Posted
By

Most business clients would rather be in the dentist’s chair than sit through negotiation of the indemnity and liability provisions of their agreement. Admit it: your eyes glaze over, time appears to visibly slow down, and you wonder at how the lawyers can find this stuff interesting enough to argue about.

As dull as they appear to be, there are some significant issues that can arise from the indemnity clause. One issue that I see more often than not is that suppliers try to put a financial limit on their indemnification obligations.

Sometimes the supplier will agree to remove the limitation, but not always. What are the consequences of having a limitation on an indemnification obligation,

Continue reading

Posted
By

In a recent judgement, the Court of Appeal of England and Wales held that an electronic database was not a chose in possession or a chattel but a chose in action (see our earlier blog regarding the grant of leave to appeal in this case). In other words, a database is intangible property, not goods which can be possessed. This means that when the parties to a database hosting contract are silent about what happens to the database when the contract ends, the service provider cannot exercise a common law lien over the database so as to force full payment of its fees, and must return the database to its customer.

In giving the lead judgement in the Court of Appeal, Lord Justice Moore-Bick, quoted extensively from the judgment of Lord Justice Diplock in Tappenden v Artus (Tappenden v Artus [1964] 2 Q.B. 185). Tappenden is a case with which most first year law students in the UK will be familiar. In that case, a van owner allowed a customer to use the van pending the completion of a hire-purchase agreement. The van then broke down and was repaired by the defendant garage, but the price of the repairs was not paid. The question arose whether the garage could exercise a lien over the van against the owner. In finding that it could, Diplock L.J emphasised “actual possession of goods” as necessary for the self-help remedy of possessory lien to arise under the common law.

Referring to another leading case, Moore-Bick LJ went on to state that “[a]s OBG v Allan makes clear… the common law draws a sharp distinction between tangible and intangible property…”, which leads to the conclusion that “it is [not] possible to have actual possession of an intangible thing …[and that] it is [not] open to this court to recognise the existence of a possessory lien over intangible property …”

Continue reading

Posted
By

Much has been said about the EU “Cookie” laws introduced by an amendment to the Privacy and Electronic Communications Directive in 2011.  Companies with European customers (including those in the US) have grappled with the law’s requirement to obtain informed consent from visitors to their websites before cookies can be used.

Not only being the subject of much academic debate, European regulators have also issued a series of guidance papers on the issue, including recent publications from the UK’s Information Commissioner’s Office and from the Article 29 Working Party, the group made up of representatives from the various EU privacy regulators.  These provide layers of at times arguably conflicting commentary on how to comply with the law.

Whilst question marks hang over key issues (e.g.

Continue reading

Posted
By

This article was originally published on February 27, 2014 and is reprinted with permission from Corporate Compliance Insight.

lookout-300x187.jpg
Managing third-party suppliers presents significant compliance challenges that often span an organization, raising legal, insurance, human resources and technology concerns, to name just a few. Corporations will continue to wrestle with these risks in the year ahead, but the convergence of external threats, abundance of valuable corporate data and the current regulatory environment has highlighted the importance of corporate cybersecurity practices. Cybersecurity is perhaps one of the hottest topics being discussed in boardrooms today.  The Cybersecurity Framework,

anticipated legislation and litany of high-profile data breaches have resulted in even more heightened scrutiny.

Continue reading

Posted
By

Mario Dottori is quoted in Stephanie Overby’s recent CIO.com article discussing 8 Tips to Deal With Liability When Outsourcing to Multiple IT Vendors.

“In theory, a multi-provider service delivery environment should not create additional complexities in terms of liability. The contracts — entered into separately between the customer and each supplier — should, if well constructed, clearly delineate the liabilities between the parties,” says Mario Dottori, leader of the global sourcing practice in Pillsbury’s Washington, D.C. office.

One tip offered is to create operation level agreements, “OLAs state how particular parties involved in the process of delivering IT services will interact with each other in order to maintain performance, and can help all parties ‘see the forest for the trees,’ says Dottori.  ‘These arrangements offer the opportunity for enhanced visibility of the service regime as a whole and helps to reduce — or better arm the parties with solutions for — missed hand-offs and finger pointing.’ One caveat: Most providers will not agree to take on additional liability in OLAs. But such an agreement can be an effective preventative measure.”

Continue reading

Posted
By

On February 12, 2014, the National Institute of Standards and Technology (“NIST“) released the final version of its Framework for Improving Critical Infrastructure Cybersecurity (the “Cybersecurity Framework” or “Framework“)

and the companion NIST Roadmap for Improving Critical Infrastructure Cybersecurity (the “Roadmap“).

The final version is the result of a year-long development process which included the release of multiple iterations for public comment and working sessions with the private sector and security stakeholders. The most significant change from previous working versions is the removal of a separate privacy appendix criticized as being overly prescriptive and costly to implement in favor of a more general set of recommended privacy practices that should be “considered” by companies.

Continue reading

Posted
By

Background

In response to the financial crisis and recession in the United States that began in 2007, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (now commonly known as “Dodd-Frank”). Dodd-Frank created a vast array of new financial regulations, including the new and independent Bureau of Consumer Financial Protection designed to “regulate the offering and provision of consumer financial products or services under the Federal consumer financial laws.”

Now known by its alphabet soup moniker, the CFPB has jurisdiction to enforce one of the simplest, yet most powerful, provisions in Dodd-Frank: “It shall be unlawful for any covered person or service provider to engage in any unfair, deceptive, or abusive act or practice.” These “unfair, deceptive, or abusive” acts or practices have become commonly known in the legal and financial industries as “UDAAPs.” The CFPB has not implemented formal rulemaking with respect to the prohibition on UDAAPs. Instead, it has made the conscious decision to largely implement its UDAAP rules via its enforcement actions and a series of guidance documents, including the “Supervision and Examination Manual,” which articulates CFPB’s expectations for how this law is to be enforced.

Continue reading

Posted
By

“How does a large software project get to be one year late?  One day at a time!”  

-Fred Brooks, former IBM employee and OS/360 developer

2013 was not a stellar year for public sector outsourcing.  As we reported in an earlier blog article, Indiana is appealing judgment in an ongoing court battle with IBM over a troubled welfare claims processing project.  Agencies in Pennsylvania, Massachusetts and Australia also hit the news.

Continue reading

Posted
By and

In previous posts (Proposed Changes to UK’s TUPE will impact outsourcing deals, The UK Government consults on proposed changes to the TUPE regulations) we highlighted the UK Government’s proposed changes to the Transfer of Undertakings (Protection of Employment) Regulations 2006 (“TUPE 2006“). The UK Government has now finalised these changes,

resulting in the Collective Redundancies and Transfer of Undertakings (Protection of Employment) (Amendment) Regulations 2014 (“Amended TUPE Regulations“). 

The Department for Business, Innovation and Skills (BIS) also published useful guidance which helps to explain the changes made to TUPE 2006.  Generally speaking, the Amended TUPE Regulations brought into effect the changes discussed in our previous post,

Continue reading

Posted
By

In a look forward at 2014, Joe Nash commented in Stephanie Overby’s CIO.com article on what to expect in the year head. He said:

At the very least, expect an increase in automation generally. ‘With the cost benefits of labor arbitrage being largely harvested and labor costs inevitably on the rise, CIOs will need to look for alternative opportunities to reduce or contain operating costs,’ says Joe Nash,

principal in Pillsbury’s global sourcing group. ‘That means looking for ways through automation to reduce the amount of work it takes to complete an IT function or service, not the cost of the labor to do it.’

Continue reading
By
Posted In: Industry Trends
Posted
Updated: