Decoding (Mind-Numbing) Software Agreements: Part 22020-04-23T00:25:12+00:00
Decoding (Mind-Numbing) Software Agreements: Part 2

In the previous blog update (Part 1), I promised to continue decoding densely worded End User License Agreements (EULA). As discussed in the prior blog, the EULA is the agreement containing the terms the user of a software program agrees to abide by in using the software. In this blog, I address security. First, an excerpt from a standard form cloud services agreement:

“Company X shall notify Customer of any Unauthorized Access as soon as reasonably practical. In the event that any applicable law requires that any notice be given to Customer’s Service Users or clients, Company X acknowledges and agrees that Customer shall have control over the timing, content, and method of any required notification.”

Many companies have moved to cloud based software programs to store their data or a company may provide access to their internal systems to outside vendors to maintain the internal systems. Remember the Target hack from six years ago. The hackers gained access to Target’s network by stealing the credentials of a third-party HVAC contractor hired to monitor the Target network. The HVAC contractor was compromised by a spear phishing attack months prior. The hackers used the HVAC contractor’s stolen credentials to install malware on the Target devices.

Decoding (Mind-Numbing) Software Agreements: Part 2Determining what security measures the software provider, specifically a cloud based or third-party vendor with external access, has in place is important. The EULA may provide some safeguards or it may be silent on the issue. It is important to know: What security measure(s) does the cloud based provider or vendor have in place to protect from hacking attacks? What kind of reimbursement does the software provider give if it is hacked and it shuts down your company’s access to data for 2, 10, or 20 days? What kind of mitigation damages, if any, are provided for unauthorized access to your client’s or employee data? Will the software provider reimburse you for the cost to notify your customers of an unauthorized access event?

A company needs to ask the right questions before simply agreeing to the standard terms in a EULA. Mismanaging risk can cost a company in the end, not only in lost time but lost reputation with its clients.

Up next: Part 3 Continuing to Decode Software Agreements – Support AKA Updates/Modifications

By: Megan Evans


Ball Janik LLP is a Florida-based law firm offering construction law, construction defect, commercial litigation, insurance recovery, and real estate law to its local and national client base. Founded nearly half a century ago with six lawyers and a four-person support staff, the firm has expanded its capabilities, professionals, and geographic footprint. What began as a firm focused on real property and land use (known then as Ball Janik & Novack) has grown to include the insights of a team of attorneys and staff with a combined six centuries of experience. The firm has been recognized by Chambers USA, U.S. News & World Report and Best Lawyers®, The Best Lawyers in America©, and Corporate International.
No Blog Tiles found.