Fog Creek Software
Discussion Board

OT: Protecting clients' data to cover yourself?

Hi, my first time here. Be kind. :) This is a slightly off-topic question for JOS.

I am starting a PC support business. I intend to physically go out to customer's businesses and help with their current PC or server problems. (My competence is fine, I think, based on the number of toasted systems of friends, family, and my own which I have restored to health.)

One of the key liability issues that I am obsessing over is how to deal with the protection of the end user client's existing data, to the extent that I am not accused of deleting or removing needed, irreplaceable files in the vast majority of cases.  *Particularly* for semi-knowlegeable end-users.

Example scenario #1: the client's Windows installation is hosed by spyware and possible viruses. I propose to install and run an anti-virus package in order to clean out their system. Possibly, in doing so, the AV removes certain of the client's "critical" data files. Or the client accuses me of this.

Example #2: the client wants their old PC's data migrated to a new laptop. In order to do this cost-effectively, I remove the HD from the existing system and plug it into a secondary
IDE connector on the new system in order to copy data over. Static or a stray exposed power connector zaps the HD (unlikely but possible) and they lose the HD and its data. 

More?... make up your own scenarios.

The *only* ways I can see to avoid liability and to protect the client and my reputation are as follows:

Ask clients to sign a preprinted release of liability that indemnifies me from damages, and which explains the distantly possible but still possible risks of opening up a PC case.


Carry along a portable HD and back up all client's data on the spot before opening any cases. Which can be several hours. Which makes my services non cost effective for them. 

I am also concerned about the "superstitious" client who will blame me for anything that happens on their system 3 mos after I work on their PC.

I would guess that in the vast majority of cases, the companies that do this kind of work make their customers sign a release before commencing any work, and they "go bare" without any attempt to do a proactive backup.

My thought is that just one screwup could destroy a support provider's reputation so it's worth doing more than essentially nothing.  Or at least offering the service of doing a backup if the client requires.


PC Support Guy
Sunday, November 23, 2003

Get the to sign the liability waiver. Offer to do a backup as well, but  make sure you have something in writing.

Sunday, November 23, 2003

in new zealand we have insurance that covers this....theres likely (surely) to be an equivalent in the US.

also, you _dont_ need to be there while it backs up the data.

turn up, start the backup, bugger off.

come back several hours later and make the changes :)

I dunno...but if/when I start mucking about with _real_ data for _real companies_  I _really_ like having backups.

_really_ do.


<g> personally, if a company came to me and said that they had hired a computer expert to work with their machines, and he (a) didn't want to make backups and (b) wanted them to sign away liability, I would....grin....

Sunday, November 23, 2003

I should have mentioned a possible solution.

Get it into the contract that certain specific folders _only_ will be used to store data important enough for backup.

Then you can backup those only each time.
If they still contain months of data then its still going to take hours to backup, but sometimes this cannot be helped.
(let them specify as many folders as they want as being important enough for backup, and use some scripts to automate the backup process _and_ perform a hash etc to check that the backup has worked)

Sunday, November 23, 2003

>>  turn up, start the backup, bugger off.
>> come back several hours later and make the changes :)

Impractical in the kind of business I'm going to be doing. The client will be some free standing business somewhere that requires a drive to get there and back. The backup drive is my property and I would be leaving it with the client.  I imagine that in most cases, it will be most practical to simply stay with the PC, unless the client has other problems to be addressed. I'm reckoning that the backup will be (my) billable straight time.

Good points on waivers and backups, though.

Anyway, do you or does anyone else have a recommendation on a backup technology? Portable tape drive, or a portable USB hard drive? Other?

PC Support Guy
Sunday, November 23, 2003

Oh, FullNameRequired, I just saw your second post. I should add that I expect many service calls to be one shot deals. Yes, if I work with a client repeatedly, then backups can become economical for them and your ideas are excellent, thank you.

What I am trying to figure out is how to make backups affordable with the "worst case" assumptions (client and I are new to each other, the client is a drive away from my office so back and forth is impractical, etc.)

PC Support Guy
Sunday, November 23, 2003

"The client will be some free standing business somewhere that requires a drive to get there and back."

yes....?  Im not sure exactly how that makes it impractical.

<g> cars are easy, and you _can_ charge the client travelling time for that specific situation (give them the choice...2 hours traveling time in the middle, or 6 hours waiting doing nothing _or_ they perform the backup of that machine themselves before you arrive.

(they will choose do to the backup themselves, and then fail to do so 90% of the time until they get used to it, so expect to have to be tough about it)

Sunday, November 23, 2003

"What I am trying to figure out is how to make backups affordable with the "worst case" assumptions (client and I are new to each other, the client is a drive away from my office so back and forth is impractical, etc.)"

ahh.  cant be done, sorry :)

you can make backups pretty quick by using firewire etc, but that assumes a certain level of tech available, and it assumes that they have a certain quantity of data only.

Honestly, one-off backups are _bad_, computers are _great_ at automating repetitive jobs, but hopeless at doing one off type work.

