Business Lawyers in Columbus, Ohio
By Drew Stevens - May 16, 2019 - Technology & IP
Regardless of whether you’re the service provider or the customer, one of the key issues to be aware of with software as a service (SaaS) is data.
Multiple facets of data, from ownership and licenses, to data backup and access, to loss of data should be considered by both parties.
Clarity in a good SaaS agreement on these issues can save both parties lots of time and money down the road. Some of you reading this may be brilliant coders, but the legalese of a SaaS agreement can be similar to reading a foreign language. Here, our Columbus, Ohio SaaS contract lawyer covers a number of data issues that may be central to your SaaS services. SaaS Agreement Checklist
Being abundantly clear on the ownership, use, and license of data should be a priority for certain software as a service transactions. If desired, both the service provider and the customer should be clear that each party’s respective data remains the property of the respective party, and that the opposite party merely has a license to use said data. With any good licensing provision, look for the “magic” words of right, title, and interest.
Depending on the type of data involved, you may want to delineate and define the data into categories. For example, you may want to make specific mention of what constitutes personally identifiable information (PII) and hit the usual key points like social security numbers, driver’s license numbers, dates of birth, credit card numbers, and even biometic data.
If the SaaS services do in fact involve personal information, consider having provisions, or even separate exhibits, that specify the administrative, technical, and security measures that must be taken for the handling of personal information.
Use of data can be a hot-button item. Generally, the parties will want to draft the SaaS agreement so that the opposite party is only using the other’s data as it relates to the software as a service. This can mean that the other party will not rent, distribute, sell, or otherwise make available the opposite party’s data. Both the service provider and the customer may want to be clear that certain data, or perhaps all data, constitutes confidential information, as defined under the SaaS agreement.
If you’re the service provider, you may want the ability to run analytics on or related to your customer’s data. Proper detail about the use of anonymized data can help allay most customer’s concerns with analytics.
If you’re the customer and the SaaS involves significant storage, analytics, or processing components, you may want to take extra care with the SaaS clauses that speak to your ability to access your data. It may be prudent to include a provision that requires the service provider to provide you with a specified method of extraction, in a specific format.
Depending on pricing and the actual scope of services, data backup may be an issue to address. Relevant provisions might speak to location of backup, frequency of backup, and storage capacity. If data backup is not included in pricing or the scope of services, the parties may want to be clear that the service provider is under no obligation to provide data backup services.
A scenario that often can make parties cringe is a total loss of data. Loss of data provisions can be as detailed as the parties wish. Examples include specifying when a service provider must notify a customer of the actual loss of data or even the suspected potential for loss of data.
If the loss of data involves PII, notification requirements may include both the customer and the individuals whose PII was compromised. Summaries and reports can also be required; these might include the service provider’s plan for addressing the loss of data and timeline for executing corrective measures.