The enterprise software industry is undergoing one of the most significant transformations in its brief history. The battle for cloud supremacy among major software publishers has potentially significant implications for lawyers that represent both service providers and end users. While IT and business professionals can be easily convinced of the benefits of moving from on-premises software deployments to cloud based solutions, security, legal, and risk management professionals must take the lead in making sure that adoption of cloud software solutions makes good business sense. The legal issues in cloud contracts are different than traditional software licensing. Here is a list of key issues to look for when reviewing cloud contracts.
Law enforcement officers regularly use the Stored Communications Act, (Title II of the Electronics Communications Privacy Act of 1986) to compel email providers to produce customers’ email records to aid in criminal investigations. In a case pending in the Second Circuit Court of Appeals, Microsoft is testing the limits of exactly how far officers can reach in their investigations.
While there may be many other risks in a hosted or cloud relationship, the ones that have the highest impact on business continuity include availability, accessibility, data loss and recovery, escrow, acquisitions and divestitures, and continuity after termination.
Termination provisions are often overlooked when negotiating a software license agreement and yet they frequently play a significant role in license disputes. Consider five questions to navigate potential pitfalls.
Geographic or territorial licensing restrictions contained in some software licenses is an issue many businesses are struggling with.
It is important to review the indemnification and limitation of liability sections in license agreements to ensure that these provisions will cover the parties' complete relationship, not merely the use of the software products.
Companies may have every intention of running compliant shops, but day-to-day demands of business operations may thwart those good intentions. Given that, it makes sense for businesses to look for other alternatives to help mitigate their exposure.
When a buyer purchases the assets from someone selling a business, the buyer generally expects to receive all of the assets the seller used in operating the business. Sometimes this expectation is misplaced, particularly regarding software.
The importance of the cyber risk insurance requirement.
Many executives view management and protection of internal data and intellectual property as an information technology or a security issue. Many corporate attorneys are not involved in data security functions at all. This is a recipe for trouble.
Being unprepared for just one software license audit will convince any organization to invest in a software asset management (SAM) system and to gain the skills to use it. Maintenance is less expensive than an audit fire drill, Robert J. Scott says, and far less disruptive to the organization.
Cooperate or litigate? That’s the question company executives must answer when software publishers claim that the company is violating the terms of its software licenses. In our experience, the best strategy depends on a variety of legal and business factors. This article discusses common software dispute resolution frameworks and concludes that a combined approach of cooperation and preparation for litigation usually leads to the most favorable outcome for clients.
Reports of corporate data breachcontinue to pass through news headlines with such frequency that they barely merit a time slot in the evening news. However in 2006, as many as 9,300,000 Americans were victims of identity theft. According to the Better BusinessBureau, each victim lost on average more than $6,300 and over 40 hours on thephone with creditors and credit bureaus working to clear their names.Businesses suffer greatly as well, losing a collective $50 million each year asa result of data breach.
While publishers may have targeted smaller and nonstrategic customers in the past, many large enterprises are encountering software-compliance audits from publishers they consider strategic partners.
Cloud computing can deliver greater speed, flexibility, and tangible IT cost savings; three reasons why businesses should not disregard the cloud as hype. But entering into cloud computing contracts without understanding the inherent risks can cripple an otherwise healthy organization. The significant network security and data privacy risks associated with cloud services should be addressed through proper contracting and risk transfer using insurance.
Many enterprises are exploring virtual technology as a way to reduce both hardware and software technology costs related to IBM solutions. For disaster recovery, security, and resource allocation purposes, virtualization can present an attractive solution. However many organizations might reconsider virtualization if the stakeholders realized the total costs before deploying virtualized solutions.
Drafting Contracts for the Cloud
I am a lawyer that represents businesses in software audit cases initiated by software publishers and their trade groups including Business Software Alliance and the SIIA. I work with a team of lawyers and technology professionals defending software license disputes involving Microsoft, IBM, Autodesk, Oracle and Adobe. My clients range from global multinational corporations navigating enterprise agreements to small architectural firms targeted by Autodesk. Here are the secrets that I have learned in over 300 software audit cases across the United States, Canada and South America.
The Art of the Deal: A Guide to M&A Strategies for the Managed Services Profession
Cloud computing creates many legal issues, from jurisdictional questions to privacy and security concerns. For brand owners, the cloud can be an especially frustrating place, but by understanding the legal and business issues involved, IP risks can be balanced and mitigated.
A company needs to protect its confidential or trade-secret information from disclosure by employees and outsiders. Failing to implement appropriate safeguards may lead to important business data falling into the hands of those who would use it for malicious purposes. But, there are limits to what a company trying to protect its data can do. Exceeding those limits may lead to a court finding that the company’s program is unenforceable or, worse, that it constitutes an actionable breach of employee rights.
The Art of the Deal: A Guide to M&A Strategies for the Managed Services Profession
Podcast in which Rob Scott answers questions on insurance law issues—defending IP and technology claims—from John Czuba, Editor of Best’s Directory of Recommended Insurance Attorneys, and Brendan Noonan, of Best’s communication team.
Imagine you head a small company, with just a few dozen employees and computers. One day you receive a letter from a software industry trade group, such as the Business Software Alliance (BSA) or the Software & Information Industry Association (SIIA), informing you that it knows your company has unlicensed—or illegal—software within the network. They tell you to audit your whole system for improperly licensed software and hand over detailed results
Businesses and software developers who incorporate new or pre-existing open-source software (OSS) code as part of their hardware or software solutions are on the leading edge of a new dynamic in software licensing. Where the historical, proprietary model was based on protection and enforcement of the original developer’s ability to control how and by whom the software could be copied or modified, the new framework is based instead on protection and enforcement of subsequent developers’ and users’ abilities to freely copy, modify and re-distribute the original work.
