Skip to main content


Privacy Policies & User Agreements

Column: Tricks & Tips

[Part I of II – Click here for Part II (coming October 2009)]

From the September 2009 Issue

We’ve gotten so used to computers and the Internet that we’ve grown
complacent about something that used to be second nature, especially for those
in the financial sector. Perhaps willingly blind or so increasingly multi-tasked,
we enter into literally dozens of legal agreements each day without even reading
the fine print. In fact, most of us essentially just say, “Okay, I trust
you,” without even glancing at them.

These contractually binding agreements are the end-user license agreements
(EULAs), terms of service and privacy policies for all of the programs you use,
whether installed on your office and home computers or accessed via the Internet.
Considering how much we rely upon these technologies for so many aspects of
our professional and (increasingly) even our personal lives, our complacence
should not be acceptable.

It isn’t feasible, of course, for users to be required to fully read
such an agreement each time they use a program just in case there has been an
update to a clause or a sentence has been reworded or deleted, resulting in
a notable impact on the agreement. This is just as it wouldn’t be expected
of a car owner to read the owners’ manual every day, or a homeowner to
read their mortgage every day. These examples are much more static, however,
than is a contract related to the use of a computer program, especially hosted
programs and websites. But nevertheless, we consent to these technology usage
agreements multiple times per day without examining them and without concern.
After all, why should we be?

Before diving in, let me acknowledge the need for these agreement types and
terms of service. Companies often spend years developing unique and useful technologies,
and their investments need to be protected against potential copyright infringement,
misuse or potential liability the company might face if users are not made aware
of their own rights and responsibilities.

For the most part, the term end-user license agreement is associated with traditionally
installed software programs, whether downloaded or copied from a disc. They
are generally a “contract of adhesion,” meaning that the user has
the choice to take it or leave it, but has no negotiating power. They mostly
set out the conditions in which the software may be used, by whom, sometimes
where, and for what purposes. These contracts are much more likely to be static
than web-based technology agreements, in that the user has the copy of the contract
in the form it was in when the user agreed to its conditions (when they purchased
or licensed it). That said, agreements for some of these programs can be altered,
especially when updating the system or if the program has any online integration.

In the early years of consumer-level software development (and even occasionally
to this day), the user license was often contained within the program on the
disc itself, and the outer wrapping of the disc or packaging notified users
that opening it meant they agreed to this, as yet unseen, contract. Believe
it or not, there is no definitive court ruling on the viability of these agreements
(there have been rulings in favor of both sides). Fortunately, this practice
has mostly disappeared, with programs now offering the license during installation,
usually requiring users to “Click Here” to consent to the terms
and conditions and continue with the installation.

In the increasingly cloud-based world of hosted programs, data storage and other
applications, this is the area in which I have the most concern. A program or
website’s “Terms of Service” are essentially the modern version
of EULAs, once again setting out the user’s contractual conditions for
use of a technology. One of the most significant differences, however, is that
whether the program is installed on your computer or, more likely for this type
of agreement is a website or hosted program, it is considered a “service”
that is subscribed to by the user, sometimes for a specific period of time.
This directly takes away the ownership aspect of “buying” a new

I believe the more alarming prospect is the potential for changes in these
agreements that alter user rights. And they do change. Earlier this year, for
instance, Facebook (
caused a bit of a stir when a change in their terms of use noted that, henceforth,
they would own the content that users put on Facebook pages. Facebook also claimed
that the social networking site could “use your name, likeness and image
for any purpose, including commercial or advertising.” They couldn’t
really do this, could they? Of course they could, because its users agreed to
whatever their privacy policy is every time you use their website. Faced with
the mutinous users who might have quickly considered finding a replacement and
also with a complaint to the FTC, Facebook abruptly reversed those policy changes.

Likewise, Google (
has been criticized by a few for the part of its business model in which it
sells its users’ non-personal Internet usage information. According to
their terms of use and privacy policy, they don’t directly release identifying
information to third parties. But if a company with such a vast wealth of consumer
and business data really wanted to, needed to for financial purposes or were
acquired by a less reputable entity, they likely could, so long as they added
a clause in to their usage terms … the terms that we all agree to, even
though we never look at them.

Now, I’m not calling Google the big bad enemy of the people, but I do
think that the ease with which service agreements can change, plus the centralized
role of the web browser in our business lives, the advent of hosted operating
systems and the continued evolution of Web 2.0 and “the cloud,”
means that more and more of the work we process and other stuff we do will potentially
be in the hands of service providers who may be able to lay claim to the content
and data.


Changes in terms of service are necessary to reflect the constant evolution
in technologies and how they are used. Changes were made even in the days of
CD-based programs, usually coming on update CDs or notices. In the always-on
digital world of Web 2.0, updates can happen at any time. For hosted programs
or those updated via the Internet, when changes are made there is often a click-through
consent agreement, which users continue to ignore because they are too lengthy
and usually make it difficult to find the changes. For websites, web-based tools
and mobile phone applications, however, changes in terms of service may be largely
unnoticed until they’ve been in effect for some time.

For the most part, violations of the terms of service of a website or a hosted
program will result in a warning, suspension or termination from being able
to use the technology. Most technology vendors aren’t even on the lookout
for minor violations that don’t affect their sales, anyway. For instance,
an accountant using a free online web calculator to provide a paid client service,
even if the terms prohibit it, probably won’t be noticed. Only in the
rarest of cases, usually those involving larger-scale copyright infringement,
illegal activities like spamming other website users, creating malicious spyware
or piracy, do they seek any kind of court action.

But when it comes to client and firm data, the potential loss of access to
a hosted program or technology service is an especially important concern. The
technology vendors close to the tax and accounting professions are very aware
of both your professional needs and the near-sanctity of your client relationships.
But for some vendors outside of our sphere (perhaps some of your clients’
vendors), this understanding may not be as well-defined, nor the company as

As I noted earlier, I’m in favor of user and service agreements. They
help protect technology companies that have provided us with incredible advances
in the workplace and in our personal lives. We simply wouldn’t have the
innovations in technology that we do today if we didn’t have these agreements.
Users simply need to be much more aware of what they are, what they say, what
they require and what they prohibit, especially if the technology is being used
for business and client service. In the fine print you will find the answers
to questions such as who owns the data, is any of it shared with third parties,
and can it be accessed if a subscription to the service is terminated?

The biggest challenge, of course, is that nobody has the time to read through
all of such agreements (and who would want to, aside from a contract lawyer?).
Fortunately, I have a potential solution that could provide an automated, due-diligence
oriented method for keeping track of these changes. In October, I’ll share
that idea plus discuss how privacy policies fit into the overall equation.

[Part I of II – Click here for Part II (coming October 2009)]


See inside September 2009 issue

2009 Review of Retail/Point-of-Sale Systems

Today’s Retailers Have More Information At Their Fingertips Than Ever Before


An Executive Primer on Business Continuity Planning and Related IT Considerations

The following terms are undoubtedly familiar to you: Disaster Recovery, Disaster Preparedness, Business Continuity Plan, Operations Resumption Plan. But how do they relate to you or your clients? Moreover, how does information technology fit into these concepts? In the big picture, the above terms all emphasize the survival strategies in a business’ Risk Management process. […]