Confidentiality and secrecy agreements between customers and outside consultants are very important. The nature of consultants’ work means that they will probably have access to confidential information such as business and marketing plans, costs, profits and proprietary processes. So it’s paramount to guard against having your confidential information disclosed to other outside parties, especially your competitors. Managing consultant confidentiality is a process that mustn’t be overlooked.
You must exercise strong due diligence to initiate a workable consultant confidentiality program, whether you’re working on the marketing business or doing online trading using strategies as the parabolic sar and others. First, identify the types of confidential information the consultants may have access to in the course of completing their engagements. Armed with this information, you can identify the potential risks that must be addressed. Obviously, the higher the potential risk, the greater the protection needed.
Many times, the risk issue isn’t even considered. Worse yet, the risk has sometimes been dismissed with a statement like, “We know these people, and we can trust them.” Even if you do know the consultant you’re considering working with, there’s no reason to abandon caution. The most trusted consultant can make an unintentional mistake and expose your information, particularly if there has been no reinforcement of confidentiality requirements.
If the due-diligence phase finds a potential risk, the next move should be to immediately enter into a confidentiality and nondisclosure agreement (NDA). This is a logical, precautionary step, and it’s difficult to imagine a reason for a company not to take it. The NDA is a straightforward document describing the terms under which the customer and the consultant will and won’t disclose certain information.
The NDA also provides a definition of confidential information (such as a certain process that gives customers a competitive advantage), each party’s obligations regarding the information and a remedy if your consultant fails to live up to the agreement, either by design or by accident. Many times, it’s best if the NDA is negotiated and put into effect well before the actual consultant agreement is in place, since precontract discussions may involve confidential customer information.
When the actual consulting agreement is drafted, include a confidentiality provision that references and incorporates the NDA. The NDA can be very precise in nature, defining types of information, a certain project, a particular time period or specific remedies. The contract confidentiality provision should be wider in scope and should remain in force beyond the contract or engagement expiration – perhaps a year or more.
Finally, you should require that each consultant employee assigned to your account sign a personal “secrecy agreement.” This provides an additional layer of protection and serves to make sure consultants are very aware that they will be receiving confidential information and are personally bound to protect it.
Some consulting firms balk at having their consultants sign secrecy agreements, saying there’s no need to create separate contracts between each consultant and client. Try hard to win this one, but if you can’t, a reasonable compromise is to make sure that the consulting firm agrees that each consultant assigned to your account has previously signed a secrecy agreement with the firm or will sign one before starting work on your account. And don’t forget to review the content of the firm’s secrecy agreement to make sure it meets all your needs. Most important, have the consulting firm contractually accept full responsibility for its employees’ acts and omissions.
As a final safeguard, it’s important to have “orientation briefings” for all of the consultant’s people who are new to your account, to emphasize the seriousness of these issues.
Many large organizations already do NDAs, but they fall into the “pesky paperwork that’s a mere formality” category and don’t get highlighted as being a big deal. In my 35 years in this business, I’ve seen a number of confidentiality breaches that have been very big deals.
Recovering after breaches occur never seems to work as well as preventing them from happening in the first place.
JOE AUER is president of International Computer Negotiations Inc. (www.dobetterdeals.com), a Winter Park, Fla., consultancy that educates users on high-tech procurement. ICN sponsors CAUCUS: The Association of High Tech Acquisition Professionals. Contact him at joea@dobetterdeals.com.
Copyright by Computerworld, Inc., 500 Old Connecticut Path, Framingham, MA 01701. Reprinted by permission of Computerworld.