Add to PDF BrochureView PDF BrochureBookmark PagePrint PageA A A

Company Commercial Notepad - February 2010

 

1. Are your sales personnel putting your company at risk? High Court judgment to have significant implications for companies and their suppliers

Eighteen months after the case was heard, the High Court finally delivered its judgment in the case brought by BSkyB against its IT supplier EDS (now part of Hewlett Packard) on 26 January 2010.

Background

In 2000, EDS pitched for a £50 million contract to design and build a customer relationship management (CRM) system for BSkyB.  EDS was one of a number of companies which bid for the CRM project during a tender process, and their bid was successful.  EDS failed to implement the new CRM system and were ultimately removed from their supplier role in 2002 by BSkyB.

BSkyB's main claim against EDS was that, during the tender process, EDS dishonestly made false representations as to the company's ability to design and build the CRM system within the anticipated timeframe and budget.  As a result, BSkyB argued that they were fraudulently induced to award the contract to EDS and, had they not been subject to EDS's misrepresentations, they would have contracted with one of the other parties submitting a tender and the work would have been completed on time and within budget.

Judgment

The court found that EDS had acted dishonestly in making false representations during the tender process and in advance of entering into the contract with BSkyB.  In particular, the judge ruled that EDS falsely represented that (a) they had carried out a proper analysis of the time needed to complete an initial delivery and go-live of the contact centre, and (b) they held the opinion on reasonable grounds that they could deliver it within nine months.  The court found that EDS had knowingly made false representations to BSkyB and that they had intended BSkyB to rely on those false representations in awarding EDS the contract.  It was therefore found that EDS were liable to BSkyB in deceit for the misrepresentations.

The judge also found that EDS was in breach of contract by failing to exercise reasonable skill and care or conform to good industry practice because there was no effective programme management, the design and development of the CRM system was not properly documented and EDS did not provide sufficient technical or managerial resources.  The court decided that BSkyB incurred significant damage as a consequence of EDS's actions.  Whilst the contract contained a cap on liabilities of £30 million, this was not effective to limit EDS's liabilities for fraudulent misrepresentation, allowing BSkyB to recover a significantly higher sum, expected to be at least £200 million.

Analysis

The decision has important implications for companies and suppliers alike.  Suppliers should make sure their sales staff are fully aware of the risks of making estimates or promises in pitches and tender responses without proper foundation or reasonable analysis.  The decision also confirms that contractual caps on liability cannot be relied upon where a party has been dishonest.  The courts are clearly prepared to award very significant damages to compensate a party for full financial losses incurred as a result of dishonest misrepresentation.

On the other hand, it is important that procurement teams ensure that all factors of importance in respect of a project are highlighted and appropriate warranties are sought from suppliers. Any limitation on a supplier's liability should be at a level which is appropriate to take into account such factors. 

 

2. Guarantees- a brief guide

Guarantees are commonly used, but far too often these documents fall foul of legal loop-holes which let the guarantor off the hook, or leave the guarantor on the hook indefinitely.  We provide a brief checklist of points to note below:

  • guarantees are a contractual agreement creating a secondary obligation to support a primary obligation of one party to another.  An example is in respect of a tenancy agreement: the landlord will often ask for a guarantee (from a third party) if it has doubts as to the tenant's ability to honour his obligations under the lease.  If the tenant does not perform all his obligations the guarantor will perform them on his behalf;
  • guarantees must be made in writing;
  • because a guarantee is a secondary obligation, any change to the primary obligation will (unless the provisions of the guarantee state otherwise) cause the guarantee to cease to have effect.  To use the example of a tenancy agreement:  if the landlord and tenant agree to an extension of the term without the guarantor's consent, the guarantee will fall away.  This would apply even if a less substantial amendment were agreed between landlord and tenant. 
  • if the guarantor is a company, check whether it has the power to enter into the guarantee (review the Articles of Association or Memorandum which should give officers the power to enter into guarantees);
  • ensure there is clarity in the provisions of the guarantee as to what primary obligations the guarantor is guaranteeing
  • the guarantee document should include a number of saving provisions: for example a provision which preserves the existence of the guarantee if the primary obligor makes interim payments;
  • consider whether a cap on the liability of the guarantor is appropriate;
  • if you are giving a guarantee it is important to ensure that the provisions as to the determination of the guarantee are clear. 

