On the 24th of November 2010 an employment services company A4e and Hertfordshire County Council were fined £60,000 and £100,000 respectively by the Data Commissioner for serious breaches of the Data Protection Act (DPA).Continue reading
A SaaS supplier can be liable for the loss of backup tapes, not just under the terms of its SaaS agreement but also the Data Protection Act 1998, the Financial Services Authority regulations or other UK rules or regulations regardless of whether the SaaS supplier, its data centre or a third party losses the backups of customer data.Continue reading
Using a sub-contractor to process your SaaS customer data is a problem under data protection law, where the sub-processor is based outside of the European Economic Area (EEA). Incorporating EU model clauses into your SaaS agreement is NOT the solution to this common problem. EU Model Clauses Under data protectionContinue reading
Due to a recent resolution issued by the German data protection authorities, additional due diligence is now required if German customer data is being exported to a US data centre.Continue reading
There are no restrictions on transferring personal data within the EEA. However, due to the global nature of SaaS or ASP agreements personal data often needs to be transferred outside of the EEA, for example to an IT outsourcing provider in India, a subsidiary of your company in China or a data centre or software development centre in Vietnam.Continue reading
Human resources (HR) departments are increasingly turning to SaaS or ASP agreements for their recruitment and talent management needs. Often referred to as software as a service, SaaS or on demand services many suppliers are now providing SaaS solutions specifically designed to assist employers with their HCM (human capital management), ATS (applicant tracking systems) and e-recruitment requirements.Continue reading
What confidentiality provisions need to be included in a SaaS agreement?Define Confidential Information.
Parties will obtain and have access to the business critical information of each other as a result of entering into a SaaS Agreement. For example, they may have access to customer lists, banking information, IPR, source code and object code or business secrets and processes. Confidential information should be defined in the SaaS agreement to make clear what is, and what is not, confidential. Do not simply refer to documents which are “marked as confidential” or “which should be treated as confidential”. Not all confidential information exists in a physical format, particularly in a SaaS scenario – so do not restrict your definition to just documents.
Data protection issues must be adequately covered in any SaaS agreement to protect both the supplier and the customer. Data Protection Act 1998. The Act applies to the processing of personal data, for example name/email addresses, dates of birth, national insurance number of any living individual.Continue reading
The following legal issues should be included in any ASP or SaaS agreement, whether you are a SaaS supplier or a SaaS customer.Continue reading
About Us/Contact Information. You must provide the following information in an easily accessible position on your web site:
* your legal name i.e. XYZ Ltd
* your geographical address
* contact details i.e. telephone number, fax number and email address
* which country your business is registered in and the registration number
* details of any supervisory body which regulates your business i.e. the FSA. For regulated bodies more detailed information is required.
* where you are registered for VAT and your VAT number
* clear details of prices and whether or not delivery and/or tax is included