We have previously visited the benefits associated with a cloud-based applications but understanding the risks is equally important. Here we will investigate what business and legal risks can arise when negotiating a SaaS application.

Risks Associated With SaaS Applications for the Purchaser

Privacy and Data Security

A client’s confidential data and critical proprietary will be processed in the provider’s cloud-based system. Although not restricted to commercial cloud providers, a data breach and unauthorized or unlawful infrastructure intrusion caused by criminal or malicious activity, data theft, hacking, espionage, or negligence happens at an alarming frequency.

There are a multitude of groups that may be interested in the sensitive information, including, but not limited to the following:

• Government agencies,
• Criminals,
• Insiders,
• Competitors, and
• Cyber terrorists

Uptime Commitment – Hosted Application Availability

When a critical application is not available, the client’s routine business operations could be significantly affected and damaged. SaaS vendors will usually agree to make applications available or accessible for at least 99% of the time. This, however, could be subject to certain exceptions such as Internet outage or routine maintenance.

Often SaaS Agreements are provided on multi-year prepaid annual licenses, anything you contract in to the future it is important to ensure yourself that you are adequately protected from unexpected change. An experienced SaaS Attorney can assist you in adequately identifying and managing some of these exposures.

Bankruptcy Issues or Insolvency of Cloud Providers

If a client cannot process critical data or access sensitive information because the cloud provider has gone out of business, it is essential for the client to have a backup plan or disaster recovery strategy in order to gain access to the information and mitigate the damage.

Compliance with Rigorous Data Security, Privacy Regulations, and Breach Notifications

According to the National Conference of State Legislatures, nearly every state in the U.S will have data breach notification regulations. Unfortunately unlike the EU each state may define the protected data differently, and regulatory requirements are different so are the notice requirements and remedies, Moreover they are changing continuously evolving New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) was passed on July 36, 2019 and went into effect October 23, 2019; while the California Consumer Protection Act (CCPA)  goes into effect on January 1, 2020 but has a 12 month lookback scope, you may need to be aware of personally identifiable information, also known as PII, is provided by clients to a company that hosts the data through a cloud server, and a breach in the security of the provider’s systems results in the unauthorized and unintentional disclosure of the PII of the client, the provider will be responsible for notifying the affected parties under the applicable breach notification regulations.

Additionally, American-based multinational companies that have facilities in the European Union, if users in the EU dial in, if your host service provide transmits data outside the US  and process the PII of European Union citizens, these companies will have an obligation to conform to the data security processes of European Union data security requirements.

Currently, the regulatory and legal aspects of data privacy are fluid. Nonetheless, cloud software clients and providers alike should expect stricter requirements. SaaS providers often offer certified facilities, processes and contractual commitments that help make it easier for you to safely manage the Information and Security challenges of doing business in todays marketplace,

Hire the Support of a Proficient SaaS Agreement Attorney

In today’s modern society, cloud-based systems of information are a necessity for many businesses and companies alike. Whether you are a client who is looking to enter into a SaaS agreement or a provider interested in distributing unique software, it is critical to contact the legal support of a professional attorney who has experience in SaaS agreement negotiations. A skilled and experienced attorney will champion for your company’s best interests in mind.

Attorney John P. O’Brien is exceptionally qualified in the fields of cloud-based programming systems and SaaS agreements. Working alongside software developers, Attorney O’Brien has the knowledge you need to negotiate the terms of your SaaS contract. Consult a skilled and proficient attorney today.