Data has become big business, and with the growth of Software as a Service (SaaS) programs that anyone can access with a working username and password, illegal data sharing has become a bigger problem in recent years. With research showing 85% of employees have taken documents and information when they left a job in the past, there is a growing risk of employee data theft at every company.
For example, since the software isn’t installed locally, a license isn’t required for every computer where a SaaS product is used. That means it’s easy for people to share their software login information with multiple people. However, sharing login information for a single account so multiple people can access that software is typically a violation of the SaaS agreement (also called a subscription agreement). In other words, it’s illegal.
Sharing accounts isn’t the only way that people are knowingly and unknowingly breaking the law when it comes to SaaS agreement violations and illegal data sharing. Downloading data from a software program that you don’t own and sharing that data with other people who don’t have licenses to use or permission to access the same software is another activity that can get people in trouble with the law (and cost hefty fines or jail time).
The problem is that illegal data sharing (often referred to as a form of data theft) is one of the main factors driving the cost of software up. When users share logins and violate license agreements, they’re preventing the software provider from generating revenue on additional accounts. As a result, many of those providers need to raise prices so they can continue to pay their employees who are needed to keep the software running and customers happy.
The Cannabiz Media Team sees this happening with its own database and hopes subscribers will recognize that sharing logins, downloading data, and giving data to others who don’t have licenses to the Cannabiz Media License Database are unethical and illegal activities. The team works extremely hard to manually collect and verify the accuracy of every piece of data in the License Database. We hope all of our subscribers understand that and don’t misuse their accounts.
While publicly available data (like telephone numbers) isn’t protected by copyright laws, you can copyright the way data is presented (like a telephone directory) and you can protect the processes used to collect that data and make it accessible to other people (such as in a SaaS database) through intellectual property laws. That means people cannot reverse-engineer a SaaS product and make their own version of it.
The cost of noncompliance can be expensive. Not only could you lose your license to the software, but you could also be found guilty of civil and criminal charges. The civil penalty for copyright infringement can go up to $150,000 per infringement, and criminal charges could include a fine up to $250,000, jail sentence up to five years, and punitive financial penalties that could be even more expensive depending on the losses the software provider incurred due to your infringement.
Illegal Data Sharing and SaaS Agreement Violations
Every SaaS agreement between the software provider and user includes a license or access clause. Before SaaS, people had to obtain physical copies of software and install them locally on their computers. They need to license every copy of the software that they installed. Today, they need permission to access software in the cloud. To make things simpler in this article, the word “license” refers to both permission to install and access a software product.
When you sign an agreement with a SaaS provider, it’s essential that you fully read it and abide by it. This includes everything in the license or access clause as well as any restrictions included in the agreement’s prohibited uses clause. The onus is on you to meet your obligations under the agreement.
The license or access clause defines the user’s permissions to use the product. The number of authorized users allowed and the scope of permitted access or use are usually included in this clause. For example, the agreement may give permission for a specific number of users and how many can access the software at the same time or it may give permission for all users in the customer’s organization to use it (referred to as enterprise-wide authorization). It may even specifically list the names of authorized users.
For SaaS programs that provide functionality and data, both the processes used by the provider to deliver the tools and data to users and the data provided are protected by law and only authorized users with valid SaaS agreements are permitted to access them at any time.
Here’s an example to put that into perspective.
Let’s say you’re an active Cannabiz Media License Database subscriber with a current agreement in place. By paying for a license/access (i.e., a user account with login credentials), you are given permission to access the software and data. However, you don’t own it and you’re not given permission to distribute it to anyone who does not have their own license to access it. Furthermore, your license (i.e., your signed SaaS agreement) only gives you permission to access and use the data based on the specific authorizations included in the SaaS agreement.
This isn’t unique to Cannabiz Media. All software providers have some type of software license (even open source software) and/or agreement that defines access and use permissions, so it’s imperative that you read all legal documents carefully and adhere to them at all times.
Infringements are often reported by employees, other users, competitors, and vendors. In addition, software companies monitor users’ logins and their use of software programs to confirm license, access, and use compliance. In fact, many SaaS agreements explain how the company will monitor and audit use and how violations of the agreement will be enforced.
If you’re found guilty of violating a software license or SaaS agreement by illegally sharing data through unauthorized use and users, the penalties and court costs can get very high. It’s a lot less expensive to pay for additional licenses each year!
How to Avoid Breaking the Law (and Harming the Companies and Employees Who Work Hard to Provide Software to You)
In order to avoid inadvertently (or advertently) stealing data by misusing software, follow these tips:
- Don’t copy software.
