As a SaaS supplier you may be ordered by a court as part of a litigation process to identify and disclose physical documents and electronically stored information (e-discovery). This creates problems for SaaS suppliers on a number of levels.

Location of the ESI

Data is often stored or replicated in an external hosting centre, the SaaS software application itself or a corporate data centre. If numerous data centres are used they are usually in different physical locations and in various countries. Discovery rules may conflict with compliance and privacy requirements in the countries where the data is held, however for the purposes of complying with your obligations under a country’s e-discovery rules the actual location of the data is irrelevant.

For example in AccessData Corporation v ALSTE Technologies GmbH a US court ordered a German company to disclose emails stored in Germany as part of the disclosure process in a court case, although the company argued that this breached the German Data Protection Act.

Compliance Issues

SaaS agreements should therefore permit SaaS suppliers and customers to comply with e-discovery requests, to avoid breaches of requests for disclosure. Although it is unlikely that any sanctions will be taken by the court against the SaaS supplier, the customer may try to claim damages for any losses it sustains. The SaaS supplier should therefore ensure that they exclude liability under the SaaS agreement for a technical or any other type of failure to comply with a disclosure request.

Help

Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles: