Technology FAQs – How to Address Development, Protection and Licensing
Rapid growth in the computer technology sectors, specifically Internet, Cloud Computing, Software as a Service (Saas), Mobile Applications and related software and network technologies, have presented an increasingly complex set of issues for business owners and their lawyers. Understanding appropriate contractual protections is key negotiating complex transactions while minimizing inherent costs and risks.
What is "appropriate" for any given set of circumstances will depend on the interplay of the company's strategic vision, the tactical allocation of resources and operational issues encountered. These questions and answers address procedures for dealing with issues that arise in defining the scope of an Agreement.
- How do technology development agreements work?
- How do I define the deliverables and avoid scope creep?
- What are the intellectual property issues?
- Should intellectual property rights be registered?
- How do I protect confidential and proprietary ideas and information?
- How can I disclaim and/or limits of liability?
- What are representations and warranties?
- What about software, services or data stored off site?
- What is a Service Level Agreement (SLA)?
- What about maintenance and customer support?
- How do I get out of a bad agreement?
Technology development takes place in two phases: definition of the basic functional and operational characteristics and development of the mechanisms to achieve the desired functionality. Once the functional elements of a particular piece of software or hardware have been defined, businesses often choose to outsource the application development through the use of a third-party. The natural question is why would a company trust the development of its proprietary intellectual property to a third party? The answer is that the vast majority of companies who need custom technology development simply lack the internal expertise. The guidelines in this paper will help companies address the pertinent issues faced when choosing to engage outside parties for such a vital role.
A Technology Development Agreement (Agreement) is used to define the development, performance, ownership and service expectations of the parties. Critical issues require a thorough understanding of both short-term and long-terms expectations; proficiency with technical issues such as software and hardware interoperability; and ensuring that goals of the project are clearly stated in the Agreement.
Read details about our technology law services or call us at (866) 734-2568.
Accurately defined Deliverables are key to managing the scope of the project. The Agreement must set forth, in as much detail as possible, the deliverables that are to result from the developer's efforts. This includes, but is not limited to: a description of the functional and design specifications, user interface requirements, operational flowcharts, software descriptions, training materials and documentation, network accessibility information, interactive elements, information-capturing capabilities, browser and platform compatibilities, electronic commerce requirements, audio/video format requirements, linking structures, database structure requirements, code standards, screen and file layouts as well as general "look and feel" elements.
After the scope of the project is defined and mutually understood, the parties need to address the project schedule. This schedule should set forth development milestones, testing and acceptance periods and payment timelines.
For example, phase one of the project, usually entails the completion of the coding of the basic functional components of a piece of software. After the completion of the phase one deliverables, the parties will test the functional components for defects or errors. If the product thus far is accepted, then either the developer is paid its fees for the completed portion, or in the alternative, the client can pay a deposit toward completion of the next phase.
When establishing the schedule for milestones, and the testing and acceptance procedures, it is important to be realistic. Keep in mind that the time periods for defect corrections should have a built-in payment reduction component. In other words, if certain functional aspects do not test properly and the company provides written notification to the developer of the defect, then the developer shall have, for example, only one week to correct the defect or, if no such correction is accomplished, the company is entitled to an incremental reduction in total development costs.
The creation of all forms of technology regularly involves a variety of intellectual property rights. From purely aesthetic design elements to the structure, sequence and organization of systems, user interfaces, development tools and manufacturing processes, the rights involved can ultimately prove extremely valuable. For this reason, their ownership must be clearly established in the Agreement.
Although developers prefer contract language that exclusively grants them ownership rights to their creations, the company should secure ownership of most of these rights through negotiation. Notably, under Copyright law, the project deliverables can (and should) be designated as "works for hire" in the Agreement. Of course, the company may acquire rights to all customized creations, while the developer receives a license to use certain technology or know-how that the developer developed and that are likely to be reused on future projects.
In addition, development will also involve the use of third-party intellectual property rights. In these circumstances, counsel for the company should seek to secure the broadest possible scope of the license grant. In particular, the company should seek a license grant that will not create restrictions in how, where and by whom the licensed rights can be used. For example, licenses to software updates released during a specific period of time should also be sought.