- Don’t share your software login credentials with anyone inside or outside of your company.
- Don’t allow anyone else to log in and use the software with your license credentials.
- Don’t use the data in a software product (e.g., the data in the Cannabiz Media License Database) for or with anyone (individual or company) who is not a licensed customer of that software.
- Don’t use the data in a software product in any other commercial product or service.
- Don’t use the data from a software product after your license ends.
These are just some of the most common ways that people violate software licenses. To ensure you’re always in compliance, read your software licenses and/or SaaS agreements carefully and ask questions about anything you don’t understand. For example, you can follow the link to view Cannabiz Media’s Subscription Agreement.
How to Stop Employees from Stealing Data
One of the most common ways that data is stolen, aside from sharing software login credentials, is employee theft – typically when employees leave a company. For example, if Company A subscribes to the Cannabiz Media License Database, then employees that the company has licenses for (i.e., “seats” or permission to access the software) can log in and access the data for use as an employee of Company A.
However, if an employee with a licensed access to the software leaves Company A, he or she may not download, export, print, or take any of that data with him or her in any format or for any reason. Doing so is a violation of the Subscriber Agreement and could get the former employee and Company A in expensive legal trouble.
To protect your company from penalties, fines, jail time, and other potential results of employee data theft, make sure your employees understand that taking data with them for use outside of your company is illegal. Include language in employees’ employment contracts explaining they are required to adhere to all licensing agreements. In addition, create policies for the proper use of licensed software and the data within that software as well as a process to monitor and audit employee behavior.
Be sure to formally train employees on these procedures and policies, and when an employee leaves the company, immediately change their password so they can no longer log into the software. This is particularly important for SaaS products that can be accessed via any internet connection.
Remember, you have a responsibility to safeguard the data accessed through your software licenses and SaaS agreements. If an employee steals data and takes it with him or her to use at another company, their actions not only hurt your competitive advantage but also put you in legal and financial risk, so be proactive in stopping data theft by employees.
Cannabiz Media’s License Options Make It Easy to Avoid Stealing Data
Cannabiz Media has taken a number of steps to offer flexible licensing options so clients don’t need to intentionally or unintentionally steal data. For example, Cannabiz Media makes it easy for you to add additional licenses (i.e., “seats” or permitted users) to existing accounts in order to collaborate and share the data with your team.
When you have multiple seats with your subscription, you can easily bring your whole team into the system. Users can share their actions and data (i.e., any notes they leave, tasks they assign, deal tracking, lists, email campaigns, and more), and you can assign records so there is no confusion among all users about who owns responsibility for what.
Cannabiz Media prevents anyone who isn’t an authorized user from emailing to the addresses in the License Database. That means you can’t simply conduct an export and then hand email addresses to other members of your team (or anyone else).
Recently, the Cannabiz Media team cracked down on logins to ensure all seats that are linked with one account are, in fact, with the same organization. Cannabiz Media’s Terms and Conditions clearly state that your one account login is good for one person and is not to be shared. The team watches locations of logins, frequency of logins, concurrency of logins, and more, and unfortunately, the team has shut accounts down for sharing logins in the past.
Your Next Steps to Stay out of Trouble
Most companies use a variety of software, including numerous SaaS tools, to do business every day. Be mindful of the licensing policies, and be sure to stay compliant. As you learned above from the steps Cannabiz Media takes to reduce data theft and software licensing violations (and keep subscription costs down for users), software providers are watching your behavior. You don’t want to get caught misusing your logins or sharing data illegally.
And of course, you don’t want to do anything unethical that can hurt the companies and the employees of those companies who work hard to create and maintain the tools you use to do business each day.
Originally published 2/18/19. Updated 8/16/19.
Ed Keating is a co-founder and Chief Data Officer of Cannabiz Media and oversees our data research and government relations efforts. He has spent his whole career working with and advising information companies in the compliance space. Ed has overseen complex multijurisdictional product lines in the securities, corporate, UCC, safety, environmental and human resource markets and focuses on workflow products over the last twenty five years. During that time he has worked for both startup and established information companies where he has led marketing, product management and sales organizations. These companies include Wolters Kluwer/Commerce Clearing House, CT Corporation, EDGAR Online and Business & Legal Reports. At Cannabiz Media Ed enjoys the challenge of working with regulators across the globe as he and his team gather corporate, financial, and license information to track the people, products and businesses in the cannabis economy. Ed graduated from Hamilton College and received his MBA from the Kellogg School at Northwestern University.