Meanwhile, IT leaders are also contending with the challenges of an expanding portfolio of new and niche technology companies. “Our clients have been entering in to outsourcing contracts with an increasing number of providers,” says Paul Roy, a partner in Mayer Brown’s Chicago office. “We have every expectation that they will source services from an ever expanding list of emerging and digital technology providers.”
Data security becomes a key consideration
IT leaders will continue to encounter the kinds of extensive changes in cybersecurity and data privacy regulations that began last year, says Rebecca Eisner, partner in Mayer Brown’s Chicago office.
Since the EU-US Safe Harbor agreement was invalidated last year, companies have been scrambling to find alternative means of transferring personal data form the EU to the U.S. (The agreement had permitted American businesses to import personal data of EU citizens based on self-certification of compliance with EU data protection principles.)
A new framework called the Privacy Shield emerged last summer, but companies are continuing to assess whether to adopt the approach, Eisner says. Meanwhile, the EU’s new General Data Protection Regulation (GDPR) last year will go into force next May and will likely result in significant technical and operational changes for multinational companies and companies outside of the EU who process the personal data of EU citizens.
Russia and China also have new data localization laws. LinkedIn was blocked in Russia for violation of the Russian law last November and China’s controversial cybersecurity law will go into force in June.
U.S. federal and state regulators also continue to focus on consumer privacy and data security issues. While federal efforts will be subject to the overarching direction of the new administration, Eisner says she expects continued active enforcement and introduction of new regulations at the state level.
Companies will need to update their outsourcing relationships to incorporate these security and privacy changes. “Regulators will be watching companies to determine if they are appropriately evaluating the risks posed by vendors and other third parties, and incorporating those considerations into their selection, contracting, and ongoing monitoring of those third parties,” Eisner says. “Given the rapid pace of change, this is a good year to evaluate existing selection and due diligence processes for third party contracts involving data access to o ensure that security and privacy standard clauses are up to date.”
Demand surges for analytics and digital services
Big data is only getting bigger, as a December 2016 report from the McKinsey Global Institute declared that volumes are double every three years. “That mirrors what we are seeing,” says Peterson, “that the biggest opportunities for the future — and the biggest margins — lie in data analytics.” But IT leaders aren’t just contracting with specialist data analytics firms for these tasks. They’re doing deals with professional services firms and technology vendors with integrated technology stacks as well. Looking ahead, data analytics will become a standard part of most contracts, Masur says.
Sign up for CIO Asia eNewsletters.