Indian Privacy Law: Sensitive Personal Information

September 30, 2011 by

In May 2011, the Indian Ministry of Communications and Information Technology issued a press release clarifying the rules framed under Section 43A of the Information Technology Act, 2000.  This clarification is important for companies that handle sensitive personal information in India.   For more, click here.

Section 43A of the Information Technology Act, 2000, deals with disclosures by Indian governmental bodies (a “body corporate”) of sensitive personal information to other Indian governmental bodies.   Under rules adopted under such law, each Indian “body corporate” must adopt and provide a policy for privacy and disclosure of information.  The “clarification” notes that “Any such disclosure of sensitive personal data or information  by body corporate to any third party shall require prior permission of the provider of the information.”    Inter-agency disclosures must be for lawful purposes to pursue statutory mandates of the requesting agency (e.g., detection and prosecution of cybercrime) and the receiving agency must give an undertaking that the information obtained will not be published or shared with any other person.

This clarification sets forth a “best practice” in Indian governmental protection of sensitive personal information.    The subject is relevant to outsourcing lawyers because such information that is transmitted from non-Indian sources to Indian ITO and BPO service providers becomes subject to the jurisdiction of the Indian government.  In exercising such jurisdiction, the Indian government theoretically has access to information of foreign individuals.

Outsourcing agreements normally address issues of force majeure and cooperation in resolving governmental investigations.   The “clarification” discussed above gives some comfort to those engaged in processing where sensitive personal data is accessible in India by Indian service providers.   But the clarification also raises the visibility of the issue of cross-border data protection.

Legislation in Outsourcing: Gain-Sharing under the E-Government Act of 2002

October 16, 2009 by

Overview.

The E-Government Act of 2002 authorizes federal agencies to enter gain-sharing contracts for information technology (as defined in 40 USC 11101(6)). The new law refers to such contracts as “share-in-savings initiatives.” Under such contracts, the Government awards an IT contract to “improve mission-related or administrative processes” or to “accelerate the achievement of its mission.” The new law adds 10 U.S.C. §2332, which allows the Government to “share with the contractor in savings achieved through contract performance.” The act amends Title 10 of the U.S. Code and, for other contracts, it adds a new Section 317 to Title III of the Federal Property and Administrative Services Act of 1949. In signing the act, President Bush noted that gain-sharing contacts would enable contractors to “share in the savings achieved by agencies through the provision of technologies that improve or accelerate their work.”

Definition of “Share-in-Savings Contract.”

The E-Government Act of 2002 provides a statutory definition of a “share-in-savings” contract. A government purchase of eligible goods and services is a “share-in-savings” contract if the contractor shares in a portion of eligible “savings” and if the goods and services are “solutions for (i) improving the agency’s mission-related or administrative processes; or (ii) accelerating the achievement of agency missions.” 10 U.S.C. §2332(c)(3).

“Savings Eligible for Sharing: Alignment of Interests through Sharing only in “Mission-Related” or “Administrative Process.”

The contractor may participate in “savings” (as defined below) “derived by the agency from (i) any improvements in mission-related or administrative processes that result from implementation of the solution; or (ii) acceleration of achievement of agency missions.” 10 U.S.C. §2332(c)(B).

Types of Goods or Services to be Delivered to Federal Government.

The E-Government Act of 2002 covers all types of information technology procurements. This includes software, hardware, middleware, services and any combination thereof. It is likely that related telecommunications could be included, particularly for local area networks, wide area networks and virtual private networks. The law is not clear whether any “voice over Internet Protocol” telecommunications could be included in a “share-in-savings” contract..

“Savings.”

Under the E-Government Act of 2002, only two types of savings are eligible for sharing with the government contractor.

Monetary Savings.
“Monetary savings to an agency” may be shared. 10 U.S.C. §2332(c)(2)(A).

Time Savings.
An agency may also share the “savings in time or other benefits realized by the agency, including enhanced revenues.” However, any “enhanced revenues from the collection of fees, taxes, debts, claims or other amounts owed to the Federal Government” are not eligible for sharing. 10 U.S.C. §2332(a)(2)(B).

Savings Share Ratio.
Under the E-Government Act of 2002, the allocation of “savings” eligible for sharing is subject to a negotiable “savings share ratio.” This concept raises issues of legal construction that might need to be clarified in amendments to the Federal Acquisition Regulations.

  • First, under a literal (and narrow) construction of the principle of applying “a savings share ratio,” only one saving share ratio can apply. Under the approach of “one savings share ratio” fits all elements of a contract, the government and the contractor might be precluded from identifying certain IT functions that have a higher degree of risk or higher degree of reward. The parties could not use different “savings share ratios” for such different commercial elements. Ordinarily, sophisticated dealmakers would then structure the transaction as multiple interdependent contracts, so that each would have its own separate “savings share ratio.” Under this narrow, literal construction of the statute, multiple deals would be favored. But the E-Government Act of 2002 also limits to five the number of share-in-savings, or gain-sharing, contracts that any agency can sign in one year. So a literal interpretation would effectively preclude the parties from negotiating for multiple, disparate “savings share ratios” in any individual gain-sharing contract.
  • Second, the concept of applying a “savings share ratio” precludes the parties from applying sophisticated risk analysis along the methods of risk shifting and risk spreading applied under basic principles of reinsurance.

Quantifiable Baseline.
For purposes of quantifying “monetary” savings, the agency must establish a “quantifiable baseline” that will be the basis for applying “a savings share ratio.” 10 U.S.C. §2332(a)(4).

This implies a number of statutory requirements.

  • First, the “quantifiable baseline” starts with the presumption that the government agency has identified all relevant costs of an information technology function before it is outsourced. Implicit in such a presumption is the concept of fully-distributed cost accounting. This concept could be defeated to the extent that the agency’s governmental accounting system (i) includes cross-subsidization of functions, (ii) lump (into one accounting line item) costs that can be reduced with those that cannot be reduced, or (iii) does not allocate costs uniformly across the same fiscal period, but instead involves some “financial engineering” of costs. In short, agency accountants will need to look closely at the methodologies of accounting.
  • Second, a “quantifiable baseline” suggests that appropriate accounting exists to identify the costs allocable to the information technology being purchased. Depending on the nature and scope of the IT purchasing contract, such costs might not be identifiable, and no “quantifiable baseline” might be discernible from the beginning.
  • Third, the monetary savings will be re-attributed to the agency whose budget originally bore the cost. Thus, assuming a perfect world of “chargeback” accounting, a “quantifiable baseline” can be discerned from the beginning. But if the actual “chargeback” accounting method does not accurately reflect the distribution of costs, no “quantifiable baseline” might be discernible from the beginning

Duration.

“Share-in-savings contracts” must normally have a term of not more than five years. Under exceptional circumstances where a five-year term would deprive the governmental agency of any opportunity to get a reasonable commercial contract, a “share-in-savings contract” may be awarded for a period of not more than 10 years. Thus, to exceed the five-year limit, the head of the agency must determine in writing prior to award of the contract “that–

`(i) the level of risk to be assumed and the investment to be undertaken by the contractor is likely to inhibit the government from obtaining the needed information technology competitively at a fair and reasonable price if the contract is limited in duration to a period of five years or less; and

`(ii) usage of the information technology to be acquired is likely to continue for a period of time sufficient to generate reasonable benefit for the government.”

The author of this commentary believes that the analysis of the term will be particularly difficult in many situations. While the new Act does not specify what happens if an agency head makes an “erroneous” determination, we can imagine a scenario where a disgruntled bidder might object to the special determination and try to get the agency to award a five-year contract only.

Performance-Based Standards.

The E-Government Act of 2002 requires that all IT contracts with the Federal government, whether for hardware, software, services or a combination, adopt “performance-based” methodologies “to the maximum extent practicable.”” To achieve this result, the contracts must “identify objective outcomes and contain performance standards that will be used to measure achievement and milestones that must be met before payment is made.” 10 U.S.C. §2332(a)(3).

Baseline Metrics.

Under a share-in-savings contract, the deal must include a provision containing “a quantifiable baseline” that is to be the basis upon which a savings share ratio is established that governs the amount of payment a contractor is to receive under the contract. The agency’s top procurement official must determine, in writing, before commencement of performance of such a contract, “that the terms of the provision are quantifiable and will likely yield value to the Government.” 10 U.S.C. §2332(a)(4).

Labor Law Considerations.

The E-Government Act of 2002 does not protect federal “civilian employees” from termination of employment or reassignment to a new job. But, in determining how much of savings will be shared under the share-in-savings contract, any savings from such a termination or reassignment will not be eligible for sharing. Such savings will belong solely to the Government. The E-Government Act of 2002 takes into account the difficulty of multi-year accounting for governmental appropriations. Any savings will be credited to the agency’s appropriation or funding account for future use in procurement of “information technology.” 10 U.S.C. §2332(a)(5)(A). Such retained savings will, “without further appropriation, remain available until expended” and must “be applied first to fund any contingent liabilities associated with share-in-savings procurements that are not fully funded.” 10 U.S.C. §2332(a)(5)(B).

Multi-Year Contracts: Termination and Cancellation Charges.

In outsourcing contracts in the private sector, the contractor might make a substantial initial investment to initialize the ongoing outsourcing services under a multi-year contract. If the customer wishes to terminate the contract early for no fault of the outsourcing contractor, the contract might provide for a termination or cancellation charge. Such charges can be tens of millions of dollars, or more, in a large outsourcing transaction.

