HEALTHALLIANCE N.Z. LIMITED /Counterclaim AND HEWLETT-PACKARD NEW ZEALAND CAPEX DISCOVERY INC /Counterclaimant ZOVY LLC /Counterclaimant
[2024] NZHC 2725
•20 September 2024
IN THE HIGH COURT OF NEW ZEALAND AUCKLAND REGISTRY
I TE KŌTI MATUA O AOTEAROA TĀMAKI MAKAURAU ROHE
CIV 2021-404-001215
[2024] NZHC 2725
BETWEEN HEALTHALLIANCE N.Z. LIMITED
Plaintiff/Counterclaim Defendant
AND
HEWLETT-PACKARD NEW ZEALAND
First Defendant
CAPEX DISCOVERY INC
Second Defendant/CounterclaimantZOVY LLC
Third Defendant/Counterclaimant
Hearing: 29 April – 3 May 2024 and
6, 7, 9, 10 May 2024
Appearances:
R J Hollyman KC, E J Watt & L E Kenner for the Plaintiff/Counterclaim Defendant
K E Cornegé and K R McNicolas for the First Defendant
G C Williams, D Scott-Jones & B E Carey for the Second & Third Defendants/Counterclaimants
Judgment:
20 September 2024
JUDGMENT OF TAHANA J
This judgment was delivered by me on 20 September 2024 at 11.30am Pursuant to Rule 11.5 of the High Court Rules
…………………………
Registrar/Deputy Registrar
Solicitors:
Maberly & Co, Auckland A J Park, Wellington
HEALTHALLIANCE N.Z. LIMITED v HEWLETT-PACKARD NEW ZEALAND [2024] NZHC 2725 [20
September 2024]
TABLE OF CONTENTS
[Para No.]
Introduction 1
Local and global context 1
What happened? 3
Issues for determination 15
BACKGROUND 18
HP sells IAP solution to healthAlliance 18
HP sells HPCA solution to healthAlliance 21
HPE enters into SCL agreement with Capax 33
HPE spins-off and merges its global software business 38
Capax/Zovy contract to provide support and maintenance to healthAlliance 42Progress on migration from IAP to HPCA continues 44
Capax/Zovy provide support and maintenance services to healthAlliance 46
healthAlliance and Capax/Zovy discuss migration to new software 52
Capax enters into 2022 Deed 61HEALTHALLIANCE’S CLAIM FOR ITS DATA 63
Scope of the claim 63
Does the Software Agreement include an implied term to yield up data? 69
Applicable legal principles — implied terms 69
Analysis 72
Express terms 73
Encryption and exporting functionality 89
Knowledge from previous engagements 96
Industry practice 99
Understanding of reasonable person 112
Conditions in BP Refinery 116
Conclusion — implied term 126
Did HP breach the Implied Term? 130
Should the Court order specific performance of the Implied Term? 144
CAPAX/ZOVY’S COUNTERCLAIM 154
Does Capax or Zovy have standing to claim under the Software Agreement? 154 Was there a valid assignment of the Software Agreement to Capax under the SCL Agreement? 156
Was the Software Agreement transferred from HP to Micro Focus Singapore? 160
Was there a valid assignment under the 2022 Deed? 168
Conclusion 172
Did healthAlliance breach the Software Agreement? 173
Terms of the software agreement 174
What is the registered users’ group within HPCA? 182
Was a registered user authorised to use or access the functionalities of HPCA? 195 Other functionalities of HPCA 205
Conclusion — breach of Software Agreement 216
RESULT 219
Costs 220
Introduction
Local and global context
[1] Software is often owned globally and sold locally. Here, the software was sold locally and then subject to global transactions. The local vendor’s ultimate holding company entered into a licence agreement in relation to the software with a global vendor. The following year, it spun-off and merged its global software business with another global vendor. After purchasing the software solution, the local customer was required to engage with the new global vendors. There is a dispute as to which vendor holds the rights and/or obligations under the original software agreement.
[2] The local customer no longer wishes to use the software and requires help to extract its data out of the software platform. The global vendor has stopped providing any support services and claims the customer has been using more licences than it originally purchased. The local customer seeks orders requiring that its data be yielded up or migrated to a new platform. The global vendor counterclaims for alleged under- licensing. I therefore need to determine the customer’s claim and the vendor’s counterclaim. Before outlining the relevant issues, I briefly explain what happened.
What happened?
[3] The relevant software archives information (here, emails) and is known as HP Consolidated Archive (HPCA). The customer is healthAlliance New Zealand Ltd (healthAlliance). healthAlliance is a wholly owned subsidiary of Te Whatu Ora – Health New Zealand. Its data includes emails containing patient information.
[4] In 2015, Hewlett-Packard New Zealand Ltd (HP) sold healthAlliance 5,000 perpetual HPCA software licences, software support and maintenance and professional services to migrate healthAlliance’s data from HP’s Integrated Archiving Platform (IAP) to its new HPCA platform. The professional services included scoping the hardware required. HP then sold the hardware to healthAlliance. The products and services required for the overall solution were sold on HP’s standard terms such that the software licences and support and maintenance services were the subject of one agreement (the Software Agreement) and the professional services for the
implementation were the subject of a statement of work (SOW) with terms attached (the SOW Agreement). The hardware was sold separately.
[5] HP’s ultimate holding company, Hewlett-Packard Enterprise Company (HPE), is incorporated in the United States and was the ultimate owner of the HPCA software and HP’s global software business.
[6] In 2016, HPE entered into a source code licence agreement with Capax Discovery Inc (Capax) (the SCL Agreement). Under the SCL Agreement, HPE granted Capax a worldwide licence with specified distribution rights for HPCA.1 Capax also agreed to assume all obligations for active support contracts for HPCA as a subcontractor of HPE.2 If support customers consented to have their contracts assigned to Capax, HPE would assign the contract to Capax.3 healthAlliance was identified as a support customer.4 Capax relies on the SCL Agreement as assigning it rights under the Software Agreement.
[7] In 2016, HPE notified healthAlliance that Capax had assumed all obligations of HPE’s active support contracts for HPCA as a sub-contractor and requested that healthAlliance direct all future requests regarding HPCA to Capax. HP continued to implement the HPCA solution with support to be provided by Capax after implementation.
