Non-Disclosure Agreements (NDAs) are becoming very common in business—and not just pro AV, but all business. Not understanding all of the terms of an NDA and how to manage the information can cause damage to your company, your clients, and your reputation.
There are multiple items to consider when entering into an NDA. A few questions I ask are: Is it for the company overall, or just the person? Is it a single-sided NDA or is it mutual or bidirectional? Do you need to have subcontractors sign the NDA? These will typically be called out in the NDA itself. That is the first thing that most people neglect to do before signing: read the entire document. I have distributed and received many NDAs; I am always amazed by how many people don’t understand them…and sign them anyway. Some of the NDAs bind the company, some bind the individual. As a company principal, it is folly to have someone binding the company without a review first. Any questions and clarifications must be documented in the form before signing.
I prefer that NDAs be signed by all parties involved, even if it is companywide. The main reason is that I feel it helps all of the people understand the seriousness of the agreement. If everyone does not understand the requirements, how can the conditions be met? I also caution people that the NDA might have repercussions that are unexpected. When working with a publicly held company, the E.U., the U.S., and others have regulations to control financial information. This condition might seem far-fetched; however, think what would happen if someone knew where a company’s new headquarters was going to be built based on purchasing hundreds of conference room systems.
Now that a company has privileged information, managing it is imperative. Having been involved in projects that experienced information breaches, proactive information management is critical. The basic question I ask is: “Does this person need to know the project?” And about 95 percent of the time, they do not. After I have determined who needs to know, I then hand them a copy of the NDA to sign.
While managing information goes beyond the digital world, securing the computer data is one of the first steps to take. Not only should access be restricted, but I’d take it a step further and encrypt the data. Yes, information needs to be secure during transport and storage. The standard operating systems enable encryption of a hard disk; I do that on all my drives. I also consider encrypting the file with PGP or GPG encryption, just in case. Multiple layers of security are key.
That seems easy enough, right? There is much more to be aware of when dealing with confidential information. If there are hard copies—such as drawings or plans—keeping those secure is essential. Sometimes it’s as simple as not leaving said hard copies unattended on a desk or at the printer. If hard copies are needed, store them in a locked filing cabinet or room. After using the documents, shredding the materials is a must. Don’t forget to apply this due diligence to erasing your whiteboard or digital collaboration system—you have to ensure your information is not just laying around the office.
Headed out on the road? Don’t forget your security processes while traveling. Do not have phone calls in public that reveal privileged information; the same approach goes for using a computer in public where people can shoulder surf. Don’t talk about the project when at lunch, even if it is just you and coworkers. While people are typically not malicious, the idea of gossip and sharing a secret is just human nature. People will share a secret they know to feel important.
Think I’m being a little overzealous about the security of data and keeping it secret? Think back to last year when Equifax let down its guard—now think about how much it has sullied its own reputation. By following the rules of the NDA, I do not worry about my reputation. It is the only thing I can control. I don’t want someone else screwing it up by violating the NDA; that is why I am proactive.
Do not assume that everyone working for the same company knows everything. This may seem very obvious, but when you think about the difference in responsibilities between the shipping department and the design department, you know those employees don’t know all of the same confidential information. Less apparent is that people within the same design department might not know about their coworkers’ projects.
Think of a significant integration firm with multiple locations. Why does the New York office need to know what the New Jersey office is doing? The same goes for end users or clients. Not everyone knows what is going on in every division. Just because it is the same company, do not share the information unless you know that you are allowed to share.
About to blab? Call the person you signed the NDA with and ask if you are allowed to share the information with another party. This will also help build your reputation—it will reinforce that you are cognizant of NDA requirements.
Don’t forget about subcontractors. If you are using them, ensure people critical to the NDA are aware subcontractors are now involved. And make the subcontractor has signed the same NDA, then file it with the originator.
Note: I am not an attorney; this column is not meant to provide any legal advice. Please consult your legal team for counsel. This piece is my opinion. I am not speaking for anyone else, including, but not limited to: my employer, System Contractor News, or Future plc.