IT Pros: How to Avoid Lurking Legal 'Gotchas'
As an IT pro, you could get in legal trouble without even realizing it. You may be liable for civil damages, criminal fines, and/or jail time if, while doing your job, you intentionally or accidentally breach contracts or violate laws. It doesn't have to be criminal behavior; there are lots of noncriminal actions, called torts, that you can accidentally stumble over.
This kind of inadvertent legal trouble actually happens to IT pros. For example, one client I represent in a copyright infringement case went to a construction site, measured the kitchen, then went back to his office and created a kitchen equipment drawing using AutoCAD. Sounds innocent, doesn't it? Yet he is now a defendant in a federal lawsuit, as is his employer for infringing the copyright of the architect, even though he made his own drawings rather than use the architect's drawings. In the United States, for better or worse, anybody can sue anyone else -- and they frequently do.
So how can you get in legal trouble without even knowing it? Let me describe some specific instances where IT pros could unwittingly find themselves in legal trouble by just doing their job.
Confidentiality and privacy violations
You need to be wary of how you treat confidential information, so an understanding of privacy laws is essential. Information could be considered confidential because the owner of the material contractually requires protection of the knowledge by those with access to it. State or federal laws dictate whether information is considered private and whether there is an obligation to protect certain types of information about individuals.
An example is HIPAA, the law governing the use of medical information, which lists 18 data elements that may not be made public. As an IT pro, you should be aware -- in a general sense -- of the origins of the data stored on your IT systems. For example, privacy laws vary widely across companies, so if you access or manage information systems that include data from, say, the European Union, different laws and requirements may apply than if your business handles only U.S. data.
As companies deal more and more globally, it's easier and easier to have information from different regions, each with its own rules. The E.U.'s Data Protection Directive, for example, permits individuals to access computers that have information about them and requires the holder of that data to modify it as requested. Canada and Japan have similar laws relating to personal data.