[8] In 2017, HPE spun-off and merged its global software business. In April 2017, HPE informed healthAlliance that all its agreements with HPE and HP that relate exclusively to HPE’s software business would be allocated to Entco Singapore (Sales) Pte Ltd5 (Entco Singapore) which was anticipated to merge with Micro Focus International Plc (Micro Focus International). The spin-off and merger of HPE’s global software business is only relevant to whether HP has transferred the Software Agreement to Entco Singapore (now, Micro Focus Singapore). Relevant to that issue
1 SCL Agreement, cl 3.1.
2 Clause 4.2.
3 Clause 4.2.
4 Exhibit 5.
5 Entco Singapore (Sales) Pte Ltd was renamed Micro Focus Software Pte Ltd on 27 August 2018 (Micro Focus Singapore).
is a separation and distribution agreement between HPE and Seattle SpinCo, Inc (Seattle SpinCo) dated 7 September 2016 (the SDA).
[9] In 2017, healthAlliance entered into a separate support and maintenance agreement with Capax and Zovy LLC (Zovy) for the 5,000 HPCA licences it had purchased from HP (the Support Agreement). HP and then Micro Focus Singapore completed implementation of the HPCA solution in 2019 and Capax/Zovy then provided support and maintenance services to healthAlliance.
[10] In 2020, healthAlliance and Capax/Zovy started discussing options for healthAlliance to migrate its data off the HPCA platform. Capax/Zovy stopped providing HPCA support (other than for one month in January 2021) claiming that the Support Agreement had expired. Capax/Zovy also alleged that healthAlliance was using more than the 5,000 HPCA licences it had purchased.
[11] In 2021, healthAlliance attempted to migrate its data out of the HPCA platform by engaging a fourth vendor, but that was unsuccessful. Discussions between healthAlliance and Capax/Zovy ceased when they could not agree on the under- licensing issue. healthAlliance then filed this proceeding seeking an order requiring that its data be yielded up or migrated to a new platform. Capax/Zovy counterclaim USD 5,143,291.10 for alleged under-licensing. Both parties allege breach of the Software Agreement.
[12] After these proceedings were issued, healthAlliance applied for summary judgment arguing that the Software Agreement had not been assigned to Capax. Capax then entered into a deed of assignment with Micro Focus Singapore and Seattle SpinCo (the ultimate holding company of Micro Focus Singapore) on 25 November 2022 (the 2022 Deed). Capax relies on the 2022 Deed as assigning it rights under the Software Agreement if the SCL Agreement did not do so.
[13] healthAlliance challenges Capax’s standing to sue under the Software Agreement arguing that there has never been a valid assignment. Whether Capax has standing to sue must therefore be determined by considering the terms of the SCL Agreement, the SDA and the 2022 Deed. Those three documents are also relevant to
whether HP or Micro Focus Singapore retains liabilities and obligations under the Software Agreement. healthAlliance argued that the obligations remain with HP.
[14]I now set out the specific issues for determination.
Issues for determination
[15]healthAlliance’s claim requires determination of the following issues:
(a)Does the Software Agreement include an implied term that requires the vendor to yield up, migrate or otherwise provide healthAlliance’s data in an accessible decrypted form?
(b)If yes, did the vendor breach that term?
(c)Should the Court exercise its discretion and order specific performance of the implied term?
[16]Capax and Zovy’s counterclaim requires determination of the following issues:
(a)Does Capax or Zovy have standing to claim under the Software Agreement?
(b)If yes, did healthAlliance breach the licence terms under the Software Agreement?
(c)If yes, has Capax or Zovy complied with the requirements of the Software Agreement in claiming licence underpayments?
(d)If yes, what quantum of damages should be awarded to Capax and/or Zovy?
[17]Before considering each of the above issues, I set out the full background.
BACKGROUND
HP sells IAP solution to healthAlliance
[18]HP and healthAlliance had a longstanding relationship.
[19] In 2008, HP had provided healthAlliance with a solution to migrate its data to HP’s IAP product. That arrangement was governed by a supply and support and maintenance agreement dated 12 May 2008 (the IAP Agreement).
[20] In 2013, HP knew IAP was going to become obsolete and it offered to migrate healthAlliance’s data to its new product, HPCA.
HP sells HPCA solution to healthAlliance
[21] In early 2015, HP and healthAlliance discussed options to replace IAP with HPCA.
[22] On 1 July 2015, HP provided healthAlliance with proposed pricing for professional services, software licences and support and maintenance fees for HPCA. The price for software licences and support and maintenance fees were set out in two quotations. The scope of the professional services was set out in a SOW, which described the scope as follows:
healthAlliance has requested from HP consultancy to implement HPCA for the archiving of emails for MS Exchange 2010. HPCA will be configured for mailbox management for up to 5,000 mailboxes using a single selective archiving policy. HP will migrate up to 80 million email objects from the healthAlliance’s existing IAP environments to the HPCA environment. HPCA will be implemented into a single production environment. HPCA Discovery will be installed and configured for compliance officer use, providing HPCA Discovery users access to all archived documents.
[23]The professional services were to be delivered by HP as work packages:
Work Package
Work Package Title
Description
WP-01
System Design and Specification
Analyse the key business and technical
requirements and produce a HPCA Low Level Design and HPCA Test Plan document. Conduct an
IAP health check.
WP-02
Implementation in Production
Environment
Installation and configuration of HP components in a Production environment.
WP-03
Knowledge Transfer
Workshop to provide necessary knowledge transfer of the HP software to the healthAlliance.
WP-04
Testing
Functional Testing.
WP-05
Migration
Migration and verification of IAP email content to HPCA environment.
WP-06
Handover and Project Closure
Handover to the healthAlliance and signoff the project.
[24] On 7 July 2015, HP provided healthAlliance with a draft “sizing scenario” for the hardware required to migrate from IAP to HPCA.
[25] On 2 September 2015, healthAlliance signed the SOW which included attached terms and conditions which together comprise the SOW Agreement.
[26] On 24 September 2015, healthAlliance considered a rough cost estimate for the hardware required as indicated from the HP sizing document was NZD 1,056,153.78.
