Don’t blindly accept unlimited liability for breach of nondisclosure terms

This week’s unsolicited advice on tech contracts …

In software contracts, the limit of liability (LoL) almost always comes with exceptions. One of the most common has to do with confidentiality. Liability for breach of the nondisclosure clause has no limit. Why?

Most LoLs exclude nondisclosure breaches from the LoL … because that’s what we did last time. That, of course, is not a reason.

Common Justifications

If you search online, you’ll see several justifications for unlimited nondisclosure liability. Some make no sense while others do, but none of them is definitive.

  1. Trade secret and other confidentiality losses can run very high, so limited liability would greatly increase the discloser’s risk. That’s certainly true (and it’s one of the justifications in my book, The Tech Contracts Handbook). But software contracts regularly limit liability for big losses. Why limit liability for massive software meltdowns and data breaches but not for nondisclosure breaches?
  2. The nondisclosure terms protect data, and applicable law may require unlimited liability for data breach – and even if not, that’s another huge loss the discloser shouldn’t have to face without full compensation. This one doesn’t make sense. As I explained in last week’s post, we shouldn’t use nondisclosure terms for data anyway. And even if we do, we can easily provide unlimited liability for data-related breaches but not for other confidential information.
  3. Unlimited liability drives home the importance of nondisclosure, increasing the recipient’s incentives to comply. That doesn’t make much sense either. Each party wants the other to comply with all its promises. What’s different about nondisclosure?
  4. Confidentiality losses are hard to predict and so likely to generate consequential damages, which would leave the discloser with zero remedy under the LoL’s indirect damages terms. Again, that’s true and a good explanation (and again, it’s in my book, The Tech Contracts Handbook). But can’t we solve that by allowing consequential/indirect damages while keeping the other half of the LoL: the dollar cap? Also, are we sure we can’t predict confidentiality losses: sure they’d qualify as consequential damages?


Justifications 2 and 3, then, don’t hold water, while 1 and 4 do. But none of the four – and no other justification I’ve seen – qualifies as 100% leak-proof.


Actually Thinking About It

We should not accept unlimited nondisclosure liability without some thought.

If you’re the recipient, push back: remove the nondisclosure exception to the LoL. If challenged, ask why nondisclosure liability should be unlimited. Odds are the other side won’t have an answer. If they do, it’s probably one of the four above. So plug in the counterarguments I’ve suggested.

If you can’t remove the exception altogether, consider a compromise. The LoL’s dollar cap could apply but not the indirect/consequential damages exclusion. Or you could retain the dollar cap but with a higher number: a super-cap. Or liability could have no limit for unauthorized disclosure of certain specified information – e.g., the source code or customer list – while otherwise the LoL applies.

Of course, there’s no reason to raise this issue when you’re the discloser.

What about a mutual nondisclosure clause? Ask which role has the highest odds of mattering. Are you disclosing important information while receiving low value information? Then consider yourself the discloser and try to retain unlimited liability for nondisclosure breaches. Or are you receiving important information but disclosing trivia? Then reverse that strategy.

If you’re on both sides, of course, it’s a tough call. I still suggest you make it – analyze the pros and cons – rather than accepting the LoL exception without thought.

Have I missed a justification for unlimited liability? I’d love to know in the comments.


© 2024 by Tech Contracts Academy, LLC. All rights reserved.

Thank you to Pixabay.com for great, free stock photos!

Share the Post:

Related Posts