Title: Denver Software Club
1Denver Software Club
- Rob McNeill
- Philip Haleen
- John Enstone
- May 9, 2007
2(No Transcript)
3 - Market Entry into the UK
- Rob McNeill
- Vice Consul (Trade Investment)
- British Consulate-General Chicago
-
4Overview
- UK Software Market
- UK Market Opportunities
- IT Hotspots in the UK
- Methods of Entry into the UK
5UK Software Market
- UK Enterprise Products Services market is
largest in the EU - IT professional services around 33Bpa, growing
at 1.75Bpa - Computer hardware Office equipment around
23Bpa, growing by 550Mpa - Support software products over 12Bpa, growing
950Mpa - IT support services around 12Bpa, growing at
550Mpa - Application software products over 9.5Bpa,
growing at 680Mpa - 120,000 firms employing over 500,000 staff
- All the worlds major software firms are in UK
- Accenture, EDS, Google, IBM, Infosys, Microsoft,
Oracle, Tata - UK firms include Asidua, Autonomy, Capita, Lagan
Technologies, LogicaCMG, Misys, nCipher,
Northgate, RM, Sage - UK-based software businesses invest nearly 1.4
billion pa in RD
6UK Software Market
- Government invests heavily in IT systems
- E-Government
- NHS spending around 40B on new IT systems over
10 years - Home Office - National Identity Card programme
- Transport for London - Congestion Charging and
Oyster card - Many other government contracts, especially in
shared services area - Universities share over 340 million of software
research funding - Especially Southampton, Edinburgh, Nottingham,
Newcastle, Imperial, Surrey, Bath, Oxford, UCL,
Cambridge, Manchester, and Warwick - Knowledge Transfer Networks
- Cyber Security, Displays, GRID Computing
7UK Market Opportunities
- Software Market
- Customer Relationship Management (CRM)
- Business Intelligence (BI)
- Enterprise Resource Planning (ERP)
- Compliance Solutions
- Finance Sector
- Multinationals
- Software as a Service (SaaS)
8Strong Vertical Marketsfor IT
- Aerospace major roles in civil and military
projects - Airbus, Joint Strike Fighter, and helicopters
- Automotive UK still manufactures over 600,000
cars pa - Major investments by BMW, Honda, Nissan, Toyota
less by Ford and GM - Financial Services
- London becoming global 1 in financial services
- Healthcare NHS has worlds largest civilian IT
project - 10B development project with further 20B
implementation - Pharmaceuticals World leading pharmaceutical
players - Astra Zeneca, GSK, Pfizer etc research and
manufacture in UK - Retail Worlds leading on-line retailer
- Tesco, Sainsbury, Marks Spencer ..
- Security 2nd largest market in Europe for IT
Security - UK leads international security standards
initiatives - Transportation London tackling public transport
- Largest smartcard project in Europe (Oystercard)
now has 4M daily users
9IT Hot Spots in the UK
10East of England IT Overview
- Scale
- 14,500 IT/Telecomms companies employing 300,000
staff - Key Vertical markets/clusters
- Aero, Auto, Biotech, Financial Business
Services, Food Drink, Energy, Film Media - Regional Business Clusters
- Cambridge, Chelmsford, Ipswich, Norwich, South
Hertfordshire - Key IT/Digital Media firms
- 3Com, ANT, ARM, Accelrys, Autonomy, BT, CCL,
Citrix Systems, Convergys, CSR, Domino Printing
Sciences, Elstree Studios, Microsoft, Nortel, PA
Technology, Philips, Pointsec, Sagentia, Short
Fuze, Symbian, T-Mobile, TTP, Wanadoo, Xaar, Zeus
11East of England IT Overview
- Key Universities
- Cambridge, Essex, Hertfordshire
- IT/Digital Media Strengths
- Low power Mixed-mode chip design, Wireless
technology, Communications, Photonics, Displays,
Internet Security, GIS, Speech Recognition,
Virtual Reality, Database management, e-business,
Engineering, Healthcare, Banking Insurance,
Inkjet - Key Enterprise Zones, Science Parks, and
Incubators - Capability Green, Woodside, Luton Hertfordshire
BIC - Cambridge Business Park Cambridge Science Park
St Johns Innovation Centre - Key Agencies / Networks
- East of England International Cambridge Network,
Cambridge Wireless, CETC, CHASE, EMMA
12London IT Overview
- Scale
- IT/Telecomms sector is the largest in Europe with
22,600 companies - 19 of 25 software and services suppliers have
their HQs in London - Key Vertical Markets/Clusters
- Financial, Business, Life sciences,
Environmental, Creative Industries, Government,
Aerospace, Hospitality - Key IT/Telecomms Firms
- Amstrad, Atos Origin, BT, Bloomberg, CSC, EDS,
EiDOS, France Telecom, Glu, IBM, Infosys,
Infogrammes/Atari, I Play, Fujitsu, Konami,
LogicaCMG, Microsoft, Oracle, Fujitsu, Samsung,
SAP, SCI, SEGA, Sony, Symbian, Tata Infotech,
Vtech Communications ltd, Ubisoft, Yahoo!
