Any agreement between two parties begins with the rosy optimism that the good times will last forever. In the world of technology licensing and development, however, we know this is rarely the case. While this blog has previously considered data security oversight by the board of directors of the company, it is also important for a company’s legal and procurement teams to establish a plan for the security, use, and transition of its data throughout the contracting process. These issues are particularly important in highly regulated industries such as healthcare and financial services.
While there are many types of data issues that a company may need to address in any contract negotiation, our team has found that the following issues require consideration in nearly every technology licensing and development agreement:
- Data Delivery and Implementation. The agreement should address whether the customer is supplying any data to the vendor, the form in which that delivery will occur, and any other issues related to the transition of data from the old vendor to the new vendor. For example, in a software license agreement related to healthcare billing, the agreement should address the handling of electronic medical records and the data related to those records.
- Data Security and Disaster Recovery. Although the negotiation of these provisions could merit an entire article, your negotiators should at least consider basic matters such as whether the vendor has a SOC report, redundancy in its servers, or a disaster recovery plan. These issues are obviously most important in a context of “Software as a Service” or cloud computing.
- Data Use by the Vendor. As one considers the potential end of the contracting relationship, in most situations, the agreement should specifically provide that the customer retains the ownership of its data, including any data developed during the term of the agreement. The next question will be whether the vendor has the right to use customer data beyond the scope of performing its obligations under the agreement. In certain circumstances, the customer may be comfortable with the vendor using customer data in a de-identified, aggregated form for purposes such as improving a software solution or performing research on issues relating to the data. The agreement should also clarify whether the vendor retains those rights to customer’s data after the termination or expiration of the agreement.
- Data Transition Issues. Finally, the agreement should specifically provide how the customer’s data is transitioned from the current vendor back to the customer or to the customer’s new vendor. The parties can avoid disputes at the end of the relationship if the original agreement provided details such as the form of delivery, whether the vendor will provide any data transition services or if it is simply required to perform a data dump, and, of course, the fees for any of these obligations.
The end of any relationship is never easy. Nevertheless, if your legal and procurement teams address the basic data issues at the start of the negotiation process, the end will be smoother.