In some circles, lawyers have a bad reputation for being tricky little buggers who use tools like precision wording and careful drafting to “lawyer up” simple tried-and-true business concepts, such as “the parties will work together to . . . ” Whether or not trickery is ever intended, it is always very important to pay attention to not only what concepts appear in an agreement but also where concepts appear.
Limitations of liability are big-ticket review items for all types of transactions. In most sectors, a limitation on damage types (e.g., consequential damages) and a limitation on damage amounts (e.g., damage caps) are market provisions. The real battleground, however, is on the exclusions to such limitations. For many service providers, no matter the starting position, the first round of revisions will typically include customary carve-outs for breaches of confidentiality and third-party indemnification claims. Aggressive or ill-tempered negotiators may ask for more, or agree to less, but we find that most lawyers who routinely work in this space will agree to the above two carve-outs, even if they grumble about it a bit.
Keeping the above in mind, it is also important to note that many form agreements, especially those that come from a vendor, do not initially include robust data privacy and security provisions. At most, there may be a reference to a website detailing security terms or an obligation to use “commercially reasonable” protective efforts in the warranty section, but it is also exceedingly common for a vendor to omit the concept entirely. Thus, the onus is on the customer to insert protective information security provisions that are appropriate for the proposed transaction.