In the previous two parts, the general conclusion is that within the IT sector, so much emphasis is on past clients and past projects, which could be a phishing exercise to extract information about previous clients. People bidding will feel compelled to answer because they will believe that not to do so will exclude them from an opportunity; in other words, psychologically coerced to be unprofessional through fear of loss.
- Discussing previous clients with potential future clients is unprofessional, we have covered this in detail. However, in a sector where it has become a de facto standard, it is the case that people willing to disclose vast amounts to confidential information about previous clients are awarded contracts for being seen as more cooperative. Professionalism, or lack thereof, doesn’t often come into it.
- There are no regulations which protect client confidentiality in IT. Unlike other professions, IT and IT security don’t have licences that could be revoked by failing to take confidentiality seriously or any sanctions at a regulatory level. There are terms of business and non-disclosure agreements which provide protection, but the onus is on clients to enforce such contracts.
What is professional and unprofessional is somewhat subjective. The majority of solicitors care deeply about client confidentiality as part of their profession, but the same is not in Information Technology. Consequently, it becomes challenging to compare the two as the definitions of professionalism are kilometres apart.
At a time when news articles are published daily about cyber threats and data breaches, is it time for a behaviour change when it comes to client confidentiality? Gone are the days where someone has a job for life, and here are the days where large numbers of IT practices offer valuable services to large numbers of individual businesses. Professionals in the IT sector have often participated in 100s of projects and accumulated vast knowledge about the inner workings of their own or their employers’ clients.
Robert is an information security consultant with over 20 years of experience across a diverse range of organisations, both in the UK and internationally. Robert graduated in 1997 with an honours degree in software engineering for security and safety-critical systems. Robert is contactable directly through LinkedIn.