Virtually all manufacturing facilities consider their processes to be proprietary, whether it be the equipment used, production methods, or information about output and packaging. Even the configuration of the manufacturing line can be considered confidential. Yet all of these key pieces of information are exactly what the building team needs when constructing a capital manufacturing project.
During the construction process, proprietary information will inevitably be widely shared and cross many desks. Food and beverage manufacturers must work with a construction partner they can trust to keep their critical intellectual property (IP) confidential during the entire construction process, from pre-construction to closeout.
Keep information confidential during the bid process
The bid process is the most vulnerable time for protecting IP. Bid packages for large capital projects like manufacturing plants can contain thousands of drawings and specifications, all of which contain information on equipment, processes and production. Therefore, owners must be sure they are working with a general contractor who won’t unknowingly compromise clients’ IP when they put packages out for bid. General contractors must be able to protect sensitive information—and in so doing, protect their clients—when seeking subcontractor and vendor bids.
General contractors should meet with the project owner long before construction begins to gain a full understanding of the specific information to be protected. Because information considered IP will vary by every owner and even each project, contractors need a holistic understanding of all details considered proprietary information.
To protect critical IP during the bid process, general contractors must clearly communicate the need for confidentiality and have all parties that receive information sign a non-disclosure agreement (NDA). NDAs are legally binding documents that prevent contractors and subcontractors from sharing information with third parties and set forth consequences for any breach of the agreement.
General contractors should keep a record of all companies with access to IP information, as well as the type of information accessible, and require an NDA. They must develop a clear plan that is easy to communicate to vendors and subcontractors on best practices for handling, storing and disposing of IP. This plan should include the requirement that the general contractor be informed if a breach occurs by any third party. The general contractor should follow up with all project stakeholders regularly to make sure the plan is followed consistently. Further, the GC must ensure that all subcontractors and vendors return or destroy all proprietary information as outlined in the NDA.
If a contractor suspects proprietary information has been shared inappropriately, the first step is to communicate the breach to the owner to maintain a trusted relationship. Contractors also should inform all stakeholders with access to IP information about the potential breach and require them to change their passwords. Contractors should have a trusted legal team that can direct them on the best course of action under their jurisdiction, as laws vary widely.
In addition to requiring signed NDAs and communicating privacy best practices, owners and general contractors should take a proactive approach that consists of many levels of protection and controls when sharing document packages and other information.
Harness access control for document protection
Whether it’s during the bid process or during construction when actively working with trade partners, contractors should never simply share a link to document sets. Instead, the documents should be transferred via secure channels and access controls should be implemented. Many file-sharing platforms exist that offer secure, encrypted channels for sending documents.
At its most basic level, access control can mean assigning usernames and user-chosen passwords. Another method is issuing a one-time password to provide temporary access to files. Valid for only one login, these passwords usually change at regular intervals according to an algorithm.
Everyone with access must create usernames and passwords that are different from each other, and users should be required to use strong passwords, which are long passwords that include a mix of numbers, letters and characters. These passwords are difficult to guess and more secure. If a user enters the wrong password after a certain number of tries, they should be locked out of access.
Effective access controls also can be achieved through multi-factor authentication or two-factor authentication, which are electronic processes that add additional levels of security. Users can gain access to electronic information only by supplying two unrelated pieces of evidence proving identity. Often, this means using a smartphone application with additional evidence of the user’s identity.
Once project teams have been established, role-based access control (RBAC) can be used to restrict access to information on a given network based on a person’s role within the team. This means only employees who need access to the document’s contents are able to access them. Access can be controlled even further by restricting certain employees’ activities on a document, like giving them the ability to view a document but not modify it.
Additionally, access can be controlled using software tools to prevent screenshots or file downloads. Software can set conditions on downloads, like only allowing documents to be downloaded from a certain number of IP addresses or limiting the total number of downloads of a document. Tracking IP addresses is an effective strategy to ensure sensitive information is not being shared inappropriately.
Additional risks of artificial intelligence
In the age of artificial intelligence (AI), protecting clients' IP is even more challenging. As AI technology advances, it enables rapid creation, analysis, and replication of content, raising concerns about unauthorized use and infringement. In construction, subcontractors or vendors could expose sensitive information via an AI tool or by using an existing tool that has AI functionality. Educating contractors and vendors on best practices for IP management and staying abreast of evolving legal frameworks are essential steps in navigating the challenges posed by AI while preserving the integrity and value of intellectual assets.
Safeguarding clients' intellectual property has become increasingly critical and complex. It is more important than ever for capital project teams to protect IP when seeking project bids. Trusted contractors understand providing information is necessary to find the right subcontractors and vendors for the job, but that information can be protected throughout the construction process with technology tools and enhanced attention to security.
