Almost all businesses will have some sort of database that contains, for example, marketing, sales, or customer data. Most companies appreciate that this information needs to be protected from competitors, but in our experience most businesses could do more to protect their confidential information. My colleague Tom Bourne has set out his Top ten tips for protecting your database.
The Court of Appeal’s recent decision in John Grimes Partnership Limited v Gubbins  EWCA Civ 37 has made it clear that if a contacting party can reasonably envisage a particular type of loss occurring as a result of their actions, they could be held liable for that loss.
In the case, the Court of Appeal held that an engineer who caused a delay in completion of a development project was liable for damages caused by a fall in the market value of the property.
Mr Gubbins engaged John Grimes Partnership Ltd (JGP), a consultant engineer, to design and complete a road and drainage system by March 2007 on land acquired for residential development purposes.
In contravention of an expressly agreed deadline, the works remained incomplete at the end of March 2007. Mr Gubbins subsequently engaged another consultant engineer in April 2008 who re-designed the road and drainage system, gaining quick local authority approval.
In the interim, JGP commenced proceedings against Mr Gubbins for unpaid fees of £2,893 and Mr Gubbins counterclaimed for £20,000 in respect of the defective, unfinished works and the breach of the expressly agreed deadline, claiming that as a result there had been a reduction in the market value of the private residential units, a reduction in the offer from a Housing Association for the affordable units and an increase in building costs.
At trial the High Court found in favour of Mr Gubbins and JGP appealed on the basis that its responsibilities under the contract did not include a duty to protect Mr Gubbins against losses due to a fall in the market value of property.
Court of Appeal decision
Dismissing the appeal, the Court of Appeal held that, although in some cases it may be found that a party to a contract had not taken on responsibility for a particular liability (even if that liability was reasonably foreseeable), the general position is that a contracting party will be liable for all losses arising naturally, according to the normal course of things, from the breach of contract and all losses which may reasonably be supposed to have been in the contemplation of the parties at the time they made the contract, as a probable result of the breach.
On the basis of the particular facts, the Court of Appeal held that JGP knew that Mr Gubbins intended to use the land for development purposes and knew that there was a risk that there could be a fall in the market value of the property if the works were not completed on time. Accordingly, JGP was liable to Mr Gubbins for the losses suffered even though such losses were not within JGP’s control and far exceeded the £15,000 fee payable to JGP under the contract.
Lessons to learn
The case demonstrates that the principle of foreseeability of loss still remains the standard mechanism for assessing remoteness of damage.
Unless a party could not possibly be taken to envisage responsibility for a particular type of loss or there are some other special circumstances which render the implied assumption of responsibility inappropriate for a particular type of loss, it is prudent to expressly exclude liability for particular events by including suitable exclusion clauses and limitation clauses in the contract.
The Information Commission Office (ICO) has recently published guidance for companies to help them avoid potential breaches of data protection laws when encouraging staff to use their personal laptops, tablet computers or smartphones for business purposes, a practice known as ‘bring your own device’ (BYOD).
A recent survey, commissioned by the ICO and carried out by YouGov, revealed that 47% of all UK adults now use their personal smartphone, laptop or tablet computer for work purposes. But fewer than 3 in 10 who do so are provided with guidance on how their devices should be used in this capacity, raising worrying concerns that people may not understand how to look after the personal information accessed and stored on these devices.
The benefits of BYOD include employee satisfaction from being able to use devices of their choice, increased productivity particularly when out of the office and cost saving as a result of the decreased overheads for hardware. However, there are also risks associated with BYOD, one of the key ones being security.
The ICO’s guidance outlines some of the risks which businesses should consider when allowing personal devices to be used for work-related purposes and guidance explains how BYOD can be adopted in a manner that complies with the Data Protection Act 1998 (DPA).
Under the DPA, there are 8 principles of ‘good information handling’. As well as protecting individuals who are the subjects of this information, it imposes obligations upon those processing the information. Of most relevance is the seventh principle of maintaining ‘appropriate technical and organisational measures…[to protect] against accidental loss or destruction of, or damage to, personal data’.
The ICO’s guidance recommends a number of security measures which employers should put in place to avoid breaching their data protection obligations, these include:
- auditing the types of personal data being processed and the devices used to access that data;
- denying or restricting access to sensitive data on devices which lack a high level of encryption; and
- controlling access to data and/or devices using passwords or PIN codes.
