4

The paragraph reads:

In the event of a Security Breach, Subcontractor will, without limiting any remedies available to COMPANY hereunder or at law or equity: (i) reimburse COMPANY for the costs incurred by COMPANY to notify any affected individuals and any appropriate legal and regulatory authorities; and (i) pay for the cost of providing credit monitoring services to each such affected individuals for two (2) years from a nationally recognized supplier of such services.

This is part of an NDA/Non-Compete for a job offer. I am a software engineer. I am concerned that if some breach did occur that I could be on the hook for millions of dollars and potentially ruin my entire life.

This document came from the middle-man. I'm working for "CLIENT", w/ "SUBCONTRACTOR 1" (who owns this document), and I am a W2 for "SUBCONTRACTOR 2".

I want to know if I am opening myself up to writing a blank check for "SUBCONTRACTOR 1"? If so, then I want to decline this job which leaves me jobless, but not at risk of losing everything I own.

Improve this question
10
  • 5
    From the question it is not clear what is the relationship between SUBCONTRACTOR_1 and SUBCONTRACTOR_2 and who are the parties signing this NDA. --- Also: Does the text before the paragraph carefully specify the Security Breach or does it try to make you liable for any security breach?
    – pabouk - Ukraine stay strong
    Commented Jul 10 at 7:56
  • 8
    One downside of contractor work: liability. Usual mitigation: insurance.
    – DonQuiKong
    Commented Jul 10 at 8:08
  • 4
    How is "Security Breach" defined in the contract? I certainly hope it's defined as something you caused, not any security breach arising anywhere. Also the risk depends a lot on what you work on exactly, and what data you have access to (or give access to).
    – jcaron
    Commented Jul 10 at 12:03
  • 4
    I think the relationships here are confusing. How are you an employee with Subcontractor 2, which has a contract with Subcontractor 1, which has a contract with "Client" ? You're either an employee of Subcontractor 1 or Subcontractor 2 or Client, not more than one at the same time ? If you're not an employee then you're a contractor and that contract should be only with one of the other entities. Even if you are employed by your own company, Subcontractor 1 would be hiring your company, Subcontractor 1, not yo, unless you're failed to set that language in the contract.
    – StephenG - Help Ukraine
    Commented Jul 10 at 12:49
  • 5
    Why is this in an NDA? It seems like it should be in the service contract.
    – Barmar
    Commented Jul 10 at 15:02

1 Answer 1

Reset to default
16

I want to know if I am opening myself up to writing a blank check for "SUBCONTRACTOR 1"?

If you cause a security breach, then yes.

It may be an insurable risk. I'm not familiar with that part of the insurance market.

You could try to negotiate a term that limits your liability, but you may or may not be able to get it. Often service providers have a blanket term in a contract limiting their liability to the amount that they were paid under the contract.

If the party to the contract is a limited liability company that you form, rather than you personally, and you don't personally guarantee this liability, then all you have to lose are the assets in the company. For a software engineer, those assets are often minimal.

Improve this answer
5
  • 3
    The language doesn't specify that the breach needs to be the contractor's fault.
    – Scott Seidman
    Commented Jul 10 at 12:01
  • 9
    @ScottSeidman "Security Breach" is capitalised, so it's probably defined elsewhere in the contract. I hope that definition makes it clear that it needs to be the contractor's fault.
    – jcaron
    Commented Jul 10 at 12:05
  • 3
    The wording of the paragraph does not limit it to "Security Breach"es caused by the SUBCONTRACTOR. Of course the definition of Security Breach might so limit it, but I have seen many subcontracting that had no such limiting language.
    – RBarryYoung
    Commented Jul 10 at 19:25
  • 1
    @ScottSeidman Even if it didn't say that, I think you could get to a reading that this is the intent of the parties from any reasonable reading of the contract. It isn't described as an insurance contract for third-party wrongs that the subcontractor has no involvement in causing.
    – ohwilleke
    Commented Jul 10 at 19:59
  • 2
    @ohwilleke How many millions of dollars are you willing to bet on that? You win, you get 0$; you lose, you owe millions.
    – Yakk
    Commented Jul 10 at 21:37

Not the answer you're looking for? Browse other questions tagged .