Failed ERP software system implementations and integrations happen frequently and the problems are legion. However, there are ways that organizations can avoid their own failures. In a recent Taft Technology Insights post, we discussed how to avoid a failure if restarting a deferred integration during COVID-19.

We are frequently retained by companies whose projects are in such disarray that vendor or integrator relationships are beyond repair and disputes are heading to court. We spend a considerable amount of time reviewing contracts, emails, reports, and memos, and speaking with key figures as part of negotiating a settlement or preparing a court argument. Over the years, we have seen patterns emerge where the reasons behind the failure of the ERP software system could have been uncovered and corrected long before reaching the point of no return.

While not all ERP failures can be avoided, many can be salvaged if the user takes certain steps – often beginning when the project is first being considered.

Mitigating Risks of ERP Failure

Along with working with an independent, technology-agnostic consultant from the outset, a user can do several things internally to mitigate risks or salvage an implementation that is in trouble.

The Boy Scouts’ “be prepared” motto is applicable for ERP projects. The ERP contract should require weekly or monthly project status reports, and include a senior-level contact at the integrator who isn’t part of the project team to review both progress and challenges.

Beyond this, the user should consider having a “go team” on standby to swoop in at the first sign of a problem. The team would conduct an assessment to identify the likely root cause of the issue. Members of the group must be familiar with ERP and the business goal of the new installation or upgrade and might include people from the user’s IT department, plus finance and operations.

Often, the root cause of the problem can be discovered by the go team and fixed by the integrator.

If the first intervention is unsuccessful, it may be time to bring in a consultant to review the project and determine steps to right side the implementation. When an ERP project derails because the actual integration plan bore little resemblance to the project plan, it is sometimes the result of senior management’s inattention. Whatever the cause, it is critical to determine if the project can be saved. Efforts spent on righting the project will cost less and have less impact on the business than starting over with a new software product or litigating the dispute in court.

ERP Misaligned with Requirements

In preparation for filing a failed ERP implementation lawsuit, we typically conduct an extensive review of project documentation. Sometimes the project documentation does not align with the business requirements of the ERP software system. The requirements should be written into the contract and the project plan, so if a dispute arises it becomes part of the legal agreement between a user, vendor, and integrator.

When this information is missing or inadequate, it triggers a variety of issues. As one example, there are occasions when we discover that the integrator staffed a project with unqualified individuals.

Whenever we negotiate and draft a contract, we try include a provision that allows for the approval and replacement of consultants.

Not Foolproof

Obviously, there is no way to foolproof an ERP software system against failures. It is an incredibly complicated management tool tying together suppliers, factories, inventory and warehouses, invoicing and payments, and employee information. With so many moving parts that all need to work together smoothly, it is not uncommon for something to go wrong.

It is incumbent upon users to not only draft a solid contract but also to draft contingency plans that allow a successful intervention as quickly as possible when an issue arises.

Taft’s Technology lawyers have extensive experience negotiating and drafting ERP contracts with vendors and integrators, and litigating disputes when they arise. Whether you are launching a new ERP initiative, upgrading a legacy system, restarting a project delayed due to COVID-19, or resolving a dispute with a vendor or integrator, we can help.

If ERP software system integrators were as smooth at integrating new or upgraded projects as they are at selling, it is likely they would be involved in fewer court disputes with users. Often, disputes happen because senior management hands off responsibility for the effort to the integrator rather than owning it as an integral part of management’s job.

In reality, people in charge of an organization cannot delegate authority for an ERP project to either the vendor or an integrator. Interests are usually different. Ensuring this does not happen should start when the project is in its inception phase, before vendors demo the product or submit a proposal.

This carries through to the contract negotiation stage, while the software is being customized and when the integrator starts to mesh ERP with other business systems.

Avoiding Integrator’s Tricks

The development and launch of an ERP software system should be owned by the executive suite, similar to a launch of a new product line.

