Close
Login to MyACC
ACC Members


Not a Member?

The Association of Corporate Counsel (ACC) is the world's largest organization serving the professional and business interests of attorneys who practice in the legal departments of corporations, associations, nonprofits and other private-sector organizations around the globe.

Join ACC

This Wisdom of the Crowd, compiled from questions and responses posted on the IT, Privacy and eCommerce Forum,* addresses under what conditions consequential damages in non-disclosure agreements should be disclaimed.
 
(*Permission was received from ACC members quoted below prior to publishing their forum Comments in this Wisdom of the Crowd Resource.)
 
Question: I am on the buyer side of Information Technology (IT) agreements and some vendors are asking to disclaim consequential damages in our non-disclosure agreements (NDAs). Is this ever justified?
 
Wisdom of the Crowd:

Response #1: You should define direct damages in the NDA. The advice so far has presumed to know what would be consequential versus direct damages. And having read Hadley v. Baxendale as law students, we all do have a general understanding of those concepts. But simply using "consequential" and "direct" to describe damages is to rely on a third party (the court) to interpret your contract for you. Maybe you want that; probably you do not. It is easier and safer to interpret your own contract. You can start by clearly defining direct damages.

You might also be dealing with a contracts person whose playbook demands that they insert a limitation of liability into all contracts.1
 
Response #2: Our answer has always been no. On the buy side, if they want to come in and do a presentation, or need more of our information in order to assess the scope of the engagement, they should be prepared to face both direct and indirect damages in the event they walk away with our critical or sensitive information. It does go both ways typically though. We understand that if we were to misappropriate their IP we would be in the same position. So we will tell our vendors that we are okay with that position - why are you not? Since, we will not be stealing your IP, is there a reason that you do not feel that you will not be walking away with our critical data - if not, what is the issue?2
 
Response #3: I typically do not agree to that disclaimer since the type of damages that will be suffered is consequential. I have never had the other side push back since it goes both ways.3
 
Response #4: Just adding another voice to help confirm the consensus: I agree that would be very unusual to cap or excluded consequential damages with respect to a breach of confidentiality obligations.4
 
Response #5: Generally, I agree with the other comments that it is customary for a party to be liable for direct and consequential damages resulting from its breach of confidentiality obligations. Many people believe that the consequential damages are the likely damages suffered from a breach of confidentiality.
 
I do not know the objective of this IT service provider to propose disclaiming all consequential damages in this NDA. Lately, some IT providers are attempting to either disclaim consequential damages or limit the liability for damages. It is possible that IT service providers are reacting to some of the recent changes to data privacy laws (e.g., General Data Protection Regulation [GDPR] in the European Union [EU]) and the potential damages for a breach of data privacy laws.
 
As mentioned by respondent #2, it is a good suggestion to think about the likely damages and possibly define those damages. If the IT provider is concerned about data privacy liability given its limited role, it may also be helpful to consider separate treatment of confidential business information and personal data. The confidential business information may be treated customarily with unlimited direct and consequential damages, and the personal data could be treated with mutually defined damages or a limit of liability. Obviously, you need to be confident that both kinds of information will be handled and protected with appropriate safeguards.5
____________________
1Patrick Samsel, Corporate Counsel, Fors Marsh Group (December 5, 2016)
2Kevin Mooney, Senior Director Data Governance, Cleveland Clinic (December 2, 2016)
3Ellen Ray, Senior Counsel, VersionOne, Inc. (December 2, 2016)
4Andrew Sinclair, Senior Legal Counsel, Canonical USA, Inc. (December 5, 2016)
5Robert Malone, Associate General Counsel, North America Contracting, Accenture (December 6, 2016)
Region: United States
The information in any resource collected in this virtual library should not be construed as legal advice or legal opinion on specific facts and should not be considered representative of the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical advice and references for the busy in-house practitioner and other readers.

You may also be interested in

ACC
ACC Global Headquarters
1001 G Street NW
Suite 300W
Washington, D.C. 20001 USA

Contact Directory

Explore ACC
Privacy & Other Policies © 1998-2024, Association of Corporate Counsel. All Rights Reserved.

This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookies policy and our privacy policy.

Accept