The guidance also explains how businesses should have remote locate and wipe facilities in place to maintain the confidentiality of data in the event of loss or theft and should, where possible, avoid the use of public cloud-based sharing and public backup services if the services have not been fully assessed.
Although implementing these controls will not be free of cost, the potential fines and reputational damage which could arise as a result of non-compliance with data protection legislation and the financial benefits of BYOD could far exceed the costs of putting in place appropriate security measures.
As data controllers, employers must ensure that all personal data is processed in accordance with the requirements of the DPA. The ICO’s guidance represents a useful tool for employers currently using or considering BYOD initiatives to ensure that they remain compliant with the DPA.
A copy of the ICO’s guidance is available here.
A recent Court of Appeal case shows the dangers in using standard, widely-drafted exclusion clauses without thinking carefully about what types of loss might arise in practice – particularly where the effect of the clause would be to leave one party without any remedy for the other’s breach.
Kudos Catering (UK) Ltd entered into a five year contract to provide catering services to the Manchester Central Convention Complex Ltd (MCCC). MCCC lost confidence in Kudos and two years before the end of the term the contractual relationship broke down with both parties alleging repudiatory breach. Kudos claimed £1.3 million for loss of profits that would have been earned during the remaining term of the contract.
The case centred on the wording of clause 18 of the contract which was headed “Indemnity and Insurance” which provided that MCCC would have:
no liability whatsoever in contract, tort (including negligence) or otherwise for any loss of goodwill, business, revenue or profits…suffered by the Contractor or any third party in relation to this Agreement.
In the High Court it was held that clause 18.6 only had one effect: to exclude all liability of MCCC for Kudos’ loss of profit.
Court of Appeal decision
In overturning the High Court decision, the Court of Appeal found that if the contract had continued for the intended five year term, Kudos would have made a profit. The court further found that if MCCC was able to exclude all liability for loss of profit, it would effectively deprive Kudos of any sanction for MCCC’s non-performance. For this reason, the Court of Appeal held that clause 18.6 did not exclude liability for Kudos’ loss of profit where such liability arose out of MCCC’s repudiatory refusal to perform the contract.
In coming to its decision, the Court of Appeal noted the following key points:
- the exclusion of loss of profit was ‘buried’ in a clause headed clause 18 “Indemnity and Insurance”
- if the clause did exclude all liability for loss of profit, it would effectively deprive Kudos of any sanction for a breach of contract by MCCC which would render the contract an unenforceable statement of intent
- if the parties had intended to exclude liability for loss of profit in the event of refusal to perform the contract (rather than for defective performance), it should have been set out unambiguously in a stand-alone clause
Some practical lessons
Casting the exclusion clause net too far may not provide the protection envisaged. In order to avoid the clause being rejected as ‘too wide’ it will be prudent to bear in mind the following points:
- Avoid the temptation to ‘bury’ certain key limitation and exclusion clauses
- If an exclusion is of particular importance, put it in a standalone clause (under a suitable heading) to bring it to the attention of the other party and to avoid a court interpreting it by reference to surrounding sub-clauses
- Although the court in the current case refused to provide a distinction between refusal to perform and an inability to perform, consider inserting a clause to expressly deal with repudiation
- Consider whether the innocent party will have an adequate remedy for breach as the courts will not look favourably on a clause that seeks to remove any remedy for failure to perform or for defective performance
Since spring last year, websites and advertisers have been getting to grips with the new law on obtaining consent for cookies.
The Advertising Standards Authority (ASA) is taking over responsibility for ensuring that consumers are made aware of, and can exercise choice over, the collection and use of information for OBA. The ASA’s first step is the introduction of new rules on OBA which will come into force from early February.
I have prepared an article summarising the key elements of the OBA Rules which websites and advertisers should be aware of. To read this article in full please click here (PDF).
The use of cloud computing services has become mainstream in almost all areas of business in recent years. However, many aspects of commercial and legal best practice remain unclear, with many cloud contracts failing to take account of the fundamental differences between cloud services and “traditional” software.