Deciding to proceed or restart a digital transformation – whether during or after COVID-19 – is a huge effort. Top executives – even the board, in some instances – must set the pace, tone, and boundaries of the project.

This includes riding herd on the integrator.

Indeed, a survey of ERP users done by Third Stage Consulting found that managing deficiencies with the system integrator is one of the most common problems that organizations have as they strive to make the system operational and bring it online.

During the sales cycle, integrators will assure a user they will be partners on the project. The integrator’s main job is to make the system work properly. But an undisclosed part of its job – and compensation – is to upsell additional services to the user during the project. So, it is incumbent on the user to control the integrator closely.

The starting place for controlling an integrator is to specify in the contract with Accenture, Oracle, SAP (or any other outfit) precisely what they are obligated to do. There should be a number of detailed provisions:

  • Spell out who has the authority inside the user’s company to approve change orders.
  • Name the third-party contractors that will be used by the integrator, and include in the contract their experience with both the ERP software system being integrated and the user’s specific type of business, and how they will be managed.
  • If practical, include the names of specific people who will work on the project both at the integrator and third parties, along with how the user will be notified if there are personnel changes at any of the service providers.
  • Require monthly or quarterly reports on both the progress that has been made, and exceptions to either the contractual timeline or what was stated in the integrator’s RFP response.
  • Provide contact information for a designated, senior-level person at the integrator with whom the user can discuss everything from progress to resolving problems. This person should be an executive, not a project manager or account person who may be motivated to protect their position with their employer.
  • Include an ”out” provision that lets you fire the integrator if they are not meeting certain, defined obligations or causing issues with the project.

If an integrator recommends buying additional software licenses, ask it to specify in writing why they are needed, how they will enhance the project, and when they will be used. Vendors and ERP software system integrators are notorious for recommending license add-ons that may not be needed for years, if at all. But they receive fees for all of that time.

Integrator’s Secret Sauce

Many integrators do not really want you to know – or understand – how they make their money. The best way to protect yourself and your organization is to be aware of how they work, and to have a tightly written contract.

While this should be a last resort, do not be afraid to fire your integrator if discussions fail to resolve a major conflict. Doing so is never easy, but it is easier than suffering a failed software implementation.

If you have questions or concerns about an integrator, or the contract it wants you to sign, feel free to call or email Taft’s Technology team. We will be pleased to share what we know and help you through the process.

Artificial Intelligence (AI) is a broad term that generally refers to technology that uses algorithms to process data and simulate human intelligence. Examples of AI technology include machine learning, image recognition and sensors-on-site, building information modeling (BIM), and “smart contracts” stored on a blockchain-based platform. This technology can be used in the construction industry by way of design, operations and asset management, and construction itself. Construction leaders interested in staying ahead of the curve should consider its advantages, and the legal implications.

To read the full law bulletin authored by Cincinnati partner Joseph Cleves, Jr., click here.

When the integration and implementation of an ERP software system starts going off the rails and all sides begin pointing fingers at each other, often many of the user’s fingers point at the vendor’s project manager.

In a way, this is understandable, even before the root causes behind the looming failure are known. The project manager is supposedly in charge, ensuring that all of the pieces fit together, and it is his or her job to make the system work smoothly.

Often, it turns out the project manager is at least partially responsible.

Yet, if the user’s senior executives are paying attention as the ERP project unfolds, they should be able to see issues with the project manager before there is a crisis. Almost always, clear signs emerge that enable a user to spot an underperforming project manager well in advance of massive problems that could threaten the entire integration and implementation.

For users, there are strategies for ensuring that your project manager is kept under control.

Where the Buck Stops

The key thing to remember is that, as the user, you will literally own the project and so you must also “own” the integration.

Often, in successful ERP implementations, alongside the vendor’s project manager is a company-assigned executive sponsor. Typically, this is a senior executive who has ready access to the CIO, CEO, CFO, or other top-level decision maker.