Above all guarantees are unusual and unlike any other form of contractual document; there is, arguably, no such thing as a "standard" guarantee as they rely heavily upon the primary obligations to which they relate and the circumstances upon which the guarantor is willing to give a guarantee. 

Whether you are a guarantor or a beneficiary it is in both parties' interests to ensure the guarantee is correctly drafted and legal review is strongly recommended. 

 

3. New Fines for Breach of Data Protection Rights 

Effective from 6 April 2010, the Information Commissioner's Office ("ICO"), the United Kingdom's regulator responsible for upholding information rights, will be able to exercise new powers to issue monetary penalties for breaches of the Data Protection Act 1998 (the "Act"). Under the Act, the Information Commissioner may serve a notice to a data controller (who is a person who determines the  

purposes for which and the manner in which any personal data is, or will be, processed), requiring him to pay a monetary penalty of an amount determined by the Commissioner. The maximum limit of the penalty will be £500,000.

The data protection principles require data controllers to ensure that data held is:

  • fairly and lawfully processed;
  • processed for limited purposes;
  • adequate, relevant and not excessive;
  • accurate and up to date;
  • not kept for longer than is necessary;
  • processed in line with the data subject's rights;
  • secure; and
  • not transferred to other countries without adequate protection.

With its new powers, the ICO may serve monetary penalties if it is satisfied that:

  • the data controller has seriously contravened the eight data protection principles listed above;
  • the contravention was likely to cause substantial damage or distress; and
  • the contravention was either deliberate or the data controller must have known or ought to have known that there was a risk that a contravention would occur and failed to take reasonable steps to prevent it.

The ICO's guidance gives practical examples of what they consider to be a "serious" contravention or causing "substantial" damage or distress. An example of the former includes the loss of medical records containing sensitive personal data following a security breach by a data controller during an office move. An example of the latter includes the loss of financial data following a security breach by a data controller where an individual becomes the victim of identity fraud.

The ICO has stated that factors which will be taken into account when issuing a monetary penalty will include an organisation's financial resources, sector, size and the severity of the breach. 

Practical implications

The ICO's enhanced powers and the prospect of a substantial fine mean all businesses must take more seriously than ever their obligation to process personal data in compliance with the Act. The financial risks of not doing so are now greatly increased, and the reputational risks, which have always been serious, may now be even more so as the ICO seeks to publicise monetary penalties it has imposed, "pour encourager les autres". 

Businesses should be able to demonstrate that they have addressed the risks of handling personal data and should carry out - and record the results of - regular risk assessments. In addition, a data protection audit should be considered to establish responsibility for preventing breaches of the Act. Furthermore, data protection policies (both internal and customer-facing) and procedures should be implemented, be kept up to date and reflect current guidance and/or codes of practice published by the ICO. 

For assistance with audits, policies and training or to discuss your responsibilities under the Act generally, please contact our Data Protection Group.

Laytons cannot accept any responsibility for any liabilities of any kind incurred in reliance on this Notepad. For specific advice on these issues, please contact your client partner or one of the team at the addresses set out below:

London
Richard Kennett email richard.kennett@laytons.com

Guildford
Ben Crichton email ben.crichton@laytons.com

Manchester
David Sefton email david.sefton@laytons.com

This Notepad is offered on the basis that it is a general guide only and not a substitute for legal advice. If you wish to copy this Notepad please do so, but please acknowledge its source.

For PDF version of this notepad please click here

Understanding Needs… Delivering Results