Cloud Computing: Understanding the legal implications of Software as a Service (SaaS)
SaaS is unlike traditional software that you purchase and install on your computer. SaaS is accessed over the Internet, and the data (i.e. documents, pictures, contacts, notes, billing) is stored on the developers’ servers instead of your computer.
With SaaS there is usually no installation of any software on your computer, no updates or maintenance fees. SaaS, unlike the traditional software licenses, is based on a “subscription model.”
SaaS Questions To Consider
SaaS is all about building a long-term relationship with the customer. Because of this ongoing relationship, there needs to be a level of trust and reliability between could computing company and customer. The most common Saas concerns are related to the developer’s ability to provide uninterrupted and secure access. Therefore, before entering into a subscription for SaaS, you should ask the following questions:
- What kind of data security/privacy/confidentiality do you have?
- How often is my data backed up? Do you have multiple backup data centers in different geographic locations?
- What is the history of your company?
- Can I obtain my data from your servers to backup on my computer?
- If I cancel my subscription what do you do with my data, and how long do I have to backup that information?
An SaaS company should be able to answer these questions with confidence, if they have consulted with an experienced SaaS lawyer, because the SaaS company should have a subscription agreement in place that has been carefully drafted and reviewed by an SaaS law attorney.
Cloud Computing and Saas Subscription Agreements
The SaaS subscription agreement differs from your typical local software license agreement. This is because SaaS is not a license to use the software, but rather a subscription to access the software. Thus, the agreement must be flexible in order to build the ongoing relationship, but limit the liability of the SaaS company. An SaaS subscription agreement should cover, at the bare minimum:
- information about the company;
- an explanation of the personal information stored;
- how the user is notified in case of a breach;
- disclaimer of liability.
SaaS agreements can touch upon nearly every area of the law, from intellectual property to criminal law. Most applicable laws deal with data security. SaaS companies can best protect itself best by not overstating its security, as doing so could lead to costly fraud litigation (i.e. Don’t claim that the data is “100% secure” and “guaranteed to be safe” if it’s really not). In other words, don’t write checks your insurance liability policy can’t cash.
The SaaS agreement should describe the company’s security procedures, including whether or not a firewall is used, the frequency of vulnerability tests, and your password-update schedule. Since data security is one of the primary concerns of most SaaS customers, a certain level of transparency must be had between the company and the user.
Get In Touch With A SaaS Lawyer
In spite of the risks, SaaS is flourishing. Our firm uses several types of SaaS applications because of their ease of use and ability to access information from both mobile devices and work computers. It not only makes the practice of law more efficient but keeps our costs lower which translates into savings for our clients.