The Master Service Agreement (MSA) is an integral piece of the Nearshore jigsaw. It’s a contract that governs the expectations of a relationship between a buyer and a vendor, spelling out the rules that need to be followed on matters as diverse as confidentiality, delivery, limitations of liability and even the venue of law. The MSA is where commercial terms are agree upon, set and laid out in black and white.
Every formal Nearshore client-provider relationship should feature an MSA. But amid the pandemic, MSAs are changing.
Issues that companies thought were previously set in stone, like workplace compensation insurance, are becoming complicated with so many still working from home. An escalation in cyber attacks is pushing cyber insurance to the forefront of boardroom conversation, while rapidly-evolving data privacy regulations make up-to-the-minute knowledge essential for vendors regardless of where they’re located.
Gabriela N. Smith, founder and managing attorney at The Smith Law Group based out of Dallas, Texas is an international transaction lawyer who guides companies in the US and the Latin American region on how to stay watertight when it comes to their business contracts.
An MSA specialist, Smith offers her insights into where buyers, and particularly vendors of the Nearshore, need to look more closely.
How MSAs are Changing as a Result of Covid-19
MSAs cover issues including security requirements. Background checks on the workforce and legal compliance are mandatory. In terms of technology, MSAs must follow agreed upon computer access steps and are required to use specific anti-virus programs. This is all pre-pandemic and assumes that the workforce was assigned computer systems with two-step authentifications.
In the midst of the pandemic, and moving forward, companies will be seeing that the MSAs they signed before their workforce moved into the work from home model and cyberattacks rocketed, no longer cover all bases. Cyber attacks via mail have risen by 6000% during the pandemic as the workforce is remote and organizations’ ability to monitor the working environment is reduced. Any Security Compliance Officer looking at those MSAs will come up with new systems to bring in that extra level of security.
WiFi is one area that is likely to be covered. MSAs may require that workers have two separate WiFi networks – one residential, and one for work. They may also tighten VPN use and have new personal device policies. Prior to the pandemic, there were not really any policies governing the use of personal devices, including a laptop.
Cyber attacks via mail have risen by 6000% during the pandemic
The US Chamber of Commerce released a special report on cybersecurity for remote working during COVID-19 and they noted the an increase in the use of cloud. This will be another area that will likely grow in the future.
MSAs will look at the micro-level; the person working from home. To be frank, work from home regulation is being written today, there was little in place before the pandemic.
Insurance requirements will be interesting to watch in the near future and new insurance terms are likely to emerge.
Cyber insurance has never been as importance as it is today. Every company should have cyber insurance, period, no matter how small a company is. As a business you are a target for hackers and ransomware demands and once that happens, insurance is absolutely essential. Get it before you need it.
The buy-side is likely to be reviewing the cyber insurance policies potential vendors have in place. There may be specific lines of cyber insurance that are preferred. Companies must be aware of what their cyber insurance policy actually covers.
Network security insurance and coverage for damage to networks is another associated insurance policy that is growing in popularity.
Every company should have cyber insurance, period, no matter how small a company is
Workers compensation insurance is also another insurance area that is evolving. It used to cover injuries and accidents that happen to workers in the workplace, but now we’re working at home. Where does that leave the insurance policy? It is no longer limited to the physical corporate space.
In some US states, workers compensation will cover accidents that occur in the home. There was a recent case of an employee working from home who fell down her basement stairs during work hours. The decision was that she was covered because she was acting within the scope of her work. But this is a complicated issue that is still changing.
Data privacy is a moving target. But at the moment, data privacy laws are being progressed around the world. Many major companies have intimate access to citizen’s data and countries are now imposing regulations to layout what and what cannot be done with that data. It’s an issue that causes a lot of controversy.
In 2018 the European Union’s General Data Protection Regulation was implemented. It set a global standard that countries around the world are now catching up and adapting it to their own situation. Brazil’s General Data Protection Law is an example, as is the recent case in Panama. California’s Consumer Privacy Act (CCPA) is another law that has made huge strides in data protection and a number of other US states are following suit. This adds complications for Nearshore relations whereby different parties are located in different locations.
Companies have intimate access to citizen’s data and countries are now imposing regulations to layout what and what cannot be done with that data
In the California case, any Californian person has the right to protection under the CCPA. A buy-side company based in New York, receiving Californian residents’ data, with a vendor also receiving data elsewhere, must respect the laws that protect the Californian resident. As a Nearshore service provider you may not know where the data is coming from, but if the MSA says it must follow a particular law, you need to follow it.
MSA Tips for Vendors
Understand your MSA. This cannot be repeated enough. The MSA pretty much sets the rules of the game when embarking on a project, so you need to know those rules. Review any MSA that you signed in the past and be aware of its requirements. You must perform under the conditions you agreed.
Vendors must also consider how the MSAs they signed prior to the pandemic work within today’s situation. Consider the points that we’ve already raised and, if necessary, look into going above and beyond. Even if your MSA does not demand, for example, that your at home workforce works on a separate internet connection, consider the possibility. Does your cyber insurance policy cover the company sufficiently?
These proactive considerations are prudent considering the changes we’ve undergone in the last year. You may be saving yourself a big headache.