SaaS suppliers are increasingly dealing with subject access requests (SARs) and freedom of information requests (FOIAs) in relation to SaaS customers. Excessive time and costs can be spent dealing with such requests, unless a SaaS supplier’s obligation to comply with or assist a SaaS customer with such requests is clearly defined in the terms of the SaaS agreement.Continue reading
Increasingly SaaS suppliers encourage employees to use social media accounts i.e. LinkedIn and Twitter to promote their products and business. However this often results in a conflict arising between claims of misuse of confidential information and “ownership” of accounts and contacts when the employment relationship comes to an end.
The High Court has recently highlighted the need for SaaS suppliers to have a clear policy on the ownership of such social media accounts and contacts when they are used by employees for business purposes.Continue reading
If you actively encourage or allow your employees to use LinkedIn and Twitter to store or build up their business contacts you need to ensure that you have control over how this information will be used if the employee ceases to work for you, as most contacts will be your SaaS customers, other employees and SaaS suppliers.
In the last few years there have only been a handful of court cases in the UK (and the US) providing guidance on this issue and whether or not contacts in social media channels such as LinkedIn and Twitter can be used by ex-employees.Continue reading
Last week the Information Tribunal ordered a Government department to publish specific details of a major IT contract with Atos Origin, following an individual’s request for information under the Freedom of Information Act (FOI). Pursuant to section 43 of the FOI, the Government body had refused to disclose the material requested on the basis that it was a trade secret and that disclosure would damage the commercial interests of the parties.Continue reading
Need for an NDA
If prospects do not sign a non-disclosure agreement (NDA) or confidentiality agreement prior to a SaaS supplier disclosing it’s business secrets and confidential information, the prospect will have no duty to keep this information confidential. An NDA should therefore include some basic legal clauses to protect your business if you win the sale and more importantly, if you don’t.
There are no restrictions on transferring personal data within the EEA. However, due to the global nature of SaaS or ASP agreements personal data often needs to be transferred outside of the EEA, for example to an IT outsourcing provider in India, a subsidiary of your company in China or a data centre or software development centre in Vietnam.Continue reading
What confidentiality provisions need to be included in a SaaS agreement?Define Confidential Information.
Parties will obtain and have access to the business critical information of each other as a result of entering into a SaaS Agreement. For example, they may have access to customer lists, banking information, IPR, source code and object code or business secrets and processes. Confidential information should be defined in the SaaS agreement to make clear what is, and what is not, confidential. Do not simply refer to documents which are “marked as confidential” or “which should be treated as confidential”. Not all confidential information exists in a physical format, particularly in a SaaS scenario – so do not restrict your definition to just documents.