[27] On 13 October 2015, HP set out its offer for software and support and maintenance services (as contained in the previous quotations of 1 July 2015) in a document entitled “Legal Quotation: License” (the Legal Quotation). The Legal Quotation specified that:
(a)it was governed by the relevant “HP Customer Terms” and a link to those terms was provided (the HP Terms);
(b)any capitalised terms not expressly defined have the meanings in the legal definitions contained in a link provided to the Autonomy legal definitions (the Autonomy Definitions); and
(c)support services are provided subject to the current “HP Software Support Services Data Sheet” which data sheet was incorporated within the HP Terms (the HP Data Sheet).
[28] The contractual terms were therefore contained within the Legal Quotation, the HP Terms including the HP Data Sheet, and the Autonomy Definitions which together comprise the Software Agreement.
[29] On 9 October 2015, Mr Daryanani, an information systems architect at HP, prepared a “Solution Design Document for Phase 1” for healthAlliance as part of the professional services to be provided under the SOW (the Design Document).
[30] On 23 October 2015, HP invoiced healthAlliance for the support services and licence fees that were the subject of the Software Agreement.
[31] By 21 February 2016, milestone one (M-01, also known as WP-01, system design and specification) was complete. healthAlliance and HP continued to engage regarding the other work packages required for the migration from IAP to HPCA.
[32] HP continued to progress the work packages under the SOW Agreement including providing a detailed design document which was revised and amended by healthAlliance and HP over the period from December 2015 to 17 June 2016 (the Detailed Design document).
HPE enters into SCL agreement with Capax
[33] On 18 May 2016, HPE and Capax entered into the SCL Agreement. Under the SCL Agreement, HPE granted Capax a worldwide licence:6
3.1Licenses. Subject to the terms and conditions of this Agreement (including the payments pursuant to Section 5), HPE hereby grants to CAPAX a worldwide license to:
3.1.1.Use and copy the Source Code of the Licensed Products;
3.1.2.Modify the Source Code to generate enhancements, patches and bug fixes for the Licensed Products (collectively, “Enhancements”);
3.1.3.Distribute, in Object Code form only, the Licensed Products to New Customers;
6 SCL Agreement, cl 3.1.
3.1.4.Distribute, in Object Code form only, the Enhancements to Existing Customers and New Customers; and
3.1.5.Use, copy, modify and internally distribute the Documentation, and as to Documentation intended for customers, to distribute such Documentation to Existing Customers and New Customers.
[34] The Licensed Products comprised the computer programs then known as HPCA and HPCA supervisor.
[35] Capax also agreed to assume all obligations of active support contracts for HPCA:7
4.2 Assumption of Support Contract Obligations. As of the Effective Date, CAPAX shall assume all obligations of active support contracts for the Licensed Products between HPE and Support Customers (“Active Support Contracts”) as a subcontractor of HPE. If Support Customers consent to have their respective contracts assigned to CAPAX, HPE will assign such Active Support Contracts to CAPAX and CAPAX will administer those Active Support Contracts directly and will no longer be a subcontractor of HPE with respect to those Active Support Contracts. For any Active Support Contract for which consent for assignment to CAPAX is not obtained from the Support Customer, CAPAX will remain a subcontractor of HPE under this Section 4.2 for the duration of the remaining term of such Active Support Contract and shall be paid in accordance with Section 5 3 below. Regardless of whether an Active Support Contact has been assigned or CAPAX is providing support as a subcontractor of HPE, CAPAX agrees to indemnity and hold harmless HPE from and against any and all losses, costs, expenses, or damages, including reasonable attorneys’ fees, that directly or indirectly result from CAPAX’s performance of, or failure to perform, any obligations under the Active Support Contracts.
[36] On 28 May 2016, HPE notified healthAlliance that it had granted a licence to Capax for HPCA and that Capax had assumed all obligations of HPE’s active support contracts. The letter requested healthAlliance’s consent to assign the support contract (being the Software Agreement) to Capax. healthAlliance did not respond to that letter.
[37] HPE notified healthAlliance again in June and July 2016 of its arrangements with Capax.
7 Clause 4.2. healthAlliance was identified as a support customer in Exhibit 5.
HPE spins-off and merges its global software business
[38] The spin-merge was the transaction by which HPE’s software business was “spun off” and merged with Micro Focus International. The relevant agreements were entered into on 7 September 2016.
[39] The “merge” part of the transaction is covered by an agreement and plan of merger between HPE, Seattle SpinCo, Micro Focus International and various other entities. That agreement and plan of merger is not relevant to the issues in this proceeding.
[40] Under the spin part of the transaction, HPE “spun-off” its software business, which was then merged with Seattle SpinCo. Those arrangements are covered by the SDA.
[41] On 5 April 2017, HPE notified healthAlliance of the spin-merger and informed it that HPE’s software business unit was to be spun-off and merged with Micro Focus International. Agreements between HP and healthAlliance regarding the software business would be allocated to Entco Singapore which was anticipated to merge with Micro Focus International and its subsidiaries.
Capax/Zovy contract to provide support and maintenance to healthAlliance
[42] From September 2016, healthAlliance and Capax began engaging to agree terms for support and maintenance. The HPCA solution had still not been implemented and there does not appear to have been any discussions about Capax providing support under the Software Agreement despite HPE’s notice in May 2016. Instead, on 30 October 2017 healthAlliance and Capax/Zovy entered into the Support Agreement for the 5,000 HPCA licences.8
[43] The Support Agreement was to take effect from 1 August 2017 and would automatically renew for additional one-year periods unless and until terminated as
8 The Support Agreement specified the “Supported Products” as “5000 HPCA (Base, Discovery, Search, MboxMgmt)”.
provided in the Support Agreement.9 The “Year 1 Maintenance term” would start after Capax/Zovy had signed off that the implementation was stable.10 All additional support and maintenance fees (to support any additional licenses acquired by healthAlliance under a new separate software license agreement) were subject to the pricing in exhibit 2 attached to the Support Agreement.11 The Support Agreement is governed by the laws of Great Britain.12
Progress on migration from IAP to HPCA continues
[44] On 14 June 2017, healthAlliance informed HPE that it had obtained approval for the hardware required for the migration and was ready to proceed to the build phase.
[45] On 7 August 2017, HPE updated Capax that it expected to handover the system to Capax in November or December. HPE sent Capax a copy of the Design Document and installation guide.
Capax/Zovy provide support and maintenance services to healthAlliance
[46] In January 2019, Capax/Zovy informed healthAlliance that once HP completed its handover, they expect to do a health check to confirm “all is good with the current system”.
