The increasing sophistication of mobile devices, data and 'always-on connectivity' means IT plays a role in almost every business - no matter how small. As technology has evolved within business, so has IT law and it touches on all sorts of activities, from purchasing IT equipment to the way employees use technology.
Technology-related laws have emerged in areas such as data protection to cope with concerns over privacy including the new General Data Protection Regulations. Other regulations relating to the internet, such as restrictions on 'spam' email and protection for online consumers, have become increasingly important (these are covered in our 'Sales and marketing' section). And with most businesses having some kind of interaction with customers online whether through an e-commerce site or social media profile, it's important to ensure that you understand and comply with these and similar rules.
Remember also that other general business regulations, covered elsewhere on the Law Donut, can be applied to technology. For example, health and safety laws cover computer use, while intellectual property laws apply to software, databases, designs and copyright material on websites. Likewise, disability discrimination regulations apply just as much to services provided online as to retail premises.
IT systems and services can be complex - and often vital to your business. Whether you're purchasing IT, negotiating IT services or outsourcing some of your IT functions, clear contracts and enforceable service level agreements are crucial.
Establishing your objectives helps you ensure that the contract delivers what you want, rather than technology that fails to meet your needs. Contractual arrangements need to be carefully reviewed to ensure that they take into account technology-specific issues, such as software ownership and licensing.
Thoroughly considered project-management plans help minimise the disruption as new systems and ways of working are introduced. For example, new technology may need to be compatible with old systems or to run in parallel while bugs are ironed out. Again, appropriate contractual agreements can help anticipate issues and reduce risks.
An IT audit can help you review how information technology is used in your business and highlight any potential legal issues that may arise. Developing appropriate IT policies then helps you to manage these risks. They can also make it clear to employees what is and isn’t permissible when using company equipment, email, social media and data.
As with other policies, realistic policy design and training are essential. Policies should aim to establish real ways of working rather than simply being exercises in paper-pushing. Technology can help in this - for example, by automating compliance (such as by providing effective data security) and preventing inappropriate use of IT.
Policies and their implementation will need regular review to assess their effectiveness. Policies will need to be updated to take into account emerging technologies, developments in IT and data laws and new ways of working such as online social networking and cloud computing. The right approach will aim to manage the risks without missing out on the opportunities technology may present.