Even if the tool is free, almost all use of a third party tool or cloud computing resource requires a user agreement of some kind. These agreements establish the terms and conditions between the parties. Sometimes these agreements may grant rights to the other party to use or own the data in various ways. Other times they might contain indemnification language which transfers the liability from one party to the other. When data is personal, confidential or otherwise valuable to the University, we must be careful not to agree to terms that would allow unauthorized access or distribution of that data. The Regents Standing Orders 100.4(dd)(9) prohibits acceptance of third party liability without specific approval.
Full list of data ownership & legal liability criteria
- Does UC accept liability for third party actions?
- What happens if data is illegally stolen from the cloud?
- Does the provider have a right to use the data?
- What are the acceptable use of the program and/ or are there any restrictions of use?
- Can changes in business processes affect liability?
- Could a UC employee be personally liable by signing an agreement without University approval?
- Can the provider make business processes changes without notification to the University?
- Does my use of the system create unwanted liability for the University?
- Who is responsible for what happens to the information that is stored in the tool?
- What happens to the data at the end of the agreement or if we stop using the tool or resource?
- Who retains the intellectual property rights? Who retains the copyright?
- What legal or non-legal remedies are available?