In the private sector, most IT contracts contain language which limits the liability of the supplier to some multiple of the value of all payments made under the contract. As agencies rely heavily on their IT suppliers to assist in providing essential government services to citizens, limiting a supplier's liability may not be as appropriate. When preparing the IT contract, the agency should evaluate the true risk involved should the supplier fail to perform or deliver. Agencies should take care to limit risk in its IT procurements through good contract scoping, specifications, good statements of work and supplier and contract management.
- Liability for direct and indirect damages: Hold suppliers responsible for direct damages arising out of an IT contract. Do not hold suppliers responsible for third party claims arising out of indirect damages, with certain exceptions, including infringement of a third party's intellectual property or willful misconduct by the Supplier. Unless responsibility is specifically allocated to the supplier in the contract, the agency should not hold supplier responsible for indirect damages, including special or consequential damages. Example: Supplier should not be liable for lost data, unless the contract specifically provides for supplier responsibility for lost data in the contract.
- Amount of liability limitations: Supplier liability should be limited according to the IT contract risk. Liability limitations in excess of 2X the total amount of the contract could be warranted for high risk contracts, such as contracts for agency IT systems that involve public safety. If a contract contains a liability limitation that is a multiple of the total amount of the contract, then the agency and the supplier should specifically address in the contract how the "amount of the contract" is calculated. This is especially important where the contract has an extension clause or unique funding mechanism. Even if a limitation of the supplier's liability is included, the contract should exclude unlimited liability for infringement of a third party's copyrights or patents from that cap. A limitation of the supplier's liability also should not cap the amount of supplier's liability for property damage, death and bodily injury, suffered either by the agency and its employees or that might be brought as a claim by a third party. An agency may negotiate no limit for breach of security, confidentiality, infringement or data privacy provisions of the contract.