Jonathan Kamens 86 47Feb 27
I am negotiating an engagement with #PricewaterhouseCoopers on behalf of my employer, and I found this buried most of the way down the engagement letter draft they sent me.
wtaf
I replied: "I am uncomfortable with the language in the 'Use of Data' section of the engagement letter. We do not wish to authorize PwC's use of our data, either during or after this engagement, for purposes other than providing to us the contracted services."
We shall see.
(It's an #infosec gap assessment.)
Show threadJonathan Kamens 86 47Feb 27
Let's be clear, what this most likely means is, "We will use your data to train our AI models."
Show threadJonathan Kamens 86 47
So, #PwC Germany said sure, no problem, we'll remove that section from the contract. But they didn't replace it with anything else, so the revised contract doesn't say when they will delete our data after the engagement is over.
I wrote back and pointed this out and asked for them to fix it.
I also asked them what steps would be taken to ensure that our data doesn't get mixed up with data from other engagements whose customers _did_ agree with the "Use of Data" language I objected to.
Mar 10 at 12:16amWeb
Show threadJonathan Kamens 86 47Mar 12
OK, #PwC has now put a solid use of data clause into the contract. It says explicitly that they will only use our data for our project, that it will be deleted once the project is done except for stuff they need to save for legal reasons, and that it will be logically segregated from data belonging to their other clients.
Obviously, I still have to take on faith that they will do what they agreement says, but that would be true for any consultant.