outsourcing –is it right for my business and if so, what legal … › export › sites › win...
TRANSCRIPT
19/03/2015
1
Outsourcing – Is it right for my business and if so, what legal issues do I need to consider?
Peter Jones
DLA Piper
19 March 2015
Outsourcing – definition
Transfer by a business (the "customer") to a third party provider (the "supplier") of the provision of a specific function or service currently being provided by the customer itself.
In-House Counsel Day 2015 2
19/03/2015
2
Is your organisation outsourcing?
Source: the Australian (17/02/15) citing ITNewcom which surveyed 200 organisations from Australia and 50 from New -Zealand each with a IT spend of at least $20 million a year.
In-House Counsel Day 2015 3
"AUSTRALIA and New Zealand’s top 250 IT shops will spend about $42 billion on technology and related services in the 2015 financial year, new research shows …
…. In an ominous sign for in-house IT departments, more than 50 per cent of participants plan to outsource more infrastructure and applications services this year."
51%46%
3%
Infrastructure
Insource More
Outsource More
No Change
Not sure 57%38%
5%
Applications
Insource More
Outsource More
No Change
Not sure
Outsourcing Intentions
Why do organisations outsource?
Reduce operating costs
Transfer assets from the balance sheet
Convert expenditure
Engage "best-practice" services
Allow internal resources to focus skills on other areas
Reallocate business and regulatory risks
In-House Counsel Day 2015 4
19/03/2015
3
Types of outsourcing
1. Facilities Management
2. Call/Contact Centre Services
3. Network Services
4. Infrastructure Outsourcing
5. Application management/maintenance
In-House Counsel Day 2015 5
Session Summary
1. What you need to think about before going to market
2. Preliminary questions regarding how the outsourced solution will work
3. Constraints that exist from a privacy perspective
4. Provisions you should consider to protect you in relation to security
In-House Counsel Day 2015 6
19/03/2015
4
Due Diligence
What is due diligence in outsourcing transactions?
the investigation into a customer's IT environment, business processes, assets, contracts and employees that occurs prior to signing an agreement for the provision of outsourced services
Why is it often critically important?
In-House Counsel Day 2015 7
Due Diligence
In an outsourcing arrangement:
A customer will want a service provider to conduct due diligence to understand theservices and the infrastructure currently in place.
A service provider will want to satisfy itself that:
(1) it will be able to provide the services to the level required
(2) it has properly priced the services
(3) it understands the scope of the services / infrastructure in place
In-House Counsel Day 2015 8
19/03/2015
5
Due Diligence
What are the contentious issues that may arise?
A working example …
In-House Counsel Day 2015 9
Due Diligence – areas of investigation
Full scope of the services
Assets
Third party contracts
Employees
Regulatory issues
Physical premises requirements
"In-flight" projects
In-House Counsel Day 2015 10
19/03/2015
6
The "Expectations Gap"?
In-House Counsel Day 2015 11
Interesting feature of outsourcing
agreements
In-House Counsel Day 2015 12
Outsourcing contracts are 'long term contracts of varying levels of interdependence'
As a result, effective management of change is critical
19/03/2015
7
Not all change should be managed
equally
In-House Counsel Day 2015 13
Customer-requested
change
Changes must be mutually agreed
Supplier must implement
change
Effective Supplier veto
IF adverse cost impact, variation in
charges to be agreed
If agreed, implement
through change control
If not agreed, pre-determined interim pricing implemented until agreed
- AND -
Scenario 1
Scenario 2
Possible principles for dealing with
costs?
The Supplier must use its reasonable endeavours to comply with the requirement at no additional cost through the use of existing resources.
If the Supplier is unable to comply with the requirement without incurring additional cost, Supplier must provide:
an explanation of why compliance with the requirement is not possible without incurring additional cost
a reasonably accurate estimate of the additional cost likely to be incurred.
The Customer will have the right to adjust, reprioritise or waive the requirement to perform specific services or other activities.
To the extent additional effort is required, the charges for such additional effort will be calculated using [discounted time and materials rates]
To the extent additional materials are required, the Customer will be liable for the cost of such additional materials with no margin (provided as well that where the Customer has paid for such additional materials it will own such materials).
In-House Counsel Day 2015 14
19/03/2015
8
Possible principles cont.
