cyber-risk insurance — The BUSKLAW Newsletter

In last month's newsletter, we discussed the importance of auditing your business contracts and pointed to five potentially troublesome provisions: identification of the parties, agreement term, payment, intellectual property rights, and confidentiality. But there are additional provisions that deserve careful scrutiny:

> Indemnification. To understand this concept, start with three players: the parties to the contract (call them Able and Baker) and a third player who isn't a contracting party (call him Charlie). Let's say Able manufactures widgets, Baker sells them in its retail stores, and Charlie is a customer who purchases an Able-produced widget from Baker. The widget injures Charlie. Charlie's lawyer sues Able and Baker because Able produced the widget and Baker sold it to Charlie. Baker's only involvement was selling the widget, so he tells Able to take care of it, i.e., defend him in the lawsuit and pay the settlement or the court judgment if the case goes to trial. The extent to which Able must protect Baker from Charlie's lawsuit is what indemnity is all about; chances are that the sales contract for the widgets between Able and Baker discusses indemnification. Lawyers love to fight over indemnity, including whether the buyer's negligence is covered, i.e., if Charlie's injuries from the widget didn't result from a manufacturing defect but because Baker damaged the widget before it was sold to Charlie and thus created the hazard that caused Charlie's injury.

The proper drafting of indemnification provisions is crucial, and exceptions or conditions to the duty to indemnify should be carefully stated. And indemnification should always relate to third-party claims and not to damages between the contracting parties for breach. Do the indemnity provisions in your contracts pass this test?

>Insurance. Insurance provisions are vital in business contracts, but in my experience, transactional lawyers don't always understand the various insurance coverages available and how they relate to other contractual provisions. Using the above example, Baker may require to Able to maintain contractual liability insurance (and Able may want this as well) to fund (or "insure over") Able's obligation to defend Baker from Charlie's product liability suit. And cyber-risk insurance has become available that should protect a company from claims resulting from data breaches. Companies that handle customer data should seriously consider obtaining that insurance, and a savvy information technology/business lawyer can add value to that process. Is your insurance coverage adequate and complete? Is it properly described in your contracts? What about the other party's insurance?

>Limitation of Liability and Exclusion of Certain Damages. These are key provisions that must be carefully considered unless you don't care about "betting your company" by having unlimited liability when you sign a contract. To simplify a bit, there are three major points to ponder: first, whether there should be a cap on direct damages resulting from a party's breach of the contract; second, whether a party's indirect damages should be entirely excluded from available damages resulting from a breach; and third, whether a dollar cap should apply to a party's obligation to indemnify the other. Do your contracts contain understandable limitation of liability and damages exclusion provisions? And are they consistent with all of the other contractual provisions?

>Governing Law, Jurisdiction, and Venue. What State's laws govern your contract? If you're a Michigan-based company doing business with a California-based company, you probably shouldn't agree that California law governs the contract. And where would legal action under the contract occur? Would you rather litigate in a Michigan court or in a California court? Your decision could make the difference between driving to court proceedings in downtown Grand Rapids - or lengthy plane trips to and from a California court. Do the governing law, jurisdiction, and venue provisions in your contracts prevent you from being dragged into a faraway court?

>Litigation or Arbitration of Contract Disputes. Arbitration proceedings are private; court proceedings are not. Would you care if the news media attends court hearings about your dispute? And court proceedings may be more expensive than arbitration and may involve a jury trial. But if your arbitration provision isn't carefully drafted, you may wind up spending just as much for arbitration than litigation. Do you know if your contracts contain litigation or arbitration provisions? If arbitration, is that provision carefully drafted to ensure that arbitration would indeed be less expensive than litigation?

>Legal Jargon. I've already posted about lawyers and their goofy words. But some legal jargon should simply be removed from your contracts: "and/or;" "execute" to mean "sign;" vague pointing words such as "aforementioned," "foregoing," or "below;" confusing phrases such as "including but not limited to," "in witness whereof," and "for the avoidance of doubt;" and such verbs as "may," "must," "will," and "shall," that can be confusing when used in the wrong context. And the stupid yet common practice of writing numbers in both words and digits, e.g., "thirty (30)." All it takes is a contract containing "fifteen (30)" to land you in court. Have you detected and removed all legal jargon from your contracts? (If your lawyer uses legal jargon, best get a new one.)

And what about words or phrases that sound like legal jargon but aren't? Two examples: first, there's definitely a need to insert "hereby" in some cases. Second, "according to" isn't necessarily the same as "in accordance with." And to further complicate matters, some apparent legal jargon should be retained as terms of art. Do you know what specialized legal language should remain in your contracts - and why?

