Defining precisely what information is confidential is critical, according to Susan Meyer, a contracts attorney for Latham & Watkins, LLP.
This should be done up front in a nondisclosure agreement (NDA), and updated during a project. “If you say, ‘All information is confidential,’ you may as well not have the document,” she says. With so much information publicly available, identifying exactly what you’re trying to protect will serve both parties and reduce the likelihood of misunderstanding or confusion, Meyer says.
But there’s a fine line between protecting data and withholding it from people you’ve hired to make basic changes to your business or operations.
For vendors, getting the right information can be difficult, “not because companies think it will get out, but because they’re afraid it’s going to give the vendor a key piece of information that will reflect poorly on the company,” says Tom Pisello, CEO of Orlando, Fla.-based consulting firm Alinean. But if you expect vendors to produce accurate and substantive work, Pisello says, they will need all relevant informationgood, bad and ugly.
It may in fact be rare for a vendor to breach an NDA purposely. “Vendors often make their living in small niches of the industry,” says Bud Porter-Roth, a business process management consultant. “They trade on their name and reputation, and if they screw up, the word will get out.”