13London IT Overview
- Key Universities
- Imperial College of Science, Technology and
Medicine, Birkbeck College, Goldsmiths College,
Queen Mary College, University College - IT/Digital Media Strengths
- Software, Business Financial Services,
Hardware, Creative and Digital Media, Telecoms,
Internet services, Mobile telephony - Key Enterprise Zones, Science Parks, and
Incubators - The Thames Gateway Technology Centre Innova
Science Park - Brunel Science Park South Bank Technopark
- Key Agencies / Networks
- BCS, IET, Intellect, London Technology Network
(LTN), New Media Knowledge
14South East IT Overview
- Scale
- 30,000 IT/Telecomms companies in the region
185,000 people employed - Key Vertical Markets/Clusters
- Aerospace, Built Environment, Marine, Health/Life
Sciences, Environmental Technologies, Digital
Content - Regional Business Clusters
- Brighton, Guildford, Oxford
- Key IT/Digital Media Firms
- Babel Media, Climax, Dell, Electronic Arts, Epic,
Ericsson, Fujitsu, Hitachi Data Systems,
Hutchinson 3G, Kuju, LG Electronics, Lionhead
Studios, Microsoft, Mobisphere, Motorola, Nokia,
Oracle, O2, Panasonic, Philips, Pinewood Film
Studios, Rebellion, Sage, Shepperton Film
Studios, Siemens, Virgin Media, Vodafone
15South East IT Overview
- Key Universities
- Oxford, Southampton, Kent, Sussex, Surrey,
Reading - IT/Digital Media Strengths
- Software, Information Security, Hardware,
Creative and Digital Media (inc Film), Computer
Games Development, Opto-electronics,
Telecommunications, 3G Comms, Satellite
Communications, Publishing - Key Enterprise Zones, Science Parks, and
Incubators - Science Parks in Oxford, Surrey and Southampton
22 Enterprise Hubs - Key Agencies / Networks
- SE Media Network Wired Sussex mVCE Royal
Holloway Security Group, Screen South
16Methods of Entry into the UK
- Distributors and Sales Agents
- Partnerships
- Sales Office
- Research Development Facility
17Distributors Sales Agents
- Often the first point of entry into a foreign
market - Done right can present the lowest risk with a
minimal financial outlay - Important to ensure distributor/agent meets your
needs
18Distributors Sales Agents
- Support from the US Export Assistance Center
- Identify Distributors and Sales Agents in the UK
through the work of the US Embassy in London - Local contact
- Suzette Nickle
- Senior International Trade Specialist
- suzette.nickle_at_mail.doc.gov
- Tel (303) 844-6623 ext 16
- www.buyusa.gov
19Partnerships
- Collaborative Partnerships with a like minded UK
company - Sales focussed or RD focussed
- Relatively inexpensive
- Results depend on resources allocated to
selection of partner and maintaining partnership
20Partnerships
- Global Partnerships Program run by UKTI
- RD focused matchmaking program
- Typical report identifies 10-20 potential
partners - Free to US qualifying US companies
21Sales Office
- Typically companys first physical presence in UK
- Company employees on the ground in the UK
- Transfer US staff to UK or hire locally
- More control over direction company and product
line is taking in the UK - Relatively easy to establish
- UK as a Gateway to Europe
22Research Development Facility
- UK-based software businesses invest nearly 1.4
billion pa in RD - Government continuing to develop tax credits for
companies investing in RD in the UK - Access to large talent pool of qualified
graduates and highly skilled software engineers - Links with UK Universities and Research
Institutes - All the worlds major software firms are in UK
- Accenture, EDS, Google, IBM, Infosys, Microsoft,
