TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

The World Bank announced on August 10 that 70 years after its first bond transaction, it will be issuing the first bond to use entirely blockchain technology, in part to help the bank gain experience in the use of blockchain. The World Bank’s innovation lab partnered with the Commonwealth Bank of Australia (CBAUF) and Microsoft on this endeavor almost a year in the making.

Blockchain is a growing list of records, or “blocks” linked using cryptography and resistant to modification since it is essentially an open, distributed ledger that can record transactions between two parties efficiently and verifiable in a permanent way. This means that once data is recorded, the data in a block cannot be altered without altering all later blocks, which requires majority consensus of the network. Just imagine all the people around the world agreeing to verify a single block and all subsequent blocks!

This July, the 2018 Cost of Data Breach Study: A Global Overview was released as an independent study by Ponemon Institute, LLC, sponsored by IBM Security. The study breaks down the rising costs of data breaches and the likelihood of an organization experiencing a future data breach, with information derived through interviews with more than 2,200 professionals from 477 organizations that have experienced a breach in the last 12 months.

The study does not focus on “mega breaches,” which are breaches that exceed 1 million records. However, for the first time this year the annual study offers separate insights into data breaches that resulted in the exposure of more than 1 million compromised records:

  • Mega breaches of 1 million records yield an average total cost of $40 million
  • Mega breaches of 50 million records yield an average total cost of $350 million

Moscow partners Anastasia Dergacheva and Brian L. Zimbler and associate Kseniya Lopatkina recently published a LawFlash on the new rules in Russia for platforms that aggregate information from online stores. Federal Law No. 250-FZ, signed on July 29, 2018, provides additional protection for consumers acquiring goods and services through online platforms. For more information on the effects of this new law, read the LawFlash.

European financial institutions (competent authorities, credit institutions, and investment firms as defined in EU Regulation No. 575/2013, collectively Institutions) have been instructed to comply with the European Banking Authority’s (EBA’s) recommendations when outsourcing to cloud service providers (Recommendations) as of July 1, 2018.

With cloud-based solutions offering new products geared to potentially reduce infrastructure costs and improve services, outsourcing to cloud-based services providers is becoming progressively more popular by Institutions. This trend has prompted the EBA to issue the Recommendations, with the expectation that Institutions will use their best efforts to comply.

When in-house lawyers start thinking about how to support a business client that is looking to implement a new or replacement enterprise resource platform (or more commonly known as an ERP system), we often suggest that they first discuss these 10 framework issues to get a sense of the scale, complexity, and timing of the potential transaction. While the below list certainly does not cover all of the issues that will need to be considered, it is intended to help in-house lawyers understand the objectives, parameters, and potential risk areas of a transaction.

We are seeing more merger and acquisition activity among technology services companies as European companies are seeking to expand their presence in US markets. Just this week, another acquisition of a growing US-based technology company by a global technology services leader headquartered in France was announced.

On July 22, French multinational company Atos—a global leader in technology services and digital transformation—announced that it entered into a definitive merger agreement with US-based Syntel. The acquisition, subject to regulatory approval, is scheduled to close by the end of 2018. Syntel, based in Michigan, is a global IT company specializing in cloud, mobile, analytics, and automation services. The purchase of Syntel is intended to strengthen Atos’s presence in the banking, financial services, and insurance (BFSI) industries, with Syntel generating a substantial portion of its revenue from BFSI and large global banks. The acquisition also will increase the North America presence of Atos and expand Atos’s workforce in India, adding 23,000 employees—18,000 of which are based in India—to Atos’s current headcount of about 97,000.

Authored by Barbara Murphy Melby, Christopher C. Archer, and Jay Preston

In Part 1 of this Contract Corner on Software as a Service (SaaS) agreements, we discussed ownership and use issues in SaaS transactions where the application is provided and hosted as a dedicated instance with common base software (sometimes with customization or variation) but running as a separate instance in a dedicated environment.

In this Part 2, we will look at ownership and use issues in transactions where the application is provided and hosted in a multitenant environment, with one common application layer and hosting environment that is logically partitioned by customer.

As noted in Part 1, when thinking about ownership and other intellectual rights in SaaS deals, we generally consider the following categories, discussed in more detail below. As with any solution there can be variations and customer-specific needs that drive different requirements.

What does California’s new privacy law mean for companies and consumers?

When California Assembly Bill 375 (AB 375), also known as the California Consumer Privacy Act, goes into effect in 2020, companies stand to face the toughest privacy requirements in the United States. The purpose of AB 375 is to create transparency and control for consumers and their data, and to establish meaningful requirements for companies that collect and use that data. Some notable conditions under AB 375 include the following:

  • Companies must inform consumers of the data they collect and the purposes for which it is used.
  • Consumers can require companies to delete their data and direct companies to cease the sale of their data.
  • Companies will be required to disclose to consumers their right to request deletion of their data and their right to opt out of the sale of their data.
  • Companies that collect, sell, or disclose consumer data must disclose the categories of data that were collected, sold, or disclosed, as well as the third parties to whom the data was sold or disclosed.
  • Consumers will have the right to obtain their data in a portable format such that it may be provided to another entity.

Authored by Barbara Murphy Melby, Christopher C. Archer, and Jay Preston

In the typical SaaS scenario, the SaaS vendor provides, maintains, and hosts (either itself or through a hosting SaaS vendor) the desired application layer, and grants the customer and its authorized users access to the application functionality via the internet. At a high level, there are two variations of this scenario:

  • The application is provided and hosted as a dedicated instance, with common base software (sometimes with customization or variation) but running as a separate instance in a dedicated environment.
  • The application is provided and hosted in a multitenant environment, with one common application layer and hosting environment that is logically partitioned by the customer.

In this Contract Corner series, we will look at ownership issues in SaaS solutions in two parts, with different perspectives based on whether the solution utilizes a dedicated instance (Part 1) or a multitenant environment (Part 2).

The Pittsburgh session of the annual Cyberlaw Update for the Pennsylvania Bar Institute (PBI) will take place on Tuesday, July 17. Moderated by Morgan Lewis partner Peter Watt-Morse, the update enters its 21st year and this year’s seminar will focus on current hot-button issues including blockchain and cryptocurrency and security and privacy concerns related to social media, IOT, GDPR, and the Dark Web.

Speakers at the all-day event include Mr. Watt-Morse and of counsel Emily Lowe, who will be speaking on privacy and security concerns regarding social media from both a policy and regulatory standpoint in the wake of the disclosures related to Cambridge Analytics; and associate Ben Klaber who will be reviewing such concerns as they apply to the burgeoning market of Internet of Things (IoT) devices.