The targets of SIIA audits frequently believe that they know who reported them to the Software & Information Industry Association. Justifiably angry, they want to know what legal recourse they have against the informant. Because the informants are frequently out of work, having been fired by the target, I advise my clients about the number one rule governing litigation: never sue poor people. Legally speaking, the most probable cause of action against an informant in a SIIA audit would be based upon a breach of an employment agreement containing a confidentiality provision. We have frequently assisted clients in drafting letters to former employees presumed to be the informant, forcefully reminding them of their confidentiality obligations, but have come short of advising clients to file suit against a presumed informant.
Scott & Scott, LLP is not affiliated in any way with the SIIA
If your company has received a letter from the SIIA requesting a software audit, you are probably wondering whether you should cooperate or tell the SIIA to pound sand. I advise my clients to cooperate but to do so in a manner that will not jeopardize their legal position in the event that cooperation does not result in an acceptable out-of-court settlement. This advice is predicated on the fact that business clients almost universally seek a resolution that has the lowest total costs and the most predictability. In SIIA audits, these costs are software licensing fees, fines payable to the SIIA, attorney’s fees, organizational impact, and the potential damage to brand associated with negative publicity. In my experience, a properly handled SIIA audit can always be resolved for a lower total cost through cooperation than through litigation. Most importantly, cooperation does not preclude litigation in the future if the SIIA is unreasonable in its approach to settlement. In other words, you can always go to court if the out-of-court, lower total cost approach is not satisfactory. However, we have seen audit targets and other lawyers make several mistakes that actually detriment their legal position during negotiations with the SIIA. The two critical success factors to properly handling a SIIA audit or making sure that the information gathered during the process, which would not otherwise be discoverable in a court proceeding, is protected by attorney work-product and attorney client privileges. In addition, no information should be provided to the SIIA unless and until the SIIA agrees that the information is governed by Federal Rule of Evidence 408 and therefore will not be admissible in court if an out-of-court resolution is not reached with the SIIA. The only time I have deviated from this advice has been where the audited entity was not a viable going concern and the principal(s) were judgment proof. If you have been contacted by the SIIA, you should contact an experienced attorney to assist you with strategy. Scott & Scott, LLP is not affiliated in any way with the SIIA
One of the first things I ask a prospective client is: What is the date on the initial letter you received from the SIIA? The date on the initial in a SIIA letter is often referred to as the Audit Effective Date. This date is important for many reasons. I like to tell my clients that a SIIA audit measures a snap-shot in time – what SIIA member software was installed on the company’s computers as of the Audit Effective Date. Once you have an accurate inventory of what was installed on the Audit Effective Date the next step is to determine what proofs of purchase are available to establish purchases prior to the Audit Effective Date. When a SIIA audit matter is settled, the target is required to certify that the audit results provided during the course of negotiations are true and correct as of the Audit Effective Date. For this reason uninstalling software that was installed on the effective date, or purchasing software products after the effective date have no impact on the SIIA’s calculation of fines in SIIA audits. It is critical to obtain an accurate inventory of the software installed on the target company’s computers as quickly as possible following receipt of the initial letter from the SIIA. Failure to understand the importance of the Audit Effective Date, has caused companies to go on software buying sprees in response to a SIIA audit and to report results to the SIIA reflecting the software installed on a date after the Audit Effective Date. I believe that both of these strategies are mistakes that should be avoided. Scott & Scott, LLP is not affiliated in any way with the SIIA
One of the top ten questions asked by my clients is “How long does the SIIA self-audit process take from start to finish?” Of course I give the standard lawyer answer: it depends. Here are the steps to a typical SIIA audit. Preparation of Audit Materials (3 to 6 months) A SIIA audit is a request, under threat of litigation, to compile a listing of all SIIA member software products installed on the audited entity’s computer network as of the Audit Effective Date. The Audit Effective Date is the date on the SIIA initial letter requesting an audit. The first step in preparing this information is conducting an automated inventory of the software products installed on all computers owned or leased by the target company. Once an accurate inventory of the SIIA member software products is completed, the next step is to reconcile the software inventory information with proofs of purchase dated prior to the audit effective date. While there are various ways to prove ownership of a software license, typical