THE TOP TEN PITFALLS OF SOFTWARE CONTRACTING Texas K-12 CTO Council – Fall Meeting 2015 Lena Engel, Attorney

“Software” includes...  On-premise software  Software as a service (SaaS)  Including data hosting services © 2015 Rogers, Morris, & Grover, LLP

Pitfall #1: Not Participating in Procurement  Detailed scope and specifications  Compatibility concerns  Customization  Scheduling and implementation Including data transfer  Data privacy and security  Customer support and service  Maintenance and upgrades © 2015 Rogers, Morris, & Grover, LLP

Pitfall #2: Software as a Sole Source Purchase  Section (j) of the Texas Education Code  Sole source exception includes: An item for which competition is precluded because of the existence of a patent, copyright, secret process, or monopoly  But wait! Software is not a sole source purchase just because the vendor says that it is or signs a sole source affidavit  You may be most qualified to evaluate this issue © 2015 Rogers, Morris, & Grover, LLP

Pitfall #2: Software as a Sole Source Purchase  When is software a sole source purchase?  No functional equivalent  Only available from the software developer  Required for compatibility reasons  Examples Software created by assessment vendor to manipulate data collected during assessment services the vendor is providing Software required to operate certain equipment © 2015 Rogers, Morris, & Grover, LLP

Pitfall #2: Software as a Sole Source Purchase  When is software NOT a sole source purchase?  Software with similar functionality is available for purchase from at least one other vendor  Multiple dealers, distributors, or re-sellers of the same software  Examples Online course providers Student information systems © 2015 Rogers, Morris, & Grover, LLP

Pitfall #3: Multiple Contract Documents  Procurement documents  Co-op contract  Vendor contract  Terms and Conditions  Amendments  Quote  Specifications  Sales order  Master agreement  License agreement  Subscription agreement  Schedules  EULA/terms of use © 2015 Rogers, Morris, & Grover, LLP  Supplemental terms and conditions  Third-party terms and conditions  Privacy policy  Acceptable use policy  Service level agreement  Maintenance/support contract  Documents on vendor website  “Click-agree” terms  PO terms and conditions  Financing agreements  Amendments  Renewals

Pitfall #3: Multiple Contract Documents  Get copies of ALL contract documents and attach them to the contract  List ALL contract documents by name and version in the main contract  Outline the order of precedence and address conflicts  Make the District’s contract documents control  Disclaim any terms not attached to the contract (e.g., click-agree or third-party terms) © 2015 Rogers, Morris, & Grover, LLP

Pitfall #4: Intellectual Property Rights  Vendor’s IP  District has very limited license to use  Vendor’s right to IP created during the contract What if vendor hired for software development? What if District creates or assists in creating IP?  Concerns regarding confidentiality of vendor’s proprietary information  Violation by District employees, contractors, students, parents Breach of contract Vendor can bring a federal infringement claim against the District – may not be protected by immunity © 2015 Rogers, Morris, & Grover, LLP

Pitfall #4: Intellectual Property Rights  Vendor’s IP – What to negotiate...  District’s rights in IP created by vendor and by District during the contract (may be required as a condition of federal grant)  Rules regarding disclosure of vendor’s IP as required by law  Beware of notice requirements (i.e., TPIA)  District liability for infringement of vendor’s IP  Limit to reasonable efforts to prevent infringement  Limited liability for employee, contractor, student, parent conduct Enforcement of Board Policy and District’s acceptable use policies Reasonable assistance in investigating and responding to violations  Limited remedies  No liquidated damages © 2015 Rogers, Morris, & Grover, LLP

Pitfall #4: Intellectual Property Rights  District’s IP  Limit vendor’s right to use District IP and data  Reserve rights in all District IP and data made available to vendor during the contract  Reserve rights in District IP created during the contract © 2015 Rogers, Morris, & Grover, LLP

Pitfall #5: Third-Party Infringement Claims  Third party brings infringement claim against the District for IP provided by the vendor  Contract should include:  Vendor representation that it has all IP rights necessary  Vendor assignment of IP rights as necessary for District use of third party content provided by vendor  Vendor defense and indemnification of the District for infringement claims regarding any IP made available to the District by vendor  No limitation on vendor liability for infringement claims  Indemnity should include District’s attorney’s fees  Contract remedies (usually exclusive) Purchase right to use Modify to make non-infringing Replace Terminate use and refund (beware of hassle/cost to replace) © 2015 Rogers, Morris, & Grover, LLP