[47] On 17 May 2019, Capax/Zovy sent the findings of the health check to healthAlliance (the Health Check). The Health Check records:
(a)under “Registered Users Group” a “User Count” of 139,232; and
(b)under “SEC_GG_hA_HPCA_Archive” a “User Count” of 1,821.
9 Support Agreement, cl 10.1.
10 Clause 10.4.
11 Exhibit 2 specified pricing for Year 1 — Term to begin when Zovy verifies implementation of USD 5,000; Year 2 Maintenance — USD 18,750; and Year 3 Maintenance — USD 18,750.
12 Clause 12.
[48] In July each year, Capax/Zovy invoiced healthAlliance for annual support and maintenance services for the period from 1 July to 30 June. This occurred in July 2018, July 2019 and July 2020.
[49] On 15 July 2020, Capax/Zovy provided a quotation for annual support and maintenance for the upcoming annual period from 1 July 2020 to 30 June 2021. The quotation had an expiry date of 31 July 2020.
[50] On 21 August 2020, healthAlliance notified Capax/Zovy that the quotation had been raised with accounts to raise a purchase order for the renewal.
[51] On 25 August 2020, Mr Daryanani, who was now employed by Capax, responded to healthAlliance indicating that sales had informed him the quote had expired and he had asked for an updated quote. No updated quote was ever provided to healthAlliance.
healthAlliance and Capax/Zovy discuss migration to new software
[52] From as early as June 2018, healthAlliance informed Capax/Zovy that it was starting a pilot of new archiving software called, Office 365. healthAlliance requested information as to how HPCA could work with Office 365. Further information was requested about HPCA’s integration with Office 365 in May 2019 and again in June 2020.
[53] On 3 August 2020, Capax/Zovy sent healthAlliance an options paper, outlining four potential options regarding Office 365 including migrating to a cloud or on- premises solution (the Options Paper). A cloud solution involves the storage of customer data on shared servers held within an offsite data centre. An on-premise solution (like the HPCA solution) involves the storage of customer data on customer servers located at the customer’s premises.
[54] On 5 August 2020, healthAlliance confirmed that it was leaning towards two of the potential options although it would only retain HPCA while migrating users to Office 365. healthAlliance did not intend to move its archiving to a Zovy-branded product.
[55] On 14 August 2020, Capax/Zovy provided pricing for healthAlliance’s two preferred options. The updated Options Paper stated that the archive contained data for over 65,000 users and therefore licences, and maintenance and support, would be priced based on that number of users and not the 5,000 licences healthAlliance understood it required. Pricing was provided to migrate to Office 365 which included the cost of new licences.
[56] Between September 2020 to March 2021, healthAlliance and Capax/Zovy shared their respective positions on licensing. healthAlliance maintained that it was using less than 5,000 licences and Capax/Zovy claimed that healthAlliance was using over 65,000 licences.
[57] While the above discussions were occurring, Capax/Zovy ceased providing any support and maintenance services to healthAlliance except for a one-month period.
[58] In January 2021, healthAlliance engaged Archive 360 to provide a proof of concept so that it could migrate its data to Office 365. On 25 February 2021, Archive
360 notified healthAlliance that HPCA was encrypting the files. Archive 360 recommended that healthAlliance inform the vendor that it requires access to the data un-encrypted for audit purposes.
[59] By 17 March 2021, Capax/Zovy indicated to healthAlliance that “[g]iven how far apart we remain on this matter, it appears a resolution without court involvement is unattainable. As such, Zovy will be ceasing further communication on this matter at this time”.
[60]On 30 June 2021, healthAlliance filed these proceedings.
Capax enters into 2022 Deed
[61] On 25 November 2022, Capax and Micro Focus entities13 signed the 2022 Deed which provides that:
13 2022 Deed, Parties. Micro Focus Software Pte. Ltd and Seattle SpinCo, Inc are together defined as Micro Focus.
(a)Micro Focus “confirms that all Rights under the [Software Agreement] were assigned by HP to [Capax] … in or around May 2016”;14 and
(b)“to the extent any Rights under the [Software Agreement] were not assigned by HP to [Capax] … Micro Focus hereby assigns to [Capax] absolutely, with effect from the date of this deed, all of that Assignor’s Rights in, to or in connection with the License Contract.”15
[62]Against the above background, I now consider healthAlliance’s claim.
HEALTHALLIANCE’S CLAIM FOR ITS DATA
Scope of the claim
[63] HP has confirmed that it no longer seeks orders against Capax or Zovy. I am not therefore required to consider whether Capax or Zovy have acted without contractual authority or other lawful justification as alleged in healthAlliance’s claim. All parties accept that the Software Agreement was not novated to Capax or Zovy such that neither has any obligation or liability under that agreement.
[64] healthAlliance claim that to the extent HP is the continuing counterparty under the Software Agreement, it has breached both express and implied terms of that agreement or alternatively, it should be required to perform an implied term.
[65] HealthAlliance claims that the Software Agreement includes the following implied term:
HP must yield up, migrate or otherwise provide healthAlliance’s data to healthAlliance in an accessible decrypted form … and in return healthAlliance would pay a reasonable price to HP for the decryption and/or migration of its data from HPCA to its new storage solution
(the Yield up term).
[66]As drafted, the Yield up term captures multiple obligations:
14 2022 Deed, cl 2.1.
15 Clause 2.2.
(a)to provide a service: yield up, migrate [to its new storage solution] or otherwise provide;
(b)to provide an output: healthAlliance’s data in an accessible decrypted form; and
(c)to provide the service at a reasonable price.
[67] While the output and price are clear, there may be a difference between yielding up and migrating. The latter requires a transfer of data to the “new storage solution”. The former does not. It is therefore necessary to consider the scope of the obligation to be implied.
[68] Before considering whether the Yield up term should be implied into the Software Agreement, I set out the applicable legal principles.
Does the Software Agreement include an implied term to yield up data?
