In this quick guide, we set out the key recommendations from our article on the ‘Top Tips for Data Licensees’, which was the first in our Data Series of articles. The full piece can be found here.

With data audits becoming more prevalent, the risks associated with misusing third-party data are significant. In that context, we think that all organisations who licence-in large volumes of data need to do the following:

• Map datasets to the relevant contractual arrangements – can you easily understand what contractual terms apply to any given dataset used by your business? If not, you’re creating the risk of potential liabilities arising from the misuse of data. Properly mapped datasets to contractual terms will reduce that risk, as well as the amount of management time required from in-house data, legal and compliance teams. Products/services can also be developed and brought to market quicker.
• Understand relevant data licence terms – while mapping datasets to the relevant contracts is helpful, best practice is to also include details of the relevant terms relating to licence scope and prohibitions/restrictions on use. This will enable relevant teams within your organisation to quickly establish whether certain use cases are permitted or not, thereby enabling quick, efficient and accurate decision making.
• Track audit clauses – this will allow you to programmatically know when audits might be likely and to take pre-emptive action in carrying out pre-audit work and remediating issues before licensors carry out formal audits.
• Clarity around ambiguous terms – do you understand the ambiguous terms in your data licences and how these impact on your usage of the data in question? For example, ‘non-commercial use’, ‘internal use’, and/or what constitutes ‘aggregated’ or ‘derived’ data. You need to understand what these terms mean in the context of the relevant licence and your usage of the datasets in question.
• Know who is using which data sets – do you have controls in place to track which business units are accessing particular datasets from internal data repositories? If not, this leads to a lack of understanding about who is using what datasets and potential risk in relation to unlicensed use.
• Rigour around data use permissioning – consider implementing mandatory processes which require business teams to obtain clearance to use third-party datasets based on the relevant use case. If done properly, this is likely to detect proposed usage that might be in breach of the relevant data licence(s).
• Third party access – care should be taken when engaging contractors or other third parties to provide services which require the use of licensed-in datasets. It’s important to note that if data licences are personal, then allowing access to third parties will constitute a breach.
• Be careful with open data – does your organisation use open data sources? If so, you still need to check the relevant licences, as some contain ‘copyleft’ style terms. Care must be taken to ensure that the use of such data does not lead to an obligation to make available to the public any derived works containing your own proprietary datasets.
• Use of software tools – consider using software tools to assist with data mapping and use case permissioning. Such tools enable business, legal and compliance teams to quickly assess the risks associated with using particular datasets.

Want to know more?

To discuss any of the above issues, or any other matters relating to the use of data by your organisation, please feel free to contact me directly at Jeremy.Harris@Kemplittle.com.

• Share this blog

• Twitter
• Facebook
• Linkedin