It seems not a week goes by these days without news breaking of another massive data breach affecting hundreds of millions of people. At the end of November 2018, Marriot, the global hotel chain, announced they had been hacked and the personal information of five hundred million preferred customers had been exposed to criminals. What’s worse, Marriott announced the original data breach occurred over four years ago, leaving people unknowingly at risk for identity theft during that time.
Risk transfers are a vital aspect of any comprehensive risk management plan. Theoretically, those in the best position to avoid a risk should always bear responsibility for the risk. The real world does not work that way, unfortunately. Oftentimes, larger companies and larger contractors use risk transfers to try and push liability “downhill” – onto the backs of smaller companies with less negotiating leverage.
Indemnification clauses in commercial contracts can present a number of potential issues. When the parties to the contract do not properly think through or write out indemnification provisions to address these issues, it can lead to costly and dangerous unintended consequences. Companies need to think through exactly what they mean when they seek indemnification from a contracting party and ensure their approach to indemnification issues comports with their approach to their insurance coverage.