4 Comments

Summary:

Using an online project management tool usually means putting your clients’ information online. You may want to think about the legal ramifications of doing that, especially if you handle confidential data. I got some pointers from James Roberts of the Global Capital Law Group.

legal

Using an online project management tool usually means putting your clients’ information online. You may want to think about the legal ramifications of doing that, especially if you already have an organization-wide policy on how to handle sensitive information.

James Roberts, from the Global Capital Law Group, always advises his clients that using web-based applications can have legal ramifications: “We advise our clients to advise their clients that they (our clients) are using online software and that some confidential information might be used in such Saas [software as a service]. Companies using SaaS and confidential information should make sure that their NDAs (or non-disclosure provisions of other agreements) do not prohibit use of SaaS.”

The Legal Concerns

Roberts notes that there isn’t any particular legal concern that forces you to inform clients of whether or not you use web-based applications to handle information — but it is a best practice. Certain contracts, such as NDAs, often include clauses that can be interpreted to require such disclosures. Roberts points out, “An NDA might have some kind of obligation that says something to the effect of ‘treat the Confidential Information in the same manner that the Receiving Party treats its own internal information . . .’ (In that case, the ‘Receiving Party’ means the company.) Likewise for a pre-existing agreement—i.e., the agreement that creates the relationship between the company and the client.”

But there are extenuating circumstances where having notified your clients of such a detail can become important. If, for instance, there is some sort of security breach that makes a client’s sensitive information publicly available, the fact that they knew and approved of the fact that you use a web-based application beforehand can make such a situation more manageable.

A Clear Explanation

Depending on your clientele, explaining your data storage plans within a context that they understand can be difficult. But Roberts points out that such steps are necessary: “We would recommend explaining the use of certain types of software—i.e., software that stores documents in the Cloud, or SaaS, etc. The point is to explain the data usage in context. That context could also include an assurance that the software provider follows industry standards for data security.”

“I do not think there is any greater risk of breach when information is online than when it is in a server farm run by our hosting company or even in a server our basement. Once any network is connected to external networks (i.e., the Internet) then it is at risk,” points out Roberts. The difficulty can lie in explaining that fact to less tech-savvy clients. Finding a context that allows you to explain the comparative use of information and reassure your clients that an online collaboration or project management tool is safe is a necessary step in reducing legal issues down the line.

Image by Flickr user Judy Baxter

Related content from GigaOM Pro (sub. req.):

  1. Project management is so much more efficiently done online. A great site for students to do group work online is Enterthegroup.com. This is a free site which offers a lot of tools to get your work done.

    Share
    1. And you secure client’s data how? Every field in your database is secure so only the client can access it? Or can your internal programmers view everybody else’s sensitive data. Sure project management online is efficient, but it also exposes companies to a ton of questions about where their sensitive internal data may have gone……

      Share
  2. I guess, that there will be a lot of challenges when it comes to the legalese of the World Wide Web, simply because laws take time to adapt and when they do, something newer is out online. I wonder how companies who outsource offshore can be totally protected by an NDA these days as international laws can be a hard thing to tackle. I may be out of sync from the topic, but I love your tips here. In the end, it’s all about being transparent when you do business, online or real-time.

    Share
  3. Most of our projects include highly sensitive information, including attachments & data such as customer lists, server password information, etc. With a plethora of online project management solutions, and none I’ve tried can truly explain how our data is SECURE or ENCRYPTED … what’s to stop a rogue employee of one of these companies from accessing our proprietary information….??? Would like to see an article on that.

    Share

Comments have been disabled for this post