2013 – Bodle Law

SaaS Agreements – SLAs – Business Continuity and Escrow Agents

23/12/2013 Irene Bodle

SaaS customers are increasingly asking for disaster recover provisions to be included within the terms of a SaaS agreement to ensure that they have access to their data and continuity of service if a problem arises at the SaaS supplier’s data centre. The costs of providing disaster recovery used to be prohibitive, due to the requirement of having mirrored servers and transferring data, however there is now a new market opening up with former escrow providers offering a variety of disaster recovery options at affordable prices.

SaaS Agreements – Data Protection – Update on the EU Draft Data Protection Regulation

13/12/2013 Irene Bodle

SaaS suppliers should be aware of the recent changes made by the EU Parliament to the draft EU Data Protection Regulation (Regulation). If this amended version of the Regulation becomes law next year the obligations of SaaS suppliers who process personal data on behalf of customers will radically change. A summary of the current main proposed provisions is set out below.

SaaS Agreements – Data Protection – Email Marketing and Consent

18/11/2013 Irene Bodle

As a SaaS supplier you will undoubtedly be sending marketing emails in your own name to existing and potential clients to advertise your own products and services, or possibly as a SaaS service on behalf of a customer. In any event you should be aware that the Information Commissioner’s Office (ICO) has issued new guidance on direct marketing, with regard to complying with the Data Protection Act (DPA) and the Privacy and Electronic Communications Regulations (PECR) both of which apply to sending direct marketing to consumers (BTC).

SaaS Agreements – Confidential Information – FOIA and SARs

08/11/2013 Irene Bodle

SaaS suppliers are increasingly dealing with subject access requests (SARs) and freedom of information requests (FOIAs) in relation to SaaS customers. Excessive time and costs can be spent dealing with such requests, unless a SaaS supplier’s obligation to comply with or assist a SaaS customer with such requests is clearly defined in the terms of the SaaS agreement.

SaaS Agreements – Terms and Conditions – Renegotiating Terms

29/10/2013 Irene Bodle

Customers are increasingly attempting to renegotiate the terms of existing SaaS agreements, to reduce costs as more SaaS suppliers enter the market offering competing and cheaper SaaS services. In order to pre-empt such discussions SaaS suppliers should review their current SaaS agreements to ensure that they have the following terms in place to deal with and counter such requests.

SaaS Agreements – Hosting – Encryption of Stored Data

18/10/2013 Irene Bodle

Under the Data Protection Act (DPA), SaaS customers are required to take “appropriate technical and organisational measures” to prevent the unauthorised or unlawful processing of personal data and accidental loss or destruction of, or damage to, personal data. SaaS providers who process personal data on behalf of SaaS customers are required to include such obligations in their SaaS agreement (or SLA).

SaaS Agreements – Terms & Conditions – Insolvency and ERRA

09/10/2013 Irene Bodle

From April 2014 the UK government plans to change the Insolvency Act under the provisions of the Enterprise and Regulatory Reform Act 2013 (ERRA). This will make the SaaS supplier’s right to terminate or alter the terms of an existing SaaS agreement if a SaaS customer becomes insolvent. From this data no SaaS agreement may be terminated or have the pricing and payment terms changed due to a customer’s insolvency. Furthermore the SaaS supplier must continue to provide SaaS services without receiving any payment or having any right to arrears.

SaaS Agreements – Data Protection – IT Security Requirements

17/09/2013 Irene Bodle

n January 2013 Sony was fined 250,000 GBP for failing to take “appropriate technical measures” to protect the security of personal data stored on its PlayStation Network (PSN) in breach of the Data Protection Act (DPA). In light of the lack of guidance currently provided by the Information Commissioner’s Office (ICO) on data protection security SaaS suppliers should be aware that the ICO plans to draw up new guidelines.

SaaS Agreements – Social Media – Ownership of Accounts

07/09/2013 Irene Bodle

Increasingly SaaS suppliers encourage employees to use social media accounts i.e. LinkedIn and Twitter to promote their products and business. However this often results in a conflict arising between claims of misuse of confidential information and “ownership” of accounts and contacts when the employment relationship comes to an end.

The High Court has recently highlighted the need for SaaS suppliers to have a clear policy on the ownership of such social media accounts and contacts when they are used by employees for business purposes.

SaaS Agreements – Data Protection – Advantages of Hosting in Switzerland

24/08/2013 Irene Bodle

SaaS suppliers are increasingly using data centres located in Switzerland to host SaaS software and store customer data. In light of recent media revelations about “prism” and the already existing concerns over access to customer data under the Patriot Act and FISA this could be an increasing trend. The advantages of hosting SaaS data in Switzerland are summarised below.

Name	Borlabs Cookie
Provider	Borlabs - Benjamin a. bornschein
Purpose	Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie.
Privacy Policy	https://borlabs.io/privacy/
Cookie Name	borlabs-cookie
Cookie Expiry	180 days

Accept	Google Analytics
Name	Google Analytics
Provider	Google Inc.
Purpose	Cookies are set by Google and are used for website analytics and performance measurement. Cookies create statistical data on how visitors use our Site.
Privacy Policy	https://policies.google.com/privacy?hl=en
Cookie Name	_ga ; _ga_*
Cookie Expiry	_ga : 1 year 1 month, _ga_* : 1 year 1 month