To run a successful business, you need to have well-functioning IT services to manage your internal operations as well as customer-facing activities. Before you can implement those services, you will have to sign an information technology (IT) services contract.
However, many IT services will provide you with standard contracts that will try to minimise any liabilities and burden you with unnecessary costs. Therefore, you should carefully review your contract to see if you can negotiate terms that are more favourable to your business’ operating needs. This article will explain the five key areas that you need to review in an IT services contract.
Your IT provider should promise to:
- use due care and skill in handling your data;
- store data securely;
- encrypt data when transferring it; and
- not transfer your data to a new location, especially overseas without your permission.
Your contract should also include an indemnity clause that holds your service provider responsible for data breaches that they cause. Ideally, the indemnity should cover the liability of third parties they use to provide services to you. However, you may find your IT services provider will not include third parties for insurance reasons.
Your IT services provider is likely to handle or access any personal information belonging to your business or your employees. The contract should reassure you that your IT services provider will handle the personal information responsibly.
The contract should cover whether your business has to comply with privacy laws, such as the Privacy Act 1988. You may have to report eligible breaches to the Office of the Australian Information Commissioner (OAIC) as soon as practicable. You must also notify any affected customers.
Your contract should set out exactly how your IT services provider will respond to a serious data breach involving personal information. You cannot presume your IT services provider will notify you when a data breach occurs.
Your IT services provider may receive confidential information or have access to confidential information when providing their services. Either way, you want the IT services provider to use and access that confidential information as required to provide their services. Your IT services provider should obtain your written permission before they are allowed to disclose the information to third parties.
You may also require your IT services provider to return and destroy all of your confidential information when the contract ends. Confidentiality clauses continue to work even if the contract ends for any reason. Therefore, your IT services provider must continue to keep your information confidential.
Third Party Intellectual Property Claims
As part of providing their services to your business, your IT services provider may use other services. If they have used or modified the intellectual property (IP) of those services improperly, someone may sue your business for IP infringement.
Therefore, you should ensure the contract includes a warranty by your IT services provider that they have the correct licences and rights to use any IP as part of their services. Your contract should also have an indemnity that makes the IT services provider responsible for any IP claims and associated legal costs.
An IT services provider’s contract is likely to exclude their liability for indirect loss. There is a difference between indirect and direct loss. Direct loss usually concerns immediate losses following an event. Indirect loss refers to any loss that could occur following an event but is not guaranteed to happen.
Therefore, you should ensure the contract has not excluded the IT services provider’s liability for indirect loss. However, you may discover the clause is a mutual arrangement that covers both you and the IT services provider. Consequently, you may be liable for any indirect losses if you breach the contract. You may want your IT services provider to be held liable for certain indirect losses, such as indirect loss relating to data breaches.
Practical Tips for Contract Review
An IT services provider will usually provide a standard contract for you to sign before supplying any service. Besides looking out for key areas of risk, you should also following these practical tips when reviewing your contract. These tips include:
- asking for a copy of the contract in writing so you can review the contract;
- taking time to review the contract;
- allowing other employees from your business to review the contract as they may point out concerns that you had not considered;
- checking what services are provided, as well as any warranties, indemnities and limitation of liability clauses that favour the IT services provider;
- preparing to negotiate these clauses or other clauses of the contract; and
- seeking independent legal advice if you are not sure.
If you are signing a contract with an IT services provider, you should look out for the following five key areas of concern, such as:
- data protection;
- personal information;
- third party IP claims; and
- indirect loss.
If you have any questions or need your IT services contract reviewed, get in touch with LegalVision’s IT lawyers on 1300 544 755 or fill out the form on this page.
Was this article helpful?
We appreciate your feedback – your submission has been successfully received.