Category Archives: risk

Confidentiality Exclusions versus Disclosures

When dealing with confidential information, one of the key areas of concern is where information that would otherwise be considered confidential loses its protection.  In most contracts, there are four situations where confidential information ceases to be confidential information and can be released.  Information that:

  • was in the public domain prior to, at the time of, or subsequently to disclosure;
  • was in the lawful possession by recipient prior to disclosure and was not already covered by a confidentiality provision;
  • is subsequently acquired by recipient through lawful means from a third party who is not under an obligation of confidentiality; or,
  • is subsequently developed by recipient without use of or reference to the confidential information.

For these four items, information that was confidential now is not.

There’s a fifth reason which would allow for disclosure, but I argue, shouldn’t change the nature of the information from confidential to non-confidential: disclosure pursuant to court order or legal process.

In this fifth scenario, we’re talking about a situation where a court of competent jurisdiction orders the release of information, usually to the court, as part of a judicial (or extra-judicial, like arbitration) process.  The information is going to be disclosed because of it’s probative value – that simply because it’s confidential doesn’t mean that the court shouldn’t consider it as part of whatever is the subject of the litigation.

But that doesn’t mean that I want that information to change status to non-confidential information.  Rather, what I want is to keep that information confidential even AFTER the judicial review.  This is possible through the use of protective orders and other legal procedures.  But if your contracts say that a judicial process will change the information’s status to non-confidential, a single well-strategized lawsuit can unintentionally release a lot of otherwise-confidential information into the public domain.

The best way to handle this is to make sure that your confidentiality provisions clearly segment release of confidential information pursuant to a court order from the other four reasons by which confidential information becomes non-confidential.  Additionally, include language that requires the disclosing party (the one responding to the court order) to:

  1. Notify the owner of the confidential information that such court order is being pursued/followed/responded to.
  2. Reasonably assist the owner of the confidential information in obtaining any available legal protections.
  3. Only disclose the specific confidential information requested by the court order (not just hand over everything).

Jeff Gordon Quoted on SpendMatters Today

Today’s edition of SpendMatters discusses merger and acquisition issues as they relate to software licensing.  Jason Busch was kind enough to seek my opinion on the matter and through my long and winding response, he pulled out the best nuggets.

At the end of the day, the time to think about M&A-related stuff is when you’re entering into each relationship… not when the vendor announces they’re getting bought or sold.

Four Disadvantages to Using SaaS for Your Small Business

This is a blog response to DreamSimplicity’s “4 Advantages to Using SaaS for Your Small Business“.  DS is correct, SaaS offers several great advantages that small businesses can exploit – such as obtaining access to enterprise-class software once priced outside non-enterprise reach.  But all is not rosy and wonderful in the SaaS world.  It pays to consider all options before moving ahead with any software product, and some risks are exacerbated by a SaaS environment.  Here are four to consider:

  1. You’re still small and probably have no leverage to negotiate the license.  Even SaaS vendors offer negotiable software licenses to customers who buy above a certain threshold.  As a small business, you’ll be less likely to meet that threshold and will be tied to their unmodified EULA.  Take the time to read this document carefully, it’s the setup for the next three issues.  Oh, and just because you’re small doesn’t mean you can’t TRY to negotiate.  ALWAYS ask for the changes you want – the worst they say is “no.”
  2. The SaaS provider is going to have your data.  Building your business from the ground up within one of these platforms is terrific.  However, once you mature to the point where you consider switching, you might only now start to consider how to get your data out of the system.  If you think of this up front, you might be able to get a small change to your contract to allow you easy access to your information.  If not, do the research to see how you can export data.  Zoho, for example, is awesome.  But there’s almost no way to easily get all of the data from a fully-populated database out of ZohoCRM.
  3. The SaaS provider is going to be storing your data.  Depending on your business, you might have certain regulations governing the acquisition, storage and use of the information you gather from customers.  Again, if you’ve clicked “I Agree” to the standard EULA, chances are, the vendor isn’t offering any real protection of data.
  4. You have to consider the potential for your provider to go out of business.  With the SaaS model, you only have access to the application for so long as the provider is viable.  If the provider goes away tomorrow, so does your access to the application (not to mention your data).  As a small business, you probably won’t have access to some of the enterprise-class contract provisions here either – such as escrow, guarantees for unexpected terminations… heck, even termination notice.

So, while SaaS can offer extremely valuable opportunities, there are pitfalls, too.  Just be aware – for even if you can’t do anything about these issues from a contractual perspective, you can try to deal with it from a business planning perspective.

