Cloud computing: key issues to remember before you sign

Cloud computing is becoming increasingly integral to the way businesses function and operate throughout the world.

Essentially, cloud computing involves the storing and accessing of data and programs via the internet rather than on a computer’s hard drive. The emergence of cloud computing has led to new legal issues that businesses need to consider before entering into a cloud computing contract, often called a Software as a Service Contract (SAAS Contract).

Software as a Service Contract: I’m receiving a licence right?

Incorrect. A SAAS Contract is an agreement between a service provider and a customer that provides the customer with access to and use of internet hosted computer software.

You may ask how this is different to a software licence contract. A software licence provides the customer with a copyright license to copy and use the software (i.e. the customer downloads the software application onto their computer).

By contrast under a SAAS Contract, the customer doesn’t make a copy of or downloads the software, rather the software remains with the service provider and the customer merely accesses it via the internet. As such, the customer obtains a service and not the software.

What does this mean for you?

It means that the customer is putting their data in the service provider’s hands. Irrespective of whether you are providing the service or thinking about signing up as a customer, there are certain key issues that you need to consider because of this fundamental difference with cloud computing.

Privacy, Confidentiality and Security

The security and privacy of data is a major issue. Customers will want assurance that their data is secure from unauthorised access and interference. This requires more than just a confidentiality clause. If the Privacy Act 1988 (Cth) applies to the customer and the customer’s data includes personal information, the customer will also require the service provider to comply with the Australian Privacy Principles.

Consideration should be given to compliance audit rights and actions that should be taken if there is a breach. For example, last year Luxottica Retail Australia, the owner of the OPSM brand, stored personal information of Defence personnel offshore with its parent company. The Department of Defence has a strict requirement that all personal information must remain onshore. As a result, the Department of Defence terminated the contract that was worth more than $30,000,000.

Transition of Data

There are often significant costs associated with setting up a SAAS for the customer’s use. Generally, at the commencement of the SAAS Contract the relationship is good, and the costs of set up are either a one-off fee, or built into a minimum period of use. Eventually though, the SAAS Contract will end and the parties need to consider what will happen to the customer’s data. For example, does the service provider provide a transition out service for the customer, whereby they assist with the transition of the customer’s data back to the customer or to another service provider? How will the costs of this service be calculated?

Disaster Recovery and Backup

Who is responsible for data backup? Where is the backup of data stored? What if there is a disaster affecting the service provider? It is essential that the responsibility for data backup is clear. Further, service providers should have a disaster recovery plan to ensure services are restored quickly if a service failure occurs.

Service Levels

The customer and the service provider both need to know where the responsibilities of the service provider start and stop. The tools to address this issue should be contained in service levels (SLA). The SLA should set out the performance expectations regarding reliability of the service and response times for support. Often the SLA will also provide the remedy for failure to meet the service expectations. The degree of transparency around performance is a key consideration in choosing a service provider.

Service Fees

The service provider needs to establish how they will charge the customer for their service/s, and when the fee will be payable. Typically, a service fee will be calculated based on how many users require access to the software or by the amount of data uploaded by the customer onto the software. Additionally, if the contract rolls over automatically, how will the fees vary year after year?

Before you sign

It is clear that there are many issues, which need to be considered before entering a SAAS Contract. We can help you with preparing, reviewing, or advising on the terms and conditions contained within a SAAS Contract.

For more information contact the Corporate and Commercial Team:

Alice Tay — Partner — Corporate and Commercial
(02) 6279 4426
alice.tay@mvlawyers.com.au

Wendy Meredith — Special Counsel — Corporate and Commercial
(02) 6279 4390
wendy.meredith@mvlawyers.com.au

Samuel Stapleton — Lawyer — Corporate and Commercial
(02) 6279 5384
samuel.stapleton@mvlawyers.com.au