This blog is the second part of a two-part series on key contracting issues with technology service providers, and the focus is specifically geared toward companies doing business in the real estate industry.
As noted in Part 1, technology has infused every sector of society, and the real estate business is no different. Firms running large, complex real estate projects typically do not have the core competency to design, develop, implement, host, and/or maintain the technology applications and systems to run these innovative ideas, which is why these firms typically partner with third party technology service providers to design, develop, and implement their technology needs.
Entering into these partnerships with third party technology providers can come with risk and requires a contracting strategy. In Part 1, I discussed the issues of pricing and service performance. In this Part 2 below, I discuss data protection, infringement, and insurance.
A wave of data security breaches has arrived – from Target to the United States Office of Personnel Management. For a real estate company to protect itself, should it terminate all the contracts with its technology providers and crawl into a cave? Of course not. Or maybe it can just hope that the hackers will not be interested in the company’s data? Given the amount of personal information real estate management companies typically collect about current and prospective tenants, that is not an option either.
First, it is important to have a clear understanding of which of the company’s current and proposed third-party suppliers have access to sensitive data and systems. Second, with respect to those suppliers that have access to such data and systems, there are measures that the company can implement in the contract to mitigate the risks and costs of a supplier data breach. This is especially important when the average cost of a data breach can run into the millions. One key area in the supplier contract on which to focus is the limitation of liability provision, which should be carefully tailored to ensure that the company’s ability to recover from a supplier responsible for the breach is commensurate with the company’s overall risk of exposure.
An additional – and maybe more important – consideration with respect to the supplier contract is that of prevention. Does the contract require the supplier to design, implement and maintain a comprehensive safeguard of security controls? What kind of firewall and encryption technology is the supplier using? Will the supplier commit to meeting industry standard security controls (e.g., ISO standards)? If the supplier collects credit card data, is it PCI compliant? What technical and operational commitments will the supplier make if a security breach occurs?
Planning for a data breach has become the new normal, and those companies operating in the real estate industry are not immune. When partnering with a technology supplier, these companies must be mindful of how to protect their data, especially in relation to their supplier contracts.
As an in-house counsel at a real estate firm, imagine one day receiving notice of an infringement lawsuit being brought against the company alleging infringement of a third-party’s software code or technical patent. How in the world could the firm be involved in such a claim? As you keep reading, you realize that the claim involves your company’s use of your technology supplier’s services or products. Did you negotiate an infringement indemnity in your technology supplier’s contract? Let’s hope so.
Discussions around indemnities can be painful during business negotiations, indemnities really do matter. Dealing with a lawsuit can be extremely costly, and a properly negotiated indemnity provision can be used as an important shield if and/or when third-party claims arise in connection with a supplier’s performance of technology services. For example, claims of IP infringement can be a risk, even with respect to cloud transactions. These provisions are complicated, which is why having properly engaged internal or outside counsel is important when negotiating contracts with technology service providers.
Real estate firms are quite sophisticated when it comes to maintaining insurance coverage and requiring insurance coverage from contractors. This sophistication is not surprising, given the dangerous nature of conducting complex real estate projects and/or managing buildings with many individual or commercial tenants.
However, does the company have appropriate cyber liability insurance to cover a potential network or data security breach? If so, has the company properly negotiated its policy to account for its risk of exposure? Every cyber insurance policy is different, but thankfully Sourcing Speak has covered how to negotiate those policies.
Insurance can also be a negotiated issue in a supplier contract. Real estate firms will often include required levels of coverage in form contracts with suppliers. Sophisticated technology suppliers are used to seeing these provisions in a contract, and negotiations in this area are usually not a big sticking point.
The real estate industry is embracing the technology revolution – innovative software and systems are becoming an integral part of the design and development of commercial and residential buildings. Furthermore, data collection and analysis is making it easier for property managers to market and manage their portfolios.
All of this innovation means real estate firms are engaging with third-party technology suppliers to execute this strategic vision. Each engagement requires a sophisticated contracting strategy to ensure that the real estate firm properly protects itself from financial and operational risk.