Fiscal Years.
The E-Government Act of 2002 resolves the constitutional and statutory hurdles of funding termination charges by allowing such charges to be owed in not more than five contracts per fiscal year for each of the 2003, 2004 and 2005 fiscal years. No share-in-savings contracts may be entered into after September 30, 2004. Thus, all gain-sharing contracts will expire not later than September 30, 2005, a year later.

Sources of Funding.
Under Title II of the E-Government Act of 2002, “share-in-savings” contracts may authorize payment of contractually specified termination or cancellation charges. Because governments must follow constitutional appropriation procedures, the law must specify how such appropriations will be made. The costs of cancellation or termination may be paid out of three sources: (A) appropriations available for the performance of the contract; (B) appropriations available for acquisition of the information technology procured under the contract, and not otherwise obligated; or (C) funds subsequently appropriated for payments of costs of cancellation or termination, subject to certain limitations.

Payment of Cancellation or Termination Fees Where No Express Appropriation Has been Made.
The E-Government Act of 2002 allows an agency to may enter into share-in-savings contracts in any given fiscal year even if funds are not made specifically available for the full costs of cancellation or termination of the contract. Such unfunded cancellation fees are allowed provided that:

  • “funds are available and sufficient to make payments with respect to the first fiscal year of the contract; and
  • The amount of unfunded contingent liability for the contract termination or cancellation charges does not exceed the lesser of 25% of the estimated termination or cancellation “costs”; or $5 million; and
  • unfunded contingent liability exceeding $1 million has been approved by the Director of the Office of Management and Budget or the Director’s designee. 10 U.S.C. §2332(b)(3)(A).

Implementing Regulations.

Under the new law, Congress mandated that, within 270 days after December 17, 2002, the Federal Acquisition Regulation will be revised to implement share-in-services provisions. Such revisions will

(1) provide for the use of competitive procedures in the selection and award of share-in-savings contracts to–

(A) ensure the contractor’s share of savings reflects the risk involved and market conditions; and

(B) otherwise yield greatest value to the government ; and

(2) allow appropriate regulatory flexibility to facilitate the use of share-in-savings contracts by executive agencies, including the use of innovative provisions for technology refreshment and nonstandard Federal Acquisition Regulation contract clauses.”

Conclusion.

The “share-in-savings” provisions of Title II of the E-Government Act of 2002 provide a framework for extension of a prior “pilot” program for gain-sharing, repealing 40 U.S.C. 11521. The framework is basic, generic and broad in its scope. However, it continues as small program, since the total number of such “share-in-services” contracts annually is limited to five per fiscal year, commencing in fiscal 2003 (ending September 30, 2003).

Outsourcing: Evolution From Single Supplier to Best of Breed

October 9, 2009 by

In a globalizing, services-based economy, outsourcing has rapidly grown in the last decade. Once confined to “low-value,” low-technology services such as a company’s in-house photocopy machines, messengers, food services and janitorial operations, outsourcing has moved “up the value chain.” At the same time, changes in the nature of outsourcing have led to a variety of other management tools such as multiple outsourcings for “best of breed,” greater internal discipline through “insourcing” under a “managed scorecard” and “shared services” subsidiaries. Roles and identities of service users are merging with those of service providers in a continuum of services.

This article focuses on the evolution of outsourcing in the last ten years and how new models have developed.

“Outsourcing” vs. “Out-Tasking.”

Outsourcing is the process of transferring to an external services provider (the “outsourcer”) the day-to-day responsibility for operating a business process of the corporate enterprise (the “user”). Typically, this involves a transfer of the personnel then employed by the user to the outsourcer’s payroll. Frequently, other assets are transferred as well.

In contrast, “out-tasking” is a more limited approach involving “contracting out” or “subcontracting” a task to a “consultant” or other service provider. This can run the gamut from individual projects for product development to a string of projects that are interdependent and require a certain workflow.

Types of Outsourced Services Today.

Currently, external services providers offer virtually any type of ongoing support for business processes. These range from human resources management, tax compliance, internal audit and real estate asset management to product design, manufacture, design, testing, marketing, logistics, distribution of goods and services worldwide. Given the right mix, one can “outsource” an entire enterprise. Indeed, some new businesses are based exclusively on Internet sales with outsourced support.

Deciding When to Outsource.

Outsourcing is suitable for many different situations. For publicly held companies seeking “efficient” and favorable share pricing, the earnings multiples generated by many capital-intensive assets might fail to support management’s high targets for ROI and ROE from “core business.” For such businesses, outsourcing allows liberation of capital from the constraints of price-earnings ratios and promote management focus on essential determinants of shareholder value. “Do the best, outsource the rest.”

