News

SaaS demands careful risk analysis, say IT lawyers

Warwick Ashford

Software-as-a-service can be a legal minefield and businesses should ensure they are aware of the risks before rushing in, say IT lawyers.

The potential pitfalls were laid bare at a conference on the software-as-a-service (SaaS) business model in London yesterday.

The conference was organised by IT industry associationIntellect, advocacy group Grid Computing Now and software anti-piracy organisation Fast.

Businesses need to understand all elements of a service contract to make an accurate risk analysis, said Andrew Hartshorn, partner at law firm Shakespeare Putsman.

Organisation should pay particular attention to contract exclusions as SaaS providers typically seek to limit their liability, he said.

According to Hartshorn, these can include responsibility for accuracy of data, loss of data, availability of service and infection by malware through the service.

Some contracts also place limitations on usage of the service and storage, so organisation need to be aware of the risk of additional charges, he said.

Businesses considering SaaS must also understand exactly how their data is transmitted, store and secured, said Dai Davis, partner at law firm Brooke North.

This is particularly important for organisations that need to comply with the Data Protection Act (DPA), such as those in the financial services sector, he said.

These organisations could be liable for prosecution if they trust their data to SaaS providers that do not comply with DPA requirements.

These include taking adequate steps to protect data and ensuring that it is not stored or transmitted outside the European Union, said Davis.

Businesses should sign up with SaaS suppliers only if they comfortable with all aspects of the contracts after a full risk analysis, both lawyers said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy