1. Technology Contracts and Risk Management: The Dangers Lurking in the Fine Print Information Security Interest Group 26 November 2004 Michael Park Senior Associate Deacons

2. “You cannot escape the responsibility of tomorrow by evading it today.” Abraham Lincoln (1809 - 1865)

3. Outline 1.General considerations: the 4 Rs 2.Identifying the major areas of risk 3.Pre-contractual issues 4.Trade practices considerations 5.21 key terms in technology contract 6.Case study

4. General Considerations The 4 Rs  Rights  Responsibilities  Risks  Remedies  If the 4R’s are properly addressed, the contract becomes an active relationship management tool

5. General Considerations: the 4 Rs RIGHTS  WHO has WHAT rights?  Are they clearly defined? RESPONSIBILITIES  WHO has the responsibility and for WHAT?  Clearly identify all relevant responsibilities and delineate the roles of the customer and provider

6. General Considerations: the 4 Rs RISKS  Mitigating risk by good planning and identifying all areas of risk exposure REMEDIES  WHAT remedies are applicable and available for failing to meet responsibilities?

7. Key Areas of Risk  All IT contracts are different, some being more complex than others, but there are common key areas of risk  Trade Practices Act 1974 (TPA) –Section 52: misleading and deceptive conduct –Section 53: false representations –Vendor’s representations and conduct must comply with TPA  Failure by vendor to comply with contractual terms regarding –providing deliverables as specified and on time –meeting service levels –meeting other customer objectives

8. Key Areas of Risk  Breaches of privacy or confidentiality obligations –Privacy Act 1988 –National Privacy Principles (NPPs)  Intellectual property (IP) disputes –IP in core deliverables vs improvements –Licensing schemes and licence fees –Disputes between parties as to ownership –Third party IP claims

9. Key Areas of Risk  Disputes over delineation of responsibilities –Clarity of commercial and operational terms, especially schedules to contract –Use of a steering committee  Failure of contract management process –If contract management process is not followed, rights and responsibilities can become unclear  Termination of contract –Consequences of termination –Transitioning out

10. Pre-contract  If the following issues are addressed at the outset, it will minimise uncertainty and future disputes  Customer’s RFT (or similar) should be accurately drafted to reflect customer’s needs  Set out clearly and precisely the tender/selection process  All objectives should be identified both for effective implementation and for effective management  Include specific, accurate and feasible criteria regarding performance and service levels  Due diligence may be required by both customer and vendor  Will there be a formal scoping phase before implementation?

11. Pre-contract  Determine primary responsibility for drafting contract  Set out in a term sheet contract fundamentals including –Scope of services and/or deliverables –Service levels –Fees –Term –IP rights –Warranties –Liability and indemnities  Record, document and file all pre-contractual exchanges and negotiations –These may be important notwithstanding an entire agreement clause

12. Trade Practices Considerations  Section 52 TPA –“A corporation shall not, in trade or commerce, engage in conduct that is misleading or deceptive or is likely to mislead or deceive”  Section 53 TPA –“A corporation shall not, in trade or commerce, make various specified false representations in relation to the supply of goods or services” –For example, quality, standard, performance, characteristics, price, repair facilities, spare parts, place of origin

13. Trade Practices Considerations  Applies to “private” as well as “public” representations  Representations may become part of agreement (even if not expressly incorporated by reference) and lead to s 52 or s 53 TPA claims  Misleading and deceptive conduct or unsubstantiated claims could invalidate contract and create legal liability where party is induced to enter contract

14. Trade Practices Considerations  Section 51A TPA –representations as to future events must be made on reasonable grounds  Contract clauses purporting to exclude or limit liability for representations may not be effective –Representation may have been relied on as a matter of fact  Vendor ’ s RFT response should therefore be clear, accurate and realistic –Avoid contradictory disclaimers  If vendor is unable to assess a requirement due to limited information, request further information or clearly say so in response

15. Technology Contracts: Important Contractual Considerations 1.Incorporation of RFT and RFT response in contract Often important from customer’s viewpoint 2.Warranties regarding due diligence matters eg, as to ownership of IP 3.Conditions precedent to completion of transfer and commencement of services eg, transfer of assets, employees, leases, software licences, etc 4.Audit and monitoring arrangements in relation to provider Management of relationship issue

16. Technology Contracts: Important Contractual Considerations 5.Clearly delineate/apportion responsibility of parties Consider “front end” and client interaction responsibility, eg, marketing, first line support, etc Change control process 6.Project implementation dates and performance milestones May first need to conduct scoping phase 7.Ensure inclusion of comprehensive schedules Service levels, including realistic and objective performance criteria Scope of services or deliverables 8.Functional/technical specifications for deliverables If scoping phase, these schedules can be deliverables

17. Technology Contracts: Important Contractual Considerations 9.Use of acceptance testing Determine testing procedures and acceptance criteria Who is responsible? Customer to identify problems as soon as possible 10.Software escrow Is escrow of source code required? What are the release conditions? Important where software requires ongoing support 11.Intellectual property issues –Ownership of IP in core deliverables and improvements –Licensing schemes and royalties 12.E-security arrangements

18. Technology Contracts: Important Contractual Considerations 13.Privacy and confidentiality Consider extent of access to confidential information 14.Limitations on and exclusions of liability Service credit regime for specified failures 15.Force majeure Incidence and consequences Termination right 16.Disaster recovery and business continuity plans APRA Prudential Standards include APS 231 regarding outsourcing

19. Technology Contracts: Important Contractual Considerations 17.Pricing and fee structure How does it relate to deliverables, performance and changes in scope? 18.Assignment and subcontracting Should vendor and/or customer be able to assign the contract? Can vendor subcontract? If so, on what terms? 19.Dispute escalation and resolution procedures 20.Termination rights Default and convenience 21.Disengagement, continuity of service and ownership/use of assets

20. Case Study  Background –1993: RACVI issues RFI and RFP re online and near line document processing system, requiring online retrieval of active files, near-line retrieval of inactive claims and concomitant response times –Unisys provides responses and demonstrates system on several occasions with response times of 2-4 seconds –Unisys wins tender and begins work on development and system rollout –1995: Unisys delivers system

21. Case Study  Background (cont) –There are ongoing memory, stability and response problems –Retrieval times are excessively slow – 10 seconds –System is inadequate for RACVI’s purposes –Early 1996: further re-working of system fails to redress problems –June 1996: RACVI terminates contract –December 1996: RACVI commences court proceedings

22. Case Study  Issues –RACVI alleges Unisys misrepresented system and services –RACVI alleges contract contained representations that concerned performance –Unisys contends RFP and any representations not part of contract and in any event disclaimed –Unisys relies on “entire contract” clause and contract did not contain performance criteria

23. Case Study  Supreme Court Findings –2001: Court finds in favour of RACVI –Contract incorporated response to RFP by indirect reference and contextualising contract, notwithstanding “entire contract” clause –Response time disclaimer in RFP response applicable to support, not the retrieval time of the system

24. Case Study  Supreme Court Findings (cont) –Disclaimer also “hidden” in unrelated section of contract and not effective –As s 52 TPA case succeeded, contract and negligence claims not addressed –Cap on liability in contract not applicable to s 52 TPA claim –Unisys ordered to pay $2.5 million damages, plus interest and costs to RACVI

25. Case Study  Victorian Court of Appeal –2004: The Full Court agreed with the Supreme Court and dismissed Unisys appeal –RACVI were awarded an additional $350,000 in damages for additional employee costs –Court also prepared to hear argument on award of legal costs other than on party party basis

26. Discussion Michael Park Senior Associate Deacons