The Ps and Qs of Ts and Cs - Three Key Contract
Provisions You Need When Trouble Comes
Corby Anderson
Chris Lam
Peter Santos
Nexsen Pruet, PLLC
November 1, 2013
Topics of Discussion
• Role of Terms and Conditions
• Warranty
• Indemnity and Consequential Damages
• Data Privacy and Security
Role of Terms and Conditions
• Terms and Conditions
– Provide Predictability
• If signed they are very likely to be enforced
• If not signed they can still provide significant protections
• With no written Terms
– Common law will apply to sale of services
– U.C.C. will apply to sale of goods
• May be preferable for buyers but poses great risks for sellers
• Terms and Conditions Protect Against Unforeseen Losses
– Use should be routine
– Cost of implementing is low
– High risk when no effective terms and contract management procedures
Role of Terms and Conditions
• Potential Liability for Damages such as:
Lost profits
Cost of replacement goods or “Cover”
Damage to reputation
Damages from disclosure of personal or confidential
• Insurance may or may not cover these losses
• How do we mitigate risk?
• What are we giving warranty for?
– Good title
– No IP infringement
• Carveout for processes designed by customer
– Against defects
• Limit to “materials and workmanship” for goods
• Limit to “workmanlike manner” for services for shorter period
• “Built In” Warranties:
– Fitness for a particular purpose
– Merchantability
• Fit for ordinary use
• Disclaimer of Implied Warranties
– Conspicuous, magic language (2-316(2))
– UCC fallbacks (2-316(3))
• Example Disclaimer
• Remedies for breach of warranty should be limited
– Repair, Replace, or Refund of price
– Otherwise, liability is potentially unlimited
• Other warranty exclusions/limitations
Unauthorized repairs by someone other than seller
Normal wear and tear
Improper maintenance or storage
Failure to follow operating instructions
If the Buyer discovers during the applicable warranty period a breach of the
foregoing warranties, it shall promptly notify Seller, who at its cost shall undertake
to promptly repair or replace any defective equipment, parts, repairs or services. If
Seller is unable to remedy the defective equipment, parts, repairs or services to
conform to the applicable warranty, it shall refund the Buyer the portion of the
purchase price paid for such defective equipment, parts, repairs or services.
These are the exclusive remedies for breach of warranty.
Excluded from Seller’s warranty are all deficiencies due to normal wear and tear,
improper maintenance or storage, failure to observe the operating instructions,
incorrect or excessive use, influence of damaging chemical or electrolytic action,
water which contains sand, is encrusting or polluted, corrosion, erosion,
cavitation, defective foundations, construction and installation work not performed
by Seller, as well as other reasons beyond Seller’s control.
• Warranty Lessons Learned
• Issues
– “sole discretion of Purchaser to determine when the abovementioned warranties and guarantees have been breached.”
– Implied Warranty should be specifically disclaimed
Consequential Damages
• Consequential Damages
– All those that arise as a consequence of the breach
• Usually requires the intervention of special circumstances
• “If ‘a detour is required to get from [the] breach to
damages, those damages cannot be considered as direct
but consequential.”
– In re Buffalo Coal 418 B.R. 878 (Bank. N.D. W.V. 2009)
Consequential Damages
• Direct Damages
– Those that ordinarily flow directly from a breach
– A “straight line” from breach to damages
• Consider also indirect and incidental damages
– May Include:
• Lost Profits
• Reputation damage
• Diminution of value?
Consequential Damages
• Different rationales for excluding consequential
Predictability and certainty
• Consequential damages diminish both
– Product use and pricing
• Should there be a difference in price for a product that
handles caviar v. carrots?
Consequential Damages
• Suggested exclusion:
Seller shall not be liable for any indirect, incidental or
consequential damages of any kind, regardless of the legal
theory under which they are claimed, including but not limited
to additional costs, loss of revenue, lost profits, plant down
time, and loss of good will, even if Seller has been made aware
of the possibility of such damages.
Consequential Damages
If push back comes:
– Seller
• Consider making suggested clause mutual
– Buyer
• Consider adding some exclusions
– except in cases …
» arising from patent infringement
» solely attributable to Seller’s negligence.
