TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

Earlier this week, the US Supreme Court rejected requests from the telecommunications industry to hear an appeal seeking to throw out a 2016 lower court ruling in favor of the “net neutrality” rules. Recent action by the Federal Communications Commission (FCC) has rolled back the rules, but the industry participants also wanted to overturn the lower court decision.

Washington, DC partners Giovanna M Cinelli, Kenneth J. Nunnenkamp, and Stephen Paul Mahinka and Boston partner Carl A. Valenstein recently published a LawFlash on the recent action taken by the Committee on Foreign Investment in the United States (CFIUS) to implement a pilot program under the Foreign Investment Risk Review and Modernization Act (FIRRMA). FIRRMA, which was enacted in August 2018, reformed the CFIUS screening process for foreign investment in the United States and, among other things, permits CFIUS to establish pilot programs to test the viability of certain of its provisions. The LawFlash addresses the objectives and the scope of the announced pilot program, including the countries and types of investments covered by the program. It also describes the new requirement for mandatory declarations "for certain transactions involving investments by foreign persons in certain U.S. businesses that produce, design, test, manufacture, fabricate, or develop one or more critical technologies" implemented by the pilot program. The pilot program becomes effective November 10, 2018.

For more information on the pilot program, please read the LawFlash.

There is no “one size fits all” solution when drafting and negotiating the liability provisions relating to data protection obligations and security incidents. Every contract has unique business drivers that will shape the appropriate allocation of liability, such as financial risk and the sensitivity of the data involved. There are, however, common issues that the legal, sourcing, and business teams should carefully consider when structuring the liability framework as it applies to data safeguards. Below we identify some of these key issues.

In Part 1 and Part 2 of this Contract Corner, we discussed the importance of assessing and defining the types of data involved in a services agreement, and highlighted issues to consider with respect to the ownership and control of company and personal data.

In this Part 3, we discuss key drafting points regarding the operational security requirements typically addressed in services agreements.

In Part 1 of this Contract Corner, we discussed the importance of evaluating the types of data to be processed or accessed by a service provider at the beginning of the contracting process and key considerations to address when defining the types of data in the services contract.

This Part 2 highlights issues to consider with respect to the ownership and control of company data.

In Part 1 of this Contract Corner, we discussed the importance of evaluating the types of data to be processed or accessed by a service provider at the beginning of the contracting process and key considerations to address when defining the types of data in the services contract.

This Part 2 highlights issues to consider with respect to the ownership and control of company data.

Morgan Lewis partner Barbara Melby, the leader of our technology, outsourcing, and commercial transactions practice, has been invited to present at an upcoming Practising Law Institute (PLI) event, Outsourcing 2018: ITO, BPO and Cloud, in New York City. Barbara’s one-hour presentation will take place Friday, November 2, at 11:15 am. She will discuss intellectual property issues in outsourcing, including the following topics:

  • Recognizing and avoiding common IP pitfalls
  • Copyright, patent, and trade secret issues from vendors’ and customers’ perspectives
  • IP representations, warranties, and indemnities in outsourcing transactions
  • Open-source considerations
  • IP issues in cloud deals

The presentation is part of a two-day PLI outsourcing event November 1–2 at the PLI New York Center, 1177 Avenue of the Americas (2nd floor), New York. You can also access the event via webcast and various groupcast locations.

To register, visit the Outsourcing 2018: ITO, BPO, and Cloud event page.

Drafting and negotiating the data protection provisions in services agreements can be one of the trickier and more time-consuming aspects of the contracting process. One of our prior Contract Corner series from 2014 discussed the importance of documenting security requirements and monitoring security commitments, addressing security incidents, and key issues to consider when drafting liability provisions. In this Contract Corner, we revisit some of these issues based on the latest contracting trends that we are seeing for services agreements and dive into additional considerations when addressing key data safeguard provisions.

Assess and Define the Data

At the outset of the contracting process, it is important for the deal team and the key stakeholders to evaluate and properly define the types of data that the service provider will access or process as part of the services. A sound understanding of the scope of data involved in a services transaction helps establish expectations up front and will drive a contract that contains the right level of security requirements and an appropriate allocation of liability for security breaches. The contract should then reflect the output of this internal assessment through carefully crafted defined terms that will flow throughout the data safeguard provisions.

The seventh edition of Data Protection & Privacy, published annually by Getting the Deal Through, provides answers from practitioners around the globe regarding key questions in international privacy and data protection laws and regulations.

Our colleagues Ksenia Andreeva, Anastasia Dergacheva, Anastasia Kiseleva, Vasilisa Strizh, and Brian Zimbler contributed this year’s Russia chapter, providing insight on a wide variety of issues under Federal Law No. 152-FZ on Personal Data dated 27 July 2006, the main law governing the protection of personal data in Russia. This comprehensive chapter is a go-to resource for understanding the legislative framework for data protection and privacy in Russia, including the obligations of data controllers and data processors and the rights of data subjects.

The full edition is available online with additional chapters covering various jurisdictions around the world.

This week we welcome new partners to our outsourcing and commercial transactions practice, Mike Pierides and Simon Lightman. The arrival of Mike and Simon, along with associate Sarah Bryan, adds further strength to our outsourcing and commercial transactions team and brings our capabilities to the firm’s London office. Mike and Simon will lead the expansion of our practice in Europe, the Middle East, and Asia, where both have extensive experience representing a wide range of clients on major outsourcing and complex commercial transactions.