As IT has grown in business importance, so has IT law. Information technology now permeates most businesses, and IT law touches on all sorts of activities, from purchasing IT equipment to the way employees use computer systems.
As technology evolves, IT laws and regulations change in parallel. New technology-related laws have emerged in areas such as data protection to cope with concerns over privacy. Regulations relating to the internet, such as restrictions on ‘spam’ email and protection for online consumers, have become increasingly important (these are covered in our ‘Sales and marketing’ section). With the web channel becoming increasingly important for most businesses, it’s important to ensure that you understand and comply with these and similar rules.
Remember also that other general business regulations, covered elsewhere on the Law Donut, can be applied to technology. For example, health and safety laws cover computer use, while intellectual property laws apply to software, databases, designs and copyright material on websites. Likewise, disability discrimination regulations apply just as much to services provided online as to retail premises.
IT systems and services can be complex – and often vital to your business. Whether you’re purchasing IT, negotiating IT services or outsourcing some of your requirements, clear contracts are crucial.
Establishing your objectives helps you ensure that the contract delivers what you want, rather than technology that fails to meet your needs. Contractual arrangements need to be carefully reviewed to ensure that they take into account technology-specific issues, such as software ownership and licensing.
Thoroughly considered project-management plans help minimise the disruption as new systems and ways of working are introduced. For example, new technology may need to be interoperable with old systems or to run in parallel while bugs are ironed out. Again, appropriate contractual agreements can help anticipate issues and reduce risks.
An IT audit can help you review how information technology is used in your business and highlight any potential legal issues that may arise. Developing appropriate IT policies then helps you to manage these risks.
As with other policies, realistic policy design and training are essential. Policies should aim to establish real ways of working rather than simply being exercises in paper-pushing. Technology can help in this – for example, by automating compliance (such as by providing effective data security) and preventing inappropriate use of IT.
Policies and their implementation will need regular review to assess their effectiveness. Policies will need to be updated to take into account emerging technologies such as online social networking and cloud computing. The right approach will aim to manage the risks without missing out on the opportunities technology may present.