Sunday, November 23, 2003

Use an extra hard drive and Norton Ghost. You can back up everything quickly. This is especially easy if you bring your own computer to run Ghost.

Insurance is likely to be unaffordable. Insurance companies like being able to estimate risks, and they can't determine the cost of you being accused of destroying all financial records of a client.

Dan Brown
Sunday, November 23, 2003

This type of business sounds like a recipie for disputes.  Client comes to you with hosed disk, asks you to fix it, and you can't recover everything.  Even if you're not responsible for the loss of data, it will be hard for you to prove that to the satisfaction of a disgruntled client.

There are certain devices that will automatically make a byte-for-byte clone an entire hard drive -- is that what you're thinking of?  I don't know about their speed, but it sounds like the best protection.

At a minimum, you should give the customer the option of doing a backup.  Present it to the customer as "For $X I can try to repair your hard drive but can't guarantee against the loss of data.  For an additional $Y, I can first make a backup of your hard drive to provide additional safeguards."  If they decline the backup option, they won't have much to complain about if things go south.

Of course, get a waiver form too -- and check with a lawyer.

Robert Jacobson
Sunday, November 23, 2003

Years ago I would do the occasional moonlighting to fix folks problems not for money but because friends of friends would be asking me since I  "knew something about computers".

I would tell them to back up everything beforehand and they would do a bit of it but there'd always be some weird thing they'd forget and then they would blame me for losing it. For a while I tried to back stuff up for them, but that is a big mistake since you are assuming responsibility for the lost files when you do that.

If I was doing this nowadays, I would carry an assortment of hard drives with me and I would start by pulling their old hard drive and reinstalling from whatever system cds they had. I would charge them three times my wholesale cost for the harddrive, plus a nice installation fee. I would set up their old harddrive as a slave drive so they can copy back their important data files at their leisure.

Another problem you always run into with home users is that they will have 'forgotten' their master CDs for several hundred of the most popular programs. They will swear to you they do have them somewhere and ask you to install copies from your own disks. They will insist that 'the last guy did this for me'. Of course, if they ever get busted for piracy, they will say that you installed the programs without their knowledge. So don't do it!

Sunday, November 23, 2003

Follow industry standard procedures & have yours peer reviewed. Document everything you do for each client. Have them sign waivers that say "Though I do everything humanly possible to protect your information, losses are an inevitability like death and taxes."

What exactly is it you fear, their yelling at you, their not paying you, or their taking legal action against you?
Monday, November 24, 2003

Here's a thought: Solve your problem (concern about liability) and the customer's problem (inadequate backup system) at the same time. Instead of taking something to use as a temporary backup and then remove when you leave the premises, use this as an opportunity to educate your customers about the importance of regular backups. Give (sell) them the hardware and software and set up their system so that it will do on a regular basis. See if, in addition to solving their current problem, you can anticipate and fend off potential future problems before they occur.

OK, maybe it's pie in the sky, but it's Monday morning and I'm feeling ambitious.

CYA plan: You can buy errors & omissions insurance (aka professional liability) that, in theory, will help protect you against claims of professional wrongdoing ("You lost my data!" etc.). But this will probably cost you a few thousand dollars a year and may not be that useful in practice. If you're seriously worried about liability, the smartest thing to do is to go spend a few hundred dollars to talk to a good lawyer and find out what kind of contracts, insurance, policies, behavior etc. will best keep you out of trouble. They may also be able to suggest things like organizing your business as a corporation or an LLC so you can protect your personal assets against liability... maybe then you could even go naked on insurance and just accept that if someone sues you, it potentially puts the company out of business, but maybe doesn't affect you personally. Anyway, I'm not a lawyer, go talk to a lawyer, etc.

John C.
Monday, November 24, 2003

Here's is how we do it.

- Client signs a waiver.  In it there is a specific clause about data, the effect of removing virus, and the possibility of hardware failure when moving compoenents.
- We sign a non-disclosure. Should you find out the CEO is sending love letters to his secetary, you stay out of it ***.
- Backups are a distinct request.  Some sites have their own, some sites would never let you use your own drive and leave with it. 
If they want us to back it up, they need to pay for that service.  Your backup contract should explain what may happen during a backup _and_ that backing up does not reconstruct data. (i.e. CFO lost financial statements due to virus, it will not reappear because you are backing up the system.  -- Laugh, but that is a real example)
- Insurance.  You can buy it in the US, for about $1000/year for each $1,000,000 in coverage.   

However, it does not matter what they signed, in America you can still be sued, and lose.  Law is funny thing, it does not decide what is right or wrong, but what is legal.  Worse, it sometimes decides what 6 people are feeling at the time.

*** Talk with your lawyer about this.  In some places, your non-disclosure will not protect _you_, if you become aware of illegal activities.  Find out when you are required to report it and to whom. (Child porn, extortion, etc.)

Monday, November 24, 2003

*  Recent Topics

*  Fog Creek Home