7 Tips to Avoid Being Sued by Ellucian

There are 7 tips to avoid being sued by Ellucian which every Ellucian customer should consider, especially if you run Banner. The 7 tips were created while reading through the amended complaint in the lawsuit between SunGard (Ellucian) and Cajana and Northwest State Community College. Each of the 7 tips represents one or more elements of Ellucian’s lawsuit with Cajana and NSCC which may very well be occurring at your institution.

Court Records

You can download and read the full copies of the SunGard v Cajana Amended Complaint as well as the SunGard v Cajana Answer to Amended Complaint for the nominal price of $1.99. Both are interesting reads of each side’s perspective and very relevant to every Banner customer.

Disclaimers and Declarations

Ellucian v Cajana
Case Files $1.99

Buy Now

You can read my full disclaimer if you want but you probably know that I am not a lawyer and what I think I know about intellectual property comes from my own work experience.

As I noted on edu1world in my Reply to my previous post SunGard (Ellucian) Still Suing Cajana and NSCC:

“…I value intellectual property rights and myself hold protections on various creative works, patents and trade secrets. I totally respect Ellucian’s right to seek remedy as well as their right to protect their property interests. There are several overt acts alleged in the amended complaint that if true are inexcusable which should carry some sort of penalties.”

Rationale Behind 7 Tips to Avoid Being Sued by Ellucian

It would be easy to conclude Ellucian will never sue another customer over copyright violations or stealing Ellucian trade secrets. In general I would tend to agree on that point.

But here is the thing. If you now know Ellucian has a clear property interest in its software, source code and user manuals protected by copyright and trade secret laws and your software and support agreements, then you have a duty to comply. No excuses especially in higher education.

Flipping my soapbox over now I also want to point out that in order to prevail in a claim of property rights being violated it is not unusual for courts to expect that plaintiffs demonstrate they have vigorously defended those rights all along.

On that basis is it reasonable to conclude that Ellucian in protecting their property rights will need to go after all other suspected and known violations and violators.

If you think that is a reasonable conclusion that means each and every institution running Banner should assess their own exposure to possible violations of their software agreements and the copyright or property rights laws.

7 Important Tips to Avoid Being Sued by Ellucian

Tip #1 Audit Your Agreements: You should audit each and every vendor agreement including software license agreements, support contracts, and master services agreements for compliance. This should be a thorough tic-n-tie audit of your original agreements and all amendments, supplements, and work orders. Review your findings and questions with your account team and resolve any issues – in writing.

Tip #2 Verify & Update Location: Verify or update the Location description or address for which you are authorized to possess, run or store the covered products or materials. If a change is needed do it formally and get an amended contract.

That means the location where your Banner software physically is installed as well as where your manuals, code, and any back-up copies are stored. You should also amend the agreement so your right to choose a Location does not require approval by Ellucian.

If you have switched to an Ellucian managed hosting arrangement you still should get your Banner software license updated for the new Location. While you are at it go ahead and review your hosting agreement and seek changes to prevent Ellucian from moving your environment without your approval.

Tip #3 Limit Disclosures: Establish in policy the requirements for entering into non-disclosure agreements including one-way NDA’s and mutual NDA’s. The policy should include NDA provisions and incidental disclosures in vendor agreements and establish a program for tracking all NDA’s, their expiration, and regular audits.

The goal here is to limit your burden for safeguarding vendor proprietary information especially when vendors by default seek an NDA when most often they are not needed.

Tip #4 Proprietary Information: Establish an IP management process specifically for tracking the receipt and return or destruction of vendor provided confidential or proprietary information. Establish operational controls to track internal access authorization, revocation and storage inventories. Return or secure destruct anything you no longer require and notify the vendor in writing of the inventory.

Obtain from Ellucian in writing a specific listing of which documents they consider to be proprietary and protected intellectual property. Then decide if you need any or all of it and proceed as noted above to catalog and control access.

You can read in the Amended Complaint Ellucian applied for and received copyrights for Banner 7 and Banner 8 so your materials may not reflect that yet. Similarly you will see in the complaint Ellucian asserting its rights over

“…certain trade secrets with respect to its proprietary user manuals, database schema (including, without limitation, tables, keys, superkeys and indices) and other information required to access and support the applications…”

Tip #5 NDA Notice: Establish a process to provide notice in writing to all employees and authorized third party consultants of the non-disclosure obligations of the institution under your license agreements or contracts prior to granting them access to the Ellucian systems or protected materials.

“The Agreement…explicitly prohibits…customers from disclosing “all or any part of the Source Code for the Licensed Software to any person except Licensee Employees who, before obtaining access to the Source Code, have been informed by Licensee in writing of the non-disclosure obligations…”

My best advice is to fold this into your access request and authorization process which if it is no longer paper based means seeking approval in writing from Ellucian to allow this to occur electronically.

Tip #6 Third Party Consultants: Prior to entering into any contractual obligations with third parties which involve accessing the licensed products and proprietary information obtain in writing authorization from Ellucian for the company. Alternatively ensure all contracts include Ellucian continued access authorization as a condition.