Applicable legal principles — implied terms
[69] The parties agreed that the leading authority is Bathurst Resources Ltd v L&M Coal Holdings Ltd.16 In Bathurst the Supreme Court confirmed the continuing role of the Privy Council decision in BP Refinery (Westernport) Pty Ltd v Shire of Hastings17 but qualified its application. In BP Refinery the Privy Council set out five factors relevant to implying terms into contracts:18
… for a term to be implied, the following conditions (which may overlap) must be satisfied: (1) it must be reasonable and equitable; (2) it must be necessary to give business efficacy to the contract, so that no term will be implied if the contract is effective without it; (3) it must be so obvious that “it goes without saying”; (4) it must be capable of clear expression; (5) it must not contradict any express term of the contract.
16 Bathurst Resources Ltd v L&M Coal Holdings Ltd [2021] NZSC 85, [2021] 1 NZLR 696 [Bathurst].
17 BP Refinery (Westernport) Pty Ltd v Shire of Hastings (1977) 180 CLR 266, (1977) 16 ALR 363 (PC) [BP Refinery].
18 At 283.
[70] The Supreme Court in Bathurst considered that the above conditions should not be applied in a rigid and formulaic way19 and set out the principal relevant points:20
(a)The legal test for the implication of a term is a standard of strict necessity, a high hurdle to overcome.
(b)The starting point is the words of the contract. If a contract does not provide for an eventuality, the usual inference is that no contractual provision was made for it.
(c)While the task of implication only begins when the court finds that the text of the contract does not provide for the eventuality, the implication of a term is nevertheless part of the construction of the written contract as a whole. An unexpressed term can only be implied if the court finds that the term would spell out what the contract, read against the relevant background, must be understood to mean.
(d)As with the task of interpreting a contract, the inquiry for the court when considering the implication of a term is an objective inquiry – it is the understanding of the notional reasonable person with all of the background knowledge reasonably available to the parties at the time of contract that is the focus of this assessment. The court is tasked with the role of constructing the understanding of that reasonable person.
(e)Thus, the implication of a term does not depend upon proof of the parties’ actual intentions, nor does it require the court to speculate on how the actual parties would have wanted the contract to regulate the eventuality if confronted with it prior to contracting.
(f)The BP Refinery conditions are a useful tool to test whether the proposed implied term is strictly necessary to spell out what the contract, read against the relevant background, must be understood to mean. Whilst conditions (4) and (5) must always be met before a term will be implied, conditions (1)–(3) can be viewed as analytical tools which overlap and are not cumulative. The business efficacy and the “so obvious that ‘it goes without saying’” conditions are both ways, useful in their own right, of testing whether the implication of a term is strictly necessary to give effect to what the contract, objectively interpreted by the court, must be understood to mean.
[117] We see this approach to the implication of terms as aligning with the objective theory of contractual interpretation. It promotes the primacy of the words of the contract, while also seeking to reach a complete understanding of what the contract, read against the relevant background, must be understood to mean. By excluding speculation as to how the actual parties would have wanted the contract to regulate an unforeseen eventuality, this approach treats as irrelevant (and unreliable) evidence of subjective intent, given with the benefit of hindsight. It thereby promotes the efficient and just conduct of proceedings.
19 Bathurst, above n 12, at [108].
20 At [116] to [117].
(footnotes omitted)
[71] It is therefore necessary to apply the above principles to determine whether the Yield up term should be implied into the Software Agreement.
Analysis
[72]The starting point is the express terms of the Software Agreement.
Express terms
[73] The HP Terms refer to support services, professional services and additional services indicating that there are different types of services that may be provided by HP.
[74] In terms of support services, the Legal Quotation refers to “Technical Support” and “Support Updates” which together are defined as “Support Services” (the Support Services). Support Services were to be provided for the first 12 months from the date of shipment of the software.21
[75] The Legal Quotation provides that the Support Services are provided subject to the HP Terms, which in turn provide that:22
If Customer has purchased HP support services as specified in an Order those services will be delivered as described in the applicable Supporting Material, including a description of HP’s offering, eligibility requirements, service limitations and Customer responsibilities, as well as the Customer Systems.
[76]Supporting Material is defined as:23
Supporting material which the parties identify as incorporated either by attachment or reference, including product lists, hardware or software specifications, standard or negotiated service descriptions, data sheets and their supplements, and statements of work (SOWs), published warranties and service level agreements.
21 Legal Quotation at 5.
22 HP Terms, cl 10.
23 Clause 2.
[77] The parties did not identify any documents as incorporated by either attachment or reference.
[78] The HP Terms include the HP Data Sheet which in turn includes terms relevant to Support Services. If the customer allows support to lapse, HP may charge additional fees to resume support or require the customer to perform certain hardware or software upgrades.24
[79] HP is entitled to discontinue support for products and specific support services no longer included in HP’s support offering upon sixty days’ written notice, unless otherwise agreed in writing.25
[80] Additional services performed by HP at customer’s request are also contemplated, as follows: 26
Additional services performed by HP at the customer’s request, and that are not included in the purchased support, will be chargeable at the applicable published service rates for the country where the service is performed.
[81] HP is required to perform services using generally recognised commercial practices and standards.27 HP is also required to reperform any service that failed to meet this requirement where so notified by the customer.28
[82] The HP Terms also include an entire agreement clause such that the Software Agreement represents the “entire understanding with respect to its subject matter and supersedes any previous communication or agreements that may exist” and requires that “[m]odifications to the Agreement may be made only by written amendment signed by both parties”.29 That clause supports the Court being slow to imply a term unless it is strictly necessary.
[83] The proposed Yield up term imposes an obligation to provide a service, being the service required to extract and/or migrate the data. The express terms contemplate
24 HP Data Sheet, cl 1.1.
25 Clause 4a.
26 Clause 4c.
27 HP Terms, cl 13.
28 Clause 13.
29 Clause 33.
that HP will provide services (whether they be professional services, support services or additional services).
[84] healthAlliance argued that there is no express provision for an “extraction service” and conceded that “the support contracts” make clear that they do not cover the cost of migration. That appears to be a reference to the Support Agreement with Capax/Zovy which provides that “[i]tems not covered by support include upgrades/migration of hardware or software and instructing the customers how to use the application”.30
[85] The terms of the Software Agreement do not define Support Services other than by reference to the relevant order and Supporting Material. The Legal Quotation refers to technical support and technical updates.
[86] healthAlliance appear to be arguing that an extraction service is somehow different to a support service. The support services were priced on an annual basis and provided healthAlliance with access to a helpdesk type service to address problems as they were encountered with HPCA. The scope of support services appears to be different to a one-off service to enable healthAlliance to access its data.