Oracle, Tata - UK firms include Asidua, Autonomy, Capita, Lagan
Technologies, LogicaCMG, Misys, nCipher,
Northgate, RM, Sage
23Help from UK Trade Investment
- Comparative research across UK and Europe
- Identify suitable locations in the UK
- Registering as a company
- Employment law
- Taxation advice
- Resolve visa issues
- Legal, Accounting Banking Introductions
24Funding Options
- Government Funds
- Financial Incentives
- RD Tax Credits
- Training Grants
- Venture Capital
- Alternative Investment Market (AIM)
25 - Rob McNeill
- Vice Consul (Trade Investment)
- British Consulate-General Chicago
- Tel (312) 970-3844
- Rob.McNeill_at_fco.gov.uk
26Best PracticesConfidentiality and Data Protection
-
- Philip Haleen
- Faegre Benson LLP
- Frankfurt
27Setting the Stage
- Of the various consequences of the Internet Age,
one area of particular interest is the impact of
the computer and the Internet on issues of
CONFIDENTIALITY. -
- The computer and the increased storage
capabilities available have enabled vast amounts
of data to be accumulated, stored and transmitted
electronically. These new technological
capabilities have not yet fully found their legal
or contractual response in the business world.
28Traditional Approaches to Confidentiality
- Confidentiality agreements are signed with
employees and third party vendors - Access controls to business premises or sensitive
areas within those premises are initiated and, - In the transactional setting, a standard
boilerplate confidentiality clause is included.
Such clause can be as simple as
29Traditional Approaches to Confidentiality
- The Parties agree to keep confidential all
information constituting trade secrets of the
other party known to it and will not disclose
such information, directly or indirectly, to any
third party. The foregoing obligations of
confidentiality shall not apply to confidential
information, which was or is lawfully obtained by
a Party from other sources, which was or is or
becomes generally available to the public, which
ceases to be a trade secret, or which is required
to be disclosed to a competent tribunal or
government agency or other regulatory body. - Note Focus is on deterrence through threat of
liability rather than prevention.
30Traditional Approaches to Confidentiality
- In the Internet Age, can these traditional
measures still be adequate to assure an adequate
level of confidentiality? - Simply put More data is available and is more
easily accessed, copied and transmitted over
computer networks than was ever possible before. -
- What then does this mean for efforts to protect
the confidentiality of such data?
31The Data Protection Law in the European Union (EU
Directive 95 / 46 / EC)
- A good place to turn for comparison purposes
- However, the EU Data Protection Rules only apply
as to personal data. - Personal data is data on individuals that can
serve to identify a particular individual. - Should not the same principles apply with to
business data, especially in the context of
outsourcing?
32The Data Protection Law in the European Union (EU
Directive 95 / 46 / EC)
- Section VIII, Confidentiality and Security of
Processing - (Articles 16 and 17)
- The Directive obligated Member States to
transpose the following requirements into their
respective national laws - Article 16
- Confidentiality of processing
- Any person acting under the authority of the
controller or of the processor, including the
processor himself, who has access to personal
data must not process them except on instructions
from the controller, unless he is required to do
so by law.
