Last updated on 01 December 2022 by Cara Hartley (Legal writer at TermsFeed)
If your business uses SaaS then there are specific legal requirements that you need to make sure to follow whenever you make any changes to your software or apps that affect how you handle users' privacy or personal information.
This article will explain what SaaS is, the benefits of implementing SaaS and the legal requirements for businesses that use SaaS, including how to inform users of any changes that you may make to your software or apps.
SaaS stands for software as a service and is a way for users to access software through the internet, typically via a subscription service.
The United States government maintains a General Services Administration (GSA) website that demonstrates how the SaaS model works on its Cloud Information Center page:
As an example, Netflix is a popular SaaS platform that provides a streaming service to its members, allowing them to download content to watch later or watch instantly online from anywhere:
SaaS is cloud-based, meaning that all of its information can be accessed over the internet, doing away with the need for users to download, install, or update software.
And another example is Google Workspace, which is a SaaS solution that offers users a secure method for sharing files with others and a simple way to work completely online with their team:
There are many reasons why businesses utilize SaaS, including the scalability that lowered costs and speed of installation facilitate, easy maintenance and accessibility, and security purposes.
SaaS can help you to simplify your business's processes and provides many benefits for your users, making your company's offerings more compelling to consumers looking for straightforward solutions.
SaaS can provide users with lower licensing costs in comparison with traditional software, and can be quickly integrated. Users only need to pay for the services that they need, which is an advantage over purchasing a package at a higher cost with unnecessary features.
SaaS's lower licensing costs combined with its quick implementation can help your business to attract more clients who may not otherwise have purchased your service or product due to the prohibitive pricing of traditional software.
For example, Mailchimp is an email marketing SaaS that provides businesses with different plans based on how many contacts a company has, how many emails it wants to send each month, and the level of technical support it requires:
Users of SaaS platforms don't have to do anything special to receive updates, bug fixes, or upgrades, as those can be done over the web and the updated version of your software can be made available to all users simultaneously.
SaaS is cloud-based, meaning that it is accessible from any computer or mobile device, and its intuitive design makes it easy to use.
This helps reach and connect more people regardless of location and without needing to own advanced technology devices.
SaaS's ease of accessibility means that effective security measures are a must. Luckily, SaaS security practices are simple to implement. You can choose SaaS providers that offer multi-factor authentication methods and data encryption to help protect your users' accounts and personal information.
Slack is a SaaS that functions as a messaging app for businesses. Slack has many security features, one of which is the Enterprise Grid, a tool for larger organizations. Enterprise Grid owners can require their members to use a fingerprint, facial scan, or password in order to access Slack on mobile devices:
Now that you see what SaaS is and what benefits it has to offer, let's look at how laws affect SaaS platforms in a few different ways.
For example, whenever you decide to create or add a feature to an existing product and it changes what personal information you use, or how you use it, you will need to update your policies and legal agreements to reflect any changes in the way you handle users' privacy or personal information.
The California Consumer Privacy Act of 2018 (CCPA) went into effect January 1st, 2020, and requires certain businesses to comply with its rules. Companies that do business in the state of California and meet specific criteria in terms of annual revenue and how much of their business comes from buying and selling personal information are obligated to comply with the CCPA.
In order to remain in compliance with the CCPA, your business should:
Otherwise, you run the risk of acquiring financial penalties of up to $7,500 for each intentional violation. Other states have similar privacy laws that you should familiarize yourself with.
To show an example of compliance with aspects of the CCPA, let's look at Microsoft Office 365. This SaaS solution provides users with different subscription services for its Microsoft Office products. In the How we use personal data section of Microsoft Office 365's Privacy Statement it explains how it uses the information it collects, which is an essential part of CCPA compliance. It informs users that the data it collects can be used to provide its products, as well as for marketing, legal, and research purposes:
There are numerous data protection laws in effect around the world that may apply to your company if you do business with citizens of applicable countries.
Europe has one of the strongest privacy laws in the form of the General Data Protection Regulation (GDPR), which requires that companies that fall under its jurisdiction do the following:
Failure to comply with the GDPR can result in harsh financial penalties.
Amazon Web Services offers users cloud-based computing services that are charged based on usage. The How We Secure Information section of Amazon Web Service's Privacy Notice details what measures it takes to ensure the security of the personal information it collects and stores, helping it to stay GDPR compliant:
You should investigate the privacy laws of each country you do business with and make sure that your legal agreements contain language that keeps you in compliance with those laws.
It's important to make sure that users accept the conditions of use around any changes you make, which is where a clickwrap agreement can come in handy. A clickwrap agreement is a digital method for getting legal consent from users by requiring them to accept your terms before using your product or service.
Dropbox is a file hosting platform that stores information on the cloud. Users encounter Dropbox's clickwrap agreement when they go to create an account with Dropbox, which requires that they agree to its Terms before signing up:
Using your social media pages to inform users of changes to how your business handles their information is an effective way to communicate with specific demographics.
Canva is a graphic design SaaS that used Facebook to keep its users informed when its security system was jeopardized:
Another good place to communicate with users is on your company's legal pages.
When users click on the Learn More button, they are taken to Salesforce's Data Transfer Mechanism FAQs, which details the rules and clauses it abides by when transferring users' personal information:
SaaS stands for software as a service and is a cloud-based method of providing software to users via the internet.
Many companies prefer SaaS to traditional software due to its lowered costs, speed of implementation, ease of maintenance, accessibility, security, and overall scalability.
You should pay attention to existing privacy legislation whenever you make changes to your legal agreements, and make sure to add language that adheres to those rules.
Once you have made changes to your legal agreements, you will need to inform your users of those changes. Some efficient methods of communicating changes that affect users' personal information or privacy include email, blogs, social media pages, and legal page announcements.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
01 December 2022