The Cloud Industry Forum (CIF) has published a white paper which reports the findings of a study carried out by the CIF into the adoption of cloud based services. The study identifies some best practice points for both cloud service providers and end users in relation to the following key issues:
- Contract term
- Termination, migration and transfer of data
- Data security
- Service levels (SLAs)
We have prepared a Briefing Note (pdf) which discusses these issues and takes a look at the best practice points summarised in the CIF’s white paper.
Earlier this year, in the case of Compass Group UK and Ireland Limited (trading as Medirest) v Mid Essex Hospital Services NHS Trust, the High Court considered a clause in an NHS outsourcing contract for catering services which obliged the parties to “cooperate with each other in good faith”. The contract allowed for deductions to be made from service payments due to the service provider in the event that it failed to meet the service levels under the contract. On various occasions the NHS Trust deducted service credits and awarded service points which the service provider argued were grossly miscalculated. These service credits included a £46,320 deduction for out of date ketchup sachets which were found at the back of a cupboard.
The court found the outsourcing contract, by its nature, “required continuous and detailed cooperation between the parties at number of levels if it was to work smoothly” and it was in this context that the court interpreted the good faith clause. The court held that the NHS Trust has exercised its contractual power in an arbitrary, capricious and irrational manner and that this constituted a material breach of the contract.
It seems that in recent years some large organisations have begun taking a more aggressive, procurement-style approach to the negotiation and ongoing management of outsourcing contracts. Whilst this case turned on its specific facts, it illustrates the importance of using cooperation and dialogue to resolve problems which will inevitably occur in long-term outsourcing contracts and emphasises the need to avoid taking an overly aggressive approach to contract negotiation and management.
With this in mind, we have prepared an article outlining some of the key considerations (PDF) which should be taken into account when drafting a successful outsourcing contract.
Samsung has launched a competition for developers to create an innovate app for the Samsung Galaxy Note and Galaxy Tab, with a total prize fund of $4.08 million (£2.6 million) on offer. In addition to the cash prize, the winning app developers in the Samsung Smart App Challenge 2012 will receive marketing support to promote their apps.
If you’re not lucky enough to be one of the winning developers, there are still some steps that you can take to try to ensure that your app is successful and doesn’t fall foul of the legal pitfalls often encountered by app developers. See my update on legal issues for app developers for more details.
Speaking at the Cannes Lions Festival of Creativity on 19 June, Coca Cola’s most senior marketer Joseph Tripodi called on marketers to take a “leap of faith” and embrace social media as a brand building tool. However, as Nike discovered the very next day, advertising using social media is not free from constraints.
Since 1 March 2011 the Advertising Standards Authority (ASA) has had the power to oversee businesses’ marketing communications on their own websites, as well as on social networking sites and other “non-paid-for” space online, to ensure that they comply with the CAP (Committee of Advertising Practice) Code.
The first major case that forced the ASA to look at advertising on social media came to light earlier this year when it launched an investigation into tweets by celebrities such as Katie Price and Rio Ferdinand promoting Snickers. The campaign involved celebrities posting a string of bizarre tweets ending with “You’re not you when you’re hungry@snickersUk#hungry#spon” and a picture of them holding a Snickers. The ASA ultimately dismissed the complaints against Mars finding that the inclusion of the #spon hashtag in the final “reveal tweets” made them clearly identifiable as marketing communications.
There has since been a noticeable increase in the number of sponsored tweets or “tweeting for money” and this looks set to continue. However, in the first case of its kind, the ASA has taken action to “ban” a campaign which features them. As part of its “Make it Count” campaign, Nike UK used the personal Twitter account of footballer Wayne Rooney to post the following tweet:
Nike posted a similar tweet on the account (subsequently deleted for unconnected reasons) of Arsenal footballer Jack Wilshere:
Jack Wilshere – “In 2012, I will come back for my club – and be ready for my country. #makeitcount gonike.me/Makeitcount”.
Responding to a complaint that the tweets were not clearly identified as advertising, Nike claimed that both footballers were well known for being sponsored by Nike and argued that Twitter users would not be misled about its relationship with the players. Nike took the view that the presence of the Nike URL and campaign strap line #makeitcount within the body of the tweets, indicated that the purpose of the tweets was to direct followers to the Nike website and made it sufficiently clear that the tweets were advertising.
