Your Trust, Our Obligation
Confidentiality is not merely a policy at Bugajski Consulting: it is the foundation upon which every engagement is built. Our clients entrust us with sensitive matters, and we treat that trust as sacrosanct.
The nature of our work demands absolute discretion. Whether conducting sensitive investigations, providing executive protection, or advising on crisis response, we recognise that the information shared with us, and our very engagement, often represents our clients\' most closely guarded interests. This statement outlines the principles, protocols, and practices that govern how we protect that trust.
Core Principles
Four foundational principles guide our approach to client confidentiality.
Need-to-Know Basis
Information is compartmentalised strictly according to operational necessity. Team members receive only the information essential to their specific role, minimising exposure and maintaining integrity across all engagements.
Client Anonymity
We never acknowledge client relationships without explicit written permission. Our internal systems use codenames and reference numbers rather than client identities. Your engagement with us remains known only to those who must know.
Adversarial Mindset
We design our security protocols assuming sophisticated adversaries are actively attempting to compromise client information. This defensive posture informs every aspect of our operations, from personnel vetting to infrastructure design.
Personnel Security
All staff undergo rigorous vetting commensurate with their access levels. Ongoing monitoring, regular security refreshers, and strict contractual obligations ensure that our team maintains the highest standards of discretion throughout their tenure and beyond.
Communication Protocols
We accommodate client preferences whilst maintaining rigorous security standards. The following channels are available for sensitive communications.
Encrypted Email
PGP/GPG and S/MIME encryption available. We can accommodate client-preferred encryption standards.
Secure Messaging
Signal and Wire for real-time communication. No message retention on our devices beyond operational necessity.
Voice Communications
Encrypted voice calls via secure platforms. PSTN calls avoided for sensitive discussions unless specifically requested.
In-Person Meetings
Secure meeting facilities available in London, Casablanca, and Prague. Alternative locations arranged upon request with appropriate counter-surveillance measures.
Document Exchange
Secure file transfer via encrypted platforms. Physical documents handled according to classification level with appropriate chain-of-custody protocols.
Data Handling & Protection
Our approach to information security reflects the sensitivity of the materials entrusted to us.
Data Minimisation
We collect and retain only information necessary for the engagement. Extraneous data is not gathered, and scope creep in data collection is actively prevented.
Secure Infrastructure
Sensitive materials are processed on air-gapped systems where appropriate. Our digital infrastructure employs defence-in-depth principles with multiple layers of protection.
Jurisdictional Awareness
We maintain awareness of data protection requirements across all jurisdictions where we operate. Data residency requirements are respected, and cross-border transfers comply with applicable regulations.
Secure Destruction
Upon engagement conclusion or client request, data is securely destroyed using methods appropriate to its sensitivity. Certificates of destruction are provided upon request.
Retention & Destruction Policy
We retain information only as long as necessary. Our default position is minimal retention with secure destruction.
| Category | Retention Period |
|---|---|
| Active Engagement Materials | Duration of engagement plus agreed post-completion period |
| Final Reports & Deliverables | As agreed with client, typically 2-5 years |
| Administrative Records | As required by law (typically 6-7 years) |
| Source Materials & Raw Intelligence | Destroyed upon delivery of final product unless otherwise agreed |
Conflict of Interest Management
Rigorous protocols ensure we never compromise one client for another.
Comprehensive conflict checks conducted before accepting any engagement
Potential conflicts disclosed immediately and discussed transparently
Information barriers implemented where appropriate and feasible
Engagements declined where conflicts cannot be adequately managed
Contractual Protections
All engagements are governed by comprehensive legal agreements that formalise our confidentiality obligations. Standard provisions include:
Non-Disclosure Agreements
Mutual or unilateral NDAs executed before substantive discussions. We readily sign client-provided agreements.
Engagement Letters
Detailed terms governing scope, confidentiality, data handling, and destruction requirements.
Staff Obligations
All personnel bound by contractual confidentiality obligations extending beyond their employment.
Subcontractor Controls
Any third parties engaged on client matters bound by equivalent confidentiality requirements.
Questions About Our Protocols?
We welcome detailed discussions about our confidentiality practices. For matters requiring enhanced protection, bespoke arrangements can be established to meet your specific requirements.