October 1, 2009

Keeping Up With User Policies (Part II of II)

Column: Tricks & Tips

Isaac M. O'Bannon

From the Oct. 2009 Issue

[Part II of a II Part Series – Read
Part I
]

If you’re like most consumers, you simply click through the license agreement
when you use a program and never bother to read the terms of use on websites
you use for work. If you don’t think it matters, how would you feel about
taking that same approach to other contracts, such as mortgages and car loans?

In my last column (www.CPATechAdvisor.com/go/2496),
I discussed the potential legal issues that modern technology users face, even
though most don’t even recognize them. In our professional and personal
lives, we sign contracts every day that we don’t even read, under the
assumption that,

A) The agreement hasn’t changed since the last time
we used the technology; and,
B) That the company whose program or service we are using
would not risk their business relationship by implementing policies that would
anger its users.

DUE DILIGENCE?
These contracts are the user agreements and terms of use policies that we agree
to, without reading, every time we use a hosted program, website, online email
or traditional programs with automatic update features. This is naïve.
And if these websites or programs are used for work involving sensitive client
data (what client data isn’t?), then you need to evaluate whether or not
you are performing your due diligence.

Is it enough to assume that your vendor would never do you wrong? In most
cases, especially with established technology vendors, they probably would not.
But when is probably an answer to whether you are performing due diligence with
regard to your client data? So the answer is no, but what can be done about
it?

The biggest challenge when using websites or hosted programs is that the user
agreements can change at almost any time, and with little or no notice. And
as I stated last month, nobody has the time to read these agreements prior to
each use, especially considering the legal jargon used. I am a major advocate
of hosted programs. They are more convenient for end-users as well as technology
vendors. Likewise, Web 2.0 websites provide great resources for professional
use and for online recreation. But how can we be informed users and consumers
of these technologies without opening ourselves and potentially our employers
up to potential liability?

THE CLEARINGHOUSE
A possible solution is a clearinghouse that would alert users to changes in
the terms of service, privacy policies and other agreements for technologies
they use. This would not be a government entity, but rather an organization
funded voluntarily by the technology sector. I’ll address the funding
issue in a bit, but first I need to define the how and what of the organization.

HOW IT WOULD WORK FOR TECHNOLOGY USERS
If a person or business is concerned about potential changes in the agreement
terms they have with technology companies, especially hosted programs and websites,
they could sign up online to be notified of changes to particular sites or programs
they use, which they would note on selection lists. All that would be required
is an email address, to which alerts would be sent. The user would determine
how frequently they wanted to be alerted.

The clearinghouse would also include ratings of the significance of these
changes, say from Level 1 being the least notable changes to a terms of use
or privacy agreement (minor edits, clarification, etc.) to Level 5, which would
represent the most significant changes that could impact many users. This would
allow users to also determine the level at which they wanted to be alerted (as
in, “How big a change to the user agreement do you want to be notified
about?”). When a consumer would receive an alert, the email would provide
links to view the previous and new versions of their agreement, and let them
decide whether it was of concern.

HOW THE CLEARINGHOUSE WOULD OPERATE
For users to receive an alert that an agreement had changed, it would first
need two things: The terms of use/policy as it was when the user first started
using the technology or website, and the newly changed version.

There are two directions the clearinghouse can now take: one, as a neutral
organization that provides no legal opinion on the agreements or changes to
them; or two, providing content-based legal opinion as to what effect the new
language in the agreements might have. This second option would be far too contentious
and costly. I prefer the first, which not only is much simpler in concept, but
also in infrastructure. The organization would have a database of user agreements,
privacy policies and the like, referenceable by technology vendor, program,
website, date and other factors.

At the bottom end of the technology spectrum, staff could use simple document
comparison tools such as the ones in Word to identify where changes occurred
and whether the changes were numerically limited, moderate or major, coinciding
with the significance levels the user selected for alert notifications. This
judgment would not relate to potential legal significance, but to the extent
that the wording of an agreement had changed.

This would be a daunting task, especially if trying to perform these functions
manually, when you consider that there are several thousand technology vendors
in the United States alone, and countless websites offering various services.
But keep in mind, especially with websites, that the only concern would be with
commercial sites, and then only those with large user bases. Also, with only
a little more technology infrastructure, the clearinghouse would be able to
automate most of these processes. Additionally, the new agreements would be
submitted by the technology vendors and websites themselves. (I explain why
below.)

THE ROLE OF TECHNOLOGY COMPANIES
Even as a nonprofit watchdog-type group, such a clearinghouse would need money
to operate, primarily for full-time staff and infrastructure. As I noted earlier,
the clearinghouse would be funded by the technology industry (hosted solution
providers and commercial websites, most notably). This would not be through
a tax or mandate, but voluntary. And these companies would also voluntarily
submit planned changes to user agreements and privacy policies (under protection
of non-disclosure) in advance of implementing those changes. They would retain
the ability to make immediate changes as necessary when faced with pressing
legal concerns such as needing to close a previously unknown loophole.

THE COSTS
The sale of technology and the use of technology for sales are billion dollar
markets, but they are very different in their models. My first inclination was
for technology vendors to contribute a fixed amount per transaction, say five
or ten cents for each sale, service agreement, contract or other transaction
of more than $10 (not a percentage, though). With millions of transactions each
year, a small surcharge such as this could easily provide ample resources for
the organization. While I think this would be a good system for direct developers/sellers
of technology and programs (such as Microsoft, Apple, hosted program providers,
etc.), it would not fit with the revenue models of websites and solutions that
are cost-free to users (like Yahoo! Mail, Google Docs, Facebook, Twitter, etc.).
Nor would it be a fit for online retailers or the websites of traditional retailers.
But I still think that a low-cost, per-transaction model would have the least
impact on pricing, although these entities might alternatively be able to pay
an annual fee.

THE BENEFIT TO TECH COMPANIES
Why would technology companies voluntarily fund a group whose purpose is to
police the industry? For starters, the clearinghouse would have no “policing”
powers. Its sole purpose would be to provide notice to users of changes to agreements.
In return for voluntarily helping to fund the organization, tech companies would
be able to use logos or website images noting their membership in the “Technology
Agreement Clearinghouse,” or perhaps a catchier name. It would be akin
to the Better Business Bureau or other industry groups and would serve as an
assurance to consumers that the company is open about its policies and is concerned
about their rights as users of its technology.

OTHER SOLUTIONS?
While the clearinghouse idea presents many challenges, if it is viable at all,
there is a need for a solution. Although most users seem content with the status
quo, we continue to put ourselves, our employers and potentially even client
data at risk every time we use technologies that have user agreements and privacy
policies that can change at any time. The clearinghouse concept at least addresses
the problem and acknowledges that most people don’t want to read these
agreements, instead offering them a quick method of finding what has actually
changed, if they want to.

The more we rely on the convenience of hosted solutions, cloud-based computing
and other technologies, the more we need to know what we are agreeing to.

Think this couldn’t work? Have a better idea? Send me an email at editor@cpata.com
or discuss it on our blog at www.CPATechViews.com.

Part II of a II Part Series – Read
Part I

Thanks for reading CPA Practice Advisor!

Subscribe for free to get personalized daily content, newsletters, continuing education, podcasts, whitepapers and more…

Subscribe for free to get personalized daily content, newsletters, continuing education, podcasts, whitepapers and more...

Tags: Technology

Leave a Reply