Decoding (Mind-Numbing) Software Agreements: Part 22020-04-23T00:25:12+00:00
06.19.2019 // CONSTRUCTION LAW WATCH
Decoding (Mind-Numbing) Software Agreements: Part 2

In the previous blog update (Part 1), I promised to continue decoding densely worded End User License Agreements (EULA). As discussed in the prior blog, the EULA is the agreement containing the terms the user of a software program agrees to abide by in using the software. In this blog, I address security. First, an excerpt from a standard form cloud services agreement:

“Company X shall notify Customer of any Unauthorized Access as soon as reasonably practical. In the event that any applicable law requires that any notice be given to Customer’s Service Users or clients, Company X acknowledges and agrees that Customer shall have control over the timing, content, and method of any required notification.”

Many companies have moved to cloud based software programs to store their data or a company may provide access to their internal systems to outside vendors to maintain the internal systems. Remember the Target hack from six years ago. The hackers gained access to Target’s network by stealing the credentials of a third-party HVAC contractor hired to monitor the Target network. The HVAC contractor was compromised by a spear phishing attack months prior. The hackers used the HVAC contractor’s stolen credentials to install malware on the Target devices.

Decoding (Mind-Numbing) Software Agreements: Part 2Determining what security measures the software provider, specifically a cloud based or third-party vendor with external access, has in place is important. The EULA may provide some safeguards or it may be silent on the issue. It is important to know: What security measure(s) does the cloud based provider or vendor have in place to protect from hacking attacks? What kind of reimbursement does the software provider give if it is hacked and it shuts down your company’s access to data for 2, 10, or 20 days? What kind of mitigation damages, if any, are provided for unauthorized access to your client’s or employee data? Will the software provider reimburse you for the cost to notify your customers of an unauthorized access event?

A company needs to ask the right questions before simply agreeing to the standard terms in a EULA. Mismanaging risk can cost a company in the end, not only in lost time but lost reputation with its clients.

Up next: Part 3 Continuing to Decode Software Agreements – Support AKA Updates/Modifications

By: Megan Evans

ABOUT BALL JANIK LLP

Ball Janik LLP was founded in 1982 with six lawyers and a four-person support staff in Portland, Oregon. Since our firm’s inception, we have expanded our capabilities, our professionals, and geographic footprint. What started as a firm focused in real property and land use (known then as Ball Janik & Novack), has grown to include the insights of a team of 30-plus attorneys, with a combined six centuries of experience, and capabilities including Real Estate and Land Use, Construction Defect, Commercial Litigation, Insurance Recovery, Construction and Design, Employment, Finance and Corporate, Public Agencies and Schools, and Community Associations. With offices in Florida and Oregon, our regional growth has earned us a national reputation for upholding the rights of our clients.

Ball Janik LLP has been recognized by Chambers USA, U.S. News & World Report and Best Lawyers®, The Best Lawyers in America©, and Corporate International. Ball Janik LLP’s success and integrity have repeatedly made it one of “Oregon’s Most Admired Professional Firms,” according to the Portland Business Journal’s survey results of CEOs throughout the region.