eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
For the next year, youre going to be joined at the hip with the consultants redesigning your network. You know they can do the job. But can you trust them with the piles of confidential data youll be sharing during the project?
Defining precisely what information is confidential is critical, according to Susan Meyer, a contracts attorney for Latham & Watkins, LLP.
This should be done up front in a nondisclosure agreement (NDA), and updated during a project. “If you say, All information is confidential, you may as well not have the document,” she says. With so much information publicly available, identifying exactly what youre trying to protect will serve both parties and reduce the likelihood of misunderstanding or confusion, Meyer says.
But theres a fine line between protecting data and withholding it from people youve hired to make basic changes to your business or operations.
For vendors, getting the right information can be difficult, “not because companies think it will get out, but because theyre afraid its going to give the vendor a key piece of information that will reflect poorly on the company,” says Tom Pisello, CEO of Orlando, Fla.-based consulting firm Alinean. But if you expect vendors to produce accurate and substantive work, Pisello says, they will need all relevant information—good, bad and ugly.
It may in fact be rare for a vendor to breach an NDA purposely. “Vendors often make their living in small niches of the industry,” says Bud Porter-Roth, a business process management consultant. “They trade on their name and reputation, and if they screw up, the word will get out.”
Reference
: Eight Rules for Data Confidentiality”>
Reference: Eight Rules for Data Confidentiality
|
TAILOR YOUR AGREEMENTS A mutual NDA may seem smart, but its not always the best solution. If youre working with a software vendor, for example, dont create an obligation to protect their information, which you dont need or want anyway. Cover your own assets with a one-way agreement. For joint ventures or other complex, long-term projects, a mutual NDA may be more appropriate.
|
DEFINE CONFIDENTIAL UP FRONT If relying on an outside firm to supervise some of your information systems, your data is at risk. You cannot be too clear about what is confidential. What do you want to protect, and what information would be the most damaging were it to be used without your permission? Decide which communications-e-mail, verbal, instant messages-should be considered confidential.
|
|
|
SING IT: FOR YOUR EYES ONLY This should be the soundtrack for both your request for proposal and your nondisclosure agreement. Make sure the only people who have access to your data are those directly involved with your project.
|
GIVE ALL YOU CAN, BUT ONLY WHATS NECESSARY For substantive results, you need an open relationship with your vendor. You dont want to prevent suppliers from doing their jobs by limiting information; on the other hand, a healthy paranoia could serve you well. If you like your vendor, it may be tempting to involve the outfit in unrelated matters, but its probably not worth jeopardizing your data.
|
REMEMBER, PROPRIETARY IS FUZZY You may think all intellectual property created for you is yours, but you may not always be able to claim sole ownership. A vendor may say, “Hey, I created this widget, and I should be able to take that knowledge to my next client.” There are no easy answers to such questions, says attorney Susan Meyer. Try to identify and discuss such gray areas before the project begins.
|
|
GET THEIR SKIN IN THE GAME Encourage commitment by holding vendors fiscally accountable. Try tying formal compensation, not just bonuses, to performance. “There was a lot of money spent in the go-go days and people failed to see the impact. Now vendors are being held incredibly accountable,” says Tom Pisello of Alinean, a return-on-investment consultant. Create baselines prior to the projects start and hold vendors accountable for failures. Of course, dont forget to reward them for successes, as well.
|
|
DOCUMENT EVERYTHING, EVEN A HANDSHAKE After meetings and conferences, you may want to follow up with a note saying, “The information you received in the meeting is confidential.” If you dont want your information used in any form—for training or a case study, say—make sure it says so in the initial nondisclosure contract.
|
THINK BEFORE YOU SUE Proving an NDA breach can be very difficult. If you think your vendor has divulged or is using confidential information for secondary purposes, assess the current and potential damage before spending time and money on legal proceedings.
Sources: Latham & Watkins, LLP; Porter-Roth Associates; Alinean
|