Fog Creek Software
Discussion Board

Developer Liability Insurance

Greetings, all...

In another topic that I've since lost, I remember someone mentioning the "now-mandatory liability insurance" when speaking of contracting/consulting.

I can understand the need to legally CYA under certain special circumstances (health care contracts, stock trading software - something where lives or a lot of money can be lost due to a bug), but is this really necessary for "normal" circumstances?  Does the "one-man shop" need to budget for liability insurance these days?  Thoughts?

Tracy D.
Friday, August 8, 2003

It depends on your client.
Imagine you're contracting for an established company, and you forget the where clause on a delete statement, which wipes out two years of data.

Yes, it should have been tested. Yes, they should have had backups. And yes, they can sue you.

So - lose the house or buy insurance? Your call. :-)


Friday, August 8, 2003

...except that around here (Saskatchewan, Canada), I can't get insurance without *both* a Masters and a bunch of experience. Maybe the "can't get" isn't literally true, but the cost is literally prohibitive for a one person shop.

Ron Porter
Friday, August 8, 2003

Ron, it would be interesting, and might be worth your while, to write a letter to the CEO of one of the insurance companies inquiring into their requirements, and why they think that two years of schooling means you won't make mistakes?
You might even look to see if there are any white papers about correlations (or lack thereof) between education and bugs in code.

Next step, if they seem unresponsive - send a letter to your government insurance regulators asking *them* to look into why the insurance companies are being elitist.


Friday, August 8, 2003

Would that be any different for a FTE?

Tracy D.
Friday, August 8, 2003


What do you mean?  IANAL, but it seems like a company would be liable for damage done by their FTEs...

Sam Livingston-Gray
Friday, August 8, 2003

It certainly is a good idea to be insured.  (And it also goes without saying that you want to do business as an entity that will shield you from personal liability (e.g., as LLC or as a corporation).)

But it also makes sense to disclaim liability in your license agreement to the full extent allowed by law.  For an example of how one company does it, see paragraphs 11 -14 of the MS EULA:

Herbert Sitz
Friday, August 8, 2003

Philo is correct.  In fact, many of the "vendor managers" are now using this as another scare tactic.  "You have all these contractors and if they screw up it could cost you millions."

I had a customer require $5 million in liability in order to keep a contract.  This is about $5-7,000/year to cover.  Just another cost of doing business.

Mike Gamerland
Friday, August 8, 2003

Either the client or the go-between (if you have one) may require that you carry Liability Insurance, so, yes it can be a Cost of Doing Business.

I'm dubious as to how much the insurance really helps (*), and so I didn't carry it for my last contract. My current one requires $1 million General Liability, so I'm carrying it again. I pay about $500. 

(* I do business as a corporation, so I already have some protection. I'd think you definitely want the Don't-Take-My-House insurance if you're not corp-ed or LLC-ed or working through a company that is covering you).

I'm not an expert on insurances (nor a lawyer), but my understanding is that there are basically 3 kinds of insurance that consultants commonly carry:

* General Liability
* E&O
* Disability

I believe General Liability is property damage and "everything else".
Errors and Omissions (E&O) is specifically about "malpractice" and "breach of contract".
Disability pays in the event that you become disabled.

I believe "malpractice" is NOT the hitting the delete key screwup, but rather a gross failure to observe normal procedures. If, say, the company had a policy of testing all SQL on a test database first, before production, but you decided to wing it on the production database without direct approval to do so... you get the idea.

Many computer consultant books and Web sites cover these insurances at least briefly.

Finally, if you read the insurance company literature, you'll see things like this:

"Do you really need professional liability insurance? If you are in computer consulting, the answer is a resounding “yes!” "

Obviously this should be taken with a grain of salt.

Hope that helps,

Peter Breton
Saturday, August 9, 2003


For clarification, I was wondering if a FTE would have the same risks within their own company - could Joe the FTE be sued by his employer for data loss, etc.


Say Fred the PHB bullies Joe the FTE into deploying some e-commerce app on an unrealistic deadline.  Joe works all weekend and gets it done on time.  Since the executives are screaming, the PHB decides to bypass QA and deploy it to production with "developer testing" only.

As it turns out, said application miscalculates sales tax for every 14th item ordered from the site.  By the time accounting notices the error, an estimated $500,000 in sales tax is "missing".

My question is...Does Joe the FTE have the same (or similar) liability when the executives start screaming and go looking for a scapegoat?

Tracy D.
Saturday, August 9, 2003

> the PHB decides to bypass QA and deploy it ...

This would clear Joe the FTE wouldn't it?

Saturday, August 9, 2003

A full-time employee is only liable for losses to the company in cases of gross negligence.  "Just following orders" doesn't measure up.  Nuking the entire production database and any backups because of righteous anger over planned outsourcing of FTE's whole deperatment does - and it carries criminal charges as well.

But as for a simple honest mistake, or a deployment of something buggy under pressure from above, this is pretty much the same as the case of the scratched company car discussed here last week.

Saturday, August 9, 2003

Philo - re: writing the CEO and contacting the gov't regulators is almost funny! In SK, the insurance company IS the gov't. Yeah, there are other ones around in some niches that the gov't allows (including this one). I found it easier to just make sure every contract makes note of the fact that final testing and verification for accuracy is the responsibility of the client and that anything that gets past them is their fault, not mine. It's worked so far. Any potential client that doesn't like it has to get by without my help, and I still get (mostly) enough work to keep the wolves at bay.

Ron Porter
Sunday, August 10, 2003

Just make your own EULA like Microsoft.  It goes like this.

1.  You have no rights, but what we give you.
2.  We aren't giving you any.

Monday, August 11, 2003

I agree with Mike, so long as we're talking about shrinkwrap. 

But I think probably most developers are doing custom consulting on projects for single clients.  In that case, I think it should be made clear that the price for the project is higher if the developer is the one who's providing a warranty and bearing the risk of malfunction.  Say, $x/hr for no warranty, and $(x + y)/hr for the warranty the customer wants. Or if it's by a job price, just price it in two different ways.  Let the client know that it's more expensive for you to provide a warranty, so it's more expensive for them to purchase a product with a warranty.

Of course, whether the client willl accept it is another story.  But I think this is the way it should be negotiated in a market where clients don't have a huge upper hand and where developers aren't starving for work. 

Herbert Sitz
Monday, August 11, 2003

*  Recent Topics

*  Fog Creek Home