Reply to: Standard contract term - what does it mean?

It may not be logical to think that contractors would know the answer to this, although we probably all work with customers, and personal data at times. It's just curiosity (that killed the cat). I'll close this topic now, and thanks for all the responses, even the supercilious ones ;-)

Our clients pay us for our software (developed in house) which will be used to store and process their customer data, so will constitute "customer" data such as monetary value, frequency of their custom, etc., but also their personal details (name, address, mobile, email). I'm not remotely trying to suggest it was not my fault, that's irrelevant, that piece of information was purely to stress that the term was not written to order and so we (including me, as suggested by the word) wouldn't have had input to it. So, to put it simply, my only outstanding question is to clarify the distinction between customer and personal data within the context I have given. I can easily deal with my client query, it's my quest for clarity that I'm struggling to get a definitive answer to, and yes, I appreciate everything is within a given context.

Context is everything here. Is personal data stuff that you have on their drives that's not work related or is personal data mean its data about people? No idea what you do or trying to do to provide any context.

Why are you so hung up on knowing this. If it's important then get a solicitor to explain it. I very much doubt a bunch of contractors with zero knowledge of what you do is going to help you with a legal statement.

OK, let’s go back and try again:
What exactly are you offering your client that involves customer data? Are you providing storage, are you providing database software, what is it you are providing?
You seem obsessed with “it’s not my fault it’s been like this for years” and “what is customer/personal data”
What are you trying to sell?

Hi, as the person who asked the original question I will try to clarify:

Our contact was written many years ago, long before my time, and we probably paid a solicitor to provide what looks like a 'model' or 'standard' contract template which we then tweaked to fit our particular business. I doubt very much if any of my colleagues ever questioned it, or were ever questioned about it by clients. If your combined responses above mean that the client may use their customer data for market research, statistical/trend analysis, etc., but that their ownership doesn't extend to personal data, for example, personal email addresses, then that makes sense to me.

The only point I'm struggling with is when customer and personal data intersect, i.e., could some data be both, or will customer data purely relate to buying habits, monetary values, percentage growth, demographic split, age bands, etc, so at a macro level rather then specific personal details relating to an individual customer?


I'm very grateful for everyones input, these sites are great for this type of debate and knowledge sharing.

Erm no. I very much doubt his colleagues wrote the contract. And no, I very much doubt that would be the response. You mean you should ask the legal/HR team who own that contract and they will refer back to the lawyer that wrote the contract for them.

Again I don't agree. This is a pretty standard ownership of company data and every company has data regardless of what they do.

Privacy policies have been relevant since customers had data.
HR, legal or security will know what it means. I would ask him exactly what he means when he says 'they have questioned it'. I think you've gone down the wrong track and if he explained exactly who 'they' is and the situation he's questioned it it will become much clearer. If it's standard, then there shouldn't be any question so again, I would ask (but I'm not bothered as I gave the answer) who 'they' is.

If you're asking "why is this clause in the contracts?" then you should ask the people who wrote the contract, i.e. your colleagues. I think the practical answer is "we copied and pasted from a previous contract as a standard template".

This is something that might make sense in some contexts, but not others. E.g. cloud hosting often has a shared responsibility model, which defines who is responsible for patches etc.
Cloud security shared responsibility model - NCSC.GOV.UK
The accuracy of the data is typically going to be the customer's responsibility, but that doesn't necessarily mean that the hosting company can dodge all responsibility. E.g. if someone puts dodgy videos on YouTube, Google can't just say "it's nothing to do with us, talk to the person who posted it".

If your company is doing data analysis, this type of clause might be useful to specify that your customer still owns their data, and you're not going to make it available to anyone else.

A privacy policy could also be relevant now that more companies are harvesting data for their LLMs.

However, if nobody at your company understands what the clause is for, you should hire a lawyer and/or take it out.

You’d need to think about why you are putting it into your contracts, what are you hoping it will cover/achieve, and is it relevant to the client you are presenting it to?

As for why a company does not “own” personal data, that’s covered under GDPR and whatever the name for the UK equivalent is.

But it’s your contract, you can put in what you want.
Clients can question it, at which point:
You need to be able to explain it to them, or change the contract wording, or walk away.

This clause outlines the ownership and responsibility related to "Customer Data" (which does not include "Personal Data"). Here's a breakdown of what it means:

1. "You shall own all right, title, and interest in and to all of the Customer Data that is not Personal Data":
   • You (the person or entity this clause is addressed to) will own all the rights to the Customer Data, except for the data that qualifies as Personal Data. In other words, you have full ownership of the Customer Data, and that ownership does not extend to any data that is considered personal, such as identifiable information about individuals.
2. "and shall have sole responsibility for the legality, reliability, integrity, accuracy, and quality of all such Customer Data":
   • You are solely responsible for ensuring that the Customer Data you own (again, excluding Personal Data) is:
     • Legal: It complies with laws and regulations.
     • Reliable: It is trustworthy and dependable.
     • Integrity: It has not been tampered with or altered improperly.
     • Accuracy: It is correct and up-to-date.
     • Quality: It meets certain standards or expectations for its purpose.

Summary:


This clause means that you own and are fully responsible for any Customer Data (that isn't Personal Data), and it's up to you to ensure that the data is lawful, reliable, accurate, and of good quality.

It's a standard contract term that is in all of our client contracts and they have questioned it. We've used it for years and I don't know who originally drafted it. I've Googled it and it seems to be in most companies' standard contracts?

It's a standard contract term that is in all of contracts to clients and they have questioned it. I've googled it and it seems to be in most companies' standard contracts?

I can't say I've ever see such a clause. Are "Customer Data' and 'Personal Data' defined?
Is this an employment contract? The use of the personal pronouns 'you' is also rather interesting.

Do you have a contract reviewer who has expressed a view?