33The Data Protection Law in the European Union (EU
Directive 95 / 46 / EC)
- Section VIII, Confidentiality and Security of
Processing - Articles 17
- Security of processing
- Member States shall provide that the controller
must implement appropriate technical and
organizational measures to protect personal data
against accidental or unlawful destruction or
accidental loss, alteration, unauthorized
disclosure or access, in particular where the
processing involves the transmission of data over
a network, and against all other unlawful forms
of processing. - Having regard to the state of the art and the
cost of their implementation, such measures shall
ensure a level of security appropriate to the
risks represented by the processing and the
nature of the data to be protected. -
34The Data Protection Law in the European Union (EU
Directive 95 / 46 / EC)
- Section VIII, Confidentiality and Security of
Processing - Articles 17, Security of processing (continued)
- The Member States shall provide that the
controller must, where processing is carried out
on his behalf, choose a processor providing
sufficient guarantees in respect of the technical
security measures and organizational measures
governing the processing to be carried out, and
must ensure compliance with those measures.
35The Data Protection Law in the European Union (EU
Directive 95 / 46 / EC)
- Section VIII, Confidentiality and Security of
Processing - Articles 17, Security of processing (continued)
- The carrying out of processing by way of a
processor must be governed by a contract or legal
act binding the processor to the controller and
stipulating in particular that - The processor shall act only on instructions from
the controller, - The obligations set out in paragraph 1, as
defined by the law of the Member State in which
the processor is established, shall also be
incumbent on the processor. - For the purposes of keeping proof, the parts of
the contract or the legal act relating to data
protection and the requirements relating to the
measures referred to in paragraph 1 shall be in
writing or in another equivalent form.
36The Data Protection Law in the European Union (EU
Directive 95 / 46 / EC)
- Note
- The controller not only must fulfill the
requirements itself (Article 17(1)) but also - The controller must require from any third party
processor that it provides sufficient guarantees
in respect of the required technical security and
organizational measures and ensure compliance of
the processor with those measures. (Article
17(2)) and finally - The agreement between the controller and
processor must be governed by contract and the
provisions relating to these measures must be in
writing (Article 17(3) and (4)).
37Data Protection Law in the European Union
(Organizational Measures)
- What are these appropriate organizational and
technical measures that must be implemented
pursuant to Article 17(1)? - Specifically, under the transposed data
protection rules in Germany (from the Annex), the
organizational measures are to be designed - To prevent unauthorized persons from gaining
access to data processing systems with which the
confidential information is processed (entry
control) - To prevent data processing systems from being
used by unauthorized persons (user control)
38Data Protection Law in the European Union
(Organizational Measures)
-
- To ensure that persons entitled to sue a data
processing system have access only to the data to
which they have a right of access and that the
confidential information cannot be read, copied,
modified or deleted by unauthorized persons
(access control) - To ensure that the confidential information
cannot be read, copied, modified or deleted when
they are transferred electronically or
transported, and that the confidential
information can only be reviewed and verified, at
which point or stage of the process a transfer of
the confidential information by data transmission
facilities is foreseen (communication control)
39Data Protection Law in the European Union
(Organizational Measures)
-
- To ensure that it is possible to check and
establish, after an input, which confidential
information has been input, modified or deleted
in data processing systems by whom and at what
time (input control) - To ensure that, in the case of commissioned
processing of the confidential information, the
confidential information is processed strictly in
accordance with the instructions of the principal
(outsourcing control)
40Data Protection Law in the European Union
(Organizational Measures)
-
- To prevent unauthorized input into the memory and
the unauthorized examination, modification or
erasure of stored confidential information
(memory control) - To ensure that the confidential information that
is collected for different purposes is processed
separately (which I would describe as integrity
control).
41Data Protection Law in the European Union
(Technical Security Measures)
- German legislation does not address specific
technical security measures. - The legal literature suggests a company will need
to ensure of itself and of its third party
vendors that information systems are not
installed/used in a manner - Which could provide the opportunity to create
unauthorized links to other systems, - Thereby allowing the ability to bypass
authentication mechanisms, - Circumvent data access control procedures, or
- Otherwise jeopardize the security of the
companys computer systems. -
42Data Protection Law in the European Union
(Technical Security Measures)
- There must be notification procedures
- Actual or suspected instances of information
asset theft or abuse, as well as - Potential threats (e.g. hackers, viruses, fire
etc.) or - Obvious control weakness affecting security, are
to be reported immediately to IT security
personnel at the company.