On a related note, a company that is obtaining a license to use particular technology should secure from the licensor a source code escrow, thereby enabling the company to access the source code (human-readable coding language of software) under certain pre-defined circumstances, such as bankruptcy of the licensor or its failure to perform. Source code escrows will help ensure that a company will be able to maintain, error correct and/or modify the software under circumstances where the licensor is itself unable to do so.
Ownership of intellectual property responsibility for its registration should be addressed. If registration is advisable, the company should insist that it be identified as the owner of the intellectual property. In addition, the company should be designated as the administrative, technical and billing contacts.
Oftentimes the development of technology is integral to a business model and the development process will involve an exchange of confidential information between the company and the developer.
Confidential information should be clearly defined and the Agreement should set forth the duties, rights and liabilities with regard to the access, use and dissemination of the "confidential information."
"Confidential Information" often includes means information which is not generally known to the public, and which is used, developed, or obtained by a business and which relates to:
- Computer software, including systems, applications, program listings, manuals and documentation (whether owned by a party or licensed from third parties);
- Inventions or inventions in process;
- The identity of employees, customers and suppliers and their confidential information (as applicable); and
- All information in whatever form which has been identified to or is understood by the person receiving such Confidential Information as being confidential.
Developers will often demand extensive liability disclaimers and/or limits. For example, disclaiming liability for failure to protect credit card or other sensitive user information provided by the company.
A developer can also seek to limit its total liability under all circumstances to the amount it is paid under the Agreement for any damage that results from its negligent and/or intentional acts and/or omissions.
These disclaimers are usually one-sided and overly broad. Therefore counsel should carefully scrutinize these provisions to ensure that the company is not exposed to unfair risks. Disclaimers or liability limits for intentional conduct, as well as broad disclaimers regarding permanent data loss, should almost never be accepted.
For an interesting analysis of the types of liability that are often disclaimed, see Contract Drafting: Limitations of Liability & Exceptions.
Both parties should be required to warrant that the content utilized, including the software and/or development tools, does not infringe the copyrights, trademarks and/or patents of any third party.
In this regard, the developer should specifically warrant that it has secured all necessary third-party licenses in third-party products that are incorporated into the technology being developed.
In light of recent patents for business models (such as for Amazon.com's one-click buying method), this warranty provision should be carefully scrutinized. In fact, where appropriate, the advice of patent counsel should be sought to ensure that third-party patent rights are not infringed.
Experienced companies will ask the developer to warrant that the final product or specific applications will operate "free from any substantial defects" for a specific period of time, such as ninety (90) days after final delivery. In such cases, the developer should be required to warrant that any additional efforts to correct the problem will not materially alter company's original goals. The developer should be required to warrant that it has utilized industry "best practices" in development, safety and security measures and performance criteria, e.g. the optimal loading time of Web pages.
Finally, as with all services contracts, the developer should warrant that:
- The services will be performed in a professional and workmanlike manner and that none of the services is or will be inconsistent with any obligation the developer may have to others;
- Developer will employ adequate personnel and deliver the services in accordance with the specifications set forth in the Agreement;
- All work shall be developer's original work and none of the development, use, production, distribution or exploitation thereof will infringe, misappropriate or violate any intellectual property or other right of any person or entity;
- Developer has the full right to allow it to provide the company with the necessary assignments and rights.
As companies continue to locate and access software and data that is stored remotely, whether through Cloud Services or SaaS or the use of Mobile Computing Devices, if the technology needs Internet access and the company will be monitoring the performance of its equipment and/or manipulating the content contained therein, then the parties should consider a Colocation Agreement. Establishing a proper collocation relationship can and typically does involve a variety of issues, such as direct or remote access to the servers and programs, direct connections to its collocated servers and network, and technical maintenance and support.
However, in a typical hosting relationship, the hosting facility will provide the servers and Internet connection, as well as some software, whereas in a collocation relationship, the hosting facility will provide only Internet connectivity and a few other monitoring services. Regardless of whether the hosting relationship is collocation or pure hosting, their are certain issues that counsel should always be prepared to address.
