Posted on August 23, 2010 by Joseph I. Rosenbaum

Transcending the Cloud - Cloud Coverage (Insurance for a Rainy Day)

As part of our Cloud Computing initiative, we promised to tackle some issues that have seen little coverage elsewhere and can often be overlooked in the “technological” arena. Here is a look at the insurance coverage issues representing our next chapter in Reed Smith’s on-going series, “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing.” This White Paper and Chapter takes a look at the insurance coverage implications of cloud computing, and is aptly titled “Cloud Coverage.”

We would like to thank Richard P. Lewis and Carolyn H. Rosenberg for their thoughtful and practical insights and effort. Feel free to contact them directly if any questions arise or if you need help or more information. As we continue to do, we updated the entire work so that in addition to the single chapter on “Cloud Coverage,” you can access the PDF of our “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing” compendium, receiving a complete update, including this one on insurance coverage.

Make sure you subscribe via email or get the Legal Bytes RSS Feed so you are always in touch with our latest information. Of course, if you ever have questions, you can always contact me, Joseph I. (“Joe”) Rosenbaum, or Adam Snukal, or any Reed Smith attorney with whom you regularly work.

Tags: , , , , , , ,
Posted on August 13, 2010 by Joseph I. Rosenbaum

Transcending the Cloud - The German Perspective

As part of our Cloud Computing initiative entitled, we take a step over to Europe and proudly present our next chapter in Reed Smith’s on-going series “Cloud Computing - A German Perspective.” This white paper and chapter, takes a look at cloud computing from a German and, to some extent, potentially representative European perspective. It’s a refreshing look at both some legislative and regulatory implications, as well as a view from outside the United States.

We would like to thank Thomas Fischl and Katharina A. Weimer in our Reed Smith Munich office for their insight and effort. Feel free to contact them directly if any questions arise or if you need help or more information. As we continue to do, we updated the entire work so that when you access the .PDF of our “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing” compendium, you will receive all of the sections, now updated with this chapter from Germany.

Make sure you subscribe via email or get the Legal Bytes RSS Feed so you are always in touch with our latest information. Of course, if you ever have questions, you can always contact me Joseph I. (“Joe”) Rosenbaum, Adam Snukal, or any Reed Smith attorney with whom you regularly work.

Tags: , , , , , , ,
Posted on August 11, 2010 by Joseph I. Rosenbaum

Every Cloud Has a Lining - Maybe a Legal One

Stimulated by the recently launched Reed Smith Cloud Computing initiative, Joseph I. ("Joe") Rosenbaum was interviewed by CFO U.S. reporter David McCann, and in the August 10, 2010, Today in Finance section, you can read the entire interview, "The Cloud's Legal Lining".

You can also read and download a current copy of all of the white papers in our ongoing series, "Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing." Be sure you subscribe via email or get the Legal Bytes RSS Feed so you are always in touch with the latest and most updated version, as new white papers on additional topics are released. Of course, if you have questions, you can always contact Joseph I. ("Joe") Rosenbaum directly, or the Reed Smith attorney with whom you regularly work.
 

Tags: , , , , , ,
Posted on July 23, 2010 by Joseph I. Rosenbaum

E-Discovery in the Cloud: Next Installment in Transcending the Cloud

As part of our Cloud Computing initiative, we are proud to present the next installment and chapter in our on-going series, "Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing." This White Paper and Chapter, entitled E-Discovery in the Cloud, takes a close look at some of the challenges that lie ahead in the world of discovery, when information and applications are processed, stored, accessed and used in a cloud-computing environment.

We would like to thank Jennifer Yule DePriest and Claire Covington for their hard work in putting this together, and you should feel free to contact them directly if any questions arise or if you need help or more information. As we have in the past, we have also updated the entire work so that when you access the PDF of our "Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing" compendium, you will receive all of the sections, now updated with this "E-Discovery in the Cloud" chapter, and you will have our updated and growing body of legal and regulatory insight into Cloud Computing.