43Data Protection Law in the European Union
(Technical Security Measures)
- Further policies, procedures/guidelines to
enhance technical security would - Protect all information technology resources
(e.g. computers, communications, software etc.)
from theft, tampering, misuse, malicious software
(e.g. viruses, hackers etc.), destruction and
loss. - Ensure that all individuals who come in contact
with the confidential information have completed
the appropriate written confidentiality,
nondisclosure and policy compliance documents.
44Data Protection Law in the European Union
(Technical Security Measures)
-
- Ensure individual and organizational
accountability for the use and protection of
information systems, through the assignment of
unique identification codes and authentication
procedures (e.g. respectively user ids and
system passwords). - Prohibit the sharing and other unauthorized
disclosures of passwords and other confidential
system access controls through areas such as dial
up or system passwords.
45Data Protection Law in the European Union
(Technical Security Measures)
-
- Ensure supplemental user authentication processes
and access controls for individuals entering the
systems through dialup, Internet or other
communications. - Provide prompt notification to system/security
administrators of changes in status (e.g.
transfers, terminations) of employees,
contractors, clients, or other users that
could/will affect their access privileges.
46Data Protection Law in the European Union
(Technical Security Measures)
-
- Control access to confidential information based
on criteria defined by the company. The level of
default protection for all proprietary
information, including software, must allow no
access unless specifically authorized. - Apply additional controls to ensure the proper
protection and use of security software features
(e.g. security administration commands) to
prevent unauthorized bypassing of implemented
security procedures.
47Data Protection Law in the European Union
(Technical Security Measures)
-
- Produce, review, follow-up and retain audit
trails of all security relevant logs, data access
and administration events for ALL systems that
process the confidential information. - Regularly perform self-assessments and audits to
detect security vulnerabilities and
non-compliance to the companys security
policy(s) and policy derivatives.
48Data Protection Law in the European Union
(Technical Security Measures)
- Define and apply appropriate procedures for the
use of cryptography (encryption/decryption) where
it is deemed information may be sensitive or
business critical (e.g. Laptops, Dial-in). This
must include systems that store such information
with limited physical protection (e.g.
desktops). - Ensure that all information technology is
procured and/or designed with security control
features that include - User identification
- Authentication
- Data and software access authorization
- System integrity protection and ability to audit
use.
49Data Protection Law in the European Union
(Technical Security Measures)
- Apply appropriate authorization, copy protection
and non-disclosure controls for all confidential
information, released to third party entities. - Maintain, test and update business continuation
plans and procedures (e.g. backup, disaster
recovery), to ensure continued availability of
systems resources, particularly business critical
systems.
50Data Protection Law in the European Union
(Technical Security Measures)
- Define and apply all information retention
procedures that are necessary to satisfy all
internal and external requirements, including
notification requirements for security breaches
and loss of personal data under local law. - Properly erase, shred or otherwise dispose of
information that is no longer needed.
51Best Practices, Confidentiality and Data
Protection
- Conclusion
- EU data protection rules only apply in the EU,
and only as to personal data. - Will not global companies will start to demand
the same or similar confidentiality standards for
its business data? -
- IT departments and software vendors will need to
provide the software and system solutions
necessary to meet these legal and business
obligations for enhanced protection of personal
and sensitive business data. -
- As representatives of the software industry, you
will find abundant opportunities in assisting
your customers to meet these challenges of the
global workplace.
52- Thank you for your time and attention.
53Best Practices
-
- John Enstone
- Faegre Benson LLP
- London
54The Opportunities and Challenges for Outsourcing
in the UK
- By 2009 the combined outsourcing market for the
UK, France and Germany will be worth more than 40
billion dollars (UK National Outsourcing
Association) - Impact of mature outsourcing experience among UK
users on consultants and suppliers - Opportunities for new EU members in Central
Europe - Impact of new EU members on the outsourcing
market - Potential legal issues