The following article was prepared by Mike Taylor, C.P.M. for distribution to NAPM affiliate newsletters.
A member of my professional network recently sent me a reminder about this article I wrote back in 1998 when we were all working hard to predict and address Y2K issues [does anyone besides me remember the Y2K hype?] Back then, the internet was only just beginning to explode. Today, interactive services, remote databases and shared online applications are ubiquitous. People log-in both at home and at the office to do online banking, online ordering, qualification training, resume building, job posting, package tracking, booking travel reservations, expense reporting and even manage HR departments.
Ever wonder what happened to all this data we provide to the internet? I hope you do. How web sites protect our personal data privacy is definitely a mission critical topic.
At home, the courts will try to protect the privacy of poor innocent consumer. At work, the company needs the services of a qualified and professional Supply Chain manager to write contracts which protect us legally when using software & web services.
Remember the news article about a computer programmer who threatened to sue 500 of America’s top companies for infringing on a software patent for a software Y2K bug fix. He claimed the patent rights and was demanding a royalty payment. This case was interesting because some of these companies probably got the Y2K bug fix from 3rd parties and/or consultants. But did anyone check to see if the consultants owned the rights to the software they were supplying? Unfortunately, some of them got burned because they didn’t ask.
This old article is still a very timely reminder for all purchasing people, that we are the first line of defense in our companies for legally protecting our rights. It will be an expensive reminder for some that software is generally an intellectual property in which we license the right to use the program rather than buy it outright.
Certainly the Software Publishers Association has made a name for itself in tracking down software piracy and illegal copies. We are all very sensitive to counterfeit software and using legitimate sources. Many of us also spend a lot of time making sure that everyone in the company knows about software issues as well.
But, what about situations that are a little more gray? If I set up an on-line e-commerce ordering system, who’s software will be I using to do so? Do I have a clear right to use it for that purpose? Does the seller have a clear right to license it to me? If I decide to change suppliers will I have to change software? Was the fancy "shopping cart" program that the consultant just installed for our e-commerce solution really his or did he "borrow" a critical portion of it?
Wherever our employees are using a web-based or remote application, we need to be concerned. Despite the fact that these are out of direct view, they are “purchased services”. Accordingly, I suggest asking a few questions and drafting contract language which protects your company’s interests. Here are some suggested topics to get you started.
As always, keep in mind that I am not a lawyer – I can’t afford the shark skin suits. The words you develop for your contracts should be coordinated with your company lawyer. These are just a few ideas to get you started.
1- Personal data privacy and ownership: Any information that Buyer’s employees provide to the web application must be protected from unauthorized distribution, used solely for the purpose of this agreement, remains Buyer’s property and must be returned or certified as destroyed when the agreement ends.
2- Application security: Any application the we agree to use on the web must be certified to be free of destructive virus and data piracy code. Contractor must have adequate web security controls in place, must agree to cooperate in any suspected security problem and will be responsible if it delivers malicious code to Buyer’s computer systems.
3- Spam control: Contract will ensure that any communication method between company and contractor employees is protected from spam and/or distribution to potential spammers.
4- Software ownership: Contractor certifies that they are the rightful owner or licensee of any software used to provide services.
5- Data mining: As a result of the relationship between company and contractor, certain composite data may become available. Contractor agrees to provide the buyer a copy of any data developed at no additional charge and agrees to ensure that any composite data used for marketing purposes does not identify our company or it’s employees.
6- Technology improvements: Significant improvements in technology or software either by the company or it’s competition, which are not made available by contractor, could be considered adequate grounds for cancelling the remaining term of the agreement in accordance with the cancellation provisions at no cost to the Buyer.
You might find some more ideas for topics to consider including in electronic information contracts in the language we drafted for our electronic commerce agreements. You can find an ancient copy of the original agreement in the back of the ISM standard Terms and Conditions publication or a slightly more current version on my web site at Trading Partner Agreement model
Even if you are not sure about what to say, ask the questions during the contract negotiation. A qualified contractor will have already considered the issue and may have an acceptable way of addressing the concern. A flakey contractor won’t have a clue about what you are asking or will dodge the question.
If you fail to consider the consequences, and cover yourself in a legally supportable contract, then you might as well just plan on paying the bills when the lawsuits arise.
As purchasing people, even if we don’t make the final legal decision, we need to raise the issue and make sure it gets addressed before signing the contract. Even though they may not admit it, I’m sure most legal counsels would rather answer a few extra questions, than run the risk of forgetting a potential problem. Drop the ball here... and you might as well just "Pay the man..."