Posts tagged cloud computing
Winding Down a Cloud Computing Engagement

Like any other professional business engagement, a cloud computing relationship will come to an end at some point and it's important that both parties give consideration to what happens at that point. The contract end may be triggered by the expiration of the governing agreement term or it could be a result of a dispute between the parties leading to an early termination. As with many of these sorts of issues, the best time to consider and negotiate the end-game terms between the parties is before formation of the formal relationship. It's not to either party's advantage to wait until the expiration of the agreement is pending or the working relationship is badly frayed before discussing how to separate their interests.

On the other hand, there are several provisions related to the termination of a cloud computing engagement that may not necessarily apply in other transactions or that are of particular importance given the nature of the cloud computing transaction.

Ownership of Data

The governing agreement should contain clear language regarding ownership of the data contained within the cloud. In most cases, between the cloud services provider and the customer, the customer will have clear ownership of all data they move or otherwise input into the service provider's systems. In some cases there may also be proprietary data that is generated within the servece provider's software that the service provider does not intend to allow the customer to retain following termination or expiration of the agreement. In that event, that specific data and the expectations of whether that data can be downloaded and retained in any form must be discussed prior to signing the agreement.

Finally, the service provider may also wish to retain some form of the customer's data going forward as part of their core service offering or as part of an ancillary service. For example, an online payment processor may wish to retain information related to buying trends over the life of the engagement and use that information to address other markets or even sell that data to third parties. In any case, the customer must consider any such retention rights carefully and even where the service provider agrees to retain only "de-identified" information, the customer will want to consider any potential issues.

Data Extracts

When a cloud computing relationship is winding down, the customer must be fully aware that it most likely has valuable data -- and data that cannot otherwise be recreated -- present entirely in the service provider's cloud. Generally, the customer should have clear rights to extract all of their data (but see the possible exceptions above) from the service provider system upon termination of the agreement. The customer may also consider extending those rights beyond the termination of the agreement to allow a period of time for their team to confirm what information is needed and to ensure all data is obtained. It may also be desirable but perhaps not necessary to allow for a data extract at any time during the normal life of the agreement.

One important consideration regarding any data extract is that the customer must specify that the data will be provided in a format that will be useful to the customer in the future. Either a platform-agnostic format such as XML or an industry-standard format may be appropriate. Allowing the data to be provided in the service provider's preferred format may otherwise result in data that is of no value following ending of the relationship.

Transition Services

In addition to the rights to customer data, there may be a need for the assistance of the service provider in transitioning to substitute services. The customer may otherwise find it very difficult to map the service provider's data into the a new system. Discussions between the parties will be necessary to consider whether such services are to be provided at no cost to the customer (perhaps in the event the agreement is terminated due to the service provider's breach) or whether the service provider is to be compensated for their services, in which case the rates and reimbursable expenses should also be considered. Of course, the best time to negotiate the appropriate structure and rates is before the relationship turns sour.

Destruction of Data

Directly related to the provisions regarding ownership of the data and the service provider's possible right to retain some portion of the data, the agreement should also address requirements for destruction of any non-retained data following termination or expiration of the relationship. The service provider should be obligated to destroy any such data in its possession (except that it may rightfully retain) within a specified time period. The destruction should include any such data that may be contained on archival or backup storage. In addition, depending on the nature of the data in question, the service provider may also be required to follow specific destruction protocols to minimize the chances of future recovery. The customer will likely wish to have any such data destruction activities documented and verified in writing by the service provider.

Audits and Records Retention

Finally, although it usually not necessary to provide the cloud service provider with audit rights, in some cases the agreement may contain those sorts of provisions anyway. If so, the customer should confirm they have the proper internal procedures to retain the data and usage statistics that may be subject to an audit for whatever period of time the audit rights are available.