Pierre Mitchell and his Software Buyers’ Bill of Rights

Pierre Mitchell, my US Spend Matters colleague, is at the very top of the list  when it comes to experts in our world of procurement and supply chain technology and its link to business. He wrote a series of posts last week and this that should reverberate around our community - I hope he's going to do a summary in a slightly quicker and easier to read format, because as they are, you need to get into these articles, not just skim the surface. But it is well worth spending that time. Here's the most recent.

His argument is that procurement software buyers need a "bill of rights" to protect their interests. He gets into a number of ways in which buyers (and the organisations they work for) are not being well served by some providers currently.

One major issue he picks up on is that of data security and privacy. Right #2 – Have your mission critical B2B data be secure . Now this is becoming a big issue in Europe in the particular sense of the Patriot Act and whether business data can be acquired by the US government, even if it isn't stored in the US. We'll have more on that to follow. But Pierre is talking about perhaps an even broader issue. Who owns your data that sits on supplier networks?

So if you are trading (sourcing and / or transacting) through a network, there is likely to be a huge amount of your data sitting there. Some might not be very sensitive, but there will probably be prices, volumes, production schedules perhaps, details of which suppliers you use, terms and conditions... It's not hard to think how some or all of that might be useful to competitors.

And apparently some software and network providers are trying to avoid signing appropriate  taking signing confidentiality clauses in contracts with their customers, and are taking other actions to drive  people towards their networks - Pierre mentions SAP / Ariba as an example. And the risk is that once you've put data into certain networks, the provider owns the right to use it - at least at an aggregated level.

“Let’s stay on this issue of data security for a moment. Consider Ariba’s lack of deeper security support for standards (compared with Quadrem) coupled with SAP’s hard push to move buyers onto the supplier network by virtue of upgrading to Ariba’s “network applications” (see PBOR Right #1). The sum of these policy choices – and they are choices that SAP/Ariba have made based on business decisions rather than technology limitations – is creating friction for many in the SAP/Ariba ecosystem, by their own choice or otherwise”.

Pierre points out that a new generation of business network providers is presenting more flexible options and that the market is likely to “self-correct” if  SAP/Ariba don’t re-evaluate their stance.

Here’s how he ends part 3 – and look out for more installments to come.

“We fully expect some day that various bodies, legislators, and courts (perhaps in the EU) will challenge SAP/Ariba and others around data security, perhaps as it pertains to the impact of data security around small businesses or sole proprietors, breaching established norms. But this could be decades away. In the meantime, the market may very well self-correct, just as the early citizens of the US and their elected officials adopted the First Amendment (and other elements of the Bill of Rights) without needing the courts to tell them so”.

It's all food for fairly concerning thought, and I suspect Pierre has written something here that will reverberate for some time to come. Read it now - part 1, part 2, and part 3.

Discuss this:

Your email address will not be published. Required fields are marked *