NDA legal indemnification

[TomLucas]

I am being asked to sign an NDA in relationship to any confidential information supplied to me by a large company as part of a contract.

Receving Party would be me - a sole trader.
The Disclosing Party is them - a massive international Company not based in the UK.
I required the NDA to be subject to English Law.

Liability for Breach of Contract

Since the nature of Confidential Information, the liquidated damages can’t cover the damages incurred by breach of this Agreement. In order to protect both Parties’ interests, both Parties agree if the Receiving Party breaches any term of this Agreement, the Disclosing Party has the right to (a) demand the Receiving Party to cease any conducts; and (b) obtain indemnity from the Receiving Party, including but not limited to attorney fee, expense for unauthorized-used information and other relative expense.

On no account would I intentionally breach the NDA, but originally there was no limit to liability and it made me unconformable so I got them to add a liability limit I am conformable with:

In no event shall either party’s total liability exceed [redacted] GBP under this Agreement, unless otherwise provided by applicable laws.

Does this clause now sound reasonable?
Not sure what "obtain indemnity" means - I don't mind if proven in a UK court I am in breach I have to pay damages/legal costs. That sounds fair.
But if the company decided themselves I was in breach, without it being proven in court, what does it mean for me by "obtain indemnity"?

 

[TomLucas]

And obviously if I were to do something criminal, I wouldn't expect to be protected by liability limits - so "unless otherwise provided by applicable laws." doesn't worry me.

 

[JEREMY HAWKE]

Is anything likely to be leaked when it is out of your control
Does the nature of the business mean that it could be difficult not to breach the agreement

 

[Gyumri]

Receving Party would be me - a sole trader.

There's the rub. Regardless of the scope of the NDA, is it worth putting yourself personally on the line for any perceived breach?

And who is to really know who is to blame for any alleged breach - the seller?

I would accept the need to limit your potential liability but if you have no control over the dissemination of the trade secret then you should limit your potential liability to a comfortable maximium expressed as a liquidated sum upon judgment/liability being obtained against you.

And you should be contracting as an Ltd for complete peace of mind.

 

[TomLucas]

Thanks for the replies.

I should be able to prevent on breach on my part. Any data they provide is stored encrypted and I'm an expert in terms of computer and network security etc.

The liability limit (about 12 times the contract value) I could afford to pay in the worst event.

I think it's "obtain indemnity" I don't understand, and in what event that could happen. This would require a court to find against me?

If so, I'm OK with that.

 

[jimbof]

I think "obtain indemnity" is just making it clear that that they have the right to recover their costs, and that you're agreeing in advance that they do.

I think you would be advised to get legal advice. For instance, I'm not sure that the limit of liability would extend to the indemnity. It doesn't seem on the whole brilliantly written, eg I'd have expected it to say "related expense" not "relative". What's a relative expense?

Ultimately you'd never have to pay against any agreement until a court said you >had< to. Until that point, they're asking you to pay...

Have you considered insuring against the risks? My business insurances bundle includes Cyber incident insurance, for instance. Bear in mind a claim could potentially come after the agreement has long been forgotten and your circumstance may have changed, and the income long since spent.

 

[Newchodge]

And obviously if I were to do something criminal, I wouldn't expect to be protected by liability limits - so "unless otherwise provided by applicable laws." doesn't worry me.

I really think you need paid for legal advice, not forum opinion.

 

[TomLucas]

I think "obtain indemnity" is just making it clear that that they have the right to recover their costs, and that you're agreeing in advance that they do.

I think you would be advised to get legal advice. For instance, I'm not sure that the limit of liability would extend to the indemnity. It doesn't seem on the whole brilliantly written, eg I'd have expected it to say "related expense" not "relative". What's a relative expense?

Ultimately you'd never have to pay against any agreement until a court said you >had< to. Until that point, they're asking you to pay...

Have you considered insuring against the risks? My business insurances bundle includes Cyber incident insurance, for instance. Bear in mind a claim could potentially come after the agreement has long been forgotten and your circumstance may have changed, and the income long since spent.

Good advice - thanks very much

 

[Paul Kelly ICHYB]

On the terms you quote, I would respond to them and ensure that the clause is mutual, this is one sided.

Second, in my many years of signing & sending NDAs, working with massive businesses and advising people, I have never heard of someone being taken to court for breach, however, I would not be surprised if this does happen in the tech world or mega contracts.

 

[TomLucas]

On the terms you quote, I would respond to them and ensure that the clause is mutual, this is one sided.

Second, in my many years of signing & sending NDAs, working with massive businesses and advising people, I have never heard of someone being taken to court for breach, however, I would not be surprised if this does happen in the tech world or mega contracts.

Thanks Paul - someone with specific experience in dealing with NDAs is particularly helpful.

 

[Frank the Insurance guy]

Hi @TomLucas ,

If you have Professional Indemnity cover, this should include cover breaches such as an NDA if it relates to the professional services your provide (As long as not deliberate).

Alternatively, this would also be covered under as Management Liability Policy (again as not deliberate).

I suggest you arrange appropriate insurance (speak to an independent insurance broker for best advise).

If at any point allegations are made of a breach to the NDA, insurers will step in at the outset to defend your position and pay all your legal costs etc. If you are found at fault (and not deliberate), they will then pay the compensation or financial loss to the other party.

 

[WaveJumper]

Hi @TomLucas ,

If you have Professional Indemnity cover, this should include cover breaches such as an NDA if it relates to the professional services your provide (As long as not deliberate).

Alternatively, this would also be covered under as Management Liability Policy (again as not deliberate).

I suggest you arrange appropriate insurance (speak to an independent insurance broker for best advise).

If at any point allegations are made of a breach to the NDA, insurers will step in at the outset to defend your position and pay all your legal costs etc. If you are found at fault (and not deliberate), they will then pay the compensation or financial loss to the other party.

Frank is on the case again what a good call, only point I would raise is in what country are they likely to go after you through the courts. Ok there is a second point you mention data never say never some of the biggest companies around seem to be getting hacked of late food for thought.

 

[TomLucas]

Frank is on the case again what a good call, only point I would raise is in what country are they likely to go after you through the courts. Ok there is a second point you mention data never say never some of the biggest companies around seem to be getting hacked of late food for thought.

I insisted English courts have jurisdiction of the contract/NDA - originally it wasn't in UK or EU.

The data they might send would protected internally and not available even to most of the staff in the company itself - not something a hacker could get from any of their public facing websites (even if websites hacked or had admin on them) nor from their normal product support teams who wouldn't have it either.

The data they might send (and would be at my request) would be technical in nature and should be specific to me given the nature of the work I'm doing for them.

 

[NickGrogan]

How will they be sending the data, how will you backup the data and how will you send the data/response back?

Moving data is vulnerable.

Any good hacker is unlikely to be targetting public-facing websites, but there are a lot of other ways in.

 

[TomLucas]

encrypted email - GPG
Data stored/backed up on encrypted media only
2 firewalls, outbound traffic restricted etc.

 

[Solvelaw]

The problem with many agreements are that they have US style disclosure as the issue rather than confidentiality which is use here.

General an indemnity :

Is a promise to be responsible for (or make good) the others loss and creates a primary obligation for being responsible. There are number of ways to limit and cap as suggested above. Always ensure that you are in control specifically of what you will be dealing with.

There is a link in my bio for a free NDA which has been standardised for use.

 

[numbersrule]

We were once invited to sign an NDA by a big company.
I was concerned about the wording so we consulted our PI Insurers and they advised us not to sign it as the policy would not cover a breach. We turned the work away.