• Consider specific damages for breach
– Liquidated damages for late delivery
– Performance shortfall damages
• Purposes of contractual indemnification
– To qualify a common law right
• Usually expands common law rights
• Types of Indemnification
– One way or hold harmless
– Mutual
• Mutual Indemnification
– Guilty party pays
– Knock for knock
– May or may not be limited to the extent of fault
• Limited Indemnification
– Indemnification may be limited to specific areas such as
• Intellectual property
• Gross negligence
• Insurance and Indemnification
– Indemnifying only for claims that are insured or can’t be
disclaimed mitigates risk
• If indemnification is limited to the extent of the indemnitor’s
negligence then liability insurance should apply
• If broad contractual indemnification is included then risk is it
may circumvent limitation of liability and exclusion of
consequential damages
The Supplier agrees to indemnify, defend, protect and hold harmless the
Customer from and against any claims, litigation, suits, … arising out of
or related to a breach of this Agreement…
• Could be used to impose liability even though consequential
damages are excluded
• Suggestions
– Limit to:
• Third party claims
• Arising from indemnitor’s negligence (or preferably gross
– Mutual but limited
• But can provide exclusions for specific risks such as
– IP
– Breach of confidentiality
– Workers on site
Data Privacy & Security
Why should this be on your radar?
Duty to protect data as a company asset
Data-related risks at an all-time high
Breaches of data privacy or security can
Damage your reputation
Disrupt your operations
Expose you to legal liability
Cost you money
Data Privacy & Security
• Privacy policy’s terms should cover:
• Practices for PII and non-PII regarding
• Collection and access
• Protection
• Use
– How data may be monetized
– How data may be tracked to facilitate effective delivery
of advertising, products, and services
• Sharing
– With whom?
– For what purposes?
Data Privacy & Security
• Website privacy policies:
– Special concerns for financial, medical,
children’s information
– Special concerns for specific jurisdictions,
such as European Union, California
– Opt outs from information collection
– Caution regarding links to third party sites
– Notice to users whenever practices change
Data Privacy & Security
• Best practices for website privacy
Clear and concise
Consistent with actual practices
• Do not overpromise
Data Privacy & Security
• Class actions on the rise, redressing data breaches,
asserting rights under privacy laws
• Brought against companies that advertise online
or by email or text messaging
– Example: Papa John’s $16.5 million
settlement over unauthorized texts
• In website terms of use, other consumer
contracts, consider:
– Class action waivers
– Arbitration provisions
Data Privacy & Security
• Contract provisions for third-party vendors that have
access to PII:
– Vendor will comply with all applicable federal, state, and
foreign data privacy and data security laws as it collects,
receives, transmits, stores, disposes of, uses, and
discloses PII
– Vendor will hold PII in strict confidence, using sufficient
care to prevent unauthorized access to, or disclosure of,
Data Privacy & Security
• Contract provisions for third-party vendors:
– Vendor will use PII solely for purposes intended by contract
– Vendor will not use, sell, rent, transfer, or otherwise disclose PII
for any other purpose without prior written consent, except as
required by law or regulation or other legal process. In that case,
Vendor will:
• Use best efforts to notify you, provide opportunity for you to
• Whenever possible, require party receiving information to
comply with contract’s restrictions
Data Privacy & Security
• Contract provisions for third-party vendors:
– Vendor will implement safeguards to protect PII that
meet industry standards and practices, updated as
required by changes in law, regulation, and technology
– Vendor will indemnify you in the event of any legal
action by third party arising from vendor’s provision of
• Does vendor have resources to make that a meaningful
Data Privacy & Security
• Contract provisions for third-party vendors in case of data
• Vendor will give you contact information for a point person who
will be accessible 24/7 to assist with handling of data breach
• Vendor will give you notice of any security breach as soon as
reasonably possible and in no event longer than [x] hours after
discovering a breach
• Vendor will use best efforts, at its own expense, to stop any
further breach as quickly as possible, prevent any recurrence
Data Privacy & Security
• Contract provisions for third-party vendors in case of
data breach:
– Vendor will cooperate with you in investigating breach, giving
you access to records, personnel, facilities, helping you
comply with all applicable legal requirements
– Vendor acknowledges and agrees that you have sole right to
determine whether / when to provide notice of breach to
affected parties, regulators, and others, and right to
determine what notice will say
– Vendor will cooperate in any subsequent legal action
• Terms and conditions are used to limit liability and
become an essential part of the risk mitigation
strategy of a business
• Largest risks (consequential damages, etc.) can
usually be negotiated in most contracts

Terms & Conditions of Sale