Software as a Service (SaaS), sometimes known as cloud computing, has been hailed as the next level of modern software. SaaS offers significant advantages to businesses and consumers alike, both in its cost and ease of use. This article will provide a basic overview of SaaS law and why developers and end-users alike need to understand the role an SaaS attorney plays in this new software.
With the proliferation of high speed Internet came the desire to access information more quickly and securely. At the same time, there were concerns with online privacy and data security.
Cloud Computing: Understanding the legal implications of Software as a Service (SaaS)
SaaS is unlike traditional software that you would purchase at a store on a cd-rom and install on your computer. SaaS is accessed over the Internet with the data (i.e. documents, pictures, contacts, notes, billing) being stored on the software developers servers rather than yours. Right now, I’m guessing many of you who are unfamiliar with SaaS are probably asking a simple question….”why would anybody do this?” The answer is simple: access and ease of use.
With SaaS there is usually no installation of any software on your computer, no updates or maintenance fees, and no upfront costs. SaaS, unlike the traditional software licenses, is based on a “subscription model”. Naturally, a subscription implies a continuing relationship between the provider and the user. In this case the provider of SaaS is the software developer and the user is you and I, the customer. Since there is no license, the end user are paying to have access to the service for as long as we pay for the subscription. Kind of like having a safety deposit box at a credit union where you have to pay to be a member. The types of SaaS applications range from document management programs and payroll, to data hosting and office productivity. The one thing that does not vary though is the concerns that people have with these types of applications.
SaaS Questions To Consider
As said before, SaaS is all about building a long-term relationship with the customer. Because of this ongoing relationship there needs to be a level of trust and reliability. The SaaS concern most people have are directly related to the developers ability to provide uninterrupted and secure access to the information. Therefore, before entering into a subscription for SaaS you should ask the following questions to the SaaS developer:
1) What kind of data security/privacy/confidentiality do you have?
2) How often is my data backed up? Do you have multiple backup data centers in different geographic locations?
3) What is the history of your company?
4) Can I obtain my data from your servers to backup on my computer?
5) If I cancel my subscription what do you do with my data, and how long do I have to backup that information?
An SaaS developer should be able to answer these questions with confidence, if they have consulted with an experienced attorney that handles SaaS law. This is because the SaaS company should have a subscription agreement in place that has been carefully drafted and reviewed by an SaaS law attorney.
Cloud Computing and Saas Subscription Agreements
The SaaS subscription agreement differs from your typical software license agreement that pops up when you install a cd-based program. This is because SaaS is not a license to use the software, but rather a subscription to access the software. Thus, the agreement must be flexible in order to build the ongoing relationship, but limit the liability of the SaaS company. A SaaS subscription agreement should cover, at the bare minimum: (1) what company holds the information; (2) what personal information is stored; (3) how the user is notified in case of a breach; (4) disclaimer of liability.
SaaS agreements can touch upon nearly every area of the law, from intellectual property to criminal law. Most laws are directed primarily at the security of the data, and the theft of data by criminals. As such, most SaaS companies must protect themselves and the data that is stored. The SaaS company can protect itself best by not overstating its security, as doing so could lead to costly fraud litigation (i.e. Don’t claim that the data is “100% secure” and “guaranteed to be safe” if it’s really not). In other words, don’t write checks your insurance liability policy can’t cash.
The SaaS agreement should state in writing what the companies security system consists of, including whether the company uses a firewall, how often they test for vulnerabilities, and your password-update schedule. Since data security is one of the primary concerns of most SaaS customers, a certain level of transparency must be had between the company and the user. The SaaS company can provide this transparency by including documentation to new users about its data security, and the steps the company takes to protect the information.
Get In Touch With A SaaS Layer
In spite of the risks, SaaS is flourishing. Our firm uses several types of SaaS applications because of their ease of use and ability to access the information from mobile devices to work computers. It not only makes the practice of law more efficient but keeps our costs lower which translates into savings for our clients.