The executive sponsor should understand the business case for the ERP software system, be aware of how it should fit into the company’s operation, and know when a problem is beginning to appear. In many instances, this person works hand in glove with an outside consultant in keeping tabs on the progress. The person in this role also helps ensure that project tasks, budgets, and timelines are being met.

We have seen instances where a CIO was fired when a project went astray. Yet nobody senior to the user was heavily involved in the implementation, so the CIO became a scapegoat because the business never truly “owned” the project.

Controlling the Project Manager

One of the things often discovered in ERP contract disputes is a woeful lack of documentation. Mediocre project managers are notorious for neglecting to create and work from detailed project documentation.

While the integrator should be contractually obligated to provide much of the documentation, the project manager is responsible for ensuring that the plan is updated as it proceeds (with meaningful information upon which the customer can act), and the deliverables are being met.

Without documentation, if the vendor has to install a substitute project manager, the new person won’t be able to see the exact status of the project. Documentation enables them to be able to start working quickly.

But the larger purpose of proper documentation is that it provides everybody access to the metrics that will reveal whether the integration and implementation are meeting all of the requirements and expectations set out for the system.

Everyone in a company is busy – especially if you are still working from home during COVID-19. Requiring the project manager to provide regular updates to both the program director and CIO is an important tool in keeping direct control over the entire project.

Remember that the vendor’s project manager may have a vested interest in not reporting issues to a user. They may assume they can correct it before anybody notices, and their own job, salary, and bonus might be on the line. As author Sinclair Lewis once said, “It is hard to get a man to see a different point of view when his salary depends on him not seeing it.”

Shortstopping a Failing Project Manager

It is not uncommon for a project manager to be inadequate for the job.

When we negotiate an ERP contract for a client, we strive to include who will be assigned, their qualifications for the task, and their experience with the user’s industry.

More often, though, project managers are overwhelmed. They are tracking countless moving pieces and dealing with a range of personalities. Step in quickly, uncover the reason there is a problem, offer to provide additional internal support if that will ease the problem, and get the project manager and integration back on track.

If that still does not work, demand that the project manager be replaced.

Be sure to document the issues, the conversations, and the outcome. It will help you if the project falls apart and mediation or a trial becomes necessary.

Taft partners Scot Ganow and Phil Schenkenberg will be featured speakers for the “Cybersecurity for In-house Legal Counsel” Seminar on Oct. 26. The virtual seminar will help in-house counsel understand the legal constructs and terminology widely used within the cybersecurity space, and to provide practical ways they can be more responsive and efficient when cyber issues arise. Taft is a sponsor of the event.

Ganow will present “Legal Overview and Key Cyber Risks for Businesses,” which covers the laws, regulations, standards, and best practices affecting not only an organization’s obligations but its opportunities with its most powerful asset:  Its Data.

Schenkenberg will moderate the panel discussion “Governance and Working Relationship Considerations in Privacy and Data Security.” The panel will explore how governance structures and relationship building within the C-suite can drive success in meeting privacy and security goals.

Register to attend here.

Many organizations are looking at ways to restart ERP projects that were deferred when the pandemic forced widespread lockdowns. Whether a company was in the midst of upgrading a legacy system or had been on the verge of moving forward on their first ERP software system, we suggested five ways senior executives can fast-track an ERP transformation safely and cost-effectively during the COVID-19 pandemic while warding off a potential “train wreck” as they recalculate and recalibrate their overall technology strategy.

At the same time, it is important for users to recognize that both vendors and integrators of ERP software systems are in a vulnerable position right now. They have been as hard hit by the shutdowns and recession as nearly every other business. Perhaps more than at any time, users are holding a great hand of cards in terms of their ability to negotiate or renegotiate favorable terms.

There are six things to understand when dealing with vendors and integrators.

1 – Know their weak points. You will be talking with a sales team. They are under enormous pressure from their organization right now to get you to sign a deal. Corporate profits for the year are on the line as is the bonus package each member of the team will get when you pick up a pen to ink the deal.

