DigiContracts
OUR
GUARANTEE 		Twitter Linked In

Chip Cooper


PRIVACY
Essential Website Compliance Internet Marketer Pro SaaS Marketer Pro Software Marketer Pro Browse List of All Documents

Q&A With SaaS Lawyer Chip Cooper: How to handle data security in my enterprise SaaS agreement?

As a SaaS lawyer, I've been asked a lot of questions about SaaS agreements and SaaS reseller agreements. This Q&A is based on actual conversations as a SaaS lawyer with clients.

Q: How to handle data security in my enterprise SaaS agreement?

The issue of data security in an enterprise (or corporate) SaaS agreement is usually a highly negotiated issue.

This is because the enterprise customer for SaaS services wants maximum protection for data security. The enterprise customer wants its data processed and archived in the SaaS vendor's servers (in the cloud) to be secure.

Maximum protection usually means shifting all of the risk to the SaaS vendor. And if the risk shifting is successful, it means that the SaaS vendor will be responsible for any and all security breaches, and perhaps even to the extent of indemnifying the customer.

The effect of this risk shifting is to make the SaaS vendor an insurer against all losses attributable to a security breach. Being an insurer is OK, IF the vendor's pricing model takes this risk into account. So far in my practice, I've not seen a single SaaS vendor price its services to include an insurance "premium" so to speak.

One way for SaaS vendors to deal with the issue is to agree to a standard for data security. The standard could be general in nature, such as compliance with reasonable data security measures that are generally followed in the industry. Or, the standard may be more specific, such as standard set by the EU Safe Harbor. Or the parties could agree to a very specific negotiated standard. The key to this approach is that once the standard is agreed upon, the SaaS vendor should agree to be responsible for a security breach only if it's enabled by the vendor's failure to comply with the standard.

A related issue is who is responsible for data breach responsibilities when there is a security breach. Breach notification may be prohibitively expensive, so this is an important issue that's part of the overall issue of data security.

. Chip Cooper

Go to our SaaS lawyer page.

Copyright © 2011 Chip Cooper

This article is provided for educational and informative purposes only. This information does not constitute legal advice, and should not be construed as such.

WANT TO USE THIS ARTICLE IN YOUR EZINE OR WEBSITE? You may, as long as you reprint the article in its entirety with live links and include this blurb with it:

SaaS attorney Chip Cooper has automated the process of drafting Website Legal Forms. Use his free online tool - Website Documents Determinator -- to determine which documents your website really needs for FTC website forms and website legal compliance. Discover how quick, easy, and cost-effective it is to draft your website contracts at http://www.digicontracts.com/.

 

Legal-FTC Guides Disclosures  |  Terms of Use  |  Privacy Policy
Digital Contracts, Inc. | 115 Perimeter Center Place, Ste. 170, Atlanta, GA 30346 | Phone: 770-664-8555 | Fax: 678-623-9020

We will never sell, rent, or give away
our email list for 3rd party marketing.
Our Privacy Policy also applies.