Make sure you subscribe via email or get the Legal Bytes RSS Feed so you are always in touch with our latest information. Of course, if you ever have questions, you can always contact me Joseph I. ("Joe") Rosenbaum, Adam Snukal, or any Reed Smith attorney with whom you regularly work.

Tags: , , , , , , ,
Posted on June 21, 2010 by Joseph I. Rosenbaum

Cloud Computing: 'Transcending the Cloud' Adds Government Contracting Case Study

Last week, Legal Bytes announced Reed Smith’s new global initiative, Cloud Computing. With that announcement, the Task Force released the first three in a series of white papers entitled, “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing.” We also promised to release “case studies” shortly after the white papers, to demonstrate how the insights in each paper have practical implications through case study examples.

Here is the first: A case study on government contracting, now attached to the white paper entitled, “The Risks and Rewards of a U.S. Federal Government Contractor Employing a Cloud Service Provider to Perform a Federal Government Contract,” authored by Lorraine Campos, Stephanie Giese and Joelle Laszlo. Contact them if you need to know more about this important area of cloud computing.

We will update each individual paper, as well as the compendium, as each paper, case study and update is released, so make sure you subscribe via email or get the Legal Bytes RSS Feed so you are always in touch with the latest information. Of course, if you ever have questions, you can always contact me Joseph I. (“Joe”) Rosenbaum, Adam Snukal, or any Reed Smith attorney with whom you regularly work.

Tags: , , , , , ,
Posted on June 11, 2010 by Joseph I. Rosenbaum

'Transcending the Cloud' - Reed Smith Announces White Paper Series & Legal Initiative on Cloud Computing

This post was written by Joseph I. Rosenbaum, Adam Snukal and Douglas J. Wood.

For those of you who have wondered why Legal Bytes has been so quiet recently, it’s because I, and my colleague Adam Snukal, have been hard at work coordinating and putting together a new initiative – Cloud Computing.

Today, we are proud to announce the launch of a new Reed Smith initiative focusing on Cloud Computing and showcased with our new series of white papers entitled, “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing.”  The term “cloud computing” is showing up with greater frequency, but there is still much confusion and unawareness of what it means, and, more significantly for our purposes, how it is affecting and will increasingly affect you.  In the decade ahead, cloud computing likely will affect everyone, from major multinational corporations to consumers; from governments to the local grocery store. 

But cloud computing, like social media, is ultimately not about technological innovation or novel or transformative invention – it is about changing the fundamental nature of our relationships and how all of us access and use information and application programs: at work, in school, at play, as we shop and as we grow.  Cloud computing is transformative because it will enable anyone, anywhere and at any time, to access, use and create information and content – whether working on a spreadsheet, collaborating on a graphic design, creating an online gaming program, searching for a new restaurant, streaming music, or watching a motion picture – independent of a robust processing device.  No longer tied to desktops, laptops or proprietary pieces of equipment – just plug into the wall, as you would for electricity, and it’s there.  All you need is the ability to enter commands (input) and to display and receive (output) the results.  No plugs, no problem.  Just as sending and receiving transmissions wirelessly occur today, so too will the devices that access the cloud. 

In this brave new world, there will be new providers, new economic models, new access plans, and broadened capabilities, at differential pricing.  On demand, subscription, tiered pricing (anyone remember the timesharing companies of the late ‘60s and ‘70s?) will likely return to fashion in a world of cloud computing.

As mentioned above, the Cloud Computing Task Force at Reed Smith has created a series of white papers – collectively entitled “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing” – to elucidate the opportunities and dangers, the risks and rewards of cloud computing.  Our collection of white papers will cover cloud computing issues you may have heard little about, but that are and will be no less significant.  Will we still need backup on our devices?  What about cloud insurance?  New economic and business models mean – yes, you knew this was coming – new taxes.  What about security and privacy and data protection in the cloud?  We will worry about standards and interoperability.  No one provider can possibly cover the world or a world of data and applications – mobile phone carriers interexchange based on regulations over decades; Internet protocols evolved to ensure that email and other providers would enable individuals to communicate regardless of proprietary networks or email programming.  Will clouds evolve the same way?  Will there be barriers to entry as a cloud provider?  Infrastructure is expensive; global capability more so.  Providers will vie for cloud apps.

