Posted
By

As stated by Wired, “It’s all the standard advice you’d give a tech novice,” aptly sums up the White House’s Cybersecurity National Action Plan (CNAP) that President Obama unveiled on February 9, 2016. Announced as part of the President’s overall budget proposal, CNAP is a plea within the federal government to implement a sturdier foundation for its cybersecurity strategy. The administration proposes a 35% increase in cybersecurity funding, much of which would go toward creating programs that are intended to leverage private sector expertise to improve the woefully outdated, if not completely nonexistent, federal government cybersecurity infrastructure.

Among other initiatives, CNAP includes an awareness campaign targeted at personal-level cybersecurity habits, a joint government-private sector commission for compiling cybersecurity best practices, and incentives to entice private sector talent to enlist in the government’s ranks. Although these programs anticipate private sector involvement, they are rooted in the government’s pressing concern about its own vulnerabilities to cyberattacks. The standard refrain is that CNAP seeks to raise the level of cybersecurity for the government and the private sector, but the rhetoric around the announcement belies an overwhelming focus on federal government advancement that will likely have little impact on private sector progress, if the program is implemented at all.

Citizens’ Awareness Campaign

Continue reading

Posted
By

Retirement plan sponsors face ever-evolving cyber-related threats to plan assets and participant personal information. To combat such threats, plan sponsors should proactively assess the third-party service providers’ ability to detect, prevent and respond to cyberattacks against the retirement plan. In order to minimize a retirement plan’s overall cyber risk profile, its sponsor(s) must implement a cyber risk management strategy, including focusing on evaluating its third-party service providers’ cybersecurity programs, performing periodic assessments of such programs, and ensuring that the retirement plan has mitigated risks from losses in the event of a cyberattack.

This advisory is the first in a series of advisories dedicated to understanding cybersecurity issues affecting retirement plans.

Read more…

Posted
By

Brian Wainwright • Robert S. Logan

The Protecting Americans from Tax Hikes Act of 2015 (the “PATH Act,” Division Q of the Consolidated Appropriations Act, 2016, P.L. 114-113, enacted December 18, 2015) made some important changes to the U.S. federal income tax treatment of U.S. real estate investments by non-U.S. persons under the Foreign Investment in Real Property Tax Act of 1980 (“FIRPTA”).

Increased Withholding

Continue reading

Posted
By

Happy new year, outsourcing industry!

In our last post, we posited that the new year brings an opportunity for a fresh start in structuring fundamental aspects of an outsourcing transaction. We pointed to the following mechanisms used to restrict a customer from an early exit from an IT outsourcing deal as being outdated, having originally been designed to protect a supplier’s significant capital investment in outsourcing deal, which has all but disappeared in today’s typical deals:

  • Whole or partial exclusivity;
Continue reading

Posted
By

The advent of the new year provides an opportunity to contemplate a fresh start — and that’s just what is needed when it comes to structuring the fundamentals of an IT outsourcing transaction.

Early IT outsourcing transactions typically involved significant capital investments by suppliers, who would often purchase the customer’s existing assets and promise to deliver services inclusive of refreshed assets at defined refresh cycles. These “asset-heavy” transactions often included mechanisms to either prevent the customer from exiting early, or to compensate the supplier for significant unamortized capital investment where the customer terminated services early. Examples of these “exit-restricting” mechanisms are:

  • Whole or partial exclusivity;
Continue reading

Posted
By

Of Silk and Services

As I listened to my wife, a custom wedding dress designer, talk a hysterical bride off the cliff this past weekend, I realized the conversation sounded eerily familiar. My wife was certain that the completed dress in front of them was exactly what had been ordered and she had emails, sketches and photos to prove it. The bride knew exactly what dress she had ordered, and this wasn’t it. She also had a set of texts, emails, and photos to support her expectation.

Sound familiar? This was nothing more than a failure to document a services solution. How can a “bride” to an outsourcing engagement avoid the same disaster?

Continue reading

Posted
By

In the first installment of this post, I posited that one factor contributing to disappointing results following a merger or acquisition is the flawed perception that transition services are not that important. I noted that this mindset may dilute the effectiveness of the post-deal enterprise(s) and result in unanticipated and unmitigated risks, lost or reduced revenues and/or interruptions of key business operations.

Let’s assume that you are sold on the importance of transition services. Even when transition is given appropriate attention, companies often suffer the perils of misguided implementation of the transition service regime, which may include:

  • Insufficient planning;
  • An undisciplined process;
  • Inadequate diligence (not asking the right questions); and/or
  • Incomplete or improper terms.

This installment focuses on how best to avoid these issues by adhering to a practical set of informed best practices.

Transition Services “Value Imperative”

Although there is no single “right way” to devise and execute a transition services strategy, there is one guiding principle that should drive any transition service regime. For the sake of discussion, I’ll call it the “value imperative,” which should advance three primary objectives:

  1. Help position the post-closing enterprise(s) to be at least as (if not more) competitive in the market(s) in which they operate;
  2. At a minimum, preserve (and potentially enhance) the valuation; and
  3. Enable the enterprise(s) to fully exploit the targeted synergies of the deal.

Put another way, the transition services should, at a minimum, “do no harm” to the value proposition being pursued, recognizing that the mechanisms for achieving this goal may differ depending on whether you are the seller or buyer (the recipient or provider of the transition services).

Implementing an effective transition services regime is as much about process as it is about substance. In this installment I explore the key attributes of an effective transition services process from the perspectives of both the provider and the recipient of these services.

Continue reading

Posted
By

The Court of Justice of the European Union (CJEU) has been very busy in recent weeks re-shaping EU privacy laws. In addition to the much-anticipated decision in “Schrems” (Case C-362/14), which essentially rules the US-EU Safe Harbor invalid, the CJEU has also considered the key issue of “establishment” in another landmark case, namely “Weltimmo” (Case C-230/14).

In particular, it has ruled that businesses with only very minimal operations in an EU Member State can nevertheless be subject to the data protection laws of that Member State, where they process personal data in the context of activities directed towards that Member State. This effectively widens the scope of “establishment” and creates additional headaches for those with European operations.

The action point for companies with a European footprint is therefore to review their European processing activities, re-think where they might be established and look to comply with local laws in those jurisdictions. Status quo is not an option for those who wish to avoid enforcement action in “foreign” jurisdictions they previously thought they could ignore.

Continue reading

Posted
By and

Yesterday was a big day for the Court of Justice of the European Union!  The fifteen-year-old regime governing EU-U.S. data transfers has been struck down. Specifically, the CJEU declared invalid the safe harbour framework (the “Safe Harbor Framework” or the “Framework”) that thousands of U.S. companies have relied upon to facilitate data transfers from the EU to the United States. To read the entire article published by our Pillsbury London and U.S. teams click here.

Posted
By

Global Sourcing attorney Sarah Atkinson, who are based in Pillsbury’s London office, have recently published the article, The payment services market under the eye of the regulator , in Banking Technology. The article considers criticisms of the payment services industry and how the new Payment Services Regulator is hoping to address these. In particular, they consider the issue of technical barriers (including technology barriers) and how these currently inhibit direct access to payment systems. To read the full article on the Banking Technology website click here.