Include in your master services agreements or single third party contracts a boiler plate NDA rider that has been pre-approved by Ellucian as noted in lawsuit complaint:

“…Agreement defines “Licensee Employee” as (i) Licensee’s employees with a need to know and (ii) third party consultants engaged by Licensee…who have been pre-approved by SunGard HE, and who, prior to obtaining access to the Licensed Software, have executed a SunGard HE-approved non-disclosure Agreement.”

My advice is to approach this broadly and to seek blanket approval for certain vendors. As examples you should seek blanket approval for any infrastructure support vendors and their channel partners who support your Banner servers, storage and back-up systems including any vault service providers.

In taking this broadly you should also include any supplemental labor not directly employed by the institution including any 1099 independents and contract or temporary labor and fold this into the on-boarding process.

You might also seek an exclusion from Ellucian for a general category of third parties to cover any or all OEMs or VARs for your servers, storage back-ups and even your hosting provider if they offer remote hands.

Just imagine your SAN has a drive repalced after hours under warranty by the OEM who takes it with them and the drive has Ellucian data on it – now what?

Tip #7 Secure Banner Documentation: You cannot publish your Banner documentation publicly on the Internet or even internally to all employees in a Public network folder or Intranet site.

Remember that Ellucian is asserting protection over this material as part of their trade secrets requiring you to control access as noted above for employees and third parties.

Ellucian does not bring claims specifically on this point in the lawsuit but Cajana raises this issue in their response which may force Ellucian to begin enforcement.

“In response to paragraph 11 of the Amended Complaint, Cajana denies that SunGard is the owner of trade secrets with respect to “the user manuals,” as Sungard’s user manuals are easily accessible and readily available to the public on the Internet.”

Until you obtain the specific listing of proprietary information, prepare to have to secure and control access to all documents related to the Banner product that you download – especially the stuff labelled as proprietary or confidential.

That includes everything in the Banner Bookshelf such as Release Notes, User Guides, Upgrade Notes as well as for any patches and updates. But Cajana’s answer to the complaint goes on:

“…Cajana is without knowledge or information sufficient to form a belief as to the truth of … whether SunGard has any protectable trade secrets related to “database schema,” “keys,” “superkeys,” “indices” or “other information required to access and support the applications…”

In spite of Cajana’s answer, my best advice is to expect the worst and be sure you have secured the Banner Application Program Interfaces (APIs) references and Banner Entity Relationship Diagrams (ERDs) documentation. My position here is based on these being the least common Banner material publicly accessible on the Internet excepting most code.

2 Tips for Ellucian

Tip #1 Use Google: In less than 3 minutes today while eating some banana chips I found at least one example of every item Ellucian is asserting a protected property interest on. Give it a try:

Tip #2 Communicate: Communicate with your customers on what you expect from them in helping you protect your property rights and your investment. Send them a list of what needs to be protected and what doesn’t.

Share with them your plans for tightening things up. They’ll work with you and help protect your investment while keeping their own peace of mind they can avoid being sued by Ellucian.

This entry was posted in IT Risk Management and tagged , , , . Bookmark the permalink.

16 Responses to 7 Tips to Avoid Being Sued by Ellucian

  1. A. Nonymous says:

    I have to wonder if the only point of this post is to create unfavorable Google search results under Datatel+SGHE’s new name.

  2. The Higher Ed CIO says:

    That is one way to look at it. I do consider SEO when writing any post – who doesn’t? I am sure the ‘Ellucian’ search results will normalize as more content is produced under the new name. But the SERP’s position doesn’t change the nature or validity of the issue in the post.

    Consider how many other Banner customers are not aware of the provisions in their license agreements and/or have taken no steps to ensure compliance just as NSCC is alleged to have done. Sometimes where there is smoke there is fire. And other times there is just smoke. I can’t say if Ellucian will go after other Banner customers in the courts or if they will simply attempt to directly influence them into improved compliance.

    In terms of risk-rewards and simply doing the right thing. If you moved your data center or Banner platform into another location it’snot a big deal to update the contract so you don’t risk being unsupported. It is also not a big deal to add a rider to your vendor contracts for the Ellucian NDA any more than it is to add a HIPAA BA rider. So each institution has to decide for themselves what is the risk of being wrong versus the risk of being right? Or if you prefer, the rewards of right & wrong.

  3. Elaine says:

    These tips are useful for all contracts, which should be read and understood. It might be helpful for higher education contract administrators to track their responsibilities as many technology contracts have similar requirements.

  4. The Higher Ed CIO says:

    I often use the analogy that contracts are not written for amicable life-long relationships. Contracts are written with disagreement and divorce in mind. Unfortunately our optimism bias interferes with good judgment in contract administration.