The ASA disagreed, finding that the reference to Nike was not prominent and could be missed, making the tweets not obviously identifiable as advertising and putting them in breach of the CAP Code. The ASA held that as not all Twitter users would know about the players’ sponsorship deals with Nike, the tweets should have featured an indication hashtag, such as #ad or #spon, to make it clear that they were marketing communications.
Just the one complaint?
It is interesting to note that the Nike campaign was banned by the ASA despite only receiving one complaint. To coincide with its 50th anniversary, the ASA has recently released a list of the most complained-about ads of all time.
Top of the list was a TV advert for Kentucky Fried Chicken which aired in 2005 and featured call centre workers singing with their mouths full of food. The ad received a record 1,671 complaints with many people considering that it could encourage bad manners among children. However, despite the record number of complainers, the complaint was not upheld by the ASA, which ruled that the ad was unlikely to change children’s behaviour or undermine parental authority.
The other ads to make the top 10 were:
2. Auction World (2004): Shopping channel – 1,360 complaints – referred to Ofcom
3. Paddy Power (2010): Cat being kicked by blind football player – 1,313 complaints – not upheld
4. The Christian Party (2009): Poster saying “There definitely is a god” – 1,204 complaints – not upheld
5. British Safety Council (1995): Condom advert featuring Pope – 1,192 complaints – upheld
6. Marie Stopes International (2010): TV ad offering sexual and reproductive healthcare advice - 1,088 complaints – not upheld
7. Volkswagen (2008): Depicted an engineer fighting multiple versions of himself – 1,070 complaints – partially upheld
8. Yves St Laurent (2000): Poster of naked reclining Sophie Dahl – 948 complaints – upheld
9. Department of Energy and Climate Change (2010): Press and TV campaign about climate change – 939 complaints – upheld in part
10. Barnardo’s (2008): TV campaign about domestic child abuse – 840 complaints – not upheld.
A marketing campaign by confectionary giant Mars has been cleared by the Advertising Standards Authority (ASA) in its first investigation involving social networking site Twitter.
The ASA launched its investigation after receiving complaints regarding a chain of bizarre economy and knitting-related tweets sent in January from the official accounts of the footballer Rio Ferdinand and model Katie Price followed by a final Snickers tweet and a photograph.
On January 24 the Manchester United defender tweeted “Really getting into the knitting!!! Helps me relax after high-pressure world of the Premiership”. In further postings, he added “Can’t wait 2 get home from training and finish that cardigan”; “Just popping out 2 get more wool!!!”; “Cardy finished. Now 4 the matching mittens!!!”
His fifth tweet read “You’re not you when you’re hungry @snickersUk #hungry #spon”.
In Price’s tweets she wrote about subjects such as the eurozone debt crisis, China’s GDP figures and the economic concept of quantitative easing before finally tweeting a picture of herself holding a Snickers bar with the same message as Ferdiand’s “You’re not you when you’re hungry @snickersUk #hungry #spon”.
In making its decision, the ASA considered two points: (a) whether it should have been stated in the first four ‘teaser’ tweets that they were marketing communications and (b) whether the hashtag “#spon” in the final ‘reveal’ tweet made it clear enough that that tweet was a marketing communication.
Responding to the complaints, Mars said that it had “considered in detail” the extent to which the tweets were marketing communications and believed only the last one needed to be identified. Mars argued consumers could not have been misled into making a purchase by the first four tweets as their meaning only became apparent once the campaign was revealed with the fifth message.
The ASA accepted Mars’ argument that the tweets contained the hashtag “#spon” to indicate sponsored content but it disagreed with Mars that the first four only became marketing communications after the final tweet was posted and stated that all five tweets should be considered to be part of an “orchestrated advertising campaign”.
However, the ASA said the final tweet was clearly highlighted as an advertising campaign and that having seen the final ‘reveal’ tweet consumers would understand that the series of tweets were part of a marketing communication. It held that it was acceptable that the first four tweets were not individually labelled as being part of the overall marketing communication and concluded that the ads did not breach the CAP code.
This investigation highlights the importance of disclosing paid-for promotions in all forms of advertising media including blogs, posts and microblogs like Twitter. Whether this is by using hashtags such as #spon, #paid-promotion or #advert or some other statement, in order to avoid breaching advertising legislation, promoters should ensure that consumers understand when they are reading paid-for promotional content regardless of the media through which that content is being displayed.