Back in the “stone age” before the internet, it was often difficult and expensive to share information with a lot of people. The internet, however, has proven to be a powerful tool for posting information that people all over the world can access. Companies have discovered a number of innovative ways to use the internet to share information electronically and cost effectively. Using internet technology, companies have set up internal networks, called “Intranets,” which are only accessible to the company’s own employees. These intranets generally operate behind secure firewalls, so that a company can post confidential information for its own employees to use without having the information accessible to the rest of the world. Sometimes companies also wish to share some of this confidential information with some of their business partners. The solution for a number of companies has been to create an “Extranet,” which—like an intranet—operates on secure servers, but which is accessible to business partners with the proper access codes.
If your company sets up an extranet, the most significant issue you will face is protecting the confidentiality of the information you (and perhaps your business partners) post on it. Because the information posted on an extranet often includes confidential trade secrets, your company needs to take steps to ensure that the information will remain confidential.
The first step, of course, is ensuring that you have the proper technology in place to keep intruders out. You must keep the information on secure servers, and anyone accessing the information must have the proper access codes. If your company doesn’t have the necessary expertise, you need to hire a consultant who can help you configure an appropriate extranet system. You also need to test these security measures on a regular basis to ensure that they are functioning as expected.
Just as important as having the right technology is sharing it with the right people. Whenever you allow someone else to access your trade secrets, you run a significant risk that he or she will share the information with someone else. To control this risk, you should have a nondisclosure agreement with each business partner that specifies who may access the information, places restrictions on how the information can be used, and spells out the consequences for breaching the agreement. Consultants you have hired to help you with the extranet, as well as anyone else who may access the confidential information posted on the extranet while providing computer-related services, should also sign a nondisclosure agreement. Finally, your own internal policies and procedures should incorporate nondisclosure provisions governing your own employees’ use of your extranet.
If you allow your business partners to also post information on the extranet, then many of these concerns are multiplied. Someone who hacks onto the extranet may obtain not only your own confidential information, but also that of your business partners. Agreements that you sign with your business partners should address this risk.
When others post information on your website, you also have an additional concern regarding their right to post the information. Your agreement should include a guarantee that any information posted will not violate any intellectual property rights or any other nondisclosure agreements. Because others may rely on the accuracy of the information being posted by the third party, your agreement with your business partners should also set forth who will be responsible if the information is inaccurate.
An extranet can be a useful tool, but there are a number of risks associated with sharing information with others. While you cannot eliminate the risks, with the right agreements you can at least control the risks.
If you need more information on extranets, please call your Warner Norcross & Judd attorney or Norbert Kugele at 616.752.2186.