(By Philip Carnelley, Fri 3 Jul 2009, 09:10) Many thanks to Clive Gringras and the Olswang team for a very interesting seminar last night on SaaS and the Cloud – I have not heard a lawyer’s perspective before. In particular, it had never crossed my mind that TUPE regulations might apply. In one case I heard about, a large corporate decided to transfer its email service to a SaaS hosted equivalent. This meant they no longer needed the dozen or more staff to run it in-house. The company in question was about to give the support team their marching orders when the lawyers mentioned the dread words: “TUPE!!” While in principle the transferee is liable under TUPE regs, in practice there is generally an indemnity clause making it the transferor’s responsibility.The main lesson here is that you need ‘best practice’ to draw up a SaaS contract similar to any ‘traditional’ outsourcing contract. But beware! The good law folk said that standard contracts, even from the major SaaS suppliers, are very light on the sort of information you might expect to see in a standard outsourcing contract. For example, specifying where the data will be stored, whether it can or will be moved, who can access it – these terms are rarely present. So where are you on data protection? And, do the contracts cover your right to access the data if you cease using the service or the SaaS provider chooses to cease operating the service? What assistance will the SaaS provider offer should you choose to move to another provider? This could be a real minefield. In the legal parlance, the change in risk profile makes contract due diligence an imperative. Caveat Emptor!
No comments:
Post a Comment