Much has been said in the previous two parts, and the general conclusion is that within the IT sector, so much emphasis is placed on past clients and past projects, that it can be used as a means to extract information about previous clients and projects. People bidding will feel compelled to answer because they believe that not to do so will exclude them from an opportunity; in other words, they are being psychologically coerced to be unprofessional through fear of loss.
- Discussing previous clients with potential future clients is unprofessional, we have covered this in detail. However, in a sector where it has become a de facto standard, it is the case that people willing to disclose huge amounts to detail about previous clients are awarded contracts for being seen as more cooperative. Professionalism, or lack thereof, doesn’t often come into it.
- There are no regulations which protect client confidentiality in IT. Unlike other professions, IT and IT security don’t have licences that could be revoked by failing to take confidentiality seriously, or any sanctions at a regulatory level. There are terms of business and non-disclosure agreements which provide protection, but the onus is on clients to enforce such agreements.
- What is professional and unprofessional is somewhat subjective. If the majority of solicitors care deeply about client confidentiality as part of their profession, but the same is not true about IT, it becomes very difficult to compare the two as the definitions of professionalism can be kilometres apart.
At a time when news is published daily about cyber threats and data breaches, is it time for a change in behaviour when it comes to client confidentiality? Gone are the days where someone has a job for life and here are the days where large numbers of IT practices are being set up to offer valuable services to large numbers of individual businesses. Professionals in the IT sector have often participated in 100s of individual projects and accumulated vast knowledge about the inner workings of their own or their employers’ clients.
Information security consultant with over 20 years’ extensive experience gained across a diverse range of private and public industry sectors including insurance, banking, telecommunications, health services, charities and more, both in the UK and internationally. Graduated in 1997 with a software engineering degree and specialising in cyber security, risk analysis, compliance reporting and access management.