The ERP business is incredibly competitive when times are good; today, in the midst of a pandemic and steep recession they are likely to make reasonable concessions you demand. In some ways, it is like buying a new car. When the salesperson says, “I do not think that my manager will approve your offer” and you get up to leave the showroom, they’ll do what it takes to keep you from going to another dealer.

2 – Don’t take anything at face value. Sales teams are notorious for saying what they think a potential buyer wants to hear. They will assure you that they know all about your industry or sector even if their experience may be scant. The slick demonstration put on during the sales process may not be how the product will actually work when it goes live. Many of the software disputes we have litigated over the years had their origins in a vendor or integrator making misrepresentations during the sales process and demonstrating capabilities that did not quite work as demonstrated.

If they say it, ask them to write it.

This is why when we negotiate an ERP contract, we always strive to include all of the sales material as an attachment to the agreement. It adds weight to a user’s argument that what had been promised did not get delivered when the ERP software system failed to meet expectations.

3 – Plan for higher costs. In our long career of working with ERP from both sides of the table, we have come to know that the vast majority of the integrations go over the original budget. Sometimes, it happens because, as the system is being developed and integrated, the user wants additional features or components added. But often it is the result of a vendor or integrator “upselling” things that aren’t actually necessary such as licenses for software enhancements that may not be needed for several years.

Budget overruns are commonplace as ERP software systems are integrated. To prevent surprises, add anywhere from 10-percent to 25-percent of the price quoted for the project. No executive or shareholder will be upset if the budget is not spent.

We have seen many organizations completing a project and wonder why it cost so much more than anybody thought it would.

4 – Plan for longer integration. Just as many projects cost more than was planned for at the outset, nearly as many take much longer to complete than is anticipated – sometimes years longer.

Each delayed integration has its own unique reasons behind it: Management not knowing up-front precisely what it wanted the ERP software system to do so specifications were changed; the integrator not possessing sufficient experience in and knowledge of a user’s business’ circumstances that were not planned for sufficiently in advance.

By planning that a system will take X number of months longer than expected, there will be great joy if the system is switched on ahead of schedule.

5 – Know who’s in charge of what. Every contract for an ERP software system must detail who will be responsible for what at each stage of the project. Specify who is authorized to make change orders and that the changes will be documented in writing.

Often, an integrator will subcontract part of the project to one or more third parties. Ensure that the master contract specifies what third party contractors will do, their experience with not just the software but integrating ERP in the user’s industry or sector, how they will be managed and supervised, and who is responsible for their actions (or omissions).

Many court battles hinge on a version of “he said–she said” arguments. Clearly detailing where responsibility lies for each phase of a project can eliminate many of these disputes.

6 – Expect the unexpected. The adage “what can go wrong, will go wrong” is not a bad way of thinking about an ERP project. Creating an integration plan around a worst-case scenario reduces the possibility of an unexpected dragon rearing its head on the horizon, breathing financial, operational, or technological fire.

It is highly unlikely that a vendor or integrator will tell you in advance, “… and here are all of the ways your project may run into trouble” so a user will need to figure out where the project may get derailed and plan accordingly.

Moving Ahead

Done strategically, thoughtfully, and carefully, many organizations will be able to revitalize an ERP project that had been put on hold as a result of the pandemic.

We have devoted our career to negotiating, drafting, and litigating ERP contracts. We know where potential problems lie and ways to minimize them. We are happy to share with you what we have learned and can also refer you to our experienced network of consultants who also work extensively with ERP. If you have a question, feel free to call or send an email.

As we wrote recently, a global survey of senior technology executives conducted by KPMG and Oracle revealed that worrying about data security is the thing that most keeps them awake at night. The concern is especially acute for data stored in the cloud, but it also exists for on-premises servers.

For users of ERP software systems, this can be especially troubling. Every ERP system may hold a wealth of information about everything from production techniques to the supply chain and customers, from financial data to employee information, and other highly sensitive, often proprietary secrets.

