In a year that’s already been marked by uncertainty, one thing is clear: IT outsourcing customers will need to reexamine their approaches to IT services in 2017. “We see a big year ahead for technology transactions,” says Brad Peterson, partner in the Chicago office of Mayer Brown, in a recent webinar on the law firm’s 2017 predictions for the IT and business services space.
There are big changes afoot in a number of areas — from a political climate that threatens to reshape the already shifting global IT services industry to new data protection and privacy regulations and the drive to extract more value from data to the widespread adoption of new digital technologies to a revolution that’s begun in the more rapid delivery of software and other systems.
Mayer Brown brought together four leaders from its technology transactions to explain what they’ve been seeing in the areas of IT outsourcing, data and privacy, digital services and software development, and what IT leaders can do to best prepare for the changes this year is likely to bring.
Politics and provider proliferation challenge outsourcing customers
This year is proving to be a time of great uncertainty both in the U.S. and abroad. “This may be one of few times when traditional outsourcing is actually directly affected by the political climate,” says Daniel Masur, partner in Mayer Brown’s Washington, D.C. office.
In the U.S., the new administration is promising major changes in trade agreements, regulations, corporate taxes and visa policies in the name of retaining American jobs, which would impact outsourcing models built upon the benefits of labor arbitrage. “The Brexit vote; looming elections in the Netherlands, France and Germany; and the uncertain economic state of Italy and other EU countries just adds to the uncertainty,” says Masur. “Companies with existing outsourcing arrangements and those completing new ones in early 2017 will be closely monitoring these developments.”
Outsourcing customers will want to add flexibility to the IT service deals by seeking new termination rights, the right to switch locations, the right to insource, and other similar protections. However, Masur warned, providers are likely to push back insisting that these issues are customer — not provider — problems to solve.
“To some degree these political changes may well accelerate the move to sourcing models offering cost savings not based on offshore labor arbitrage such as cloud services, robotic automation and utility offerings. “While these sourcing strategies may result in the elimination of American jobs,” Masur says, “they cannot be attacked as offshoring jobs to foreign countries.”
The net result of the current political environment is hard to pinpoint. Some customers may accelerate outsourcing deals before any significant changes occur while others may defer outsourcing decisions pending further resolution of these issues. But IT leaders can suspend decision-making for so long, says Masur. “There is simply too much risk of a disruptive innovator taking advantage of that delay.”
Meanwhile, IT leaders are also contending with the challenges of an expanding portfolio of new and niche technology companies. “Our clients have been entering in to outsourcing contracts with an increasing number of providers,” says Paul Roy, a partner in Mayer Brown’s Chicago office. “We have every expectation that they will source services from an ever expanding list of emerging and digital technology providers.”
Data security becomes a key consideration
IT leaders will continue to encounter the kinds of extensive changes in cybersecurity and data privacy regulations that began last year, says Rebecca Eisner, partner in Mayer Brown’s Chicago office.
Since the EU-US Safe Harbor agreement was invalidated last year, companies have been scrambling to find alternative means of transferring personal data form the EU to the U.S. (The agreement had permitted American businesses to import personal data of EU citizens based on self-certification of compliance with EU data protection principles.)
A new framework called the Privacy Shield emerged last summer, but companies are continuing to assess whether to adopt the approach, Eisner says. Meanwhile, the EU’s new General Data Protection Regulation (GDPR) last year will go into force next May and will likely result in significant technical and operational changes for multinational companies and companies outside of the EU who process the personal data of EU citizens.
Russia and China also have new data localization laws. LinkedIn was blocked in Russia for violation of the Russian law last November and China’s controversial cybersecurity law will go into force in June.
U.S. federal and state regulators also continue to focus on consumer privacy and data security issues. While federal efforts will be subject to the overarching direction of the new administration, Eisner says she expects continued active enforcement and introduction of new regulations at the state level.