The Supplier will:
ensure that any additional charges or costs are reasonably and equitably determined, including by ensuring that where other customers of the Supplier are similarly impacted, any allocation of charges or costs is fair and equitable
at all times use its reasonable efforts to mitigate the amount payable by the Customer
provide information reasonably necessary to validate any amounts claimed from the Customer under this clause (for example, through the provision of timesheets or receipts for discrete items of material)
In-House Counsel Day 2015 15
Australia v The Rest of the World
In-House Counsel Day 2015 16
Should all changes in laws (incl. taxes) be treated the same?
How best to position for this?
19/03/2015
9
The key legal considerations
1. Privacy constraints
2. Security of your systems
In-House Counsel Day 2015 17
Privacy constraints – new privacy
laws
While cost pressures are pushing organisation's to outsource -privacy is a major concern.
High profile breaches in 2014
More and more data is being collected
• …. all companies are "data processing companies"
In-House Counsel Day 2015 18
19/03/2015
10
Is privacy relevant?
In-House Counsel Day 2015 19
Legal privacy constraints will be relevant in most outsourcing arrangements.
Preliminary question:
• What part of the business is to be outsourced and what is the particular outsourcing arrangement?
How the proposed solution will work?
In-House Counsel Day 2015 20
Ma
na
ge
d b
y t
he
clie
nt
Application
Data
Runtime
Middleware
O/S
Virtualisation
Servers
Storage
Networking
Packaged(off-the-shelf-
Software)
Infrastructure(as-a-Service)
Platform(as-a-Service)
Software(as-a-Service)
Ma
na
ge
d b
y t
he
clie
nt
Application
Data
Runtime
Middleware
O/S
Virtualisation
Servers
Storage
Networking Ma
na
ge
d b
y t
he
su
pp
lie
r
Ma
na
ge
d b
y t
he
clie
nt
Application
Data
Runtime
Middleware
O/S
Virtualisation
Servers
Storage
Networking Ma
na
ge
d b
y t
he
su
pp
lie
r
Ma
na
ge
d b
y t
he
su
pp
lie
r
Application
Data
Runtime
Middleware
O/S
Virtualisation
Servers
Storage
Networking
19/03/2015
11
A new privacy regime in Australia
In-House Counsel Day 2015 21
Effective from 12 March 2014
Personal Information
Liable for actions of a supplier
Key Australian Privacy Principles ("APPs"):
APP 1; APP 5; APP 8; APP 11
Practical considerations:
updating privacy policy
notifications and consents
sufficient contractual provisions
Key security provisions
• Security requirements will be relevant in most outsourcing arrangements
• As with privacy - this often depends on what part of the business is to be outsourced
In-House Counsel Day 2015 22
19/03/2015
12
Key security provisions
• Warranties & indemnities
• Unlimited liability for breaches of security
• Notification of breaches of security
• Protocols for breaches of security
• Compliance with specific security policies
• Insurance for breaches of security
In-House Counsel Day 2015 23
Key security provisions – Government
Government outsourcing
• Federal Dep. of Finance draft cyber security clauses
• Model clauses (draft form)
Requirements:
o Overarching obligations to protect the customer data
o The Commonwealth Data Protection Plan (CDPP)
o Notification requirements for breach incidents
o Insurance requirements
In-House Counsel Day 2015 24
19/03/2015
13
Other emerging trends/issues?
• Increasing multi-sourcing equals increasing complexity. The rise of Service Integration and Management solutions?
• As corporate venture funds increase, a corresponding increase on requirements for service providers to work with start ups / to share facilities/tools / to co-invest along side the customer?
• Will the increasing power of data analytics allow true outcome-based service levels to be deployed e.g. customer satisfaction which measured not via surveys but actual data?
• Will the international community develop effective cross-border cybersecuritymeasures or will data protection continue to be primarily a domestically regulated issue (against the backdrop of the internet which pressures traditional concepts of statehood)?
In-House Counsel Day 2015 25
4. Summary & Questions
Takeaway points:
Outsourcing is increasing rapidly – organisation's battling to stay competitive
Proper due diligence is vital
Privacy issues must be considered
Security obligations under the agreement are key
Questions?
In-House Counsel Day 2015 26
19/03/2015
14
Key Contacts
In-House Counsel Day 2015 27
Peter Jones
Partner
T: 02 9286 8356