When Ben Franklin said that "an ounce of prevention is worth a pound of cure," he didn't have contract audits in mind, but his logic holds true. You can hire me to find and correct these potential problems in your contracts for a modest fee. Or you can wait until they blow up and you're forced to hire a litigator to sort them out - at a much greater cost.

2019 is here. What's in your contracts?

If you find this post worthwhile, please consider sharing it with your colleagues. The link to this blog is www.busklaw.blogspot.com and my website is www.busklaw.com. And my email address is busklaw@charter.net. Thanks!

When we last left our two IT professionals - Steve the IT manager at Beta Corporation and Bosco the IT lawyer - they were at Brewery Vivant, discussing the business precautions that should be taken when Acme Software's contractors are developing the Next Big Thing software program for Beta Corporation. After downing a modest number of Undertaker ales, the guys now talk about a contract between Acme (the software developer) and Beta (its customer).

Bosco: I suggest that Beta have a Software Development and Services Contract with Acme.

Steve: That sounds like big bucks in legal fees! And what if Acme refuses to sign it?

Bosco: If Acme is a reputable software development company and is interested in keeping Beta as a customer, they should have no problem signing a contract of this nature with a minimum of negotiation. They've probably signed similar contracts with other clients! About my fee to prepare this contract, because I've drafted similar contracts for other clients and don't have to "re-invent the wheel," I can charge you a reasonable fixed fee.

Steve: What if Acme has their own contract that they want us to sign?

Bosco: No problem, we'll get their document in Microsoft Word format and make reasonable changes and additions - and then send them a version that highlights our modifications. We can then close any gaps at a meeting or conference call.

Steve: OK, so what's going to be in the contract- besides holding Acme to the business provisions that we just discussed?

Bosco: The key provisions will shift certain legal risks from Beta to Acme, such as requiring Acme as the developer to:

Deliver the software on-time, for the stated fee, and according to the specifications contained in the Statement of Work that you and Acme agreed to. We'll include a reasonable change control provision to prevent "scope creep."
Warrant that the software contains no malicious code, malware, time-bombs, or other code that would interfere with the program's normal operation according to the specifications in the Statement of Work.
Transfer all intellectual property rights to the software's source code and object code to Beta. Or if the quoted fee didn't include the transfer of these property rights, Acme must grant Beta a royalty-free, exclusive, and worldwide license to use the software within Beta's entire enterprise. And you should consider a source code escrow arrangement whereby Beta can obtain the application's source code from a reputable escrow agent if Acme should ever cease business or fail to support the software.
Defend and indemnify Beta against third-party claims and liability concerning the software, including intellectual property infringement claims and claims for personal injury or property damage caused by the software.
Include Beta as an additional named insured on Acme's commercial general liability insurance (including contractual liability) and also require Acme to maintain data processing errors and omissions insurance. And if Acme is going to host the application or contract with a third party to do so, proof that the hosting service has a cyber-risk insurance policy and maintains industry-standard precautions to safeguard the application and its data from unauthorized intrusions. Acme should also provide Beta with service level guaranties so that the application is available to Beta's customers on a 7x24 basis, with reasonable downtime for scheduled maintenance.
Agree that Acme won't list Beta as its customer in any advertising or public announcement (or on Acme's website) without Beta's prior approval.
Agree that disputes between the parties (that can't be resolved by their senior executives) be decided only by arbitration in Kent County, Michigan, the location of Beta's corporate headquarters. And Michigan law controls.
Continue the previously-signed NDA or make sure that deal-specific confidentiality provisions are agreed to.
Not perform similar services for a Beta competitor without Beta's prior consent.
To have no limitation or exclusion of damages provisions that unfairly restrict Beta's right to recover damages from Acme for breach of contract.
Agree that if there is any conflict between the contract and the Statement of Work, the contract controls.
To file suit against Beta for any cause of action under the contract within a 2-year period after the cause of action arose, or Acme loses its right to sue.

Steve: These provisions sound complicated. How will I ever understand them?

Bosco: I'll explain them to you and your management team in detail. And I always draft (or revise, if reviewing the other side's contract) my contracts in plain English, avoiding legal jargon. And at no extra charge! Ha.

Steve: That's great Bosco, you're hired - and thanks!

Bosco: Happy to help! But all this talk about the contract makes me hungry. How about going across the street to The Green Well for Otto's Chicken & Waffles?

Steve: Ah, comfort food! Sounds like a plan!

______________________________________________

Executive Summary:

A vendor hired to provide software development and related services should sign a contract with appropriate risk-shifting provisions, including:

Requirements that the vendor to deliver the software code on time, within budget, and in compliance with an agreed Statement of Work;

Insurance and indemnity coverage;

Intellectual property ownership or license provisions;

Safeguards to prevent the application and related data from unauthorized access if the vendor or its contractor hosts the application; and

Appropriate change order, dispute resolution, and governing law provisions.