Keeping Track of Your Stuff is Easy with a Good CMS

D.C. Toedt over at On Technology Contracts posted a recent article about keeping track of Insurance Certificates.  He relays a great story about the importance of asking for them, but more importantly, being able to produce them when needed.

This is such a simple thing to do when you have a good Contract Management System.  It’s merely another document you’d upload and track.  Heck, Novatus Contracts even allows you to create event notifications for certificate renewals.  Need to remember to ask that it’s expiring?  No problem – the system will automatically send the alert to the vendor (you can get cc’d if you wish) asking for a new one.  It’ll even take it one step further.  If you don’t “close out” the event after a certain date (such as when you receive the new certificate), you can re-route the alert to you (or whomever is in charge of managing that vendor) for handling.

Of course, this is also available for any other supporting documents you want to include or for any other trackable metrics (milestone due dates, payment dates, etc).

But you have to have a system that can handle it.  What would you rather have: the mild expense of a good contract management system?  Or the exhorbitant expense of an unexpected and uncovered personal injury claim?  Yeah, I thought so.  Tell Novatus I sent you or request information here.

Mutuality, or, What’s Good for the Goose is Good for the Gander

In several recent deals I’ve had the very unpleasant tasks of redlining virtually every section of the agreement because I felt that the terms weren’t mutual.  In other words, the language was completely one-sided so that only the document drafter received any benefits under the agreement.  If you’ve never encountered this scenario, these documents are nightmares to go through.  You never really relax and feel like the agreement was written to be fair to both sides, so you start to get jumpy about every little misplaced comma.

Mutuality is a key concern for me.  If a contract is supposed to be an apportionment of risk – a meeting of the minds as well – how would it be interpreted in the event that we had some sort of disagreement?  Would the courts find that we actually had an agreement at all?  Or, using the severability clause, would the court excise much of the agreement and leave only a few basic operable paragraphs?  However you might imagine it playing out, I simply don’t like the feeling that an agreement is all obligation for one side, and all benefits for the other.  So, in almost every clause, I look to make things mutual as much as I can.

This is especially important (and unfortunately starting to be more commonly seen) for Limitation of Liability language.  Make absolutely sure that your party is protected by LoL language.  There are, of course, exclusions to LoL, and those too should apply to both parties.  But do not let an agreement get signed that only caps the liability of the other party. (This happens to be one of the few areas where I’ll use every ounce of control I have to block a deal.)

On the flip side, each parties obligations (and thus, warranties) are at least slightly (and sometimes significantly) different.  Here, mutuality in spirit is what I’m looking for – not an exact duplication in language or deed.  For example a software provider might warrant that their product is four-digit-year compliant (yes, I still ask for this).  But the customer doesn’t have any control over this.  So I wouldn’t want it to be a mutual warranty.  However, the customer can warrant that any information provided to the vendor is accurate and reliable.

Overall, I just watch for balance.  When I don’t see it, I add it.  When I don’t ever feel it, I warn my business owner(s).  When I don’t get it, I suggest looking elsewhere.  Everyone should take this opportunity to review your template agreements.  Are they balanced?  Why wouldn’t they be?  I haven’t said this yet in this forum, but it seems to be turning into my favorite phrase of 2009:  “In negotiations, you can screw someone else.  Once.”  The cost for finding new customers, however, significantly outweighs the cost of keeping old ones.  Write your deals for the long-run (such as by being mutual) and you’ll both be happier.

Economic Renegotiations

In an interview with Inc magazine the other day, I was discussing the effects of the current economic situation on contract negotiation potential.  More specifically, everyone seems to believe that the current downswing is cause for not only some great deals, but also for the potential to create some re-negotiation possibilities.  In other words, the various authors of these pieces are looking for confirmation that now is a great time to buy.  Well, my advice on that issue is pretty simple and I’ll point you all towards the article when it comes out.  😉

I’m more concerned at the moment with the opportunity for re-negotiation because this opportunity does actually exist.  But it’s an opportunity that ALWAYS exists.  The current economic situation is merely bubbling the issue to the surface.

Now, I’ve literally just spent the last half-hour writing and re-writing an attempt to eloqently and gently explain how negotiations are supposed to work and how they’ve not really worked over the last few years due to bullies (both on the vendor and customer sides of the transactions).  The truth, however, is that there isn’t a nice way to explain it.  The negotiation situation has been bad and it continues to be bad – even after the current downturn has made everyone more acutely aware that bad deals are worse when the economy turns sour.  So I’m just going to be really blunt.

