Many organizations are turning to resellers to buy “off-the-shelf” software. These resellers can frequently offer better pricing than could be obtained by purchasing directly from the software developer. In addition, in some cases, the reseller may be the only source for purchasing the software (i.e., the developer will not sell directly to the end user). The primary risk presented by these types of purchases is that the governing terms and conditions for use of the software are frequently presented on a take-it-or-leave-it basis. The reseller generally has no authority to change or negotiate the software license agreement and the original developer takes the position that the contract must be accepted as-is.Accepting a software license, even one for relatively low cost, off-the-shelf software, can present material risks, including inadequate warranties, lack of protection in the event of an intellectual property infringement claim, and threats information security. It is this last point that I want to emphasize. As I have written before, most off-the-shelf software license agreements contain little in the way of protection for the licensee’s confidential information and frequently include very broad rights for the licensor and third parties to enter the facilities and access the systems of the licensee to conduct audits. The software may even contain “phone home” functionality that periodically sends undefined data back to the licensor. In short, the license agreement may place the licensee’s data at risk, yet offer no real protection in the form of strong confidentiality and information security obligations.Based on the foregoing, businesses should look closely at the agreements they are being asked to accept in connection with these types of transactions. In most instances, the business case for the software will outweigh the risks presented by the license agreement. However, in making that assessment, the relevant contracts should be reviewed closely for risks to the business’s data and other confidential information. Related content opinion Finding Common Threads in Privacy and Information Security Laws. By Michael Overly Apr 26, 2013 3 mins Compliance opinion Ensure Your Data is Securely Deleted By Michael Overly Mar 11, 2013 2 mins Cloud Security opinion CIA in the Cloud By Michael Overly Dec 18, 2012 2 mins Cloud Security opinion Overreacting to Information Security By Michael Overly Dec 10, 2012 2 mins Privacy Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe