Using an online project management tool usually means putting your clients’ information online. You may want to think about the legal ramifications of doing that, especially if you already have an organization-wide policy on how to handle sensitive information.
James Roberts, from the Global Capital Law Group, always advises his clients that using web-based applications can have legal ramifications: “We advise our clients to advise their clients that they (our clients) are using online software and that some confidential information might be used in such Saas [software as a service]. Companies using SaaS and confidential information should make sure that their NDAs (or non-disclosure provisions of other agreements) do not prohibit use of SaaS.”
The Legal Concerns
Roberts notes that there isn’t any particular legal concern that forces you to inform clients of whether or not you use web-based applications to handle information — but it is a best practice. Certain contracts, such as NDAs, often include clauses that can be interpreted to require such disclosures. Roberts points out, “An NDA might have some kind of obligation that says something to the effect of ‘treat the Confidential Information in the same manner that the Receiving Party treats its own internal information . . .’ (In that case, the ‘Receiving Party’ means the company.) Likewise for a pre-existing agreement—i.e., the agreement that creates the relationship between the company and the client.”
But there are extenuating circumstances where having notified your clients of such a detail can become important. If, for instance, there is some sort of security breach that makes a client’s sensitive information publicly available, the fact that they knew and approved of the fact that you use a web-based application beforehand can make such a situation more manageable.
A Clear Explanation
Depending on your clientele, explaining your data storage plans within a context that they understand can be difficult. But Roberts points out that such steps are necessary: “We would recommend explaining the use of certain types of software—i.e., software that stores documents in the Cloud, or SaaS, etc. The point is to explain the data usage in context. That context could also include an assurance that the software provider follows industry standards for data security.”
“I do not think there is any greater risk of breach when information is online than when it is in a server farm run by our hosting company or even in a server our basement. Once any network is connected to external networks (i.e., the Internet) then it is at risk,” points out Roberts. The difficulty can lie in explaining that fact to less tech-savvy clients. Finding a context that allows you to explain the comparative use of information and reassure your clients that an online collaboration or project management tool is safe is a necessary step in reducing legal issues down the line.
Image by Flickr user Judy Baxter
Related content from GigaOM Pro (sub. req.):