Folks: do good deals.  Work well with each other to make sure that each party’s true needs (and a few of each party’s wants) are met during the deal.  Look deeply into the financials of the deal, as well as how they’re calculated.  Don’t guess, don’t assume, don’t overestimate.  Use real numbers, actual counts and a solid basis for each transaction.  Get rid of puffery, boasting, bloating and non-essentials.  If you only THINK or BELIEVE something is going to come to pass, don’t base the deal on it.  Rather, find a way to add it in as a POTENTIAL opportunity – a possible future transaction.  But don’t commit to an uncertain future.

In more Plain English™, buy what you need, sell what you have.  If you don’t need it or don’t have it, don’t do the deal.  Don’t use pretend numbers to support the transaction or the promise of potential to entice you into something that won’t work for you in the current state.  And don’t expect either party to return to the table when the economy goes bad or things don’t work out as planned for you.  Your problem isn’t THEIR problem.  (Perhaps you’ve heard this as “Poor planning on your part doesn’t constitute an emergency on my part.”)  And, for the people who are thinking it, this is not a situation for force majeure.  Economic fluctuations are understood and always possible.

Again, do good deals.  Apply the Five Fundamental Skills for Effective Negotiation.  If you need/want help, get it.  Oh, and contrary to what is happening with certain large industry players at the moment, don’t expect someone else to bail you out because you didn’t plan.  If you haven’t learned the lesson so far, let’s put it in Plain English™, too:  The economy swings both ways.  Unexpectedly.  More often than we’d like.  Regardless of your political leanings, fiscal and risk conservativism is always appropriate.

Moody’s Bottom Rung

Moody’s released their Bottom Rung list the other day – the list of 283 out of the 2073 companies they review that they think are most likely to default on their debts.

Moody’s Bottom Rung 3.1.09 – Get more Business Plans

Thanks to Supply Exellence for the scoop – and a more detailed analysis of the document.

I’d check to see if your vendors (or your customers) are on the list.  Hopefully, you’re already performing semi-annual financial reviews, so none of this would come as a surprise.

Notes from the “I told you so” file

Well, it didn’t take too long.  C-Net reports today that Google inadvertently shared some Google docs files with folks they weren’t supposed to be shared with.

Lifehacker ponders whether this is a “minor privacy blunder”.

Meanwhile, Google is busy blaming it on the user (italics are mine):  “We’ve identified and fixed a bug which may have caused you to share some of your documents without your knowledge.”

Yeah, Lifehacker, this isn’t minor.  It never is.  Especially to those individuals who have data that was shared without knowledge.  Oh, and C-Net, you shouldn’t downplay this either – so while mentioning that lost laptops are a security risk, too, it doesn’t do anything to resolve the issue at hand.

Look folks, any breach of privacy, especially in a SaaS/cloud-computing environment is a HUGE problem.  Shore up your contracts today, please (confidentiality, IP indemnification, and exclusions for breach of confidentiality in your limitation of liability language).  Need help doing it?  Just give me a shout.

More on using other people’s work

I’ve written before on the topic of using other people’s work as the basis for your contracts.

Google apparently didn’t learn that they need to not necessarily borrow from themselves, either, for the EULA related to Google’s new browser, Chrome.

But the bigger issue in this new EULA from Google were the terms itself.  Specifically, the license for Google’s new browser states/d, in part, that Google will have “a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute” anything displayed through the browser.


At least they’ve changed it.  But the fact that it got in there at all is problematic.

Google, for their part, blames it on a copy/paste error… that it was erroneously inserted to make it similar to their usual language, to “keep things simple for their users”.

Um… sure.  😉

License Grant Discussion at AdamsDrafting

Ken Adams has a great discussion going on over at his blog, AdamsDrafting on license grant language.  Ken’s general concern is that a license grant is overly complex language, redudant at best and confusing at worst.  This follows his general feelings regarding contract language (that we need to simplify and get rid of anachronisms).  And, generally speaking, I support his work to make this happen.

In this case, and as supported by most of the commenters, I think Ken’s admitted lack of knowledge in the subject matter of licensing is hurting his assessment.  Software licensing folks don’t like wordy contracts any more than anyone else.  We’d love to get rid of unnecessary phrases or redundancies.

But I’ve actually seen a license terminated at the will of the vendor as a result of a lack of the word “irrevocable”.  And I’ve seen one restricted because of the lack of the word “world-wide”.  So for me, simple language gives way to extra descriptiveness in the license grant just from a risk management perspective.