Pitfall #6: Warranties and Remedies  Warranties  Beware of “as-is” or “with all faults” Vendor disclaims all express and implied warranties No remedy for failure (other than maintenance/support)  Minimum Recommended Operation substantially in accordance with specifications For a specific period of time Assignment of third party software warranties and remedies and assistance in enforcing © 2015 Rogers, Morris, & Grover, LLP

Pitfall #6: Warranties and Remedies  Remedies (usually some, but not all)  Repair  Replace  Refund (even if partial)  SLA credits  Termination of contract  Usually exclusive remedies  No other legal recourse (i.e., can’t sue for breach of contract unless warranty fails of its essential purpose)  Termination of agreement and full refund unlikely  Specify when the District is entitled to each remedy and at whose discretion © 2015 Rogers, Morris, & Grover, LLP

Pitfall #7: Limitations of Liability  Should apply equally to both parties  Applies to warranty and breach of contract claims  Establishes the maximum amount of liability Good – the amount District has paid over preceding 12 months Better – total District has paid under the contract Best – multiplier of total contract amount  No liability for consequential, indirect, special, punitive damages  If hosted - beware of limitation of liability for lost data © 2015 Rogers, Morris, & Grover, LLP

Pitfall #7: Limitations of Liability Carve-outs – unlimited liability for certain claims District’s payment obligations under the contract Breach of confidentiality/IP rights Third-party infringement claims No damages cap No limit on consequential damages © 2015 Rogers, Morris, & Grover, LLP

Pitfall #8: Data Privacy  Understand what District data the vendor will access and what the vendor intends to do with it  Review vendor’s privacy policy  Attach Data Protection Addendum to contract and ensure that it prevails over the vendor’s privacy policy in the event of a conflict © 2015 Rogers, Morris, & Grover, LLP

Pitfall #8: Data Privacy  Special requirements for student information  Family Educational Rights and Privacy Act (FERPA)  Governs use and dissemination of student education records and personally identifiable information  Protection of Pupil Rights Amendment (PPRA)  Provides parents certain rights regarding conduct of surveys and collection and use of student information for marketing purposes  Children’s Online Privacy Protection Act (COPPA)  Governs online collection of personal information from children under 13 © 2015 Rogers, Morris, & Grover, LLP

Pitfall #8: Data Privacy  Contract should address:  District ownership of District data  Vendor compliance with applicable laws  The extent to which vendor may access, use, and disclose District data and for what purpose(s)  Recommended FERPA language for school officials  Minimum security requirements for District data  Access to District data maintained by vendor to respond to FERPA and TPIA requests  Return or destruction of District data © 2015 Rogers, Morris, & Grover, LLP

Pitfall #9: Unknown Purchases/Use © 2015 Rogers, Morris, & Grover, LLP  Usually two scenarios  Unauthorized purchase/use of software or app by District employee  Campus-level purchase/use of software or app  Concerns  No contract review (likely “click-agree”)  Data privacy  May jeopardize security of District technology resources (i.e., malware, viruses, etc.)  Multiple purchases may trigger procurement or Board approval requirements

Pitfall #9: Unknown Purchases/Use © 2015 Rogers, Morris, & Grover, LLP  What to do?  Establish a process for notifying the District and obtaining approval Purchasing Technology Department  Establish a process for disclosure of student data  Develop District terms and conditions and confidentiality agreement At the very least – require user to print out vendor’s terms and conditions  Educate staff and administrators through trainings and policies

Pitfall #10: Not Customizing the SLA  Outline your performance expectations  Response time  Availability, including degradation or interruption  Data exchange (scheduled import/export of data)  Software updates or system changes Including change control procedures © 2015 Rogers, Morris, & Grover, LLP

Pitfall #10: Not Customizing the SLA  Outline your support expectations  Support options/contact information  Response and resolution times  Contingency plans  Notification procedures (maintenance and updates)  Credits for failure to meet SLA requirements  Special considerations © 2015 Rogers, Morris, & Grover, LLP

Thank You! THE FOREGOING PRESENTATION WAS CREATED BY ROGERS, MORRIS & GROVER, LLP. THIS PRESENTATION IS INTENDED TO BE USED SOLELY FOR GENERAL INFORMATION PURPOSES AND IS NOT TO BE REGARDED AS LEGAL ADVICE. IF SPECIFIC LEGAL ADVICE IS SOUGHT, PLEASE CONSULT AN ATTORNEY. Lena Engel, Attorney 5718 Westheimer Road, Suite 1200 Houston, Texas Telephone: Website: