A Data Licence and Compliance Audit is something that you may never have considered or even heard of, so what is it and how could you benefit?
Everybody knows that growing or even sustaining business is difficult in the current economic climate and whilst most businesses will try to gain new business whether this be from new or existing clients most do not consider whether they are being paid appropriately for the data products currently being utilised by existing clients.
The data owners response to such a comment, “our resellers, licensees, VAR’s have signed our licence agreement and are contractually covered”; and yes this is often the case but have you considered the following;
Some data owners have a statutory obligation to make data available to other businesses and or the general public. In fact these data owners would be better referred to as data custodians although under current Data Protection legislation most are Data Controllers or Data Controllers in common.
Depending upon the data being licensed the data owner could be subject to one or more legal obligations these could include amongst others
Demonstrating compliance with legislation can be difficult and whilst requiring contractual compliance with a licence imparting the necessary legal terms could be seen as sufficient how do you know that data processors and end users are actually complying with the licence?
Whilst you understand your licence; well be honest, at least the intended interpretation of it. The reseller, licensee or VAR will believe that they have also interpreted the licence correctly and whilst at a point in time this may have been the correct interpretation due to a number of reasons this may have changed and this is usually due to the ‘passage of time’.
Passage of Time
When was the last time your licence was revised? How was this communicated to your resellers, licensees or VAR’s? Did you provide adequate training to licensees? Have there been personnel changes within your resellers, licensees or VAR’s?
If you are unable to provide a positive answer to any of the above questions, then this would account for the passage of time. What was once correct may well be no longer and your data may be being used in contravention to the licence, licensed incorrectly and or incorrect royalties being remitted.
Whilst all of the above will not apply to all data owners, it would be difficult to disregard more than two or more of the above with any certainty. That is why I would recommend that all data owners that licence data perform regular licence compliance and royalty audits as an integral part of their data licensing strategy.
However, data owners must ensure that they have the ‘right to audit’ resellers, licensees and VARs as there is no automatic right. So firstly, check do your contractual agreements contain a ‘right of audit’ if not there could be other major loopholes in your licence and it’s probably time to seek professional assistance.
Assuming that your licence contains the necessary ‘right to audit’, then what are the options?
Specialist auditors should have specific experience in the data industry and should hold professional qualifications in information security, data protection and marketing. The benefit of this experience and these academic achievements are as follows:
Licence and compliance audits have a positive effective on resellers, licensees and VARs within the industry. They instil self-regulation by the recipients of your data who become aware that the licensor will perform rigorous checks and not just place reliance on a contract.
Furthermore data owners are able to utilise the combined audit findings from the audits as a management tool to predict future revenue and assist in future licence and pricing revisions.
The careful and appropriate use of these techniques should lead to benefit to data owners, licencees and, importantly, the data subjects themselves.