Skip to main content

Those IT Contractors Working in Your Office - What Are They Up to? A Pub Tale in Two Parts: Part 1 - The Business Side



Here's the scenario. You're Steve, an IT project manager for Beta Corporation. You convinced your CFO to hire Acme, a local software development company, to embed four of their guys on your premises to help your overworked IT staff create the Next Big Thing software application. The application will use data from your network. But you're worried about giving Acme's guys access to your network! It has a lot of confidential business information, including customer data. You wonder about the business and legal precautions needed to protect your valuable data. The Acme CEO tells you that everything is fine without a contract (other than Acme's Statement of Work that you signed last week and the NDA that Acme signed when the project went out for bids).

Fortunately, you know a savvy information technology lawyer, Bosco, and decide to pick his brain during a few beers Friday after work at Brewery Vivant in Grand Rapids, Michigan. You are drinking  the Undertaker, a smoky Belgian-style dark ale with notes of chocolate and dark cherries. The choice of Undertaker makes sense because the brew pub is located in a former mortuary chapel. The feeling that you are observed by the dearly departed is palpable. 

Here's how the conversation goes:

Steve: What about Acme doing the Next Big Thing project?

 Bosco: I'm concerned about giving Acme's guys access to your network - with its valuable and proprietary data - without some business and legal precautions.

 Steve: What business precautions do you think are necessary?

 Bosco: Well, what do you know about Acme's programmers who will be at your offices?

 Steve: They are really smart and have a lot of experience! Two of the guys are from India; the others are local. We save a lot of money because they are Acme's independent contractors, not its employees. 

 Bosco: Do you know if the Indian programmers have received permission to work here from U.S. Citizen and Immigration Services? 

 Steve: I assume that Acme took care of this. But this topic didn't come up when we negotiated the deal. 

 Bosco: Assumptions can be dangerous. You should ask Acme for proof that the Indian programmers have the appropriate U.S. work visa. If they don't and the authorities catch them, your company could face unfortunate legal and business consequences. Wal-Mart got into trouble over this several years ago. Also, have you asked Acme for background checks on the four programmers?

 Steve: Why would I do that?

 Bosco: You said that the programmers would have access to your network, but they will also be at your offices for several weeks. For practical (but not legal) purposes, they will be Beta employees. Don't you want to know if they have any felony convictions within the last seven years? 

 Steve: Well, that's a good idea! We already run background checks on our IT employees having network access. 

 Bosco: And let's talk about what kind of network access the guys will have. Are there any restrictions on what data they can get to? 

 Steve: They will need access to a lot of network files to program the Next Big Thing. We don't know exactly what. 

 Bosco: I think that you and Acme should try to narrow down the data that Acme will need, and then place these files in a secure "DMZ" that Acme's guys will access. And they should have access only to the DMZ. If they need any additional data, they can ask you for it, and you can place that data in the DMZ as well. That way, Acme's programmers won't be able to access your entire network!

 Steve: That makes good sense. What other business safeguards do you recommend? 

 Bosco: I bet that Beta has an employee Code of Conduct that includes confidentiality provisions. 

 Steve: That's right. We make our employees sign it every year! 

 Bosco: That's great. But I think that you should revise it for Acme's programmers to sign, too. 

 Steve: But we already have a NDA with Acme. 

 Bosco: That's good, but those provisions may not be not legally binding on the Acme programmers because they are not Acme employees. So, each Acme programmer should sign a code of conduct that includes confidentiality provisions. It should also cover other items, such as Beta's no-smoking, dress code, non-compete, and no-solicitation policies. 

 Steve: That's a great idea, Bosco! Now what about those legal safeguards? We already have a signed Statement of Work with Acme. It's two pages of really great stuff about what Acme will do to create the Next Big Thing

 Bosco: IT statements of work usually contain just the business guts of the deal without essential legal protections. So, let's order a few more Undertakers and get down to the legal stuff!


Executive Summary:
Vendor-furnished contractors who access your network call for certain business precautions, including:

· Proof that the contractors are authorized to work in the U.S. if they are not U.S. citizens.

· Background checks.

· Contractors should sign the appropriate code of conduct containing confidentiality, non-compete, and no-solicitation provisions.

· Consider allowing the contractors only restricted access to your network by creating a secure "DMZ."

· The vendor’s Statement of Work or Proposal - even if negotiated - isn’t a sufficient contract for the project because that document usually contains only the business side of the deal. It doesn’t address essential legal elements.

Stay tuned for Part 2, in which the Undertaker keeps flowing - and Steve and Bosco get down to the basic legal provisions that should be in the application development contract between Acme and Beta! 

Labels:

Comments

Post a Comment

Popular posts from this blog

The BUSKLAW 2021 Year in Review - Brit English Sums It Up!

  I'm at a loss to describe 2021 using American English, sorry. AmE has grown tiresome. Don't believe me? Just turn on your local TV news and listen for how many times the news people use "prior" instead of "before" and pepper their speech with "as well," frequently tacking it on after using "also" in the same sentence, as in "It will also rain tomorrow as well." How can all be WELL when every other sentence ends with AS WELL? Warning: don't play a drinking game to count the number of  AS WELLs or you'll be pished (as they say in Scotland) in 10 minutes. Which reminds me of why we should be thankful for Brit English to describe 2021: it was another year that we good guys got knackered .   Consider: Covid continues unabated - now improved with variants (get your booster, wear a mask)! The peaceful transition of the U.S. government after the 2020 presidential election almost didn't happen (can you say "insurrectio...
Post a Comment
Read more

The BUSKLAW Halloween 2022 Post: Stephen King's Asides on Poor Writing in Fairy Tale

  Having just read  Stephen King's Fairy Tale in time for Halloween, it's appropriate to examine his asides on poor writing included in the book. (BTW, Fairy Tale is a good read with King's typical well-executed character development, plot, and a great finish to the story. But you have like the whole Grimm fairy tale genre before you read his take on it.)  Stephen King doesn't tolerate anything less than crisp prose. When the story's hero, Charlie Reade, tries to read a book about the origins of fantasy and its place in the world matrix ("what a mouthful"), he can only scan it because: It was everything I hated about what I thought of as "hoity-toity" academic writing, full of five-dollar words and tortured syntax. Maybe that's intellectual laziness on my part, but maybe not. Later on, Charlie tries to focus on a particular chapter in the "origins of fantasy" book about the story of Jack and the Beanstalk but is put off by "t...
Post a Comment
Read more

The BUSKLAW May Newsletter: The Foolhardy Practice of Using Faux Terms of Art in Your Contracts

  Most lawyers draft contracts. That's what lawyers do. And they use perceived terms of art ("TOAs") because they want to be paragons of contract-drafting precision. But here is where the canker gnaws:  the words that lawyers insert in their contracts as TOAs are actually not, potentially causing problems in clarity and interpretation. And as I've said time and again, these problems lead to disputes, and disputes lead to litigation, which is always time-consuming and expensive for the parties involved.  Let's first define TOAs in the legal context. According to Professor Bryan Garner in his Dictionary of Legal Usage , TOAs have specific, precise meanings that are "locked tight" and based on legal precedent. But then there are the faux TOAs, "whose meanings are often unhinged." Expert contract drafters, Garner says, know that clear, simple drafting is less subject to misinterpretation than using TOAs that are nothing more than "mere jargon....
Post a Comment
Read more