Labeling Reports Confidential? 2

[smedvid]

Just looking for opinions on when reports should be labeled "Confidential"...

I am working on a project intranet/internet that will permit Company/Contract users the ability to generate financial summary reports from various locations. The software vendor does not want to add the Confidential footer to reports, stating there is never a purpose for such information and it is out of scope. I disagree... By the nature of a printed report, it can find its' way off the company facilities. So, what are the risks if any?

tia.. Steve Medvid
"IT Consultant & Web Master"

 

[rycamor]

Sounds to me like this vendor is trying to limit its potential legal liability should there be a security violation.

In other words, if the software output states "Confidential", and the data falls into the wrong hands over the internet, It might make them look more responsible. This way they can say "Hey, we never guaranteed absolute security".

Otherwise, I can't see why they would care, or why it is even any of their business what text goes on a report header. It seems like that should be the end client's option.

Putting some sort of confidentiality disclaimer on data is an excellent way to protect your information should it fall into the wrong hands. If someone tries to claim the "accidentally" found this in their browser, they still can't claim they didn't know it was wrong to save it, or sell the data to others, etc...

Obviously, it won't make any difference to the truly intentional data cracker, but at least it gives you more ammunition to pursue them legally. -------------------

Current reading --

http://www.wnd.com/news/article.asp?ARTICLE_ID=25456

 

[pinkjambu]

One of the ways to protect your company's financial data is by stating "Confidential" note in every possible way, including in the footer. Visibly, when people see, it means that any violation of the data might cause them legal forwards from your side.

More intangibly, it means you have already put restrictions on the the particulars and anybody relevant to the its usage might want to check their deed regarding their business.

The software vendor i would say has no right to hold back your request. It is in their onus to play parts on maintaining the cleint's business confidentiality and importance. You have all the right to have what you want, it's feasible right. More, didn't you pay for their service?

 

[smedvid]

Thanks for the comments... they were very helpful and may give me the proper approach in requesting that the vendor implement this change.

I know it is common sense to keep your clients happy. Appearently this vendor does not follow those rules. Steve Medvid
"IT Consultant & Web Master"

http://users.erols.com/medvid/

 

[soy4soy]

The fact that they brought up a "scope" as being the reason they chose to not comply with your request. Being an ex-software engineer, I can empathize with them.

Customers seem to lack true understanding of what it means to change their minds on what they want especially near the delivery date. Code not only has to be changed, but tested thoroughly with other modules. Even seemingly benign changes can cause delays in the delivery date which could potentially lose the vendor money.

What you can and should do here is re-open negotiation. Allow them additional time and/or money to make the changes to your request.

 

[smedvid]

Actually, it appears that that requirement is in the contract as well as other stuff. So... should not be out of scope. However, I agree with your view point since I have 11 years of software development under my belt.

Thanks for the comments. Steve Medvid
"IT Consultant & Web Master"

http://users.erols.com/medvid/