This month, we examine one of the most critical areas of a contract: the limitation of liability clause. The limitation of liability clause restricts the amount and type of damages that one party can recover from another. The thing to remember is that vendor forms almost always contain limitation of liability clauses that favor the vendor rather than the CIO's company.
Examples of Limitation of Liability Clauses
You may have seen a limitation of liability that looks like this: "In no event shall either party be liable for any consequential damages, even if either party knew or should have known of the possibility thereof." This clause prevents one party from recovering certain types of damages -- consequential, or "indirect" damages -- from the other party. For example, if you buy software to run your website and the software causes the website to go down for a day, the business you lost as a result of site downtime may not be recoverable from the vendor because such damage is probably consequential in nature.
Limitation of liability clauses also commonly include a cap on the total damages that may be recovered from a party. Consider this one: "In no event shall a party's liability to the other party for direct damages exceed an amount equal to the greater of (1) three times the amount of fees paid by Customer to Vendor under this Agreement; and (2) $1,000,000." Now for the fine print: The monetary limit on damages is frequently unreasonable. For example, a vendor contract that crossed my desk this month included this clause: "In no event shall Vendor's liability arising out of or related to this Agreement exceed the total fees paid under your order." This is a one-sided, ambiguous provision (i.e., does "your order" include one order or several orders?).
Second, it leaves open the possibility that during certain time periods -- such as prior to any payment being made -- the vendor has no liability. Finally, the total amount of fees paid under the "order" may not be a reasonable cap on damages under the circumstances. Simply put, this is an example of a poorly drafted limitation of liability clause that could subject the customer to far more risk than is necessary or appropriate.
Exclusions in Limitation of Liability Clauses
In IT transactions, it is common to exclude from the limitation of liability provision some categories of damages.
For example, if your company suffers damages because of a vendor's breach of the contract's confidentiality provisions, the limitation of liability generally should not apply (i.e., you should be able to recover the full amount of the damages that your company suffered).
Additional exclusions may include claims subject to a party's indemnification obligations under the contract, damages resulting from a party's gross negligence and damages resulting from a vendor's refusal to perform its duties under the contract.
Because of the importance of contracts' limitation of liability provision, it is imperative that you seek the advice of legal counsel to appropriately draft contracts to meet your company's needs and to fairly allocate the risk between the parties to a contract.
Next: A federal perspective on security breach notification laws.
Matt Karlyn, J.D., M.B.A., is a member of Foley & Lardner LLP's Information Technology & Outsourcing Practice Group in Boston. Write to him at firstname.lastname@example.org.