1. Does you contract explicitly cover goods and services you provide after the contract is signed? I ask this first question because Tyco and Eli Lilly entered into a commercial services proposal/agreement in 2004 for the installation of equipment. Following the initial work under the contract, Tyco may have modified the security system or provided other security-related equipment or services at the Eli Lilly facility, including performing at least one security survey.
It certainly is not unusual for a security provider to provide additional equipment or services after signing an agreement with a subscriber. I’m just not sure Tyco’s agreement addressed that issue (in my opinion, it should have). Here’s why: National Union’s theory of the case was premised on an alleged data breach into Tyco’s computer network, resulting in the gang obtaining access to Eli Lilly’s confidential information, including the security survey.
The 2004 contract had a fairly comprehensive risk allocation clause protecting Tyco. Among other things, the clause explicitly required Eli Lilly to waive National Union’s subrogation rights. Nevertheless, the court refused to apply that clause to the data breach or any of the work performed after the contract was signed because, the court reasoned, the breach and subsequent work were beyond the scope of the contract.
The lesson here is to make sure your contract includes a provision that subsequent goods and services are covered by your initial contract.