Security

EXPERT ADVICE

Is Your Electronic Data Agreement Your Supply Chain’s Weakest Link?

“Get it in writing” is a quaint concept in the electronic information age — especially in B2B e-commerce, where a more suitable direction may be: “get in it cXML.”

Every industry has major players moving back-office functions from sourcing and procurement, to invoicing and payment to the Web. Supplier networks from Ariba, Perfect Commerce and Quadrem are expanding rapidly alongside industry-specific predecessors like OFS Portal, which connects suppliers and producers in the upstream oil and gas industry, and general procurement sites such as TradeKey.com.

While B2B e-commerce remains in the domain of Forbes Global 2000 companies with more than US$1 billion in sales, according to Forrester Research, responsibility often falls upon their smaller suppliers to accommodate online transactions. Benefits for small companies may include that their buyer assumes responsibility for tracking services delivery, faster invoicing and payment, and minimized disputes.

Putting Companies on Alert

The rapid growth of back-office-to-back-office e-business is aided by enthusiasm for Web 2.0 applications and the enormous amounts of data available for evaluation and analysis. It may not be the devil in the details, but the mining and potential for “mashing” of sensitive data is putting companies on alert. One supplier of Web services recently stated that its business plan was premised on profiting from the “river of data” that would pass through its Web portal.

eBay figured this out. In December, The Wall Street Journal reported that the company now sells licenses for its commercial data for the sweet price of US$10,000 per year. The license lets users track price trends in eBay’s 235 million auctions per year. Handing over the power to watch the “invisible hand” of the marketplace may be fine for used golf clubs sales, where no seller or buyer can exert market power.

However, consider the power of a Web portal that handles millions of transactions in a mature industry like aerospace, automotive or mining? When business transactions become paperless, do you want them to become part of the great river of data analysis? Maybe. However, that should be your decision, and that’s why an electronic data agreement is imperative.

Guiding Principles

At the 10,000-foot level, the electronic data agreement should govern how the parties will transmit and receive electronic data, how electronic data will be received and who will pay the associated costs. At the heart of the agreement, a company is making important decisions regarding ownership, security, accessibility and privacy.

Before transmitting that first purchase order, evaluate your existing data agreements with these principles:

  • Ownership. If you are outsourcing your e-business platform using a supplier network, this is the first point of negotiation. An agreement should clearly identify who owns the data covered by the agreement. Suppliers generally seek to protect ownership of catalog data and confidential pricing.

    Networks want to aggregate and mine data to monitor trends without identifying its source. Will your buyer agree? Keep in mind that for invoices and purchase orders, the buyer and supplier typically agree that each is a co-owner of the transaction data, subject to a cross license.

  • Usage. If both companies own it, how can they use it? Both parties should be allowed to mine their own data, but they should not be allowed to combine (aggregate) or manipulate their data with third party data. Predictions for the increase in enterprise-wide mashups make this inside-only use an important point.
  • Sharing. Electronic marketplaces anticipate mining your data. That’s your “spend analysis” from supplier networks like Ariba, Perfect and others. A typical compromise allows the marketplace to provide data analysis services to a party if the mined data comes from that party’s own transactions.

    The electronic marketplace should not allow anyone to use or even peek at trends, prices or volumes from transaction data of unrelated parties. However, what about aggregated data? If the transaction is not identified as yours, is it fair game? This should be addressed explicitly and covered by the same rules. Evaluate confidentiality agreements carefully; they are often ambiguous regarding aggregated data.

  • Cost. For suppliers to the Global 2000, accommodating e-business requirements may be simply a cost of doing business with its largest customers. However, a strong electronic data agreement can negotiate future costs and additional investments. Technology evolves quickly, and what works this quarter may need a major overhaul in two years. Even if the initial costs are agreed upon, the parties need to address costs caused by future changes in computer systems or document requirements.
  • Fees. Third-party marketplaces typically charge a per-transaction fee, which initially appears nominal. However, if the marketplace becomes your only way of communicating with your customers then you lose leverage if the market place later introduces higher or new fees. Some suppliers refuse to pay such fees for that reason; others insist on other types of protection.
  • Standards. The parties should agree on a neutral and non-proprietary standard for their business documents. Both parties want to avoid the scenario where they are required to create or accept electronic business documents based on incompatible standards for their many respective customers or suppliers, as this would be monumentally expensive, if not impossible.
  • Receipt and acknowledgments. Does receipt by the electronic market place constitute receipt of the document? Does that change if the electronic market place serves as the out-sourced accounts payable (or receivable) department of one party? What if the electronic market place is partially owned by one of the parties, as was Covisint, the failed auto industry marketplace? The parties should also address if acknowledgments of receipt will be delivered, the impact of a failure to send acknowledgment, and who will pay for that transmission.
  • Security and transmission protocols. The parties should agree on a level of security for the transmissions and data storage. In 2006, the Federal Trade Commission issued security rules for financial data, which can serve as a guidepost even if your company is not subject to those requirements. You also need to agree on a protocol for sending and “enveloping” the business documents. For example, some protocols call for the recipient of the document to be listed in the electronic header, while others call for it in the body of the text. How will the business unit of the recipient be identified? Will it be a proprietary system or a DUNs (data universal numbering system) number? Will digital signatures be required and if so what kind? The devil really is in these details.
  • Terms of use. Many e-commerce Web sites contain onerous terms of use. For example, the Web site operator may change terms and conditions unilaterally. The electronic data agreement should supersede those T&Cs and prohibit unilateral amendments. Also, each party should make sure the electronic data agreement is consistent with their own privacy statement on their Web site.
  • Compliance. How do Sarbanes-Oxley and U.S./European Union privacy laws affect your electronic transactions? If enough transactions are sent that inaccuracies or errors could have a “material effect on financial statements,” Sarbanes-Oxley may require an annual audit of how business documents are transmitted and the reliability of the systems. The cost of such audits should be allocated up front. If personal, health or financial data subject to local privacy laws are to be transmitted, the means for doing so and compliance costs should be addressed.
  • Retention of data. Who is responsible for keeping accurate records of the electronic transmissions and proof of receipt? How long should the records be stored? Is the third party network the data storage of record or will each of the parties store their own records?

    Conversely, if each party is storing the records, will the third party network be required to delete the records after a certain time or on the request of one or both parties?

New Opportunities

The world’s largest companies are moving their buying and selling to the Web. A majority of them purchase from suppliers online via the Web or with Web-based supplier integration software, according to Forrester Research.

As old procurement and back-office systems mature and the opportunity for greater data analysis and efficiencies rise, these global supply chains will be linked electronically. Make sure your electronic data agreement is the strongest link in your chain.


Phillip Schmandt is an attorney at McGinnis, Lochridge & Kilgore and chair of the firm’s technology group. He represents suppliers, buyers and marketplaces in negotiating electronic data agreements.


Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

What's your outlook for the business climate in 2025?
Loading ... Loading ...

E-Commerce Times Channels