Are you breaking the law?

Over the years IT has acquired a number of defining characteristics, some of which have almost managed to become caricatures. Perhaps the most worrying such feature is the ability of many senior, extremely competent professionals to do their very best to ignore selected laws that are found to be inconvenient or in any way difficult to accommodate. A new survey commissioned by Compuware illustrates that as characteristics go, law breaking and IT go almost hand in hand and could have alarming, expensive and extremely embarrassing consequences.

The Compuware survey reports that forty-two percent of United Kingdom (UK) based IT departments use real customer data in the testing processes applied to new applications. The use of identifiable customer data in this way is explicitly prohibited under the terms of the UK's data protection act. This legislation prohibits organisations from using customer data for any use other than that for which it was originally collected.

Perhaps the most disquieting results illustrate the extent to which ignorance of the act is still a reality despite the law being in place since 1988! The survey reported that forty-seven percent of IT directors questioned admitted that they were only vaguely familiar with the terms of the act. Indeed, thirteen percent considered that the act was outside their area of responsibility.

These results are only the latest illustration of how little attention many laws attract in the day-to-day business of running IT operations. Licensing laws are still often overlooked because of inadequate asset management tools being employed by organisations coupled with a low level of understanding of the legal status of software amongst end users.

As another example many organisations still do not have in place adequate systems to ensure that Portable Appliance Testing (to ensure the safety of electrical devices, including computer systems and peripherals) takes place at scheduled intervals. Equally, the health and safety legislation covering every employees use of computer workstations and the enforcement of the Working Time directive are considered by many to be a tasks of very low priority despite the underlying European legal requirements.

More recently yet, legislation came into force within the last three months requiring that any UK based organisation selling goods or services on the Internet to supply comprehensive customer contact information (Phone number, Address, Contact Names) rather than simply providing an e-mail address. Many Web traders have either ignored this requirement or are unaware of its existence.

Infringement of any of these laws can result in anything from a large fine to, under certain circumstances, imprisonment. High profile embarrassment is almost guaranteed. Remember, Ignorance is no defence in law.

http://www.it-director.com/business/content.php?cid=3176