By Chris Hughes
Optimization of user-centric license models (e.g. Named User licenses) is most effective when leveraging information about those users. Knowing which actions users are performing allows an organization to find the lowest cost license to match real system usage. For named user license models such as those from SAP and Oracle, determining which user accounts are the same person and therefore only require a single license relies on matching user accounts on attributes other than username. These techniques use personal information, and this needs to be considered as information moves between systems and between geographies.
For multi-national organizations, collecting personal information from European Union (EU) member countries and storing it outside of the EU deserves special consideration. Data privacy is heavily legislated within the EU through the Data Protection Directive, and transferring personal information to a country outside of the EU is only permitted if that country provides adequate data protection or the controller can assure that sufficient safeguards are in place to provide adequate protection.
For US organizations, compliance with the Data Protection Directive is achieved through the US-EU Safe Harbor process, which requires organizations to self-assess against the following privacy principles:
Notice | Individuals must be informed that their information is being collected and for what purpose. |
Choice | Individuals must be able to opt out of sharing information with third parties. For sensitive information, they must explicitly consent. |
Onward transfer | Third parties must provide adequate data protection. |
Security | Reasonable precautions must be taken to prevent misuse or loss. |
Data integrity | Information must be relevant for the purpose it is to be used. |
Access | Individuals must have access to their information, and be able to amend or delete errors. |
Enforcement | There must be mechanisms to ensure compliance with these principles. |
Over 3,000 organizations have current Safe Harbor certification.
There are workarounds to reduce or eliminate the reliance on personal information for optimizing user-centric license models, although the results may be sub-optimal. Roles can be used instead of real usage to approximate what each user is doing. Data analysis can be performed within the same region as the information is sourced.
Data privacy legislation such as that of the EU does not prohibit organizations from optimizing their software licenses. It ensures the protection of employee information during this process, but that shouldn’t be seen as a bad thing.
***
Learn more about Software License Optimization in our new animated video.
For more information on SAP Named User License optimization, please view our on-demand webinar: Lifting the Lid on SAP Licensing.