Software Licenses and Allocating Risk of Data Loss

The Utah Supreme Court has held that a software vendor is not liable for any damages after its software caused a dentist to lose all of his patient data.  In Blaisdell v. Dentrix Dental Systems, Inc., No. 20100392 (Utah S. Ct. June 26, 2012), the court held that a limitation of liabilities provision was enforceable in the face of (1) the Utah Products Liability Act, (2) a strict products liability claim, and (3) a gross negligence claim.  Accordingly, the court did not reach the question of whether tort claims were barred by the economic loss rule (which holds that recovery for purely economic losses may be had only in contract, not tort).

The plaintiff had brought this suit after attempting to perform a software upgrade which resulted in the loss of the patient data.  The defendant vendor subsequently acknowledged that the upgrade caused the data loss.  However, there were also bad facts for the dentist.  His employee had apparently represented to the vendor that the patient data was backed up; it is unclear whether the dentist's employee knew that the backup system had stopped working.  Further, everyone agreed that the vendor had made clear that the data should be backed up.  The plaintiff had appealed after the trial court granted summary judgment against his contract and tort claims.

The software license at issue had a fairly standard limitation of liabilities provision that stated:

In no event will Dentrix be liable to you for any indirect, incidental, consequential, special, or exemplary damages arising out of or in connection with your use or inability to use the Product, the breach of any express or implied warranty, or otherwise in connection with the Product, its Software, the Documentation and/or the license even if Dentrix has been advised of the possibility of such damages.

The limitation on liabilities provision further capped the vendor's damages for all types of claims at the amount of license fees paid by the customer.

The court first turned to the question of whether the Utah Products Liability Act rendered the limitation on the liabilities provision unenforceable.  That statute rendered unenforceable any contractual provision requiring “a purchaser or end user of a product to indemnify, hold harmless, or defend a manufacturer of a product.”  Thus, the statutory language was directed to indemnification, a situation in which one party agrees to assume the tort liability of another.  Even the phrase “hold harmless” was, according to the legislative history of the statute, clearly intended to apply in an indemnification situation.  The Utah Products Liability Act was thus inapplicable because “the limitation of liabilities clause does not use words of indemnification: rather, it limits Dentrix's liability to Dr. Blaisdell in tort to the license fees Dr. Blaisdell paid for the product.”

Further, “Utah law and precedent permit contracts limiting strict products liability in some situations,” but this was not one of those situations.  Although a comment in the Restatement (Second) of Torts appeared to support the plaintiff's position, the Restatement (Third) of Torts approved limiting liability for strict liability claims in some situations.  Further, the plaintiff did not dispute that the limitation on liabilities provision was not unconscionable, nor did it cause the contract to fail of its essential purpose.  Instead, the contract was between sophisticated business entities.  Therefore, the limitation on liabilities provision applied to the strict products liability claim.

Finally, there was no dispute of material fact concerning whether the defendant was grossly negligent.  All parties acknowledged that the plaintiff had warned the defendant to back up his data before proceeding with the upgrade operation.  Further, the plaintiff's employee had confirmed that the backup had been performed.  It could not “be reasonably asserted that [the vendor] 'show[ed] utter indifference' to the possibility that the G2 Upgrade could erase the data.”  Therefore, summary judgment for the vendor on the gross negligence claim was appropriate.

The moral to this story is an obvious one: pay close attention to risk allocation provisions, such as limitations of liability, in license agreements.  They are usually enforceable.