|

 
|
| | Name : | Ian S. Piper | Organization : | Diebold Election Systems, Inc. | Post Date : | 9/29/2005 |
| Section : | .20.1.3 | Page no. : | (Vol 2) 2-3 | Line no.: | | Comment : | In the requirements for "Protection of Proprietary Information", the language used is inadequate. There should be a written agreement between the vendor and the reviewer (test lab, State or jurisdiction, not person), whereby the reviewer shall agree to keep confidential the proprietary information. The word "refrain" is inadequate. There is no protection through using the word "refrain". It is akin to saying "please don't do this". There needs to be a binding agreement between the reviewer and the vendor so as to provide adequate protection for proprietary information.
Vendors spend millions of dollars developing their products and they require proper compensation for their development investment through the sale of their products, licenses and services. The vendor's proprietary information is the vendor's assets. To place loose restrictions on the disclosure of those assets would risk a vendor's viability. It is in the best interests of States and jurisdictions to support the long term viability of vendors so that the products purchased by those States and jurisdictions can enjoy many years of professional support and feature enhancements to accommodate changes to their election laws. To date, confidentiality of proprietary information is a cost effective method of protecting a company's assets. Other methods involve higher costs and are implemented after harm is already done to the vendor. Considerations must be in place in this standard to adequately protect a vendor's proprietary information.
Proposed change: Replace the second sentence with the following language, "Prior to receiving proprietary information, any test lab, State or jurisdiction shall sign a binding agreement with the vendor to use the information solely for the purpose of analyzing and testing the system, to keep confidential any proprietary information and to not disclose the information to any other person or agency without the prior written consent of the vendor." | |
|
|