Tech & Sourcing @ Morgan Lewis


Big Data: It is in the news every day, and industry researchers can't say enough about the potential value of data and predictions for the data analytics market. So it seems like a natural progression that the rights to use aggregated, de-identified data provided or generated in connection with service relationships are in the spotlight. Procurement outsourcers want to leverage the cost and payment data they receive from suppliers on behalf of clients to benchmark what is "market." Human resources service providers want to leverage data regarding employee behavior and acceptability (such as with self-help) to enhance their services and improve the user experience. Information technology service providers want to aggregate performance data, including service-level commitments, to demonstrate and market their best-in-breed systems and processes. So, what do customers need to think about when a vendor requests a provision stating that it can use the customer's data in an aggregated, de-identified form? Set forth below are five key questions for customers to consider.

  1. What are the types of data that may be aggregated? It is important to be clear on what data the vendor is looking to aggregate. Is it service performance data (such as availability statistics or customer satisfaction results), employee-related data, or cost data generated from other vendor relationships? Provisions that allow for broad aggregation rights of customer data are generally not desirable. There may be instances where the customers are willing to allow the vendors to aggregate certain types of data—typically on the theory that they want to benefit from the aggregated data as well.
  2. Do you own or have the right to use the underlying data? One of the biggest show stoppers that we have come across is that the vendor wants to aggregate data that the customer does not own or that is subject to confidentiality provisions with other providers. It is important to evaluate whether you have the right to allow a vendor to use and aggregate certain types of data or whether consents from third parties are required.
  3. How will the data be de-identified and aggregated? Provisions that state that the data will be de-identified and aggregated may not be enough. The customer may want to understand how the identifiable data is used (and in which databases and with what protections) as well as how the identified data is de-identified. Are fields deleted or masked? How are names and references removed? What happens if the data is identifiable now or at some later point? This is a key issue for all types of data aggregation, but it is of particular importance if the data has any personal identifiers or relates to health providers or healthcare users.
  4. What is the aggregated data’s scope of use (should there be any express restrictions)? What will the vendor use the data for? Is it for internal use, marketing purposes, use with other customers, or use as part of a product offering? Can the data be used to provide a competitive advantage to a competitor? The customer should also consider whether the vendor should shield the customer from any issues or damages that arise from the use of the aggregated data.
  5. Who has the right to use the aggregated data, and who owns it? It is clear that vendors want to use and leverage data in aggregated forms, but should the customer have the right to use any aggregated data as well? Is it valuable for the customer to have access to any aggregated data? An issue that does not always have a clear answer is who owns the data in the aggregated form. Has the customer given up any rights in the underlying asset if it allows the vendor to own the aggregated data? The contract should allocate ownership and use rights in the data’s aggregated form, as well as the data inputs, any data combined with the underlying data, and the data output.

As the value of data and the tools available to mine and analyze data continue to grow, the rights regarding data aggregation and use will take on greater focus and continue to evolve. Keep a lookout for future posts on how customers are navigating the universe of Big Data.

This post is part of our recurring “Contract Corner” series, which provides analysis of specific contract terms and clauses that may raise particular issues or problems. Check out our prior Contract Corner posts for more on contracts, and be on the lookout for future posts in the series.