  5. Pingback: Deep Thoughts on Software Market and Some Recent Research

  6. Pingback: SunGard (Ellucian) Still Suing Cajana and NSCC

  7. I definitely agree with your conclusions about how to avoid these problems. Everyone should probably ignore the guilt/innocence of Cajana and look at the core IP issues in this case that can impact you.

    We work with a lot of schools in obtaining new ERP software and we look at a lot of contracts for client’s who have already installed the software. (Disclaimer: we are not attorneys, but we know many things to look for/avoid). The vast majority of ERP contracts contain wording the preclude clients from allowing any external contractors from touching the school’s software without the vendor’s permission. This includes getting external contractor technical help and moving toward a hosted/cloud (i.e. non-onsite installation) of the software. You have to work to get your contract to allow these types of 3rd party services while recognizing the vendor’s legitimate IP rights.

    NOTE: Your leverage with negotiating what a vendor contract reads is strongest before you buy. You will have a tougher time getting contract changes if you already license the software – don’t give up, but face the fact that it will be much harder.

    Last thought – You have to read these contracts! This is not just something for lawyers to do! If your eyes glaze over at the first “…whereas…”, grab more coffee and keep going….

  8. The Higher Ed CIO says:

    Well Said Charlie and I am glad you took the time to share your experience.

  9. feeling Monopolized in higher Ed says:

    Speaking as a member of the small client community which we gathered together at this most recent summit, this kind of threatening behavior by Ellucian is frightening. Financially we are all looking at the possibility of some sort of hosting solution that can lower our total cost of ownership. TCO is far more than the original and annual fees charged by Ellucian. It is also the cost of staffing up to maintain this beast and all of its parts. The main database, forms servers and web servers and all sorts of middle ware are crushing us technologically. This is like the war of attrition where the enemy is constantly developing new weapons to throw at you and just staying on parity is bankrupting the smaller player. We don’t have sufficient staff to address every technical issue. It is alarming to think that every time we hire a consultant, Ellucian has the right and quite clearly the intent to sue their clients for any and every infraction of their contractual rights. Ellucian has monopolized the Higher Ed market buying up the competition and many of the supporting companies as well. This aggressive behavior makes all of us think we have moved in with a bear and it’s only a matter of time before the bear turns on us and devours our meager resources.

  10. The Higher Ed CIO says:

    Monopolized – It is unfortunate in many ways. I am not strictly opposed to vendor consolidation or defending IP rights in a general way. It is just that under the guise of higher education it seems a little awkward. When I put on a customer hat my view changes considerably.

  11. HigherEd IT Guy says:

    Here’s Tip #8: Don’t Do Business With Sungard/Ellucian.

    It’s very simple–Oracle maintains a robust partner community of service providers; Sungard/Ellucian does not. While Charlie is technically correct that the Oracle license agreement has language that prohibits unauthorized disclosure, to my knowledge it has never been used to reduce or eliminate competition, or to threaten or intimidate a customer or vendor.

    As a PeopleSoft shop, we have a broad choice of vendors to provide an array of services–including hosting and other cloud-based solutions. We have used both Oracle partners and non-partners for a variety of things and have *never* had any sort of interference from Oracle.

    There are also open-source and SaaS options for classic ERP functions, as well as for portal, LMS, IDM, and other application needs, who do not espouse the draconian anticompetitive bad-business policies that Sungard/Ellucian does.

    So really, the best way to avoid being sued by Sungard/Ellucian is to just have nothing to do with them at all.

  12. The Higher Ed CIO says:

    I tend to follow your perspective. My experience in several industries has been that products with the healthiest vendor ecosystem (that’s a gratuitous use of the word) be that as official partner programs, resellers, channel partners or simply broad availability of informal support partners the better. Having plenty of choice in sourcing work on a product is what helps improves the value of the investment and contain costs to the customer.

    Broad bases of support partners is also how you build a much wider innovation funnel to improve the product and strengthen brand loyalty. I think these things are simple and obvious, but when you are fighting for every dollar in revenue sometimes you make dumb decisions.

  13. trx system says:

    Great article, thanks for sharing.

  14. Herbert says:

    So what do you think of Agresso from Unit4 as a cloud based alternative?

  15. Waithaka Ngigi says:

    One way of avoiding these restrictive license schemes is to use open source, which incidentally largely started in Academia, but unfortunately nowadays, the core systems running most Higher Ed institutions are largely commercial.

    This, however, has largely changed in eLearning with Moodle offering credible competition to Blackboard et.al and I hope we can achieve the same for SIS systems using A1 Academia and make open source de-facto in Higher Ed.

    Waithaka Ngigi

  16. The Higher Ed CIO says:

    I do agree open source is one option customers have. But I would point out that open source also comes with some restrictions and requirements that many customers ignore. Open source is also not always cheaper and sometimes not even free. If that were the case, the commercial open source variants would not be so dominant (Moodlerooms vs Moodle, rSmart vs Sukai).

    I tend to believe the real pathway for addressing the issue is for customers to begin pushing back on the vendors through aggregated negotiations under the systems an/or consortia.

Comments are closed.