IT law and data protection

As information technology (IT) has grown in business importance, so has information technology law. IT now permeates most businesses, and IT law touches on all sorts of activities, from purchasing IT equipment to the way employees use computer systems.

IT contracts

IT systems and services can be complex – and often vital to your business. Whether you’re purchasing IT, negotiating IT services or outsourcing some of your requirements, clear contracts are crucial.

Establishing your objectives helps you ensure that the contract delivers what you want, rather than technology that fails to meet your needs. Contractual arrangements need to be carefully reviewed to ensure that they take into account technology-specific issues, such as software ownership and licensing.

Thoroughly considered project-management plans help minimise the disruption as new systems and ways of working are introduced. For example, new technology may need to be interoperable with legacy systems or to run in parallel while bugs are ironed out. Again, appropriate contractual agreements can help anticipate issues and reduce risks.

IT laws

As technology evolves, IT laws and regulations change in parallel.

Existing laws have technology relevance. Health and safety laws cover computer use, intellectual property laws apply to software, databases, designs and copyright material on websites. Likewise, disability discrimination regulations apply just as much to services provided online as to retail premises.

New technology laws have emerged in areas such as data protection to cope with concerns over privacy. Internet law, such as restrictions on ‘spam’ email and protections for online consumers, provides regulation of online marketing and ecommerce. With the web channel increasingly important for most businesses, it’s important to ensure that you understand and comply with these.

IT policies

An IT audit can help you review how information technology is used in your business and where the main IT and computer law issues may arise. Developing appropriate IT policies then helps you to manage these risks.

As with other policies, realistic policy design and training are essential. Policies should aim to establish real ways of working rather than simply being exercises in paper-pushing. Technology can help in this – for example, by automating compliance (such as by providing effective data security) and preventing inappropriate use of IT.

Policies and their implementation will need regular review to assess their effectiveness. Policies will need to be updated to take into account emerging technologies such as online social networking. The right approach will aim to manage the risks without missing out on the opportunities technology may present.