[87] A service will be required to yield up healthAlliance’s data. The express terms contemplate additional services on the customer’s request.31 That term must be read alongside the vendor’s right to discontinue support for products and specific support services no longer included in the vendor’s support offering.32 Certainly, that right (if it has been exercised by providing the requisite notice), would justify a vendor refusing to provide a service. A vendor cannot be compelled to provide a service it does not provide.
[88] Should the vendor be compelled to provide an additional service to give effect to the Yield up term or, put another way, when can the vendor refuse to provide an additional service? Determining that question requires that I focus on the understanding of the notional reasonable person with all the background knowledge
30 Support Agreement, cl 2.3.
31 HP Data Sheet, cl 4c.
32 Clause 4a.
reasonably available to HP and healthAlliance at the time the Software Agreement was executed. I therefore consider the functionality of the software and the knowledge of the parties at the time of the Software Agreement.
Encryption and exporting functionality
[89] Mr Robert Tallman gave evidence for Capax/Zovy. At the relevant time, he was employed by HPE as the HPCA product manager so was familiar with the functionality of HPCA. Mr Tallman explained that the Detailed Design document set out how data encryption would work for HealthAlliance’s data:
The Detailed Design Document defines on page 46 the specifics regarding Data encryption for the healthAlliance implementation.
“System Security
This section provide[s] security details relating to the system components and data security
Data Security
Archive Store
The archive store can be placed on a number of industry standard supported compliance devices and leverage the features of that particular storage. WORM devices are supported. Currently it is anticipated that the archive store will be on a CIFS compatible share. By default the data is compressed and single instanced. Storage encryption will be enabled using AES 256. Two methods are available for managing the encryption key. Manual defined password or random generated password by the application. By default random password is enabled that changes for each archive file block of 500 emails. Manual password will be generated with minimum of 10 characters long and will comply with standards for service and administrative accounts. Existing password file will be used to store these passwords, which is maintained by ICT Ops.
[90] The above indicates that storage encryption was to be enabled and a password file would be used to store those passwords. That file is maintained by ICT Ops, which Mr Pothan33 acknowledged is healthAlliance’s internal IT team.
[91] HP had full knowledge of the capability of HPCA including encryption and how this would be enabled on the platform. Mr Tallman explained the process for un- encrypting data for export:
33 Group Manager, Commercial, Data and Digital at Te Whatu Ora / Health New Zealand.
If the data is encrypted in HPCA, the process for un-encrypting the data would be driven by the online display of the information for the relevant accessing user or admin or export functions of the HPCA application. It is not as simple as finding the storage repository and copying it to another target for use via another platform. Encrypting data would usually require that the platform leveraging the encryption process would have designed an application integration with the encryption platform. The ability to read the encrypted content would be contingent upon having the correct key to unlock the file. This was usually tied to the applications integration with the encrypting platform. Additionally, HPCA would store the messages zipped in a very detailed folder hierarchy on the storage device and the original message was isolated from the online activity with the message components stored in separate parts of the environment. The body of the message and the recipient information would be indexed and stored within the IDOL index. The message as a whole would be retrieve[d] for export via the HPCA tools. You can’t browse the file structure and just see the content like you could on a windows data share.
[92]Mr Tallman’s evidence indicates that un-encrypting the data involves:
(a)the online display of information for the user or admin or export functions of HPCA;
(b)the ability to read the encrypted content which is contingent upon having the correct key to unlock the file. (That would usually be tied to the application’s integration with the encrypting platform);
(c)accessing HPCA’s storage of messages zipped in a very detailed folder hierarchy on the storage device and the original message being isolated from the online activity with the message components stored in separate parts of the environment; and
(d)the message as a whole being retrieved for export via the HPCA tools.
[93] When HP entered into the Software Agreement it was therefore aware of what was involved to un-encrypt data and what was required to export the data out of the encrypting platform. Mr Tallman confirmed that the only mechanism to accurately export content out of HPCA was via the tools provided by HPCA:
As mentioned above, and to make a finer point on the topic of exporting content out of HPCA; regardless of how the data is stored in HPCA, the process of exporting the data via the tools provided by HPCA would be the only mechanism to accurately export the content out of the platform.
[emphasis added]
[94] Mr Tallman also considered the role of an incumbent vendor in exporting data as follows:
Typically the process of migrating from one platform to another was a combination of efforts of the customer and the new Vendor providing the new platform. Rarely are you engaging the incumbent vendor to assist in the process other than some questions regarding export formats etc. The incumbent vendor might be asked questions that may need to be answered to provide the correct output from the incumbent platform.
[emphasis added]
[95] Mr Tallman’s evidence indicates that HP would have been aware that it may need to answer questions regarding export formats. HP also knew that the only mechanism to accurately export the data was via the exporting tools of HPCA. It follows that it would have been in the reasonable contemplation of HP that healthAlliance may need to ask questions and receive assistance if in the future, it required its data to be exported out of the platform. HP also knew that if assistance was refused, healthAlliance would not have access to the only mechanism to accurately export the content out of the platform.
Knowledge from previous engagements
[96] The parties had also previously contracted under the IAP Agreement, which also included an additional services clause, as follows:34
On the Customer’s written request, the Supplier agrees to provide to the Customer services in addition to those contemplated by the Project [delivery, installation, commissioning, testing and Set-up of the Solution and completion of the Implementation Services], Maintenance Services [support and maintenance services pursuant to the Support Guide] and this Agreement on a time and materials basis at the time and material rates set out in Schedule 3 or if lower, the Supplier’s standard time and material rates applying at that rate.
[97] HP and healthAlliance were both therefore aware that HP had previously agreed to provide additional services upon written request. It follows that HP certainly accepted that this was a reasonable and necessary term. It also indicates that healthAlliance likely had a reasonable expectation that HP would not refuse to provide
34 IAP Agreement, cl 8.3.
additional services that had not been specified in the relevant order but which were necessary so HP could access the functionality of the software solution it had purchased.
