The internet and your company: get legally savvy

Internet and email: Get legally savvy
A complex web of rules and regulations now pervades the internet

Without question in the connected global economy, the majority of employees need access to the web and email in order to perform their job role.

Yet as indispensable as they might be, they also pose a number of inherent risks. These are not always fully understood and as such businesses could be leaving themselves vulnerable to legal liabilities. Knowing what the risks are is key to helping you manage them. Here are just a few:

Obtaining information via the web is easy - that's part of its appeal. But there is a common misconception that if it is on the web you can do what you like with it. Not so.

Much of the information on the internet is protected by copyright and only the copyright owner has the right to copy, adapt, distribute and communicate that data in public.

The problem is exacerbated further by email, shared network storage and sophisticated online networks such as peer-to-peer (P2P), which make it easy to circulate data and therefore infringe the copyright further if you don't have the permission of the copyright owner.

P2P is of particular concern because once a file has been downloaded other P2P users can then access an employee's computer to make copies of that file, and if P2P clients are not properly configured it is possible to expose the entire contents of a computer to other P2P users, possibly disclosing confidential business information in the process.

Such a leak could be considered a breach of the Data Protection Act and result in a fine from the ICO.

Risks from BYOD policies

More and more companies are taking advantage of the productivity gains to be had from implementing a bring your own device (BYOD) policy.

But BYOD, like social media, blurs the lines between work and private life and employees may well be more lax about how they use the Internet and email on their personal device.

Indeed, there have been many reported faux pas of portable computing devices containing sensitive data being left in public places.

Devices used in connection with employment could be bound by the principal of vicarious liability, which has proved to be very broad, and BYOD makes it harder to monitor and manage what information is on which device, further increasing business risk.

Lost devices not only have the potential to cause embarrassment, but can also lead to large fines if the Data Protection Act is ruled to have been contravened.

Defamation

Internet access allows information to rapidly be disseminated through applications such as emails, access to message boards, blogs and social media networks.

Employees need to be careful what they write about individuals or organisations online as unguarded comments can attract expensive defamation litigation.

You might not consider an email to be publication, but the law views it as such. Just ask one well known supermarket who ended up paying a £10,000 to a police officer who felt they had published defamatory remarks about him in an internal email warning about his possible involvement in a scam.

Some of this might seem like obvious stuff, but you'd be surprised how few companies realise the legal ramifications of what seems like acceptable behaviour.

Be proactive in managing risk

There is no silver bullet in terms of ensuring that your business has every possible infringement covered, but it is important to be proactive in trying to manage potential risks.

Regulatory bodies take a dim view of organisations that fail to demonstrate an adequate duty of care. Ideally businesses need to think about how they can stop breaches from happening, as opposed to what they do in the event of an incident.

To achieve this goal, technology, people and process need to work together to ensure that a company protects itself as robustly as possible.

  • Charles Sweeney is CEO of Bloxx. He has worked with a number of successful high-growth SMEs across a variety of sectors including medical devices, animal health and software development.