Our approach is also unique.  Today, we are launching our initiative.  An introduction and three exciting new introductory white papers all dealing with the cloud: government contracting, tax and service levels, and other contractual performance protections.  We will release case studies in the weeks ahead, providing practical examples based on the white papers and insights into how law and regulation is likely to affect each of these areas.  Where answers are available, we’ll tell you.  Where they are not, we’ll be insightful.  We have assembled a multi-jurisdictional, cross-disciplinary team, a task force of lawyers and professionals dealing with the issues arising in Cloud Computing.  In the weeks and months ahead we’ll keep releasing white papers – antitrust and competition law, e discovery, litigation, insurance, contract law and regulatory compliance.  We will not only deal with U.S. law, but will also provide you with contributions from our lawyers around the world.  Each release will not only provide an individual chapter that is the subject of the release (today we have Government Contracting, Tax and SLA/Performance Protection), but also an updated comprehensive copy of the growing compendium.  Transcending the Cloud will dynamically provide insights as the industry and challenges grow.  Keep a copy handy.  Make sure you check back for updates regularly.  Join us in the conversation.

I want to thank my colleague Adam Snukal for his steady hand and keen insight in helping me to put this Cloud Computing initiative together.  And Kevin Vaarsi, our marketing guru, who coordinated much of the logistics and the planning for our initiative.  Most important, as you will see today and in the months ahead, a team of Reed Smith lawyers who have invested countless hours and done significant research to contribute these white papers and bring you their insights – none of this would be possible without them, and each paper will have names, contact information and biographical information about these terrific professionals.  As our body of work grows, we will make each white paper available as a separate PDF, but we will also update our “Transcending the Cloud” compendium for those of you wanting a constantly updated and growing body of legal and regulatory insight into Cloud Computing in one place.  Make sure you subscribe via email or get the Legal Bytes RSS Feed so you are always in touch with our latest information.  Of course, if you ever have questions, you can always contact meJoseph I. ("Joe") Rosenbaum, Adam Snukal, or any Reed Smith attorney with whom you regularly work.

Tags: , , , , ,
Posted on January 28, 2010 by Joseph I. Rosenbaum

Outsourcing Providers Pitching Business? Be Careful What You Wish For.

As far back as May 2005, Legal Bytes reported that Europe was becoming a major outsourcing hub for a variety of reasons (Outsourcing Statistics). Well just this week, the law started catching up.

In what is certainly a major ruling and quite possibly the beginning of emboldened plaintiff-customers seeking greater accountability from outsourcing providers, Electronic Data Systems (EDS) has lost a case initiated by British Sky Broadcasting Plc (BSkyB) back in 2004, alleging that EDS, one of the leading outsourcing providers in the world, had misled BSkyB about its capabilities and expertise. For those of you who are legal research hounds, the case is cited as HT-06-311, British Sky Broadcasting v. Electronic Data Systems, although I don’t believe it has been fully published yet. The dispute arose over a services contract that was entered into by EDS and BSkyB in 2000, well before EDS was purchased in 2008 by its current owner, Hewlett-Packard (HP), for slightly more than US$13 billion.

To give you the background, BSkyB selected EDS to develop a new customer relationship management (CRM) system for its call centers in Scotland. After almost two years and failure by EDS to deliver, by March 2002, BSkyB ended the contract and took over the project itself – the frustration and events ultimately leading to the legal proceedings filed in 2004 that alleged EDS lied about its ability to undertake and complete the project. On the other side of the case, in its own court documents, EDS alleged that BSkyB simply “did not know what it wanted,” and wanted the lowest cost possible to accomplish “it.” To highlight the disconnect further, the contract with EDS was for £48 million, but according to court documents filed in the case, with all of the delays, budget over-runs, EDS’ failure to deliver, and BSkyB taking over and completing the project itself, costs had mounted to £265 million.