[98] In arguing the Yield up term should not be implied, HP referred to a disclaimer clause in the IAP Agreement which provides that other than in specified circumstances, in no event is HP liable for “loss or unavailability of or damage to data”.35 I accept that the disclaimer supports HP not being required to provide additional services to retrieve lost or unavailable data. Here, the data is available by using the un-encryption and exporting functionality of HPCA. The service is necessary to enable healthAlliance to access that functionality. I accept that if, in providing that service, HP determines that data has been lost, become unavailable or damaged, then it cannot be liable for those consequences. The obligation to provide the service and any liability for the consequences of providing the service are separate issues. The disclaimer clause goes to the latter issue.
Industry practice
[99] It is also helpful to consider industry practice as that is relevant to the likely background knowledge of HP and healthAlliance as a sophisticated vendor (HP) and sophisticated purchaser (healthAlliance) of complex software solutions.
[100] Mr Robert Stummer gave evidence for Capax/Zovy. He has extensive experience in business and technology, including over 15 years as Chief Executive of global enterprise companies in the Asia Pacific region. Mr Stummer explained that a vendor’s “ability” to provide a customer’s data in accessible, un-encrypted form upon the customer’s request can vary depending on the terms and conditions in the relevant contract, the data format and any applicable data and privacy laws. I assume the reference to “ability” should be read as obligation. Certainly, if a customer is subject to applicable data and privacy laws, industry practice would support a vendor being obliged to provide services if the service was the only mechanism by which the customer could accurately export its content so as to ensure compliance with applicable laws.
35 Clause 14.2.
[101] Mr Stummer notes that the terms and conditions may dictate how data can be accessed, exported and migrated and acknowledges that the format in which data is stored can often affect the ease of migration. He notes that:
… [s]ome vendors may provide data export options or APIs that allow customers to retrieve their data in a structured and accessible format. However, if the data is heavily encrypted or in a proprietary format, it may be more challenging to migrate.
[102] Mr Tallman’s evidence suggests that the data within the HPCA platform is heavily encrypted. The process for un-encrypting the data appears complicated to the lay person. This is supported by Mr Pothan’s evidence that healthAlliance does not know how to use the password file.
[103] The Software Agreement does not refer to encryption and exporting of data, but it does refer to the provision of additional services upon the customer’s request.
[104] In terms of data, the HP Data Sheet refers to data backup in the event data is lost or altered, as follows:
To reconstruct your lost or altered files, data, or programs, you must maintain a separate backup system or procedure that is not dependent on the products under support.
[105] The above term relates to reconstruction of lost or altered files. It indicates that the customer is expected to maintain a separate backup system or procedure. The above term cannot be intended to deny the customer access to the functionality of the software it has purchased where the purpose of that functionality is to retrieve data un- encrypted.
[106] Mr Stummer further explains that the scope of services, associated fees, and the process for requesting services would be detailed in the contract. The Software Agreement expressly contemplates a customer requesting additional services (the scope of which is silent) and specifies the associated fees (published service rates). It is only silent as to the scope of additional services and HP’s right to refuse to provide them.
[107] Mr Stummer then notes that “many vendors choose to offer migration services as part of their customer support or as an additional service for a fee to maintain good customer relations and ensure a smooth transition, either to or from their software platforms.” That evidence indicates that industry practice is to act so as to maintain good customer relations to ensure a smooth transition.
[108] The joint statement from Mr Stummer and Mr Gibson indicates that a vendor’s obligations will depend on the contractual terms, the vendor policies and the relationship between the vendor and customer, as follows:
Both experts agree that there is no industry standard mandating that vendors invariably assist with data migrations to other platforms, and such support is often contingent upon specific factors including contractual terms, vendor policies, and the relationship between the vendor and the customer. Both Douglas John Gibson and Robert Stummer agree that data migration support may not be universally applied practice across all vendors and scenarios.
[109] The above joint statement indicates that support for data migration may not be universally applied suggesting that it should not be implied into an agreement unless supported by the express terms, the vendor policies and the relationship between the vendor and the customer. This suggests that data extraction and data migration are not necessarily viewed as one and the same by the industry. Mr Tallman’s evidence is that the vendor of the new platform is likely to undertake the migration because the data has to be in a form that is capable of being ingested into the new platform. That requires knowledge of the new platform.
[110] Mr Jenkins of healthAlliance accepted that a vendor would not necessarily be expected to help a customer move to a competitor. A vendor’s obligations in this regard would need to be viewed in the context of applicable competition laws but I accept, based on Mr Tallman’s evidence, that the reason for this is that the incumbent vendor may not possess knowledge of the new software platform. To the extent an obligation requires knowledge of a competitor’s platform, it should not be implied. To the extent an obligation is linked to the incumbent vendor’s platform and an incumbent vendor’s expertise, whether it should be implied depends on the contract terms, the relationship with the customer and the vendor’s policies (noting such policies are subject to applicable fair trading and competition laws).
[111] Despite the IAP Agreement providing for additional services, HP and healthAlliance entered into new contractual arrangements for the HPCA migration. That suggests that a migration service is more complex than extraction. The former required professional services, software, maintenance and support and hardware. That counts against implying an obligation to migrate data to a new platform. I do not accept that it is necessary to give business efficacy to the Software Agreement to imply an obligation to migrate data to a new platform, about which the vendor cannot be expected to have knowledge. That then leaves the question of whether an obligation to yield up data without migrating it to a new platform should be implied.
Understanding of reasonable person
[112] Against the above background I am tasked with the role of constructing the understanding of the reasonable person. An unexpressed term can only be implied if the term would spell out what the contract, read against the relevant background, must be understood to mean.
[113] Here, HP knew that the data was encrypted, that while healthAlliance had the file with the passwords, the only accurate mechanism for exporting the data was via the exporting functionality of HPCA. HP also knew that it may have to answer questions about exporting the data if healthAlliance so requested. HP and healthAlliance had a longstanding vendor-customer relationship. They had previously contracted other than on standard terms. It would have been within the reasonable contemplation of both parties that at some point, healthAlliance may need access to its data un-encrypted whether for migration, audit or other purposes.
[114] The terms of the Software Agreement clearly contemplate that healthAlliance could request additional services. It specified the mechanism for charging — published service rates. HP also knew that the type of data was sensitive and included public health information that was subject to data retention obligations. healthAlliance would have a reasonable expectation that HP would not refuse to provide services especially where HP was entitled to charge their published service rates and the parties had a longstanding relationship (as they had here). Had healthAlliance known that the exporting tools of HPCA were the only mechanism to accurately export its data and
that assistance to achieve that function could be arbitrarily withheld, it may not have entered into the Software Agreement. That supports an implied term but only insofar as the implied term is consistent with the express terms.
