ReferenceBy Elizabeth Bennett | Posted 2003-03-01 Print
For the next year, you're going to be joined at the hip with the consultants redesigning your network. You know they can do the job. But can you trust them with the piles of confidential data you'll be sharing during the project?: Eight Rules for Data Confidentiality">
Reference: Eight Rules for Data Confidentiality
TAILOR YOUR AGREEMENTS
A mutual NDA may seem smart, but it's not always the best solution. If you're working with a software vendor, for example, don't create an obligation to protect their information, which you don't need or want anyway. Cover your own assets with a one-way agreement. For joint ventures or other complex, long-term projects, a mutual NDA may be more appropriate.
DEFINE 'CONFIDENTIAL' UP FRONT
If relying on an outside firm to supervise some of your information systems, your data is at risk. You cannot be too clear about what is confidential. What do you want to protect, and what information would be the most damaging were it to be used without your permission? Decide which communications-e-mail, verbal, instant messages-should be considered confidential.
SING IT: FOR YOUR EYES ONLY This should be the soundtrack for both your request for proposal and your nondisclosure agreement. Make sure the only people who have access to your data are those directly involved with your project.
GIVE ALL YOU CAN, BUT ONLY WHAT'S NECESSARY
For substantive results, you need an open relationship with your vendor. You don't want to prevent suppliers from doing their jobs by limiting information; on the other hand, a healthy paranoia could serve you well. If you like your vendor, it may be tempting to involve the outfit in unrelated matters, but it's probably not worth jeopardizing your data.
REMEMBER, 'PROPRIETARY' IS FUZZY
You may think all intellectual property created for you is yours, but you may not always be able to claim sole ownership. A vendor may say, "Hey, I created this widget, and I should be able to take that knowledge to my next client." There are no easy answers to such questions, says attorney Susan Meyer. Try to identify and discuss such gray areas before the project begins.
GET THEIR SKIN IN THE GAME
Encourage commitment by holding vendors fiscally accountable. Try tying formal compensation, not just bonuses, to performance. "There was a lot of money spent in the go-go days and people failed to see the impact. Now vendors are being held incredibly accountable," says Tom Pisello of Alinean, a return-on-investment consultant. Create baselines prior to the project's start and hold vendors accountable for failures. Of course, don't forget to reward them for successes, as well.
DOCUMENT EVERYTHING, EVEN A HANDSHAKE
After meetings and conferences, you may want to follow up with a note saying, "The information you received in the meeting is confidential." If you don't want your information used in any form—for training or a case study, say—make sure it says so in the initial nondisclosure contract.
THINK BEFORE YOU SUE
Proving an NDA breach can be very difficult. If you think your vendor has divulged or is using confidential information for secondary purposes, assess the current and potential damage before spending time and money on legal proceedings.
Sources: Latham & Watkins, LLP; Porter-Roth Associates; Alinean
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...