-
No
information provided by a cooperating
company will be released to anyone outside
the US-CCU until that company information
has been processed in such as way as to make
it anonymous. In other words, the US-CCU
will release no data or information of any kind
that could be attributed to a specific
corporation.
-
To
make company information anonymous, all
names and numbers that could be used to
identify the specific company will be
removed from the data, and all company
information will be amalgamated with
information from other companies, so that
the specific cooperating companies cannot be
identified by matching the US-CCU data with
other published data. In other words, by the
time any data is made available to anyone
other than the US-CCU staff will be adjusted
and processed, so that it represents either
a typical sector member or the sector as a
whole.
-
Even
within the US-CCU, the identities of
cooperating companies will be shared only on
a need-to-know basis. Whenever possible, the
names, addresses, brands, trademarks, phone
numbers, and personal names associated with
the cooperating companies will be removed
from the files, even before those files are
distributed among US-CCU researchers for
internal processing and analysis.
-
The
identification keys for information from
cooperating companies will be stored in
different computers or in different physical
files from the information itself. These
identification keys will be used only for
the outside audits that will be periodically
undertaken to verify the US-CCU’s work and
then only when the outside auditors have
themselves signed stringent non-disclosure
agreements.
-
Information from cooperating companies that
can be connected to the specific companies
will not be released even to government
departments and agencies unless the US-CCU
is compelled by a court order to release it.
-
The
US-CCU will not inform cooperating companies
about their own company information or about
the conclusions that the US-CCU has drawn
from that information, unless the company
has specifically requested that information
in writing. This is so that companies will
not be tempted to act on incompletely
analyzed information, and so that the
companies that cooperate with the US-CCU
will not be unfairly penalized by having
their liabilities increased in advance of
the rest of their industry.
-
The
US-CCU will provide a written agreement to
any company who agrees to cooperate which
will designate that company as a
“cooperating company” and confirm that all
of the policies enumerated here will be
applied to it.
-
The
US-CCU will not guarantee protection of
company information to companies that are
not “cooperating companies,” and that are
investigated by the US-CCU using public
information sources.
-
All
researchers and consultants employed by the
US-CCU will take every reasonable precaution
to avoid letting information collected by
the US-CCU fall into the hands of those
outside the US-CCU.
-
The
precautions taken by US-CCU personnel will
include: a) keeping personal watch over any
computers, paper files, or other physical
objects containing company information when
those objects are not locked away; b) making
sure that non-US-CCU personnel are not left
unsupervised in rooms where the company
information is easily accessible, and c)
storing the US-CCU information only in
computers adequately protected with
regularly updated firewalls and other
safeguards against intrusion.
-
All
researchers and consultants employed by the
US-CCU will be required to sign
non-disclosure agreements that include a
commitment to abide by all the rules
enumerated here. External auditors and
verifiers of the research will be bound by
similar agreements.