Justice Ramsey, writing for the British High Court, ruled that EDS misled BSkyB in making false and fraudulent misrepresentations in pitching and marketing its capabilities to BSkyB, giving rise to a claim for damages. Further, the court concluded, to the extent these representations were fraudulent, the limitation of liability clause in the contract that would have otherwise limited EDS’ liability for damages should be set aside and does not apply. While damages have not yet been fixed, in theory, if one includes the differential in costs, lost profits and other damages that are now fair game, EDS could be liable to BSkyB for well in excess of £200 million – that’s more than US$315 million at current exchange rates.

This is a major decision not only in the UK, but also for outsourcing deals around the globe, and if the beginning of a precedential trend, it could signal a radical shift in the way outsourcing deals are bid, negotiated and consummated. There is no question that anyone involved in outsourcing knows that the customer does not always have its specifications and detailed requirements buttoned up when discussions begin. Indeed, outsourcing often presents a singularity at which time enhancements, efficiencies and improvements that might have been difficult or impossible internally, can be effected by moving the operations to a third-party provider. The provider, eager to win a lucrative bid, may over-promise or over-represent its experience and capabilities. Smart negotiators know that forcing both sides to diligently and meticulously work through the "devil in the detail," and making sure expectations, resources and capabilities are clearly set out and unambiguous, is the single most important contribution to be made in avoiding disputes, potential litigation and problems as the work and services unfold. Those of you in marketing know all too well that there is often a fine line between an actual claim and puffery. The former represents actionable representations, the latter . . . well, “you’ve tried the rest, now try the best” on every pizza box in the world.

Are you contemplating a major outsourcing initiative? Are you considering any outsourcing project, even a small one, involving critical operations – customer services, supply chain management, operations, transaction processing? Outsourcing is complicated. Need help? We wrote the book. No really, you can see for yourself: Outsourcing Agreements Line by Line: A Detailed Look at Outsourcing Agreements & How to Change Them to Fit Your Needs, written by none other than yours truly, Joseph I. Rosenbaum. Whether you check out the book or not, if you do need help, our Advertising Technology & Media law team here at Reed Smith has the help you need to make sure that, even if you are right, you can avoid the costly consequences and angst inherent in any legal proceedings between customers and providers. How can we help you? Call me, Joe Rosenbaum, or the Reed Smith attorney with whom you regularly work.

Tags: , , , , ,
Posted on October 22, 2004 by Joseph I. Rosenbaum

Outsourcing: NJ Governor Signs Executive Order

Outgoing New Jersey Governor James E. McGreevey signed Executive Order No. 129 requiring vendors seeking contracts with New Jersey State agencies to disclose any foreign countries in which the services are to be performed, and prohibits awarding such a contract unless there is no comparable domestic service, failing to use the vendor would cause economic hardship in New Jersey or would not be in the public interest for some reason. Excluded from the Executive Order are contracts with New Jersey’s public institutions of higher education, when the contract is for academic instruction, educational or research services.

Tags: , ,
Posted on July 19, 2004 by Joseph I. Rosenbaum

Privacy is Back in the News

In last month’s issue, we mentioned (in “Gnu & Gnoteworthy”) the F.D.I.C. released a report entitled “Offshore Outsourcing of Data Services by Insured Institutions and Associated Consumer Privacy Risks”. Well, privacy issues are popping up all over the place again.

California Financial Privacy Act

The California Financial Privacy Act of 2003 became effective July 1st and requires banks to give customers the right to opt out of sharing information with bank affiliates with separately regulated lines of business and requires banks to get permission from customers to share information with outside companies. After the law was enacted, the American Bankers Association, Consumer Banking Association and Financial Services Roundtable filed suit claiming the Fair Credit Reporting Act—the federal law regulating sharing of information among affiliates—preempted state law and thus the part of the statute attempting to limit sharing of information among affiliates is invalid. Not so, said the Judge—to the surprise of bankers scrambling to comply—a recent notice from the California Department of Financial Institutions indicated it would begin enforcing the law immediately!

