X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Remote hosting is the essence of the Internet, composed as it is of a large network of computers that enables Web surfers to access content hosted on remote servers. It therefore should come as no surprise that, since the Internet’s advent, a dramatic number of companies have moved their business data and software from proprietary PCs and mainframes to offsite servers managed by vendors known as application service providers (ASPs). These “hosting” arrangements can take many forms, from co-branding arrangements, in which companies use links to create networks of sites that appear seamlessly integrated, to ASP software arrangements, in which vendors agree to process customers’ data using the vendors’ proprietary software, to ASP arrangements, which involve hosting suites of third-party vendor software for access and use by customers. Different issues arise in these hosting arrangements that must be addressed in the agreements that govern them. SOFTWARE CUSTOMIZATION AND DEVELOPMENT PROVISIONS Prior to a hosting arrangement “going live,” the ASP typically must do some software development work. In a co-branding arrangement, the ASP must create a co-branded and integrated version of two or more web sites. In a software ASP arrangement, the ASP must often map or customize the software to be hosted to make it compatible with the customer’s systems, or develop interfaces for the exchange of data. Thus, “mini” development contracts should be incorporated into the agreements governing these arrangements. These mini development contracts should include the following: � A license grant limited to the development work at hand (if the customer is sharing its application program interface (API) or other code with the developing host); � A clear statement of the work’s objectives and specifications; � A milestone timeline; � An acceptance procedure; � An exit strategy if the development work is unacceptable or not completed by a certain date; � A designation of the owner of the developed work; and � Any restrictions on the parties’ further exploitation of the developed work. OWNERSHIP PROVISIONS As stated above, agreements governing hosting arrangements should specify who owns the developed work. When determining who should own the developed work, consider the following: � Who is paying for the work; � Whether the developed work is specific to the customer’s needs or is generally useful; � Whether the developed work incorporates one party’s proprietary technology; and � With whose system the work will be integrated. Parties often are tempted to provide for joint ownership of the developed work, or to make the contract silent on the issue of ownership, a move that also would result in the parties’ joint ownership. An agreement should be drafted to avoid joint ownership unless the hosting agreement also specifies each party’s duty to account for royalties, prosecute infringement, participate in the defense of infringement claims, license back improvements and seek the other owner’s consent to license or assign the work. Absent such contractual restrictions, a joint owner surrenders licensing control to its co-owner, but, nevertheless, may owe legal duties to its co-owner (or its co-owner’s assigns). Agreements governing hosting arrangements also should specify who owns the data hosted (typically, the customer) and to what extent (if any) the hosting party has the right to collect usage data. If the data are personally identifiable, the party that owns the data must be the party under whose privacy statement the data were collected or the party that appeared to be the data’s owner when they were collected. The parties also should consider any implications under U.S. privacy laws and European Union Directive 95/46/EC on personal data, which regulates not only data collectors but also data processors. SERVICE-LEVEL COVENANTS In a co-branding arrangement in which the parties simply are integrating their web sites, the agreement may require simply that the hosting party maintain the co-branded pages in accordance with the same uptime and bandwidth standards that the hosting party applies to its own web site. In other arrangements, however, the customer will want detailed service-level covenants before surrendering control of a web site or critical software to an ASP. Typical elements of service standards include uptime/downtime (e.g., “five-nines” or 99.999 percent uptime calculated over rolling 90 days), scheduled maintenance (e.g., once weekly 1 a.m. to 3 a.m. Sundays), dedicated servers/server capacity (e.g., additional servers upon request for additional fee), bandwidth capacity (e.g., telecommunications lines not to be at capacity more than 15 minutes per day), redundancy (e.g., duplicate web site stored in another state), response time (e.g., 10 minutes for “critical” items), technical support (e.g., “second-level” support for customer or “primary” support for end users), dedicated employees (e.g., two full-time engineers for maintenance and support) and reporting (e.g., monthly logs versus “real time” system status). The agreement should specify remedies for each instance of service-level failure, such as a credit for all fees that would otherwise be due during the period of the failure. The agreement also should provide the customer a right to terminate for chronic failures. The ASP will seek to disclaim damages for lost data and to limit liability to the value of the fees paid under the contract. SECURITY PROVISIONS Hosting agreements may require the host to take security measures, including measures to ensure the physical security of the host location (e.g., access controls to the building, use of security cameras and cages), measures to ensure the electronic security of the host location (e.g, use of firewalls, passwords, SSL and encryption, virus protection) and measures to ensure the intellectual security of the data hosted (e.g., deeming the data as the customer’s “confidential information”). THIRD-PARTY SOFTWARE PROVISIONS Customers of an ASP that hosts software owned by a third party should conduct due diligence into the agreement granting the ASP the right to sublicense the third party’s software so that the customer can seek related representations and warranties and an infringement indemnity provision in its favor. In its customer contracts, the ASP may seek to include certain flow-through provisions required by the software vendor (e.g., use restrictions, limitations on the software vendor’s liability). A customer should be careful not to lose its opportunity to take advantage of � 365(a) of the U.S. Bankruptcy Code, which permits a licensee to continue to pay royalties and use the software of a licensor in bankruptcy even if that licensor would be inclined to reject the license. If a third-party software vendor declares bankruptcy, the ASP, not the customer, has this right in bankruptcy. Moreover, if the ASP declares bankruptcy, the ASP, not the customer, has possession of the software. Both these wrinkles can be ironed out by contract and by use of a source code escrow. Further, because bankruptcy would relieve a licensor-debtor of affirmative duties, usage fees should be itemized as distinct from hosting and service fees. This will allow the licensee to pay only usage fees if � 365(a) is invoked. PROVISIONS THAT ENSURE PROTECTION UNDER THE DMCA The 1998 Digital Millennium Copyright Act (DMCA) affords protection against claims of copyright infringement for four activities: providing transitory communications; system caching; storing information at the directions of users; and providing information location tools. ASPs should make sure that their hosting agreements comply with the affirmative requirements dictated by the DMCA to avail themselves of the protection. Brian Burr is a partner in Orrick, Herrington & Sutcliffe’sMenlo Park, Calif. office. Daniel Yost is an associate at that office. He can be reached at [email protected] orrick.com.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.