Q

What are the ethical issues when consulting for two competing companies?

Security consulting is a job in which privacy is paramount. Leaking security strategies to the wrong people -- especially a company's competition -- could lead to breaches or break ins. In this expert response, David Mortman gives best practices for handling consulting ethically.

Are there legal or ethical mandates against working as a security consultant for two competing companies?
Barring contractual terms you may agree to, there aren't any legal mandates that I am aware of that would prevent a security consultant from working for two competing companies. Ethically there isn't really an issue either, provided that you don't reveal information about either client to the other one. In fact, this is a good rule of thumb: Never reveal information to a client about any of your other clients without prior permission, regardless of whether they are competitors.

As a consultant, protecting the confidentiality of your clients' data is one of your prime duties, both legally and ethically. Your consulting contract undoubtedly has non-disclosure terminology that mandates this protection. But even if the contract doesn't contain a legal protection requirement, there is still an ethical mandate to keep the company's data private. It is an essential part of establishing that you are a trustworthy...

individual who is part of a trustworthy profession.

Protecting your clients' data entails not only not discussing specifics, but also taking active steps to protect any data about the client in your possession. Electronic copies should be encrypted and/or protected with passwords to guard the data if the equipment is stolen. This is also potentially useful if a client tries to use your equipment as a source of industrial intelligence gathering. Similarly, paper copies of confidential information from one client should not be brought to other client sites. If this is unavoidable for some reason, those papers should be kept under lock and key the entire time.

For more information:

This was first published in February 2009

Dig deeper on Information Security Policies, Procedures and Guidelines

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close