ERP data security continues to loom as a huge issue during the COVID-19 emergency. Some employees in some states are back in the office, others may still be at home using their own PCs and other devices as they work. Senior executives, in-house counsel, technology directors, and even line employees all must understand and work to mitigate the mounting risks of breaches and leaks, even those that are inadvertent.

There are five must-do steps that organizations need to take in checking ERP data security and then close any gaps that are revealed.

1 – Assume nothing. Begin with the premise that the outcome is unknown. We have lost track of the number of times over the years when a client stated, “But we had everything under control!” when, in fact, the opposite was true.

Making assumptions will put an organization at risk. Surmising in advance where the greatest security risks may be can have a devastating effect on even the most-sophisticated organization.

Rather, consider the evidence that emerges before reaching any conclusions. The bias that bedevils data security is when decisions are not made from facts; even professionals search for information that supports their original assumption.

2 – Use every tool to assess risks. Recognize that no single tool will solve the problem of ERP data security. For example, assuming that a firewall, anti-virus program, and a Security Information and Event Management (SIEM) program is foolproof all but guarantees failure. While essential on their own, their shortcoming is that they miss what might be happening in between their protections.

It is far safer to also assess risks that may arise elsewhere, using things such as network detection and response software. Without a comprehensive solution, a company will only be scratching the surface of knowing the data security in its ERP software system.

3 – Keep an open mind. Something often happens in the brain when a data security professional is testing a system such as ERP: They are accustomed to spotting problems in the same places, which has them looking for something here when the problem may be over there. This raises the possibility of overlooking a danger.

So, it is vital to keep an open mind to what the data is showing, not what anyone expects it to reveal. This does not mean ignoring years of accumulated experience and expertise. It does require including the possibility of chance in the discovery process, to see what might be seen, uncovering a threat where one was not expected to be found.

Relying on the history of what you have always found in the past creates its own bias. It is vital to look at the data from all angles.

4 – Don’t judge in advance. Many security professionals are influenced by what they have been accustomed to seeing on their network. This is what they often look for first and, when they find it, might assume they’ve located a problem.

But what appeared on Monday may not have anything to do with something that is occurring on Tuesday. This sort of judgment call undermines the ability to make a comprehensive determination of the potential risks in the system or the network.

No matter how keen one’s judgment and experience might be, a holistic approach – and solution – to solving a problem is needed. Professionals need to see everything happening on a network.

5 – Beware of what the eye sees. Both state-sponsored and criminal threats often come from what could be considered primarily benign tools to penetrate an ERP software system. Be wary. A small discrepancy that isn’t usually perceived as a genuine threat could well be masking a more lethal attack.

The best security teams look for – and often find – genuine threats in places where they had not been expected or discovered previously. Often, a threat is lurking in a most unlikely place.

Combine the tools you have with the knowledge and experience you’ve gained to separate a threat from legitimate activity.

Never Be Totally Certain

One of the things we have learned as data security attorneys who have spent much of our career working with ERP is that users often hit bad road bumps when they are absolutely, positively, totally certain about an outcome.

Yes, experience and training are important. But security professionals responsible for the safety of an ERP software system must go out of their way to ensure that they don’t have blind spots masking problems that prevent finding a solution to an issue.

If you are a corporate executive, general counsel, or network professional and have questions about ERP data security, feel free to contact us. If we cannot provide an answer, we can refer you to reputable consultants and advisors who can.

A debate is raging between some politicians and public health officials over the timing of reopening the economy. Noisy arguments in the news media, on Facebook or Twitter aside, the fact is that corporate executives need to be thinking seriously about the status of planned ERP software system upgrades or proceeding with projects that were slowed or put on hold during the COVID-19 emergency.

A recent report from McKinsey & Co. suggests that a corporate reopening strategy needs to include shifting IT and technology to what amounts to a restart mode. Prime among them is accelerating digital transformations to ensure they reflect the needs of customers, employees, and the status of an entire supply chain.

