As the adoption rate of SaaS (Software as a Service) applications goes through the roof – it looks like Washington has finally taken notice. There are several issues that are coming to the forefront – including privacy, data security, data ownership and data portability that I think will become hot issues both in the press and in the legal system over the next couple of years.
According to a September 2008 report from Pew Internet – 69% of all Internet users have either stored data online or used a web-based software application. And from the following statistics – that number isn’t going to be shrinking any time soon:
- 51% of Internet users who have done a cloud computing activity say a major reason they do this is that it is easy and convenient.
- 41% of cloud users say a major reason they use these applications is that they like being able to access their data from whatever computer they are using.
- 39% cite the ease of sharing information as a major reason they use applications in cyberspace or store data there.
Unfortunately, I also suspect that as cloud-based solution adoption continues to grow – it’s inevitable that government will get involved at some point. We all know that there will be lawsuits – that’s a given. The good news (if you’re an ISV) or the bad news (if you’re a major SaaS/PaaS player) is that the big guys will get it first.
There are a whole host of issues that have not yet been worked out – either from a legal perspective, or from a marketplace “common practices” view point:
- Who owns the data?
- Should law enforcement have easier access to cloud data than data on a PC (hint: they do right now)
- What happens if you want to move your data to another provider with similar services?
- What is the liability limit if the host gets hacked and sensitive data is made public (or just stolen)?
The best defense is a good offense. Make sure you plan from the beginning how (or if) your users will be able to extract their own data from the system either for backup purposes or for moving it to a different system. How will you handle record deletion – really delete or just “hide” the records for easy “restore?” How long will you maintain a customer’s data after they cancel their account? How will you handle security and data privacy? Does your insurance cover you in case of data breach?
Thre are lots of things to think about – and you should get some advice from both legal counsel and also talk to your hosting provider and see if they can help point you in the right direction.
From a tech point-of-view: if you’re building your SaaS application in Servoy – you’re already ahead of the game since Servoy is flexible enough to allow you to do on-premises as well as hosted SaaS; is already cross platform and multi-database aware; allows you to script exports easily, etc.
By choosing Servoy at least you know that the technology side is handled… now if only the other parts of your business were as easy!