SaaS Agreements – Hosting – Encryption of Stored Data

Under the Data Protection Act (DPA), SaaS customers are required to take “appropriate technical and organisational measures” to prevent the unauthorised or unlawful processing of personal data and accidental loss or destruction of, or damage to, personal data. SaaS providers who process personal data on behalf of SaaS customers are required to include such obligations in their SaaS agreement (or SLA).

Continue reading

SaaS Agreements – Terms & Conditions – Insolvency and ERRA

From April 2014 the UK government plans to change the Insolvency Act under the provisions of the Enterprise and Regulatory Reform Act 2013 (ERRA). This will make the SaaS supplier’s right to terminate or alter the terms of an existing SaaS agreement if a SaaS customer becomes insolvent. From this data no SaaS agreement may be terminated or have the pricing and payment terms changed due to a customer’s insolvency. Furthermore the SaaS supplier must continue to provide SaaS services without receiving any payment or having any right to arrears.

Continue reading

SaaS Agreements – Data Protection – IT Security Requirements

n January 2013 Sony was fined 250,000 GBP for failing to take “appropriate technical measures” to protect the security of personal data stored on its PlayStation Network (PSN) in breach of the Data Protection Act (DPA). In light of the lack of guidance currently provided by the Information Commissioner’s Office (ICO) on data protection security SaaS suppliers should be aware that the ICO plans to draw up new guidelines.

Continue reading

SaaS Agreements – Social Media – Ownership of Accounts

Increasingly SaaS suppliers encourage employees to use social media accounts i.e. LinkedIn and Twitter to promote their products and business. However this often results in a conflict arising between claims of misuse of confidential information and “ownership” of accounts and contacts when the employment relationship comes to an end.

The High Court has recently highlighted the need for SaaS suppliers to have a clear policy on the ownership of such social media accounts and contacts when they are used by employees for business purposes.

Continue reading

SaaS Agreements – FAQs – Prism

In light of recent and ongoing “prism” revelations, SaaS suppliers are having to deal with numerous queries about the safety of SaaS customer data. Many customers mistakenly believe that by using a non-US data centre their SaaS customer data is safe against disclosure to the US authorities. Below is a summary of the most common concerns being raised by SaaS customers.

Continue reading

SaaS Agreements – FAQs – Data Controller

It is important for a SaaS supplier to understand the legal obligations imposed upon a data controller when negotiating a SaaS agreement as the duties of a data controller are not the same as the duties of a data processor. In a SaaS relationship the supplier is always the data processor of the SaaS customer. The SaaS customer is always the data controller. Below is a summary of the obligations of a data controller.

Continue reading

SaaS Agreements – IPR – Software Patents

The issue of software patents has recently been highlighted by a proposal to change German patent and copyright law. The proposal recommends preventing computer software being registered as a patent, arguing that computer software should only be protected using copyright law, as this is sufficient to protect a software developer’s rights. In light of the current German proposal, below is a brief summary of patent and copyright law in relation to SaaS software in the UK, Germany and non-EU countries.

Continue reading