Are you handling other people’s secrets?
By Bert Heymans
Published: 10 December 2014
Bert Heymans of Journeyman PM asks: when you’re running a project how do you know whether and what client or contractor information is sensitive?
You and your company probably have information that you can’t or wouldn’t want to share. Keeping something a secret is sometimes a key ingredient for success. When a client entrusts certain information to you, you have to take full responsibility for it.
I’d like to tell you about the little things that might go under the radar and share with you something I consider best practice based on my professional experience.
Security and confidentiality probably has a place in the risk register you keep. Have a look at your running projects, I’m sure you’ll find something that’s at least a bit sensitive.
Here are a few examples of things to watch out for:
- Unreleased product information
- Graphical assets
- Product descriptions
- Price information
- Any type of end-user information entrusted to you
- All kinds of digital account data
- Mailing lists
- Items carrying IP (intellectual property)
- All things subject to a licence
- Service rates and margins
Clients have always responded very positively when I discussed this aspect of their project with them. So at a very early stage explain what you have identified as possible confidentiality risks and what you are doing about it.
If you’re working for the military, Sarbanes-Oxley Act (SOX) compliant clients or companies in a high competition market this should probably not only be tucked away in a risk register but added as an explicit part of your project scope description. Keep an eye out for exceptions as they are not always obvious.
Even if you didn’t sign an NDA (non disclosure agreement), it’s a matter of responsibility and integrity. As a project manager you can stress these values while communicating with your team.