There are two primary models by which vendors will make software available to customers (1) software as a service (SaaS); and (2) on premise. In a SaaS model, the vendor provides, maintains, and hosts (either itself or through a hosting SaaS vendor) the desired software, and grants the customer access to the software functionality via the internet. In an on-premise model, however, the vendor will deliver the software (either physically or through a file transfer system) for the customer to install on its servers behind the customer’s firewall.
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
Please join us for an in-depth discussion on how to successfully renegotiate your existing services contracts with technology, outsourcing, and commercial transactions partner Vito Petretti. Topics will include:
- A general look at the renegotiation process
- Business issues and drivers involved in renegotiation
- How to conduct a renegotiation
- Contract terms that may impact renegotiation
We hope you’ll join us on Wednesday, April 8, 2020, from 12:00–1:00 pm ET.
One of the major changes introduced by the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which was signed into New York law last year, is scheduled to take effect this week.
The SHIELD Act modernized New York’s laws by (1) expanding the data elements that may trigger data breach notification to include certain biometric information, user names or email addresses, and account, credit card, or debit card numbers, if circumstances would permit account access without a security code or other information; (2) broadening the definition of a breach to include unauthorized “access” (in addition to unauthorized “acquisition”); and (3) creating a new reasonable security requirement for companies to “develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of” the private information of New York residents. The first two changes took effect on October 23, 2019, while the third will take effect on March 21, 2020.
The Financial Stability Board (FSB) published on December 9, 2019, its report on financial institutions’ increasing reliance on third parties to provide cloud computing services (the Report). Established by the G-20 in April 2009 to promote international financial stability, the FSB is an international body that assesses vulnerabilities in the global financial system and coordinates the work of national financial authorities and international standard-setting organizations to develop and promote appropriate regulatory and supervisory policies.
The Report outlines the benefits from the increasing use of third-party cloud computing services, focusing primarily on cost savings, improved competition and cybersecurity, and increased operational resilience. It notes, though, the new challenges that the current scale of use may pose, such as the significant and systemic effects that an operational failure of critical third-party infrastructure could have. This is due to the highly concentrated cloud computing sector and the increasingly complex network of third-party suppliers and dependencies.
Morgan Lewis recently published an article on the 2019 Novel Coronavirus (COVID-19) outbreak and its effect on General Data Protection Regulation (GDPR) in the European Union. This article discusses the nature of the temporary suspension of some data-protection rights in times of crisis, and how the need to address the ongoing health crisis is being balanced with data-protection rights in Italy, France, and Germany.
In cloud services, whether it is infrastructure as a service (IaaS), platform as a service (PaaS), or software as a service (SaaS), service availability is often a significant customer concern because the customer is relying on the vendor to provide and manage the infrastructure and related components that are necessary to provide the services. To address this concern, vendors will often provide a Service Level Agreement (SLA) containing a commitment that the service will be available for a percentage of time (e.g., 99.9%) during a certain period (e.g., week, month, or quarter). This is often referred to as an uptime or availability commitment. When reviewing and negotiating an SLA with an uptime commitment, it is important to consider the following issues.
Given the different types of cloud services and how those services are used, there is no standard uptime commitment provided by vendors. Rather, uptime commitments can range from 99.999% to 97% or even lower. It is also not uncommon for vendors to provide different uptime commitments for different parts of the service. Ultimately, a vendor’s uptime commitment will depend on a variety of factors, including the type of service, how a customer will use the service, negotiating leverage, and vendor’s business model.
Trainee associate Valeria Gaikovich contributed to this post.
Following adoption of the law on the preinstallation of Russian software on electronic devices in December 2019, the Russian Federal Antimonopoly Service (FAS) has developed draft guidelines to determine the types of electronic devices that will be subject to the new regulations, as well as the deadlines and procedures for the preinstallation of domestic software. The draft guidelines will not apply to electronic devices manufactured or released into circulation in Russia before July 1, 2020.
According to the draft guidelines, as of the dates set forth below, all touchscreen electronic devices with two or more functions (e.g., smartphones, tablets, smart watches) must have the following apps preinstalled:
Please join us in our Philadelphia office for our annual Technology, Outsourcing & Commercial Contracts Networking Roundtable. The roundtable will feature an in-depth discussion of hot topics relating to the increased connectivity of our businesses, including privacy concerns, data rights, cloud solutions, and contracting for the use of connected devices. Stay connected with us at the networking reception following the discussions.
We hope you’ll join us in Philadelphia on Thursday, April 16, 2020, from 3:30–5:30 pm ET.
Please join us for an in-depth discussion of subcontracting provisions and their effect on commercial transactions with technology, outsourcing, and commercial transactions of counsel Emily Lowe. Topics will include:
- Flow-down obligations
- Royalties and compensation
We hope you’ll join us on Wednesday, March 11, 2020, from 12:00–1:00 pm ET.
In a long-term outsourcing, software as a service (SaaS), or other services agreement, the customer will typically push for a termination right relating to the service provider’s breach, and perhaps for an insolvency event or change in control of the service provider. However, the customer should also consider including the right to terminate for its convenience (without cause), which could cover any of the following situations:
- The customer is not satisfied with the service provider’s performance under the contract even though the provider is meeting its service level and other performance requirements under the contract.
- Many alleged breaches by the service provider are initially “black and white” in the view of the customer, but they turn “gray” when the service provider pushes back and alleges nonperformance, nonresponsiveness, lack of cooperation, and the like on the part of the customer. Adding the customer’s right to termination for convenience can avoid the potential dispute over whether the customer has the right to terminate on other grounds.