30 May 2022

Simply put, ethics involves learning what is right or wrong, and then doing the right thing – however, in organizational consulting, the right thing is not always easy to identify.

This issue is even more impactful when applied to confidentiality in consulting. In theory, consultants seem to be committed to confidentiality and deploy many measures when signing contracts. But this does not prevent notorious breaches from being observed, leading us to ask the question: how is the issue of confidentiality dealt with within the consulting world?

In an interview with a consultant from one of the most ethical consultancies according to Ethisphere Institute, we highlighted the importance of confidentiality in each of its missions. We discussed six related topics: privacy policy training, the impact of the covid-19 crisis on security measures, the line between knowledge sharing and privacy, industrial espionage and cyber-attacks, sanctions for information leaks, and finally the arsenal of confidentiality measures in the daily life of a consultant.

Privacy policy training

As you know, managing confidentiality is not a core competency in recruitment sessions, although it is very crucial. It is therefore the firm's responsibility to instill this in its staff. Consultants are trained in privacy policies from the moment they join the firm. “One day is dedicated to training on the different types of information, on cyber security, on the measures to be applied in case of displacement and on the best practices to adopt to keep their information secure” as our interviewed consultant tells us.

In addition, the consultants are trained on tools that allow them to exchange documents in a secure manner. Thus, these tools are available to the consultant and the client to exchange information. In addition, “outsiders such as freelancers can also join these tools and be licensed by the consultancy”.

The impact of the covid-19 crisis

Special situations require special measures. The covid-19 crisis has led to the introduction of teleworking and new measures have been imposed on consultants to avoid information leakage and therefore to maintain data security. Thus, our consultant interviewed indicates that “the tools evolved during this period in order to exchange documents in a secure manner. In addition, consultants sometimes had to get used to their clients' software to send documents”.

The line between knowledge sharing and privacy

Our interviewee tells us that information is categorized: some information is presented by the client and not shared to keep certain data confidential, some is communicated to the consultants and strictly confidential and some can be shared for new missions. The client can thus decide what information the firm can or cannot share. In addition, it is interesting for consultants to communicate their performance on past missions in order to prove that they are competent. “We can talk about successfully implementing a tool or doubling a company's sales (...) without talking about the company's exact turnover, which may be information they do not want to disclose”, it is therefore important to share key performance indicators as the interviewee tells us. Thus, it is interesting for the consulting firm to place a consultant on non-simultaneous missions of competing companies so that he can share his knowledge and good practices. However, the interviewee says that it is risky and not possible to place a consultant on two similar missions simultaneously because of the risk of information leakage.

Industrial espionage and cyber attacks

To avoid cyber-attacks and more particularly phishing, our interviewee tells us that “there is a system for quarantining emails before they are received. Alerts arrive a few times a month to warn consultants of suspicious emails.” Concerning industrial espionage, it is possible that some consultants go through a screening phase to ensure that there is no leakage of information concerning missions for the army or the Ministries, for example. People in charge of this mission will look at the criminal records of the consultants, the last missions carried out by the consultant and whether he meets the standards and characteristics required by the client.

An arsenal of measures

To evolve in the consulting world, it is best to get used to these few measures that we have sorted out in bulk. And this is just one example of the many other confidentiality preservation measures promoted by firms in France: lists of clients whose names must in no way be communicated to the outside world, rules of compartmentalization between clients, segregation of teams of consultants working on private equity assignments in the famous "war rooms," partitioning of servers internally, cleaning of reports before they are made available in knowledge management tools, conducting the assignment on the client's computers directly, use of sealed trash bins managed by a specialized external service provider who regularly removes these bins and destroys their contents in the factory… These are basic measures, but they are not the only ones applicable. Depending on its specialty, a consulting firm may enforce other confidentiality measures that are even more complex and specific.

Sanctions for information leakage

When a consultant transmits confidential information, he is subjected to an examination in order to know the circumstances and consequences of this information leak. This may result in layoff or, in the worst case, in dismissal for gross misconduct. Despite the sanctions applied to the consultant, it is the company that will be held liable in the event of a breach.

In short, we must remember that managing confidentiality is a huge challenge in the life of a consulting firm. It requires both an awareness of the stakeholders and a rigorous follow-up of the established procedures. However, since the practices of distrust and management of sensitive information are not easily acquired, particular attention must be paid to the training of junior consultants on the subject. We could therefore hope that in addition to being crucial, confidentiality will be mastered as much as possible for a better future of the sector.


Article by BOENIGEN Carla & DIENE Mouhamadou

You will also like
  • Ethic in consulting, how is it going?

    20 June 2022
  • Ethics in the Consulting industry: a new wave to navigate

    13 June 2022

    06 June 2022
  • Between the manager's pressure and the client’s expectations, where is the consultant duty of objectivity?

    23 May 2022