McKinsey writes, “The IT infrastructure (including ERP) must be relevant, secure and able to meet emerging (and changing) expectations … Executives will need to draw up a business-led technology road map to accelerate their digital transformation with urgency.”

This speaks directly to issues surrounding ERP software systems during and after COVID-19 and why users should at least consider fast-tracking projects regardless of whether lockdown restrictions are eased.

Assess, Measure, Recalibrate

Granted, any technology project must reduce a company’s costs during and after the emergency. Yet investments in the right ERP technology can contribute significantly to growth during the recession which shows no near- or intermediate-term signs of recovery.

The key is to ensure that the project is relevant to an organization’s digital ecosystem in whatever comes during and after the pandemic.

If the contract for an ERP software system is negotiated and drafted – or redrafted – properly, and performance of the vendor and integrator is monitored closely, once it comes online the system should help enable the user to restart successfully and cost-effectively. Here are five things a company needs to keep in mind as it considers fast-tracking at least portions of a new or upgraded ERP software system sooner rather than later.

1 – Business has changed. What ERP consultant Eric Kimberling calls the “next normal” will require another major change as dramatic as the one when the lockdowns were ordered. ERP users will continue to face a raft of unknowns that won’t be clear for some time to come. The user’s operation may be functioning in one location but not in another. Supply chains will continue to be disrupted or new sources being onboarded. Access to markets may be restricted.

2 – Recalibrate your ERP strategy. For most ERP users, what was a solid technology strategy in February 2020 may not be valid or even practical today. After the broad corporate strategy and direction are recalibrated, do the same with the ERP strategy because it may need to be altered or modified. This does not mean that an integration needs to be deferred. Rather, it might be necessary to change the requirements that led to upgrading a legacy system or installing a new one prior to the pandemic. ERP vendors and integrators are much more likely now to be willing to renegotiate the terms of a contract.

3 – Create a new implementation roadmap. One of the reasons so many ERP integrations fail and end up in a prolonged court battle is that the user did not start with a clear idea of the implementation process and how milestones would be measured and monitored. Not doing this always has been an expensive mistake but in the time of COVID-19, it can lead to disaster for the company with an impact on not just operations but the bottom line. Whether or not you used a consultant at the beginning of the project, retaining one now is critical to restart or launch an ERP project.

4 – Include a change management program. Everyone in your organization has been affected by the pandemic, whether something simple like wearing masks and stay at home orders or because their pay was reduced and their job redefined. Just as senior management needs to work closely with IT to monitor the progress of an ERP project shifting back into high gear, they also need to collaborate with HR to create an effective change management program. Many employees still are in a kind of shock from the effect of the pandemic on their daily lives. No matter how relieved they might be at escaping the worse effects of COVID-19, without an effective change management program in place they are likely to revert to form fairly quickly and try blocking any significant shift in how they do their job.

5 – Executives can control the change as they restart ERP projects. Despite the many unknowns over the next six-to-12 months, senior management can find ways to control restarting ERP software system projects effectively. Doing so requires understanding how the project will fit into Kimberling’s “next normal” and what the system needs to deliver now, however the business has had to change.

Restarting ERP With Care and Caution

A problem that has plagued many ERP projects is a slow decision-making process and seeing ERP as a technology solution rather than a management tool.

Put bluntly, right now slow decision making is the same as not deciding. A plan-ahead team is needed to identify and work through potential stumbling blocks.

One way to avoid possible problems is to work with counsel to renegotiate contract provisions that need reconfiguring to the corporate reality of today. As we mentioned, vendors and integrators are in a vulnerable position at the moment. In particular, certain deliverables and the detailed responsibilities of the user, the vendor and the integrators need to be very specific. Spell out what work will be subcontracted, and which party will be responsible for third-party performance.

