IT Managers need to be aware of legal issues that can affect them. A few of those issues are summarized here.
Software vendors, and software organizations, such as the business software alliance (BSA) or the Canadian alliance against software theft (CAAST), take the matter of unlicensed software seriously. If an organization is using more copies of software than they are licensed to use, and these authorities find out through inquiries or performing an audit, the organization could suffer embarrassment and significant financial expense.Software tools are available to track software use as compared to actual licensing. In addition to ensuring one has enough licenses, one may discover they are over licensed, thus having the added benefit of perhaps saving money.
In an ASP or outsourcing situation, it is crucial for things such as service levels, confidentiality, privacy and security to be properly documented. If not, the organization can find itself without the level of performance it requires. It could also be found in breach of laws or agreements with others regarding privacy and confidentiality.
If software maintenance agreements are not properly negotiated up front, ongoing maintenance fees can get costly and impact future IT budgets. For example, annual maintenance fees are often expressed as a percentage of the then current list price for the software. That can lead to situations where a few years later more is being paid for annual maintenance than was paid for the license in the first place.
Use of Contractors
To the extent that contractors perform work for the IT department, it may be unclear who owns the material being created. If it is not clearly documented at the outset, this uncertainty can have serious ramifications for things such as the financing or sale of the business, especially if the company is in the business of creating software. This applies to any person and any entity that creates any kind of material (known as "creative works" under copyright law) that is not strictly speaking an employee of the organization. Trying to document this after the fact is at best difficult. Problems include actually finding the individual or entity, convincing them after the fact that it is yours, and getting them to sign something without demanding some sort of compensation.
Use of IT Assets by Employees
If an organization does not have technology use policies saying what employees can and cannot do with company systems and company provided technology, and how the company can monitor such use, the organization faces potential difficulties in disciplining employees who use the systems for excessive personal use, and potential lawsuits for such things as unlawful dismissal. This includes everything from PC's to Internet access, PDA's, phones, copiers, etc. Having a policy also sets expectations up front, which should lead to fewer problems
Check back tomorrow for the second part of this list.
The title says it all!!
The past couple of weeks, and the week ahead of us, have seen some great things...
David, a very warm welcome to the CIM blog. You have provided a very useful checklist (part 1) for IT Managers. I come across SB owners who either are truly ignorant about some of the issues that you raise or think that they can "get away with it". It only takes one disgruntled employee to blow the whistle on software licensing for example. Many SB owners are convinced that they cannot afford the full cost of software licensing and are therefore are tempted to "cheat".
Again, in some cases they are ignorant about the true licensing situation, and have "assumed" a problem exists. I, of course, encourage them to both come into compliance, if they are not, and to make sure that they really understand their licensing options.
It’s good to see your contribution to the Canadian IT Managers blog (CIM) and I’m looking forward to your future blog posts.
The legal areas you bring up are of interest to IT Managers and to the overall industry and profession.
With compliance penetration and the move towards increased governance, the integral weaving of legal risks are required.
Thank you for providing your insights into this important matter.
Stephen Ibaraki, FCIPS, I.S.P.
I have been asked to contribute an occasional post to the Canadian IT Manager blog. It is run by Microsoft, and includes content by independent professionals. My first post yesterday was 1 of 2 parts on Legal Matters IT Managers...