Audit clauses are frequently used in technology and outsourcing agreements. They are an important tool for checking that parties are complying with the terms of the agreement and, in particular, with billing accuracy, data security and IP licence restrictions.
A good audit clause will oblige a party to maintain records, and to provide copies of those records to the other party or allow access to them on request.
Data Resource v IDS Data Services, which involved an audit clause in a database licence agreement, reinforces the necessity for clear drafting of such clauses, as courts are reluctant to imply terms which are not set out expressly in the agreement.
The clause in that case required that the licensee:
“permit any duly authorised representative of [the licensor] on reasonable prior notice to enter into any of its premises where any copies of [the database] are used, for the purpose of ascertaining that the provisions of this Agreement are being complied with”.
The case concerned a licensor sharing its database with a competitor licensee. Accordingly, restricting the licensee’s right to use the database to certain defined purposes (and monitoring to check that this was being complied with) was critical for the licensor.
On the other hand, it was critical to the licensee that the licensor did not have carte blanche access to all its information.
The court read the clause as follows:
- Access by who? Although the licensee agreed to permit access to "any duly authorised representative" in the singular, the definitions clause provided that the singular included the plural. Accordingly, access was not limited to one person. However, it was permissible to imply a term that the licensor must act reasonably, preventing the licensor from swamping the licensee with an army of representatives.
- Access to where? The licensee had agreed that access was to be given to "any of its premises where copies of [the database] are used". The database was stored on the licensee’s server in its offices. Contracts with customers were kept at that location for a few months, after which they were archived off-site. The licensor accepted that it had no right to gain access to the archive, but only to the main office.
- Access - for what purpose? The licensor argued that access was to be given "for the purpose of ascertaining that [all of] the provisions of this Agreement are being complied with". The court held that the audit clause related to the database’s storage / use only, and it did not permit the licensor to access commercially sensitive information. The licensor did not have “carte blanche to search for anything which happens to be on those premises, whether or not connected with the storage or use of the database.”
- What can be done after access has been gained? The intention of the clause was to enable the licensor to monitor the use of the database. That clearly imposed some obligation on the licensee to permit access to its computer in order that the licensor could carry out the permitted investigation. However, the court held that there must be some restrictions to ensure fair use of the information found. The court could not rewrite the agreement to provide what restrictions there were or what the licensor could do with the information it obtained. However, it observed that such information would be subject to the contractual and equitable provisions relating to confidential information.
As this case demonstrates, a good audit clause should set out:
- the audit’s purpose;
- what information may be inspected;
- what information may not be inspected – eg commercially sensitive and legally privileged information;
- consequences if a breach is discovered – eg should data be delivered up?;
- use of information obtained from the audit;
- who may carry out the audit;
- permitted location(s) for the audit;
- frequency and duration of audits; and
- who bears the cost of audits.
- Anything less risks leaving the licensor disappointed.
The licensor had the right to enter the licensee’s office for the limited purpose of monitoring whether the database was being stored and used in accordance with terms of the agreement, particularly whether the database was “held separately from any other data in a secure environment” and for no other purpose.
The licensor failed in its objective to secure a wider audit right, because insufficient detail was provided about the purpose of the audit, how it would take place and what use could be made of the data obtained.
Clear words would be needed, particularly as the parties are competitors, to allow the licensor unrestricted access to the licensee’s data.
Mark Lewis was discussing 118 Data Resource Limited v IDS Data Services Limited and others  EWHC 3629 (Ch). A longer version of this article was published in Commercial Litigation Journal, click here to read the original.