informa
/
Commentary

CIOs: Understand These Legal Traps

Getting tangled up with legal issues isn't what most chief information officers prefer, but there are times when a little knowledge of the law can really help.

CIOs are technology leaders, not lawyers -- but increasingly, there is legal knowledge that CIOs should have under their hats. What are the legal fundamentals that every CIO should know? Here are seven areas worth understanding.

1. Contract modification

If you want to modify a vendor contract, all modifications must be in writing and signed and dated by all parties. When you approach a vendor with modifications, the vendor will often say, “I’m sorry, but we only issue standard contracts. It would take our legal department too long to redraft the contract.”

The hope is that companies entering into contracts will acquiesce and forego modification -- but you don't have to settle for a vendor contract with no hope of modifying it.

Here’s how vendor contract modification can be done:

  • You draft a separate addendum containing the modification to the contract that doesn’t alter the language contained in the vendor’s original contract.
  • Then you write a cover letter with an “integration clause.” The integration clause states that both the original contract and the addendum you have added with your modifications constitute the full agreement between you and the vendor; and that if there are any discrepancies between what the vendor contract states and your addendum states, that the addendum will govern.
  • Every page of the vendor’s original contract and your addendum should be initialed and dated by all parties to indicate that everyone has reviewed the contract in its entirety and has signed off on it.

2. SLAs

If you have a vendor that you want hold to certain performance, security, and support standards, you will want to present your SLA (service level agreement) requirements to the vendor with hopes of reaching an agreement. These SLAs should then be documented by you and placed into an addendum that is attached to the vendor’s contract.

3. Termination clauses

As a CIO, I once encountered a contract with a vendor where there was no termination clause! We wanted to terminate the contract, and the legal advice we received at the time was simply to terminate services and write a letter to the vendor to that effect.

The procedure worked, but I was uncomfortable with it.

A better approach is to ensure that a termination clause is in the contract. With cloud vendors, there typically is a 30-day advance written notice to terminate that you must file.

Always make sure that there is a clear termination clause in any contract before you enter it.

4. Liability

What happens if you use a SaaS vendor that in turn uses another vendor’s cloud platform for hosting its application and there is a failure at the platform vendor’s data center that corrupts your data?

A majority of cloud vendors will state in their contracts that they will make best effort to protect and recover your data. Unfortunately, there is no contractual privity (relationship) between you and the cloud platform vendor that your SaaS vendor uses. Meanwhile, the two vendors are busy finger-pointing at each other while you worry about your data.

Multiple vendor situations is a sticky area that you will want to discuss with your primary cloud vendor, but you should also discuss it with your insurance liability provider to see what types of insurance coverage are available if you find yourself in this situation.

5. Custom code and reports on a vendor platform

Often, clients develop innovative applications and reports on vendor platforms and the vendor wants to share them with other clients.

This is an important intellectual property area for companies to address with their vendors up front.

It’s important because companies might not want to share a particular application that is a competitive advantage for them over other competitors.

Vendors usually have a clause in their contracts addressing this. The clause typically states that the vendor can repurpose anything that is developed on its platform.

A better solution for clients is to modify the contract so it states that any product that the client develops on the vendor’s platform belongs to the client, and that the vendor must get permission from the client to use or repurpose it.

In some cases, clients work out licensing agreements with vendors and earn handsome fees.

6. Hiring away employees

It’s commonplace for vendors to hire away IT employees who are not only good with the vendor’s application, but highly competent in a specific business vertical. Vendors do this because they often lack knowledge of business verticals, so hiring known talent into their organizations is highly beneficial. Conversely, there are times when client companies also try to hire away employees of their vendors.

Neither party likes these employee raids, so how do you deal with them?

One way to minimize them is to develop a written agreement with the vendor that neither side will hire away talent. Because individuals are allowed to freely explore the marketplace, these agreements can't be in perpetuity -- but they can preside for a certain period of time (e.g, “neither side shall hire any employee of the other without express permission from the original employer and/or not less than one year after agreement between client and vendor has terminated.”).

7. At-will employment

Unlike the private sector, many public sector organizations have what is known as “at-will” employment. It means that the employee is hired (or fired) at the pleasure of the organization, and that the organization does not have to show cause.

Nevertheless, even if you are a public sector CIO and you have at-will employment, it’s still prudent to systematically document employees so you can show cause for firing them.

“We boast that we’re an at-will employer and don't have to show anything to get rid of an employee,” one public sector HR director told me. “But at the end of the day, we still document poor performance and show cause.”

What to Read Next:

What Lawyers Want Everyone to Know About AI Liability

Why to Rethink Liability Insurance for IT

Common AI Ethics Mistakes Companies Are Making