For rapidly changing industries, outsourcing may be the tool of choice for obtaining rapid access to scalable production or to new technologies, a “partnership” with a recognized leader for transitional and long-term technology planning and marginal cost pricing for business processes requiring heavy capital investment.

In the context of mergers and acquisitions, divested companies need operational support from the day of a spin-off or split-off. Outsourced facilities can span the gap and give new management the necessary “breathing room” and allow focus on the core business. Outsourcing can also expedite integration of two merged companies with incompatible technical infrastructures.

Deciding What to Outsource.

In making any “buy” vs. “build” decision, as in outsourcing, financial considerations are critical. But the key driver is to distinguish between functions that are “core” (non-delegable) and those that are merely “essential.” Many “essential” functions are ripe for outsourcing under suitable conditions. For some enterprises, the “hard” decision is deciding what not to outsource.

The classic example of outsourcing revolves around information technology. Today, this field includes the converging technologies of data processing (especially using “enterprise resource planning” (ERP) and “supply-chain management” (SCM) software), telecommunications, Internet “e-commerce,” and remote processing through Internet service providers. In business and industry, this can involve both “back office” and “front office.” In financial services, it can even include the “middle office,” for compliance with financial reporting and securities laws.

At the “back office” level, this business function can be divided into a number of discrete elements. Customers rely upon, but rarely see

  1. the operation of a data center with mainframe computers running “legacy” applications,
  2. certain applications development and maintenance for custom programs,
  3. network administration for local area networks, wide area networks (including telecommunications) and now even “storage area networks” of storage devices for the burgeoning volumes of archival data and
  4. “help desk” services for employees with problems using the company’s information technology infrastructures.

At the “front office” level interfacing directly with the customer, outsourcers can provide “private label” services that allow a company to offer a host of resources that it does not own. In doing so, the company can specify in advance what it wants to do, how it wants to do it, and what it is willing to pay. By combining such services as customer relationship management, remote electric meter reading, electronic billing and the like, some new companies can sprout up to compete directly with “bricks and mortar” companies on a cost-effective basis without loss of service quality.

Evolution of Deal Structures.

In the early 1990’s, data services providers such as EDS, IBM, CSC, Perot Systems made their fortunes on long-term, monolithic packages of services covering a broad scope. The trend today is to find niche players to provide specialty services, but this requires significant supervisory and planning skills for the user enterprise. Sometimes one supplier acts as general contractor, or “first among equals,” and manages a consortium. Occasionally, joint ventures supplant the supplier-customer relationship, providing added incentives and risks for both sides. Current methodologies for competitive procurement of outsourcing services reflect the learning of former (or current) long-term deals. Renegotiation occurs regularly, but can only be effective if the necessary tools have been crafted into the deal in the first place.

Making It Work.

Senior management needs to be committed. After the deal is signed, in-house managers need to monitor and manage the supplier’s performance.

Done wrong, however, outsourcing can be a catastrophe. Multiple business risks are inherent in the outsourcing process.

If mismanaged, an outsourcing process could retard growth and result in unintended losses of momentum and key personnel. In such cases, the resulting disenchantment may swing the business process back to “insourcing.” However, “re-sourcing” to another vendor might prove more effective.

“Genetic Mutations” on Outsourcing: Shared Services, Insourcing, Managed Scorecard.

In the last five years, responses to outsourcing deals have generated the quest for “better” deal structures.

“Insourcing” is the process of bringing in-house a business function that was, or was at risk of, being transferred to an external service provider. “Shared services” subsidiaries provide common administrative functions for a group of affiliated companies.

To improve performance and forestall being outsourced, some in-house staffs are focusing on process improvement, sometimes agreeing to be managed as if they were external providers. In some cases, this reaction can produce self-management by “managed scorecard” techniques or in the establishment of “shared services” subsidiaries for cost efficiency. In either case, the “threatened” personnel then become external services providers of their own specialized, albeit generic, processes in the market.

The Independent Lawyer and the “Two Hat” Client.

Virtually every corporate user has the capacity to wear the two “hats” of “user” (in one outsourced business process) and supplier (in another). In major procurements, the assistance of knowledgeable “infrastructure services” lawyers can accelerate the process, reduce risk and facilitate future adjustments. For users-turned-suppliers, knowledgeable legal and business advisers can expedite the “go-to-market” strategy and achieve valuable payoffs in the selection, due diligence and negotiations phases.

Independent legal counsel with experience in both sides of these strategies can expedite and facilitate the process of determining the scope, selecting the outsourcer, negotiating the contract and ensuring implementation.

Sponsors of www.outsourcinglaw.com provide legal and practical business advice on the structuring and implementation of various strategies discussed in this article. For further information, contact one of our sponsors or Bill Bierce (author).