Data breach paper discussing legal issues in network security and data privacy. Since California took the lead and enacted SB 1386, many states have followed suit and enacted similar legislation. While many state data breach noticication laws are similar, the laws contain varying definitions of personal information. The laws also provide for different types of notification after a data breach security breach.
Since February 2005, the identities of approximately 93 million people have been exposed because of data leaks.1 Ponemon Institute conducted a recent survey of almost 500 corporate information technology departments regarding the security risks associated with portable devices, such as laptops, personal data assistants (PDAs) and USB memory sticks. Ponemon reported that 81 percent of respondents have experienced a lost or stolen laptop or portable storage device.
Software audit strategy article. When company executives are approached by software publishers who claim that the companies are violating the terms of their software licenses, they often wonder whether they should cooperate or dig in and prepare for litigation.
Attorneys are increasingly confronting the significant ethical issues raised when a data-security breach occurs. Many traps exist for the unwary in this newly evolving area of the law, where the applicable statutes have yet to be interpreted by the courts and e-discovery concerns abound. This article provides a legal framework in this area of the law and explores ethical considerations arising when an attorney represents a client that has suffered a data-security breach.
In 2006 an estimated 9 million American adults were the victims of identity fraud at a total cost of $56.6 billion.2 There are a number of legislative efforts designed to protect the privacy, security, and confidentiality of customer data. One such law, the Gramm-Leach-Bliley Act (the “GLBA”), also known as the Financial Services Modernization Act of 1999, effectively repealed the Banking Act of 1933 and amended the Bank Holding Company Act of 1956.
Properly selected, the litigation forum can set the tone for an entire patent infringement case. There are many positives and negatives attached to every venue forum, and they differ depending on the party and perspective. For the individual inventor, a “rocket-docket” forum, like the Eastern District of Virginia or the Eastern District of Texas, or the newly available federal pilot program districts that are trying to duplicate the rocket-docket formula, can mean imposing early and strict case discipline, reigning in the paper chase, and placing David and Goliath on equal footing
A once fairly obscure law regarding credit card receipts has recently become a serious issue for numerous businesses. Consumers are becoming more aware of their data privacy rights, and attorneys have filed numerous lawsuits across the country based on alleged violations of Fair and Accurate Transaction Act of 2003 (“FACTA”). Attorneys representing any company that accepts credit cards should learn about FACTA, their clients’ potential exposure, and ways in which liability can be avoided. Businesses that handle a wide range of consumer information should also be advised regarding the effects of the FACTA Disposal Rule, another provision intended to lessen the possibility of identity theft.
Patent infringement litigation article. According to the Federal Circuit, a state-law claim that an attorney committed legal malpractice in connection with patent prosecution or patent litigation must be heard in federal court even when there is no diversity jurisdiction and all the claims are based on state law. The decision may impact malpractice claims in other areas as well, given the court’s pronouncement that “a federal court ought to be able to hear claims recognized under state law that nonetheless turn on substantial questions of federal law.
If you offer or are planning to offer managed services, it is important to select the right entity structure and work with experienced counsel to construct agreements with your employees, customers, and partners. This document identifies the legal issues facing MSPs from their inception, outlines strategic objectives, and provides sample contractual provisions used to achieve those objectives.
Over the past several years, software trade associations like the Business Software Alliance and the Software & Information Industry Association have aggressively pursued businesses around the nation, accusing them of software piracy. The outcome of this pursuit for many enterprises is significant fine money, the need to purchase additional software licenses at inflated prices and meaningful damage to their brands.
The Business Software Alliance is aggressively going after small and mid-size businesses, accusing them of software piracy. Many businesses are already under investigation, and facing potentially steep fines and bad publicity that could hurt their reputation with customers and business partners.
Most public companies treat SOX compliance and Software License Compliance as separate initiatives and rarely understand that compliance with SOX Section 404 is impossible without the tools, processes, and expertise necessary to achieve and maintain software compliance.
Shrinking IT budgets and fierce competition among software publishers have created explosive growth in the incidence and frequency of software audits—a mechanism by which software publishers investigate their customers to determine if they are in compliance with software licenses and copyright laws. In addition to developing internal enforcement operations, many publishers have engaged trade associations to perform enforcement activity under power of attorney.
While companies and individuals around the globe struggle to identify and understand the various regulations and laws that can be brought into play due to the international nature of the internet, courts are also struggling with new and complex issues of personal jurisdiction raised by internet activity.
While the new federal rules governing electronic discovery appear on the surface to offer parties a relatively simple means of avoiding discovery sanctions should discoverable electronic information be destroyed, the new rules, in reality, are not so simple.
A government investigation of the company responsible for those ubiquitous “Enzyte” commercials and an indictment of individuals operating a lab manufacturing Ecstasy have given two federal appellate courts the opportunity to consider the privacy of e-mail communications.
Shrinking IT budgets, fierce competition and a mature software market have increased the motivation for software publishers (such as Microsoft Corp., Adobe Systems Inc., Oracle) to conduct software licensing audits -- investigating their customers to determine if they have purchased enough licenses.