Home Who Owns Your Data, Really?

Who Owns Your Data, Really?

I’ll forgive you if you think my asking who owns your data is a rhetorical question. I’m quite sure that an esteemed reader such as yourself has asserted your company’s ownership of data in any cloud or hosted contract you’ve entered. It is not my intent to disparage your abilities in any way. It is my intent, however, to point out hidden crannies and fine print foibles that are hard for even the most meticulous and experienced IT professionals to spot. And so I ask, with your interest at heart, who owns your data, really? To which I follow with: are you sure about that?

Here’s a quick test to make sure your mission critical data does indeed belong to you:

1. At the end of the contract, can you still use your data or will it be returned in a format that won’t work in any other system?Your contract must specify that the data will be returned to you on demand, regardless of any outstanding monies owed, and in a format useable to you. Otherwise, you may end up with gobbley goop at the end of the contract whether or not the contract came to the end of the term or you quit the vendor. Indeed, this is the oldest trick in the book to forever bind customers to SaaS vendors.

2. If the vendor goes bankrupt and shuts down today, can you get your data back?You may not be able to if there is no specific clause in the contract spelling out if and when your data will be returned. Be sure to also get a guarantee that your data will be protected while the vendor is in a non-functional state and before you take receipt of it, preferably by a reputable third party. If you don’t, you could be found liable for any number of legal transgressions because as the “owner” of the data, you’re fully responsible for what happens to it.

3. Do you own the metadata too?So, you own the data, but do you own the data on the data too? Not if you haven’t clarified that in the contract.

4. Have you given the vendor and its assigns unfettered access to your data?Certainly, vendors and their subcontractors may have legitimate reasons to have access to your data. This might include routine redundancies for disaster recovery or the ability to provide you with lost passwords so you can access your data. But if you have given them blanket access to your data without specifying that the data can only be used in the course of delivering the service and can be used for no other purpose even if anonymized, then who owns the data is a moot issue because the vendor and/or its partners can still use it any way they want too.

5. Have you given the vendor unlimited archival time spans?Here again there are legitimate reasons a vendor needs to archive your data either as a back-up or to speed data delivery to users by jettisoning older data from the load until such is specifically requested. But if you have not established a time limit, a vendor can return a copy of your data to you at the end of the contract but keep a copy in the archives for their own use as well.

6. Have you defined the extraction or cleaning process?So, your data has been returned to you at the end of the contract, but how can you be sure one or more copies are not floating around the vendor and/or its subcontractor’s data centers? Spell out in the contract how your data will be scrubbed from all data centers it was stored in and demand verification that the cleaning procedure actually works before you sign the contract.

7. Have you prohibited data mining? You may be perfectly comfortable with a vendor aggregating your data with that of other customers to do analysis and make performance reports but unless you get real specific with the permissions language, you may have also granted them to right to mine your data for business prospects, customer contact information, and other information you didn’t mean to share. Further, such could make your company legally liable for privacy infractions.

And so I ask again: who owns your data, really?

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.