Page 15 - CCCA62_2008
P. 15
CCCA_V2No2_Outsourcing-FIN.qxd:CCCA_V1No1_DriversSeat-FIN.qxd 5/1/08 3:00 PM Page 23 Cover The industry has developed so much that even companies that spooked vendors,”says Quadir.“They are now starting to shift the outsource their business processes have evolved substantially.“In risk back on to their customers.But business people don’t get this; the past, I was struck by the fact that customers had no idea what they’re more focused on price and service levels.” they wanted,” says Quadir of companies with which he negotiat- When negotiating BPO agreements as corporate counsel, you ed BPO deals while he worked for Infosys. need to ensure that the “bar is set high when it comes to confi- “Things have changed,” he says. “Customers are now more dentiality and privacy,” Quadir stresses.“You have to let the out- sophisticated and getting good advice regarding what they need sourcer know what your [company’s] policies are in terms of data and don’t need.These companies have become significantly more encryption and firewalls.Before,this was a blank clause in the con- knowledgeable.” As a result, the terms and conditions of such tract. Now, you have to list exactly which policies and standards deals, which were previously in favour of suppliers, have now have to be met.” swung back the other way. In addition,says Ramsey,“you want the offshore vendor to com- mit to best industry security practices and contractual liabilities.” Privacyand security Quadir agrees this is important,because if the service provider fails Not surprisingly,corporate counsel are playing a key role in level- in a certain security-related matter,“you can use the defence that ling that playing field.So if your company is considering outsourc- the third party should have known and protected us from it.” ing an important business process, what should you know and do A disaster recovery process must also be set out, as should to ensure the firm is properly represented and protected during parameters concerning how the data is being used and how your negotiations and beyond? company’s reputation will be protected in case of breach,says Paul. “The process today is far more complicated than just cost sav- Moreover,“you want the vendor to take liability regarding breach- ings,” says Paul.As such,the first step before even getting involved es of security,and you want to ensure that they’re complying with is to understand the legal and business challenges and concerns Canadian privacy laws regarding the data you’re talking about,” affecting companies that outsource business processes — and then adds Ramsey. being prepared to deal with them. In today’s environment, issues relating to security and privacy IP and ADR matters are top of mind, given the rise of identity theft and other types of Closely linked to issues of privacy and security are those relating electronic fraudulent schemes.“Privacy and security issues are so to intellectual property — not just traditional IP assets, but the much more important now than they were ten years ago,” says entire business process itself. “Over the last ten years, business Austin.“Anytime you’re sending sensitive information anywhere, processes have started to be patented. It’s important for a compa- there are risks,” adds Ramsey. Accordingly, allocation of risk in ny to protect itself proactively,because the way it does its business protecting sensitive corporate information is now a huge issue. could be unique to it,” says Quadir.Adds Ramsey:“You want to Generally in the past, risks were evenly spread between service own any competitive advantage that you may have, so you may providers and clients,but recent events are changing that.Consider want to see if you can own the process.” the computer systems breach suffered in late 2006 by The TJX Quadir points to BlackBerry maker Research In Motion Ltd. Companies, Inc., the parent firm ofWinners department stores, in (RIM) as an example.The company lost a critical patent-infringe- which hackers accessed a system that stored data on credit card, ment lawsuit relating to a wireless e-mail patent brought forward debit card, cheque and merchandise return transactions. “That by Virginia-based patent holding company NTP Inc. that could ÉtÉ 2008 CCCA Canadian Corporate Counsel Association 23 CCCA62_023.indd 1 05/05/2008 09:59:10 AM
