Suppliers and your confidential information
Look at security
In September 2016 we advised you how to carry out basic due diligence checks on potential suppliers ( yr.17, iss.22, pg.2 , see The next step ). However, where a supplier will have access to and/or store confidential business information on your behalf, those due diligence checks won’t be enough on their own. So in this situation what additional questions should you ask?
Identify sensitive data
Start by identifying exactly what business data the supplier will receive from you and why you consider it to be confidential. Examples include pricing structures, customer lists, marketing strategies and design ideas. Alternatively, a supplier may have access to confidential information about your employees, such as salaries, benefits packages and/or details of work processes. Whilst the above information is highly sensitive, none of it will be protected by intellectual property rights.
Employee screening
Next, as data theft is big business, ask the supplier to explain exactly what employee screening practices they use. As a minimum, they should undertake credit checks on all staff who will have access to your confidential business information. This will reveal details of any county court judgments, bankruptcy orders or voluntary arrangements (but you aren’t entitled to see the results). The supplier should also have a robust reference taking process plus established an employee’s work history and their real reason(s) for having left previous jobs.
Tip 1. Ask the supplier for a copy of its data protection policy and establish what data protection and security training it provides to employees who will handle your confidential information. Training should be ongoing as you want a supplier who stays on top of the law.
Tip 2. Find out if the supplier includes non-disclosure clauses in the employment contracts of all those who could access your confidential business information. This should protect your position if the employee takes a new job.
Cloud storage
If a supplier will be providing data storage and/or backup facilities, e.g. cloud storage, check: (1)Â what systems they have in place if their main servers go down; (2) the level of encryption used to keep data secure; (3) their encryption policies; (4) how they will keep your data separate from that of other clients; and (5) how thorough their disaster recovery plan is, e.g. what will happen in the event of a flood or a major power outage.
Tip 1. Always investigate the supplier’s financial standing - if they become insolvent, you could easily lose access to some or all of your business information. Even on a temporary basis this could have serious consequences.
Tip 2. We’ve created a helpsheet that includes the questions to ask potential suppliers about their data confidentiality processes (see The next step ).
For the previous article on due diligence and a free supplier data confidentiality helpsheet, visit http://tipsandadvice-business.co.uk/download (CD 18.06.04).