Home Computer Science
Confidentiality and Security
Like the other provisions that we have discussed in this chapter, the confidentiality clauses in vendor form software license agreements are typically drafted very narrowly and are one-sided in favor of the vendor.
■ Ensure that the confidentiality clause is mutual and protects the company’s information as well as the vendor’s information.
■ Read the definition of confidentiality and ensure that it is drafted to include all of the types of information that your company may be sharing with the vendor or that the vendor will have access to. Generally speaking, a broad definition of confidential information is favored.
■ While it is common in confidentiality provision in software license agreements to exclude certain types of information (e.g., information that was already known by the other party or was independently developed by the other party without access to your company’s confidential information), be sure to review these exclusions to ensure that they don’t conflict with the obligations of confidentiality in the agreement or otherwise lessen the vendor’s obligation to keep your confidential information confidential.
■ Each party should have an obligation to use a high degree of care to keep the other party’s information confidential. This standard of care should be at least equivalent to the standard of care that a party uses to protect its own confidential information.
■ The duration of the confidentiality obligations in the software license agreement should extend throughout the term of the software license agreement and for at least a number of years thereafter. Trade secret information should be protected as a trade secret for so long as the information is a trade secret or as otherwise prescribed by applicable law.
In certain software license agreements, it is important to describe what the requirements are in the event one of the parties is compelled, by court or government authority, to disclose the confidential information of the other party. In such a case, consider the following terms:
■ Tlie receiving party must promptly notify the disclosing party of this requirement.
■ The receiving party will not release the confidential information while the disclosing party is contesting or opposing the disclosure requirement.
■ The receiving party must cooperate with the disclosing party and provide assistance to the disclosing party with respect to the disclosing party’s efforts to prevent the disclosure.
■ Any compelled disclosure will not affect the receiving party’s obligations with respect to confidential information that is disclosed (i.e., as a result of the disclosure, the information disclosed will not become one of the exclusions to the requirements of confidentiality in the software license agreement).
Additional requirements with respect to confidentiality include the obligation of the receiving party to return or destroy the disclosing party’s confidential information upon expiration or termination of the agreement or as otherwise requested by the disclosing party.
■ These requirements may include the obligation of the receiving party to provide a notarized written statement to the company certifying the destruction of the disclosing party’s confidential information.
■ Confidentiality clauses in software license agreements commonly contain an acknowledgment of both parties that, due to the unique nature of confidential information, there is no adequate remedy at law (e.g., money damages) for breach of confidentiality obligations, and therefore, each party would be permitted to seek and obtain equitable relief (e.g., injunction) without the requirement to prove any loss.
Security is an area that is commonly forgotten in software license agreements. However, in situations where a vendor will have access to critical customer information and will be storing that information in its own data center, it is critical that the software license agreement contain terms and conditions in addition to the confidentiality obligations discussed in this chapter. The vendor’s requirements in this area commonly include a requirement that the vendor maintain and enforce physical security procedures that are consistent with industry standards and that provide safeguards to protect against the loss, disclosure, and modification of the customer’s confidential information.
Maintenance and Support
Maintenance requirements generally define the vendor’s obligations with respect to keeping the software current via updates, upgrades, enhancements, new releases, and the like. Support requirements generally define the vendor’s obligations to provide technical support for the software, for example, when the software doesn’t work in accordance with the specifications or documentation, telephone and on-site support requirements, and the like. When thinking about what provisions are required in a maintenance and support agreement, it is necessary to go back to the original critical considerations, particularly with respect to how critical the application is that your company is licensing. For the most critical applications, your company will require a level of service, such as for responses and resolutions to issues, much greater than for less critical applications where problems don’t impact the business as severely. In any maintenance and support provisions in software license agreement, the parties should consider terms such as the following:
■ Maintenance and support fees are typically a percentage of the actual license fees that are paid by the customer to the vendor. These can vary widely, but are commonly in the 12%-18% range. Consider locking pricing on support and maintenance for a fixed period of time (e.g., three years) and then negotiating a cap on maintenance and support fee increases over time (e.g., no more than the percentage change in the applicable CPI or 2%).
■ Software is generally heavily discounted off of vendors’ list prices. Be sure that your company is paying a percentage of what you actually paid for the licensed software for maintenance and support and not a percentage of list or any other price.
■ Tire parties should consider the support term—generally at least a year with options to renew for multiple additional terms of one year each.
■ In many instances, it is appropriate to include service levels with respect to the support that is to be provided by the vendor. This can include, for example, obligations with respect to a vendor’s response to a problem and required problem resolution times. Where such service levels are included, consider providing a remedy for your company in the event the vendor does not perform the support as required.
■ Consider what training may be required with respect to the licensed software. This will include the location of the training, any travel that is included in the price that your company is paying for the licensed software and the support and maintenance services, how many of your company’s personnel can attend the training, the cost to your company if additional personnel want to participate in the training, and requirements with respect to the materials that must be provided by the vendor.
■ Ensure that the vendor is required to provide support throughout the term of the agreement and after the term expires as required. Under no circumstances should the vendor be permitted to withhold support, even if there is a dispute between the parties.
■ Consider the amount of time that your company will need to implement new releases. Many vendors will require a short window for implementing new releases, and if the customer doesn’t implement within the short timeframe, they will fall out of compliance with the maintenance and support terms. The customer should require as much time as necessary (e.g., six months from the date of delivery) to implement new releases so that it can stay current on maintenance and support obligations.