Having spent our professional life dealing with ERP contracts, we’d be happy to share our thoughts on restarting a project. We can also refer you to independent, technology-agnostic consultants to advise on the business issues involved, and to oversee the work of all of the participants. Feel free to call or send an email.

In July, the European Court of Justice ruled that the Privacy Shield, which allows for the transfer of data on European Union (EU) residents to the United States, is invalid. Privacy Shield certification was granted to companies if they met certain requirements regarding data security and information use.

 

The agreement between Washington and Brussels ensured that U.S. companies adhered to EU standards on data protection and privacy. In exchange, businesses were able to shift personal data on EU residents. But the high court ruled that American laws do not provide adequate protection for personal data.

 

While the ruling does not entirely kill data transfer, it still has major implications for users of ERP software systems and other businesses that hold information on European customers, suppliers, and employees, and want to move it across the Atlantic.

 

As a result, U.S. businesses that have been shifting personal data to America from the EU now need to find a new process or they will face potential fines under Europe’s General Data Protection Regulation (GDPR).

 

ERP Users Need to Adapt

More than 5,300 American companies were Privacy Shield participants, including hundreds that have been shifting ERP data to the U.S. from Europe. 


Although the ruling continues to allow one annual data transfer, there is a complication that must be taken into account: ensuring that transferring data does not add any additional risks to security. The European court makes it clear that a more in-depth assessment of an organization’s data collection and transfer process is required. 

 

What this means for ERP users – along with any other business shifting personal data into the United States – is that they need to evaluate the sensitivity and volume of data transfers as well as whether there is a genuine business need to move the information into the United States. 

To justify data transfers, ERP users must assess what type of additional data security safeguards are required. While data can still be transferred “if necessary,” some clients are telling us that they are considering barring any transfers altogether.

 

Greater Compliance Burdens

While the Privacy Shield was a single set of compliance requirements covering all personal data, because the European court decision continues to allow Standard Compliance Contracts (SCC) the lives of chief information officers’s and chief information security officers have become even more complicated. This is because SCCs are specific to each data movement. A large organization might have hundreds of SCCs in place.

 

Compliance officers need to work closely with counsel to understand not just what the ruling means but to understand data flows across the entire company – often one of the key purposes of ERP.

 

Businesses now are required to evaluate each data transfer recipient to determine whether they provide an adequate level of protection. This means assessing what type of personal data is being transferred, how it will be processed, whether it may be subject to access by government agencies for surveillance purposes, and what safeguards are available. Few businesses are able to make those assessments. 

 

Another U.S. – EU Clash on Privacy

This is the second time the European court has struck down a data transfer agreement between the EU and Washington, the first being when it invalidated the so-called “Safe Harbor” rules. The U.S. needs to adopt a tough privacy and data security law, as national regulations are sorely needed. Privacy reform should be crucial for the business interests of Silicon Valley and all ERP users.

Taft partner Scot Ganow, co-chair of the firm’s Privacy and Data Security Practice, will present a interactive virtual session for The Greater Cleveland Partnership’s Tech Week 2020 on “California is Just the Beginning: Why Small Businesses Need to Think Big about Privacy & Security. Now.”

Ganow will give attendees a primer on what they should be doing to be ready for enforcement of California’s new privacy law. In addition, he will discuss why companies should use this opportunity to strategize on how a broad approach to data privacy and security will not only keep them “compliant,” but will also elevate and distinguish their business from the competition.

Ganow’s session will be part of a virtual half-day symposium on Aug. 27 from 1 p.m. – 5:30 p.m. The program targets business owners, CEOs, and other C-level executives. Relevant information and education about cybersecurity, including cybersecurity basics, cybersecurity insurance, the legal landscape/legal considerations, cybersecurity risks, and mitigation strategies will be presented.

Launched in 2011, The Greater Cleveland Partnership’s Tech Week is an annual initiative to support and engage the local tech community through education, networking, and programming for entrepreneurs, executives, students, educators, and other stakeholders of the IT industry.

For more information, or to register, please click here.