Frank Jennings is Head of Commercial, DHM Stallard LLP. Frank specialises in technology and new media and has advised private-sector clients such on managed IT services, as well as SaaS and cloud computing,and a public sector London Borough on the new IT system for their one-stop reception service. Legal 500 2009 says his “knowledge is exceptional because he has worked in-house for a software firm” and he regularly speaks at conferences on these topics. DHM Stallard LLP clearly describe what makes their law firm special on their website as follows:
Speaking your language
Unlike many law firms, we don’t operate in a legal ‘bubble’. We don’t indulge in ‘lawyer-speak’. We won’t swamp you with the intricacies of legal procedure or deliver impenetrable documents. We talk your language. We’ll explain the business benefits – or disadvantages – clearly and simply. So you will get the best legal advice, based on sound commercial principles.Legal experts with broad commercial experience
Our lawyers enjoy considerable business expertise from outside the legal profession. They know the law. But they also know that there’s life outside it – because they’ve been there themselves. Which means that you not only receive the benefit of first-class legal opinion – but also professional project management delivered by people with proven business acumen.
This morning he offered an overview of cloud ‘best practice’ in terms of the law. This is a great opportunity for the supplier to stand out, and to improve his market share.
Choice of Law
In the standard version, the customer will choose which jurisdiction. For a bespoke service, there is a negotiation to have had. The key difference is that in the US courts you pay for our own legal fees, and tend to contain a plethora of indemnities, and exclusions of liability.
Data control
Why should a cloud provider offer protection over the data? From the customer’s perspective, the critical system. Data providers can state where their data are based; many people requested would like to keep their data in the US. Local datacenters should be considered from the supply chain perspective. Transfer of data outside the Data Protection zone of European Commission needs to be regulated by ‘best protocol’. Customers should think about what happens if the dataset ‘falls over’. Does there need to be a hybrid solution? This is a great opportunity for the supplier to stand out.
Service availability and resilience
CEOs do not often check the SLA with the CTO. The SLA is a very transparent document, so the supplier can offer service levels but choose not to cover such as programmed maintenance. What kind of warranties will the cloud provider hold? Implied terms, such as satisfactory quality and fitness for purpose, can be extremely difficult to define. The assessment of risk is often a business decision, and a financial decision concerning insurance. The cloud provider and customers are going to have their own predetermined insurances, or is it an assessment where the business risk lies? Discussion by Andy Burton, CIF Chairman, CEO Fasthosts, considered that expectations can be much greater for third party contexts.
Termination
Termination issues need to be considered upfront – and it would seem legitimate for contracts to be terminated if there is a breach, or if the customer does not pay. The customer needs to consider whether the cloud provider can terminate without any real reason. Customers tend worry about control – the provider can change the terms without consent, which is typical perhaps in the social media scenarios. Changes can be ‘demanded’ on a rolling basis, and clearly from a customer’s perspective this is not desirable. This is a great opportunity for the supplier to stand out.
Deletion of data
Data security is a key issue. Providers can delete the data at some later data. The customer, it is mooted, should have a basic right to protect their data. Data can be quarantined, for example if there is contentious litigation involving the company. The customer should be allowed time (notice) to get their data safely transferred. This is a great opportunity for the supplier to stand out.
Service Transfer
The supplier should specify whether its systems are proprietary, and whether data will transfer. The CSP should not be afraid of providing assistance in an ‘exit strategy. This is a great opportunity for the supplier to stand out.
Conclusion
There is no ‘one size fits all’ agreement. There is a negotiation to be had, and providers can expect this. From a lawyer’s perspective, you need to work out where the liability lies, particularly in the case of reselling scenarios.