Service Level Agreements are common with the telecom service providers. Typically, these providers will guarantee a certain amount of uptime (such as 99.99%) or response time limits for when a server goes down. If such downtime is the result of failure to properly manage the servers, connectivity disruptions or ineffective traffic load balancing, then the company should be entitled to a reduction in costs. In addition to uptime and response time guarantees, the telecom providers should provide guarantees regarding performance and bandwidth capacity.
Software, Hardware and Bandwidth Requirements
Based on design and development specifications, the company should specify what software and hardware is to be used. From the amount of storage space, processing power and platform compatibility that is required to the type of ports and switching and routing components that are needed, the Agreement should detail the hardware and middleware requirements of the technology.
Minimum bandwidth requirements should be required from the hosting provider. Bandwidth is the amount of data that can be transmitted in a fixed amount of time. Such bandwidth should be fully dedicated, switched and redundant through all Internet access points.
Typically, development services will include maintenance and customer support services, such as real-time monitoring of performance and security, load balancing and traffic routing. In order to addresses the uncertainties in future performance capabilities (e.g. rapid increase of traffic), the parties can agree to an escalation process, whereby certain pre-defined steps are taken to correct anomalies. The escalation process should always include:
(i) immediate notification to the company of the trouble identified;
(ii) a tracking system that tracks the status and correction process taken for each error; and
(iii) guarantees that only certified technicians will be used to correct any particular errors.
If the developer will be providing user support, then the Agreement must also address the allocation of responsibility for user inquiries as well as the manner in which user responsibilities are handled. For example, standards for timeliness of response to user inquiries, and professionalism in handling those inquiries, should be addressed to ensure that the company's reputation is not damaged by the rude or ambivalent behavior of a developer's customer support representative.
It is important that data not be used for any unlawful or inappropriate purposes. Such unlawful or inappropriate purposes include, but may not be limited to, the infringement of any third-party intellectual property rights, the intentional disruption of other network users, the dissemination of obscene or libelous material, and/or the dissemination of unsolicited email.
The Agreement should also address the company's right to user data collected by the company. This information, typically contained in the server logs, is considered and should be treated as proprietary to the company, as it can detail data that are critical to the continued success of the technology.
Fair Information Practices
Thus far, the broad consensus among businesses endorses a market-style model of ensuring the fair use of information that allows individuals to participate in decisions on the disclosure and use of their personal information. As articulated by the Federal Trade Commission, the elements of this approach are notice, choice, access, security and enforcement.
Consumers are entitled to notice of collection, use and disclosure of personal information. Notice should say who what how used, to whom disclosed, and consequences of refusing to give the information; it should also address the issues of choice, access and security.
Consumers should have choices about how their information is used or disclosed beyond the original purpose for which it was provided (e.g., to complete a transaction). Choice may be "opt in" ("click here to receive valuable information from our sponsors") or "opt out" ("click here if you do not want junk mail"). "Opt in" affords stronger privacy protection because it establishes a default rule against disclosure and use.
Consumers should have access to stored information about them and an opportunity to correct inaccuracies or to have the data deleted.
Web sites should protect the security of the data and ensure its integrity and accuracy.
These principles must be enforceable to be effective. The appropriate means for enforcement is at the heart of a spirited, ongoing debate over whether industry self-regulation is sufficient, or additional federal legislation is necessary.
Of critical importance but often overlooked are provisions dealing with ways to achieve, and the repercussions of, termination of the relationship. Most agreements do not set forth the parties post-termination responsibilities. If not clearly addressed, this can expose the company to extreme delay and/or hostage-like tactics that can forever ruin its reputation.
To minimize any post-termination transition concerns, the Agreement should obligate the developer to turn over confidential or proprietary information or intellectual property to its owner within a set number of days or hours after termination, regardless of whether the owner is itself in breach of the Agreement.
We look forward to the opportunity to discuss any questions you may have regarding the range of business, technology and intellectual property services we offer. Please feel free to call us at (866) 734-2568 should you have any questions.