Review of "Design Is the Problem" in The Designer's Review of Books
From Observation to Vision: The Promise of Human-Future Interaction

Take Client Confidentiality Seriously


There's nothing more fun than watching years of confidential effort evaporate in a single post on Gizmodo.

On the night of the Oscars, I was at my next-door neighbor's apartment, drinking mint juleps with a professional opera singer. After hearing delightful stories about his audition schedule, which had him traveling from Seattle to the Bay Area, then back to his home base of Philadelphia—all in the name of securing the next big singing gig—he asked me the question that any user experience designer dreads:

"So, what's your job?"

"I'm an interaction designer," I replied, taking another slow sip from my cup so he could tee up the inevitable query.

"Interesting. So, what is it that an interaction designer does?"

"I help make products and services better for Fortune 500 companies."

"That's intentionally vague," he said. "Could you give me a few examples of some of your clients?"

"No," I said. "Any examples that I could provide won't be available in the market for one to two years."

"Well, that's a real conversation killer."

And yes, the conversation died a horrible death right there.

I could hear in this abortive dialogue echoes of a similar conversation I'd had a few weeks back, with a professor of interaction design. He'd asked me a similar question about my day job, and I had to provide the same confined response.

This led him to rail on the stupidity of non-disclosure/confidentiality agreements, their stranglehold on innovation as a whole, and how interaction designers in the thrall of working with corporate clients were solving tiny little problems compared to the huge, thorny strides that designers could make in the airy confines of an academic setting. (The irony was that he'd spent most of his career in the thrall of an NDA at a large company, where he designed software. C'est la vie.)

I can be creative. I can abstract what I do in my daily work for the benefit of a bunch of friends of acquaintances, especially when they're half-drunk and waiting to see whom won Best Supporting Actor this year. I've got more than my fair share of stories to tell, from a long string of design jobs. It could probably fill a book or two.

But I have a deep appreciation for the importance of non-disclosure agreements. I've seen what can happen when a designer accidentally slips what seems like one tiny inconsequential detail. Their whole world can come crashing down.

Take, for example, my friend Roger.

Roger had been working at a printing firm, where he created packaging for software products sold in stores. As a course of creating the packaging, he was working with products that had not been announced to the public yet. The press releases for these new products would be accompanied by the luscious graphics he created.

One project he was working on had him very excited, and while hanging out with a friend playing XBox, he mentioned the name of the piece of software and when it would be coming out. He also said that it was confidential information until it went public.

However, like many people out there in the world, Roger's friend believed that public is the new private. His friend wrote about their conversation on his personal blog. This quickly snowballed into worldwide knowledge of the software package's release date. Considering the leading tech blogs sport hundreds of thousands of readers and Twitter followers, you can only imagine how quickly this news spread.

After a two-week period in which lawyers descended upon the firm from the client organization, my friend was let go from his position. The situation constituted a violation of his non-disclosure and confidentiality agreement, due to that single mention of his work to a single person. Even though the initial conversation was strictly in confidence, the end result was a loss of competitive advantage for the firm's client.

You could argue that such leaks aren't really that damaging, at least in the short term. Or we could agree with the professor, whose view I find very seductive and utopian.

But that would be a marketing-centric view, where press releases can be fired off in a matter of hours and advertising campaigns spun up in a mere week. To change course on a multi-year project, where thousands of people are working day and night to realize a huge vision, is nigh impossible. It also means if there is a company working in parallel, they then have time to adjust their plans. Imagine two big battleships waging an epic battle in an iceberg-strewn polar sea. It only takes one shell to pierce the hull, letting the cold waters gush into every open space. How much water needs to bailed out to keep the ship afloat?

Whomever said that information wants to be free doesn't consider the cost of said information destroying a company's future market share. When hundreds of thousands of people subscribe to the TechCrunches of the world, and a single tweet can snowball into an Oprah story, you'd want to be sure as hell that what you say in the market is your best foot forward, not your foot lodged firmly in your mouth by someone you don't even know. Having worked for many years in marketing consultancies, there's been a prevailing laissez-faire attitude that what we created was so far down the communication chain, a loud late-night chat wouldn't cause too much attention around our upcoming website or product release. But now that everyone's phone is essentially an information capture and public broadcast device, those days are pretty much over.