The Judge ruled that since the FCRA only applied to the sharing of “credit reports,” the California law covering a broader range of customer information was not preempted by federal law. Will the ruling be appealed? Will other states follow suit?

California Certainly is Busy

The California Online Privacy Protection Act of 2003 went into effect July 1 with some new requirements for “commercial” website operators that collect “personally identifiable information” from California residents through a website or online service. The law requires website operators to post privacy policies on their websites and requires them to comply with them. Thus, if a website operator doesn’t comply with the Act, not only does a consumer have a potential action for failure to honor the terms of the policy, but the operator would now also be in violation of California law.

Privacy and Outsourcing

In May, the FTC published its response to a letter sent by Congressman Edward J. Markey (D–Mass.) in connection with its efforts to protect personal information of U.S. citizens when information is processed outside the United States. The FTC response deals with the Children’s Online Privacy Protection Act (not to
be confused with COPPA, which has been struck by constitutionality problems), Gramm-Leach-Bliley, the Fair Credit Reporting Act, as well as the Do-
Not-Call Registry. The report is a good summary of the non-banking regulatory framework that applies and while you can read the FTC’s responses in each category here, suffice it to say that the FTC clearly notes: “Simply because a company chooses to outsource some of its data processing to a domestic or off-shore service provider does not allow that company to escape liability for any failure to safeguard the information adequately.”

FACT Act Regulations Surface

Among other things, the Fair and Accurate Credit Transactions Act of 2003, referred to as the FACT Act, created a new provision of the Fair Credit Reporting Act providing that if an affiliated entity received information that would be characterized as a “consumer report,” the affiliate is not permitted to use the information for marketing unless the consumer has an opportunity to opt out. The FACT Act requires the FTC, banking regulatory agencies, the National Credit Union Administration and the SEC to issue rules surrounding the affiliate information-sharing provisions; and while not required to issue a joint rule, they must coordinate to avoid inconsistency in the regulations. The FTC issued its proposed rules on June 15, and on June 25 the Federal Reserve issued substantially similar proposed rules, which have also been approved by the OCC, Office of Thrift Supervision, and National Credit Union Administration. The SEC has yet to issue its proposed rules. Want to know more? Want your voice to be heard? Having problems understanding what compliance means? Call Reed Smith. Our Financial Services team, Privacy Team and a range of expertise and experience is at your disposal.

Gateway Learning Settles FTC Privacy Charges

Gateway Learning, which markets the “Hooked on Phonics” brand, settled FTC charges that it rented personal information of consumers to other companies, despite having promised not to. In the Matter of Gateway Learning Corp. (FTC File No. 042-3047), the FTC charged Gateway Learning with changing its privacy policy (an allegedly deceptive and unfair practice) after collecting the information, to allow it to share information with third parties without notifying consumers or getting their consent. The settlement prevents Gateway Learning from making misrepresentations about how it will use information it collects from consumers, from using consumer personal information collected before it made the policy changes unless the consumer consents, and restricts it from retroactively applying future privacy policy changes without first getting consumer consent. Need a privacy policy? Thinking of changing your privacy policy? Want to know how this might affect your policy? Call Reed Smith. We are happy to help. The agreement between the FTC and Gateway Learning, including the Consent Order and the original FTC complaint, can be found here.
Tags: , ,
Posted on March 23, 2004 by Joseph I. Rosenbaum

The Buzz About Sourcing: Out, Near, Offshore, Strategic, Corporate, In...

