The Sirion Blog
NEWS, IDEAS, AND INSIGHTS FROM THE SIRION TEAM
Safe Harbor Invalidation: Are you ready for the challenges ahead?
In a recent landmark ruling, Europe’s top court – the European Court of Justice or ECJ as it is commonly known as, ruled the Safe Harbor agreement to be invalid. This means the privacy guidelines that organizations operating out of the United States used until recently to transfer personal data of EU citizens, is no longer valid. This could have a lot of implications for the outsourcing industry, whether suppliers are based in EU or outside of it.
This restrictive outcome of the Safe Harbor ruling could soon be followed by a slew of litigations by dissatisfied employees, consumers and privacy activists. The industries that depend on Safe Harbor and other model contracts should waste no time in assessing their organization’s exposure to potential risks. Although they may know the next step forward, which is to revisit hundreds and thousands of clauses and respective obligations, the challenge is in drilling down to obligations and underlying terms that are specifically affected by safe harbor ruling; the obligations that are related to data privacy.
A typical boardroom scene post Safe Harbor ruling might somewhat look like this: the board members may request for an assessment on the extent to which the ruling affects the organization. They might want to evaluate the budget which they might have to set aside to deal with the sudden uncertainty in privacy laws. And, there might be hundreds of contractual articles related to them.
Someone from the governance team may tell the board that out of 1000 clauses, 200 are related to data privacy, out of which, 50 are related to Safe Harbor, which need to be adjusted to the new ruling. This could mean organizations revisiting and sifting through hundreds and thousands of contracts.
Enterprises leveraging contract management system stand to gain an edge over others, especially in a situation like this. A contract management system can save the additional time, resources and expense required to maintain contracts and corresponding obligations. They should not only provide search function, which many supplier governance tools already do, but additionally, they should provide obligation extraction, which can further explicitly show how obligations, underlying clauses and other contract terms are linked and related to each other.
Functionalities such as contract repository with visible document hierarchy and full-text search capability can provide instant reach to specific contract clauses including specific clause terms, as could be in the case of Safe Harbor. A contract management system can clearly define and structure information with links to underlying contract documents that define certain regulatory compliance requirements. Moreover, compliance and regulation clauses in a contract could also have dependent entities within a contract that would also require updates whenever master clauses change.
A contract management system that can perform dependency mapping would also help ensure correlation amongst related obligations when a dependent obligation changes as a result of compliance change. Similarly, dynamic workflows can manage and track all document changes, which may originate from contract changes, interpretations, work orders or new statements of work. But, as it is in most cases, organizations do not use a powerful contract management system, instead manage contracts through Word documents, proprietary tools or a combination of both. At the same time, managing contracts require more than just an electronic repository. It is more than searching for specific terms in the contract.
Whenever a regulation concerning compliance and privacy changes, organizations tend to spend more time in searching and assessing the potential implications than spending time on finding the next course of action. A good supplier governance system, such as Sirion, with comprehensive contract management capabilities enables organizations to have quick access to the required contract information and facilitates in-depth analysis, thereby allowing organizations to focus on their overall strategy to address the issue.
Every outsourcing relationship with an entity operating in the EU is likely to have privacy-related obligations. A ruling like the recent Safe Harbor invalidation is bound to push organizations to get on their toes. Now, it is up to them whether they want to do business as usual or be future ready by equipping themselves with the right contract management technology to deal with uncertainties such as in the case of Safe Harbor ruling.