JoshD and I had a conversation in the comments of Tom's post on document IDs about the value of tracking customer deliverables. Josh started the thread with:

The feature of attaching a GUID to a new document is obvious. It will catch many (not all) instances of some other guy taking your doc, keeping the bulk of the work that went into authoring it, editing it up for his purposes, possibly throwing someone elses name on it and redistributing it. If you have worked in consulting, outside of a pure delivery role, for any length of time you can understand the utility of this. If you can’t then you haven’t.

For those who will make the argument that “no one starts from scratch writing docs in a consulting environment so why try to monitor for this,” yes taking an existing doc and “retooling” it is a common and acceptable practice. However this right is all too often abused at the expense of the original author, so why not add some trackability.

I think there are several concerns with consulting deliverables:

1) Deliverable templates. At some organizations, a lot of work was done to make deliverables unique from other companies. When a consultant leaves, you would prefer it if the company they go to doesn’t benefit from your efforts. On some level this is impossible to stop. A GUID here would be only slightly helpful, assuming that you could keep it through the process.

2) Customer tampering. This is actually a bigger risk. Customer gets your document, modifies it and represents it as yours to their peers (or even outsiders). Things like: “Matasano says we are the awesomest!”. You may not even know that it is happening, but an md5 should be sufficient.

Other than that, the document reuse inside of an organization is actually a great thing as long as it isn’t compromising customer information. It saves time. Saving time saves money. Saving money means the customer isn’t paying you to write prose about SQL injection.

The instances I’ve seen of these are not directly or indirectly related to you, just thought you might have seen other similar things while working:

External competitors rewriting proposals as their own. Despite the original word doc not being published outside the company. I’ve never seen a clear case of a competitor gettign the original word doc in this case, they more than likely had a PDF and copy/pasted.

External entities rewriting reports (clients, competitors, random people who never should have seen the report)

At some solutions company with a consulting arm: salespeople privately making client requested edits to a consulting report before finalization in order to win more business (heard of instances of this at a few companies) (also seen a few variants of this kind of activity)

I guess a good number of the examples I saw were not exactly external, as they were external to a specific consulting department but internal to a specific company. When each department is carrying its own P&L this can be a tricky situation. I’m specifically excluding a case where consultant A reused a proposal by consultant B to get more business or one of the many other legitimate cases of document reuse.

Anyhow it isn’t a huge deal and even without using the GUID solution described above, establishing the original author is generally easy to do. More generally I’ve just been surprised on occasion when I check various word files’ properties pages and saw an original author and other notes that either have little to do with the current document’s contents or indicate some sort of interesting handoff of the file at some point.

This last point has worked both ways! I can't count the number of times that I would receive and RFP from a customer and see the name of a competitor inside of File->Properties. And don't get me started on what track changes reveals.