Mitigating Risk in Shrink-Wrap and Click-Wrap Agreements

Over the next few posts, I will be talking about the various methods (or lack thereof) used by businesses in addressing shrink-wrap, Web-wrap, and click-wrap agreements. These agreements are the fine print you see, among other things, when you click through terms and conditions in accessing an online service (e.g., in connection with a cloud computing service) or as part of the installation of a piece of software. They may also be encountered as part of the documentation provided with new software or a hardware component. Businesses seldom read these terms in any detail, generally view them as non-negotiable, and accept them as a necessary evil.

The fact is, these types of agreements can present significant legal and business issues. They can place a business’ sensitive data at risk, expose the business to liability, compromise the business’ ownership of its own intellectual property, and cause the business to pay additional, unforeseen fees.

There are essentially three methods of addressing the risk of shrink-wrap agreements: blind acceptance, knowing acceptance, and mitigation. In this post, discuss the blind acceptance (aka “ostrich”) approach.

Blind acceptance refers to the practice of looking at a proposed use of a product, ensuring its falls within the common elements of shrink-wrap products identified above (e.g., low fees, non-critical use, off-shelf, well established, potentially trialed, etc.), and electing to proceed with the purchase without further consideration. Few sophisticated organizations take this approach. It would require the purchaser to proceed without regard for the risk – abandoning any effort at due diligence.

Next time, we will discuss the second approach: knowing acceptance.

Copyright © 2011 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)