So I stick to these rules when considering what can be shared outside of my immediate work team:

Review your confidentiality agreement, then decide in advance what you can and can't talk about. Stick to those boundaries. A friend of mine works at a company where they can disclose what clients that they have and what kinds of projects they are working on, but no actual designed work until it goes live. Another friend can't tell me her clients, her projects, or even point at something that she'd designed. Be crystal-clear about what those rules are, and don't diverge from them. It may create a host of oblique, uncomfortable conversations, but you'll be secure in protecting your client's interests.

Just because everyone else knows doesn't mean you should let on that you know too. Sometimes, you'll find out that people from outside your company and/or client organization are privy to the project details you're working on. Even in those cases, you shouldn't let on that you also have access to the same information. You should transcend the societal imperative for open disclosure in that situation and keep your mouth shut unless your supervisor or client says otherwise. I've been stunned to discover, when having coffee with a friend of a friend, that they know everything about what I'm doing... they just don't know that I'm doing it.

Make sure your vendors also agree to your nondisclosure restrictions. When working with vendors that have to handle confidential information, make sure they're bound by the same agreements that you are. I've heard horror stories of printed material, fresh off a printing press and sitting in pallets for shipment, being shot with a camera phone and posted to the Internet. Such behavior shouldn't be tolerated.

When out with co-workers blowing off steam, don't mention client names or characteristics. After a few cold ones, it may not seem like a big deal. But you never know who's sitting in the booth next to you. I'm terribly wary, especially in a hyper-connected city like Seattle, of people being able to easily connect a rough timeline of events to the actual narrative playing out (inter)nationally for my clients.

Even if you didn't sign an NDA/confidentiality agreement, be careful about what you do share. If a client asks you to keep something they tell you in strict confidence, treat it like confidential information until they say otherwise.

Always ask permission to show work or send out a press release if you don't have an NDA/confidentiality agreement in place. This is not only a good business practice, it also keeps you from embarrassing conversations where a client asks you to pull work samples out of your public portfolio. Try to work these points into your contracts, so these negotiations don't have to happen after the fact.

Don't leave client work up on your screen or computer desktops in public or in client meetings. This sounds like a "duh!" observation, but if you don't have work filed away in folders and hidden from view, people can see what other projects you're working on. This may color their perception of how you handle client privacy. Volumes can be told from your work email inbox being projected in front of a whole roomful of clients.

Know when to use strong protection for IP that you pass back and forth. When working with highly confidential information, be very aware of what is passed via email and by what types of email accounts. Try not to use third-party email services for client information—instead, lean on your own servers. Use strong passwords with numbers, special characters, and caps/lowercase digits. If you're using password-protection on documents, don't send them in the same emails—instead, communicate them verbally / in-person to ensure that if an email account is hacked, the files can't be utilized. And if you're posting your work on cloud services, be vigilant regarding whom has access to that shared information over time.

Always lock down your phone with a password if you're receiving client calls, texts, or email. Set up your phone to "self-destruct" after a set number of failed password attempts and/or a remote wipe capability if it's stolen. It happens more often than you think.

Try not to send oblique signals about what you know that others don't. "There's something cool coming next week," says the oblique tweet about the top-secret project that just may see the light of day. Really, do we need to know that there's something you know that we don't? I know you're trying to build suspense for the big reveal, but what happens if your client decides to kill the project? Or goes bankrupt? What are you going to say to your followers then? Try not to leave open threads dangling, as there will always be someone out there who pulls on the loose ends and starts to unravel the larger story.

Certain names and identifying characteristics have been altered in this post to protect the individuals and companies mentioned.


This post seems appropriately timed with all the fuss about Dribbble these days... or is that what inspired the post?

David Sherwin

Hi Brandy,

I had been thinking of writing this post for a few months, and just hadn't gotten permission from the people mentioned in the piece until this past week.

Dribbble is an interesting new idea floating around our community that definitely made the topic feel more timely. If I was doing work for social causes and nonprofits, I'd be all over using the tool for those clients.



Neat article, and you are very right about killing conversations! There is just no easy way around it though, and I really can imagine the impact it could have on clients.

I suppose we should consider ourselves lucky we don't work for companies like Apple, at least if the stories about their over the top security measures are to be believed.

Thanks for the interesting read David.

The comments to this entry are closed.