Download (direct link):
(o) REPORTS AND DOCUMENTATION. The IT outsourcing agreement typically specifies the types of reports that will be provided by the vendor to the customer, as well as the delivery times for each report. The parties should also discuss whether the vendor will provide any other documentation to the customer (e.g., manuals, user documentation) and, if so, which party owns such documentation.
(p) OWNERSHIP AND RETURN OF DATA. From the customer’s perspective, it is important that the IT outsourcing contract specify that the customer owns any data it submits to the vendor and has the right to recover, in a suitable form, a copy of all of its proprietary data upon termination or expiration of the agreement for any reason. Many standard form IT outsourcing contracts provide only that the customer’s data will be returned upon expiration, as opposed to termination, of the agreement and do not specify the form in which the data must be returned or the method of returning the data. This can result in the customer being unable to promptly retrieve its data if the agreement terminates as a result of the vendor’s default or retrieve its data in a suitable form upon any other termination or expiration of the agreement.
Similarly, the customer should be wary of a clause that states that the vendor will return the customer’s data provided that the customer has fully performed its obligations under the agreement at that time. Most disputes that arise under outsourcing agreements relate to whether the services are being performed according to the specified service levels. In these circumstances, it is common for the customer to withhold payment of all or a portion of the specified fees as a means of gaining negotiating leverage over the vendor.
146 Ch. 4 Outsourcing Contract
Withholding of payments is typically in violation of the IT outsourcing contract, and a court might well find that the customer has not performed all of its obligations under the contract if the vendor invokes that clause as a means of forcing the customer to pay all outstanding amounts before returning the customer’s data. In effect, the customer becomes a hostage to the vendor’s refusal to return its data until the vendor is paid in full. The customer should also seek to limit its expense of recovering its data from the vendor and should require the vendor to delete all of the customer’s data from the vendor’s records upon expiration or termination of the agreement. Finally, the IT outsourcing contract should protect the customer against the risk of the vendor withholding the customer’s data in the event of a dispute between the parties by periodically requiring the vendor to provide a copy of such data to the customer or a third-party escrow agent.
(q) CONFIDENTIAL INFORMATION. The customer should assume that in any outsourcing transaction, the vendor will have access to some or all of the following information and data:
• Customer proprietary know-how, methodologies, and technology
• Lists of customers and prospective customers
• Internal financial data and projections
• Strategic plans
• New product development data
• Market surveys and analyses
• Research pricing, marketing, and inventory data and projections
The potential injury to the customer or to others who may make claims against the customer, by reason of the theft, misuse, misappropriation, or disclosure of information in the customer’s possession, cannot be overstated.
For example, the customer may also have assembled a variety of information to which fiduciary obligations attach, such as the following:
• Personal data concerning employees
• Reports received from franchises or licensees
• Confidential information concerning customers
Similarly, the customer will undoubtedly have access to certain vendor information and data that the vendor considers confidential. Such data and information may include the following:
• Vendor proprietary know-how, methodologies, and technology
• Strategic plans
• New product development data
4.3 Key Contract Issues 147
• Operating procedures
• Pricing models
Accordingly, the confidentiality of each party’s data and information should be protected by the IT outsourcing contract. The agreement must require each party and its agents to keep the other’s proprietary data and information confidential and prohibit the use of such data and information for any purpose other than providing or receiving the services. The agreement should also give the parties the express right to obtain injunctive relief (see the discussion under section 4.3(ai), “Injunctive relief”) to prevent the unauthorized disclosure of its confidential information.
The IT outsourcing contract may also include the following data-related provisions: a data security provision, a provision requiring the vendor to implement certain security measures in the event the vendor provides services to the customer’s competitors at the same facility or using the same resources, and a provision outlining how attorney-client privileged documents should be handled.