by Katherine Raynolds
Did you read the 18 sections of the Facebook terms of service before joining? Probably not. Social networking platforms, Web-based e-mail, and other services, such as iTunes, Flickr, and YouTube, all have terms of service. And, for the most part, these terms are non-negotiable. If you want to use the service, you must agree to the terms.
However, as more businesses turn to online services to replace in-office software for everyday tasks—such as membership management and Web site content management—some terms of service are becoming more negotiable. With that in mind, there are a few things you should ask before you click “OK” to agree.
When it comes to using online services or platforms, also known as cloud computing, the biggest concern businesses have is the security, accessibility, and privacy of their data. Here are five main issues to consider before agreeing to any type of cloud computing service for your association.
Who is the service provider?
Is the cloud service provider owned by a parent company, a competitor, or a foreign agency? What happens to your service—and your data—when ownership of the cloud provider is transferred to another party? Do your agreements with other vendors prohibit you from contracting with this provider or using those products with cloud services? Does the service provider have the right to use sub-contractors?
Who controls my data?
Most cloud computing providers do not claim any ownership rights over your data. However, the terms of service may contain certain provisions allowing the provider license to use or access your data to, for example, promote their business. Know the terms when it comes to ownership and use of data.
What are the costs?
For online services that offer some customization (for example, a member management system with a special NRDS sync) there could be monthly, annual, or sporadic fees for updates and service of the product. Contracts should clearly and explicitly state what the provider is agreeing to deliver, when, and for what cost. You should also consider (and negotiate with the provider, if necessary) how they will measure performance and effectiveness of the service, and under what circumstances the provider may discontinue service.
What’s their privacy policy?
It is critical that you understand the provider’s privacy and security practices. You’ll want to ask: Who has access to the data? What encryption technologies are used by the vendors to authenticate access to the data and prevent hacking? Who is responsible for securing the data? What efforts are made to keep data segregated from other clients’ data? Are there backups? What is the disaster re-covery plan? How will the data be transferred back to you after the contract is terminated? Also, if servers are based in other countries, you will want to ask what laws, if any, govern security and privacy of data in those countries.
What happens in a dispute?
First, know which jurisdiction’s laws apply and whether the jurisdiction is negotiable. Can you adjust the contract to require that your data not be stored in certain areas so as to avoid those jurisdictions, perhaps foreign countries? Next, you’ll want to know what remedies are available. Providers will often attempt to seriously limit their liability in the event of a breach of the agreement. Ask yourself: Is the limitation of liability reasonable? What kind of damages may be awarded? Does either party have a duty to indemnify the other?
Although there are many other issues to consider in cloud computing agreements, the five listed here will provide a good foundation for understanding, reviewing, and negotiating a cloud computing contract.
Katherine Raynolds is a staff attorney with the National Association of Realtors® in Chicago. She can be reached at 312/329-8372 or kraynolds@realtors.org.