TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

As detailed in a prior blog post, California’s new privacy law, commonly referred to as the CCPA, seeks to impose tougher privacy requirements on companies that collect and use consumer data. Although the law does not go into effect until 2020, California’s attorney general has already called into question his office’s ability to comply with the operational obligations of the CCPA and raised questions about its potential modification of California’s Unfair Competition Law, and businesses are working to find ways to narrow their impending disclosure obligations prior to the law’s enactment. Concerns about the breadth of the law and the ability to enforce it will continue to be weighed against the current push to expand consumer privacy protection.

The US Department of Homeland Security (DHS) hosted the first National Security Summit on July 31 in New York City. In attendance were US Vice President Mike Pence, senior members of the DHS and other federal agencies, as well as industry leaders from sectors including telecom, finance, and energy. One of the major announcements to come out of this summit was the formation of the National Risk Management Center, including a new supply chain risk management task force.

Website terms of use are often copied and pasted from other sites, and viewed as “standard” or “boilerplate” terms to protect site operators and set forth the basic rules governing the relationship between the site operator and the user. It’s important for a site operator to make sure these terms give it the protections it needs, are enforceable, and comply with laws, so from time to time the terms should be reviewed and updated to align with the business practices of the site operator and applicable law.

A frequent point of contention between parties negotiating the allocation of risk related to intellectual property rights in connection with the acquisition of intellectual property is the interplay between the warranty and indemnification sections. Below we break down what to look for in these sections and how minor changes in the language can significantly change the rights a party is granting or receiving.

Intellectual Property Warranties

An intellectual property warranty generally provides that the intellectual property rights being licensed or assigned constitute all intellectual property rights owned or controlled by a party prior to the effective date of the transaction, and that those rights are all the rights necessary for the conduct of the business (as it is currently conducted) after the effective date of the transaction. A warranty may also go on to say such intellectual property does not infringe third-party intellectual property rights. The following versions of this clause demonstrate how this clause can be worded to strengthen or weaken the warranty.

The World Bank announced on August 10 that 70 years after its first bond transaction, it will be issuing the first bond to use entirely blockchain technology, in part to help the bank gain experience in the use of blockchain. The World Bank’s innovation lab partnered with the Commonwealth Bank of Australia (CBAUF) and Microsoft on this endeavor almost a year in the making.

Blockchain is a growing list of records, or “blocks” linked using cryptography and resistant to modification since it is essentially an open, distributed ledger that can record transactions between two parties efficiently and verifiable in a permanent way. This means that once data is recorded, the data in a block cannot be altered without altering all later blocks, which requires majority consensus of the network. Just imagine all the people around the world agreeing to verify a single block and all subsequent blocks!

This July, the 2018 Cost of Data Breach Study: A Global Overview was released as an independent study by Ponemon Institute, LLC, sponsored by IBM Security. The study breaks down the rising costs of data breaches and the likelihood of an organization experiencing a future data breach, with information derived through interviews with more than 2,200 professionals from 477 organizations that have experienced a breach in the last 12 months.

The study does not focus on “mega breaches,” which are breaches that exceed 1 million records. However, for the first time this year the annual study offers separate insights into data breaches that resulted in the exposure of more than 1 million compromised records:

  • Mega breaches of 1 million records yield an average total cost of $40 million
  • Mega breaches of 50 million records yield an average total cost of $350 million

Moscow partners Anastasia Dergacheva and Brian L. Zimbler and associate Kseniya Lopatkina recently published a LawFlash on the new rules in Russia for platforms that aggregate information from online stores. Federal Law No. 250-FZ, signed on July 29, 2018, provides additional protection for consumers acquiring goods and services through online platforms. For more information on the effects of this new law, read the LawFlash.

European financial institutions (competent authorities, credit institutions, and investment firms as defined in EU Regulation No. 575/2013, collectively Institutions) have been instructed to comply with the European Banking Authority’s (EBA’s) recommendations when outsourcing to cloud service providers (Recommendations) as of July 1, 2018.

With cloud-based solutions offering new products geared to potentially reduce infrastructure costs and improve services, outsourcing to cloud-based services providers is becoming progressively more popular by Institutions. This trend has prompted the EBA to issue the Recommendations, with the expectation that Institutions will use their best efforts to comply.

When in-house lawyers start thinking about how to support a business client that is looking to implement a new or replacement enterprise resource platform (or more commonly known as an ERP system), we often suggest that they first discuss these 10 framework issues to get a sense of the scale, complexity, and timing of the potential transaction. While the below list certainly does not cover all of the issues that will need to be considered, it is intended to help in-house lawyers understand the objectives, parameters, and potential risk areas of a transaction.

We are seeing more merger and acquisition activity among technology services companies as European companies are seeking to expand their presence in US markets. Just this week, another acquisition of a growing US-based technology company by a global technology services leader headquartered in France was announced.

On July 22, French multinational company Atos—a global leader in technology services and digital transformation—announced that it entered into a definitive merger agreement with US-based Syntel. The acquisition, subject to regulatory approval, is scheduled to close by the end of 2018. Syntel, based in Michigan, is a global IT company specializing in cloud, mobile, analytics, and automation services. The purchase of Syntel is intended to strengthen Atos’s presence in the banking, financial services, and insurance (BFSI) industries, with Syntel generating a substantial portion of its revenue from BFSI and large global banks. The acquisition also will increase the North America presence of Atos and expand Atos’s workforce in India, adding 23,000 employees—18,000 of which are based in India—to Atos’s current headcount of about 97,000.