[115] I now consider whether an implied term (not requiring migration services) is consistent with the conditions in BP Refinery noting the Supreme Court’s guidance in Bathurst that whilst conditions (4) and (5) must always be met before a term will be implied, conditions (1)–(3) can be viewed as analytical tools which overlap and are not cumulative.36
Conditions in BP Refinery
[116] As set out at [69], the BP Refinery conditions are that: (1) it must be reasonable and equitable; (2) it must be necessary to give business efficacy to the contract, so that no term will be implied if the contract is effective without it; (3) it must be so obvious that “it goes without saying”; (4) it must be capable of clear expression; (5) it must not contradict any express term of the contract. I consider each in turn.
[117] It is reasonable and equitable to require HP to provide additional services so that healthAlliance can access the un-encryption and exporting functionality of the software platform. It would be unreasonable for HP to provide a solution that encrypts data and that only allows data to be exported accurately using the exporting functionality and then to refuse to provide services to ensure access to that functionality. It is reasonable because the express terms acknowledge that healthAlliance can request additional services and HP is entitled to charge for those services.
[118] HP argued that it was not equitable or reasonable because the licence is perpetual. The perpetual nature of the licence is relevant to whether it is reasonable and equitable to impose a continuing obligation that may never end. That obligation needs to be considered in the context of the corresponding rights conferred on HP. Under the Software Agreement HP retains never ending rights to require healthAlliance’s compliance with the licence terms. It is reasonable that the customer
36 See above at [68] of this judgment.
also retains corresponding rights to receive services that are necessary to access the software functionality if that is the only mechanism by which the customer’s data can be accurately exported. I accept that if the vendor provides notice that such service is no longer offered, then a customer cannot expect the vendor to have an ongoing obligation to provide it.
[119] An implied term is necessary to give business efficacy to the Software Agreement because without it the vendor can arbitrarily deny access to the functionality of the software, which the vendor knows is the only mechanism by which data can be accurately exported. That is contrary to good customer relations, it is contrary to how HP and healthAlliance had engaged prior to the Software Agreement and it makes no commercial sense when the express terms allow the vendor to charge its published service rates. The vendor can only refuse to deny the customer the service if it has notified the customer that it no longer provides such service. If notice is provided, the customer has an opportunity to access the service before it ends.
[120] For the same reasons as set out above, it is so obvious that “it goes without saying” that HP and healthAlliance (with the relevant background knowledge, industry experience and longstanding relationship) would understand that HP could not refuse to provide such a service without first informing healthAlliance that such service would no longer be available.
[121] The obligation is capable of clear expression. The price is clear (published service rates). The service is known to the vendor as it possesses the expertise required to access the un-encryption and exporting functionalities of the software platform. The obligation is not contrary to industry practice as it does not require migration of the data to a new platform.
[122] HP argued that the express terms of the Software Agreement do not guarantee ongoing support. I assume HP is referring to cl 4a of the HP Data Sheet, which provides that HP may discontinue support for products and specific support services no longer included in HP’s support offering upon sixty (60) days’ written notice.
[123] While there is no guarantee of ongoing support services, written notice must be provided. Presumably this is so the customer can access support services within the notice period.
[124] I consider that the issue is not whether there is an ongoing obligation to provide a service but rather whether the vendor is entitled to refuse to provide a service contemplated in the Software Agreement when the vendor continues to provide software licences (the software is not obsolete), retains rights to require the customer to comply with the licensing terms, the vendor has specified a price (published service rates) and the refusal to provide the service will deny the customer access to the only mechanism available to accurately export its data.
[125] I agree that it would be inconsistent with the express terms to require HP to provide the service if notice had been given that the service would be discontinued. The obligation relates to the service required to access the software’s un-encryption and exporting functionalities. If the consequence of providing that service reveals lost or altered data (which is not capable of being un-encrypted), HP is not liable for those consequences.
Conclusion — implied term
[126] It follows from my analysis above that the price and scope of the service are already covered by the express terms which contemplate additional services at published service rates. The implied term must also be consistent with existing rights and obligations under the Software Agreement. Those rights include a right to discontinue services by providing the requisite notice.
[127] That the Software Agreement is on standard terms should not create undue risk for HP because the implied term arises because of the specific circumstances of the HP and healthAlliance relationship. That includes previous contractual engagements, a longstanding vendor-customer relationship and the delivery of a complex software solution where HP knew healthAlliance may require additional services (including asking questions and exporting data) and had previously agreed to provide additional services on written request.
[128] HP knew that the exporting functionality was the only mechanism by which healthAlliance’s data could be accurately exported. healthAlliance, unlike HP, did not possess expertise about the un-encryption and exporting functionality. healthAlliance also had a reasonable expectation that its longstanding vendor would not arbitrarily refuse to provide such service, especially when healthAlliance is required to pay HP’s published service rates.
[129] It therefore follows that a term should be implied into the Software Agreement that requires HP to provide an additional service to yield up healthAlliance’s data but subject to HP’s right to notify healthAlliance that the service is to be discontinued. I therefore find that the Software Agreement includes the following implied term:
Subject to cl 4a, HP must provide additional services to yield up or otherwise provide healthAlliance’s data to healthAlliance in an accessible decrypted form (the Implied Term).
(b)healthAlliance did not breach the Software Agreement by reason of having more than 5,000 registered users within HPCA.
(c)It follows that neither Capax nor Zovy are entitled to claim any damages from healthAlliance for alleged under-licensing.
RESULT
[219]For the reasons above:
(a)I order that HP (as counterparty under the Software Agreement) must provide an additional service to healthAlliance to yield up healthAlliance’s data in an accessible decrypted form; and
(b)I dismiss the counterclaim by Capax/Zovy against healthAlliance.
Costs
[220] healthAlliance has been successful in its claim against HP but did not pursue its claim against Capax/Zovy.
[221]Capax/Zovy has been unsuccessful in its counterclaim against HealthAlliance.
[222] If the parties are unable to agree costs, leave is granted for the parties to file memoranda as to costs with healthAlliance filing and serving its costs memoranda within 20 working days of the date of this judgment and the defendants filing and serving any memoranda in response within a further 10 working days.
Tahana J
1
3
1