office recently announced changes to the Modern Slavery Bill whereby large companies will be required to disclosure annually the steps taken to ensure their supply chains are “slavery free.”
How Insurance Outsourcing is Changing
Source: Global Reinsurance
Authors: Mike Pierides, Rich Jones

This article was originally published on Global Reinsurance on November 4, 2014.

The benefits of IT outsourcing are well-established, with efficiency savings and flexibility in meeting demand being key drivers of an insurer’s decision to outsource in the first place.

However, as insurers renew and update their sourcing arrangements, they need to view their key outsourcing relationships as being an integral part of their overall business strategy.
Mobile Banking and Payments—The FCA's Thematic Review Explained
Source: Electronic Payments International
Authors: Mike Pierides, Rich Jones

This article was originally published in Electronic Payments International on October 13, 2014.

The UK’s Financial Conduct Authority issued in September a thematic review into mobile banking and payments. The report had a broad remit and covered issues ranging from consumer rights to technology and security issues. One of the five high level findings focused on how firms retain oversight and control of third parties and outsourced functions. Mike Pierides, partner, and Rich Jones, associate, within Pillsbury Winthrop Shaw Pittman’s Global Sourcing group, explain the interaction between banks and third parties, and the related risks, in the context of mobile banking.
The tweet spot
Source: Credit Today
Author: Tim Wright

This article was originally published on Credit Today on September 11, 2014.

The advent of social media has seen many financial institutions, including banks, credit card companies and payday lenders, look towards websites such as Twitter and Facebook to raise their profiles.
FCA Issues Considerations on the Procurement of Off-the-Shelf Technology Solutions
Source: Banking Technology
Authors: Mike Pierides, Simon J. Lightman

This article was originally published in Banking Technology on September 8, 2014.

The Financial Conduct Authority has recently issued a series of “considerations” for firms that are thinking about using third-party technology banking solutions. The considerations do not seek to tell firms how to structure their IT procurements but rather provide a useful framework for firms to demonstrate that their IT services are effective, resilient and secure in line with the FCA’s required outcomes. Mike Pierides, Partner, and Simon Lightman, Counsel, within Pillsbury Winthrop Shaw Pittman’s Global Sourcing group report.
Views on Right to be Forgotten, Big Data and Global Sourcing
This article was originally published in Bloomberg BNA’s Privacy Law Watch on August 22, 2014.
Source: Privacy Law Watch
Author: Brooke L. Daniels
In a landmark ruling, the European Court of Justice—the European Union’s top court—held that data subjects in the EU have the right to compel Google Inc. and other Internet search engines to remove search results linking to websites containing personal information about them.
The EU Article 29 Working Party's Guidance on the "Legitimate Interest" Ground for Processing Personal Data
This article was originally published in World Data Protection Report on June 7, 2014.
Author: Steven P. Farmer
OECD Calls for Higher Focus on Outsourcing, IT and Supplier Risk
Source: Outsource Magazine
Author: Tim Wright
This article was originally published in Outsource Magazine on July 29, 2014.
March 2014
From a Sea of Data to Actionable Insights: Big Data and What it Means for Lawyers
Source: Intellectual Property & Technology Law Journal
Authors: John L. Barton, Michael Murphy
This article was originally published in 26 Intellectual Property & Technology Law Journal No. 3, March 2014, at 8.
Remain Vigilant: Managing Cybersecurity Risks in Third-Party Outsourcing Relationships
Source: Corporate Compliance Insights
Authors: Meighan E. O'Reardon, Aaron M. Oser
This article was originally published on February 27, 2014 and is reprinted with permission from Corporate Compliance Insights.
February 2014
Personal Data Transfers from the European Economic Area: Binding Corporate Rules Emerge as Increasingly Attractive Option
Source: World Data Protection Report (Bloomberg BNA)
Authors: Rafi Azim-Khan, Steven P. Farmer
This article was originally published in the February 2014, Volume 14, Number 3 issue of Bloomberg BNA's World Data Protection Report.
Repeal of Third Party Harassment Provisions in the Equality Act 2010
Authors: Tim Wright, Amina Adam
This article was originally published in on February 13, 2014.
A Contract Made in Two Places at Once?
Authors: Tim Wright, Tania L. Williams
This article was originally published in on February 2, 2014.
December 2013
Big Data and Cloud Solutions: Implications for Sourcing
Source: Practical Law
Authors: John L. Barton, Michael Murphy
This article was originally published in Practical Law Company's "Outsourcing Multi-Jurisdictional Guide 2013/14."
November 2013
U.K. Court of Appeal’s Award of Compensation for Distress to an Individual Following a Breach of the Data Protection Act: Opening the Floodgates for Claims by Individuals?
Source: World Data Protection Report
Authors: Steven P. Farmer
This article was published in World Data Protection Report, November 2013, published by Bloomberg BNA (
June 2013
Mobile Privacy Practices: Recent California Developments Indicate What's to Come
Source: Computer Law Review International
Authors: James Chang, James G. Gatto, Meighan E. O'Reardon
This article was originally published in the June 2013 issue of Computer Law Review International (CRi).
July 2013
Reconciliation + Regulation = Complication
Source: Risk Magazine
Authors: Mike Pierides, Alistair J. Charleton
An updated version of this article was published in the July 2013 issue of Risk.
April 2013
Personal Data Transfers from the European Economic Area: Time to Consider Binding Corporate Rules 2.0
Source: World Data Protection Report
Authors: Rafi Azim-Khan, Steven P. Farmer
What exactly is the ‘"best" solution for an international business needing to handle and transfer personal data across borders?
October 2012
A "Perfect Storm" of Data Law Changes; Are You Ready for a 2% of Global Turnover Fine?
Authors: Rafi Azim-Khan
Recent months and the EU January announcement have seen very major data protection law changes that affect not just UK or EU companies but any companies (particularly US) which are deemed to be caught by “processing” EU data.
July 2012
The Financial Services Authority
Source: E-Finance & Payments Law & Policy
Author: Tim Wright
As part of the wider Retail Distribution Review, the Financial Services Authority recently launched a consultation which follows its August 2011 Policy Statement outlining its proposed ban on commission payments by product providers to platform providers and cash rebates to consumers. Tim Wright, a Partner at Pillsbury Winthrop Shaw Pittman LLP, reviews the new rules proposed by the FSA.
What Happens On the Outsourcers Insolvency: A Comparison of Relevant Insolvency Principles in the U.S., India and China
Source: PLC Cross-border Outsourcing Handbook
Authors: Joshua B. Konvisser, Nishith Desai, Joseph Chan, Michael Murphy, Yusuf H. Safdari
Top-ranked IT and outsourcing lawyer Michael Murphy, nationally recognized outsourcing lawyer Joshua Konvisser and Pillsbury senior counsel Yusuf Safdari, along with Nishith Desai and Joseph Chan, explain U.S. bankruptcy law principles and issues most relevant to customers of insolvent outsourcing service providers. The authors provide a comparison of those principles with the insolvency frameworks in India and China in order to put customers in the best position to navigate the complexities of local insolvency laws. This article originally appeared in the PLC Cross-border Outsourcing Handbook 2011/12
Pillsbury Pillsbury Pillsbury