Not a day goes by that outsourcing isn’t in the news. Not just news, but NEWS. The Wall Street Journal, Information Week, The New York Times, Financial Times, CIO Magazine, American Banker. “Press 1 for Delhi, 2 for Dallas,” “Prove It’s Secure: Legislators Want CIOs and Service Providers to Show that Customer Data Sent Overseas is as Safe as it is at Home,” “Global Talk Gets Cheaper—Outsourcing Abroad Becomes Even More Attractive as Cost of Fiber-Optic Links Drop,” “Offshore Outsourcing: How to Safeguard Your Data in a Dangerous World,” “Weighing the Benefits of Offshore Outsourcing,” “Big-Bank Perspectives on Offshore Outsourcing,” “Lesson in India: Not Every Job Translates Overseas,” “Business Coalition Battles Outsourcing Backlash,” “More Work is Outsourced to U.S., Than Away From It, Data Show,” “Offshoring Can Generate Jobs in the United States”—well, you get the picture. Senator Liz Figueroa (D-Calif.) is seeking legislation prohibiting consumer medical and financial data from being sent overseas without assurances of strong privacy safeguards (remember the U.S. position on the European personal data directive?). Even Alan Greenspan has weighed in, cautioning, “These alleged cures would make matters worse rather than better.”

Both providers and customers consistently articulate several key themes. Many third-party providers can do it cheaper, faster and at higher quality - processing is their business - not yours. Third-party providers survive by keeping up with technology, training personnel and responding to changes quickly and efficiently - often a secondary priority and a headache for other companies. Further, companies are recognizing that allowing a third-party to perform functions and assist in providing services rarely requires relinquishing control or responsibility - in fact, proper management increases, and almost always in a positive way.

Like it or not, outsourcing is likely to remain a significant weapon in management’s arsenal of choices in managing business—an alternative available for consideration as requirements change. Although perhaps obvious, an outsourcing transaction should take into account the following key issues:

  • All or Some?—Assess needs, evaluate priorities, costs and requirements, and understand which functions, process or operations should be outsourced and which retained. Outsourcing is a tool, not an end in itself.
  • Control, Flexibility & Cost—A delicate balance considering the difficulty and implications—especially when entrusted to a third party, or if you are a third-party provider. Agreements must address varying objectives, priorities, customers and suppliers—hardly a trivial exercise.
  • Human Resource—Outsourcing affects employees: seniority, pensions and benefits, decisions involving termination, changes in salary, and even relocation. Immigration issues arise when moving people around—even for temporary training or other assignments.
  • Performance Standards—Defining and prioritizing standards is difficult enough internally and fixing accountability in a contract even more so.
  • Corporate Compliance, Privacy & Security—These issues require careful examination. Functions can be outsourced, but rarely can the responsibility.
  • Relationship Management—Customer and provider must develop a solid working relationship—in operation and spirit. From shifting priorities to changing performance standards—there is no substitute for a strong, effective team approach.
  • International—Global outsourcing gives rise to issues relating to currency fluctuations, differing intellectual property protections, privacy and transborder data flow, surveillance and security, governing law, dispute resolution, and interpretation and enforcement of contracts in local courts; and
  • Insourcing—Sometimes forgotten, no decisions are permanent. Leave room to re-evaluate or move functions from one service provider to another in an amicable transition process. Businesses, operations, requirements and costs change—don’t lose flexibility.

Did you know Reed Smith has significant experience in handling sourcing transactions—near, offshore, strategic and otherwise? Did you know Reed Smith may be the only law firm with attorneys here and abroad who have handled major international and multinational outsourcing transactions for financial institutions, airlines, health care providers, telecommunications and manufacturing companies, to name a few? Did you know Reed Smith lawyers are adept at looking at both the purely legal and contractual issues, as well as counseling clients for success and guiding clients through the process?

Whether understanding sensitivities of internal employee concerns, or preparing RFPs and negotiating and managing these complex contracts, Reed Smith lawyers understand and handle risks and issues new and unknown to many organizations—a host of human resource and performance issues, assignment, immigration and employment, warranty, insurance, indemnity and liability questions, growth, change control, customer service and termination issues. How to handle a migration plan? What about our people? What if I can’t get the service I need? What if my needs, my systems, my operations or my processes or my business changes?

The implications are large, the risks enormous and the complexity overwhelming—don’t skimp on retaining people with the right expertise, including lawyers. Want to know more? Want to schedule a customized in-house seminar? Contact Joe Rosenbaum in the U.S. at jrosenbaum@reedsmith.com and let us help you.

Tags: ,