snIP/ITs Insights on Canadian Technology and Intellectual Property Law

Ten Tech Law Resolutions for 2012

Posted in Consumer Protection, Copyright, E-Commerce, Intellectual Property, Privacy
George S. Takach

January is a great time to make some resolutions for the coming year. In addition to the personal ones you have made, here are 10 involving tech issues that are (or should be) important to your organization.

1. Closing the Loop on Open-Source

Open-source software code and other types of materials and technical artefacts that are subject to open-source licensing models are proliferating in your business.  Some of this material is made available under open-source license agreements that are fairly benign.  In some cases, however, the license agreement can be quite problematic, including requiring you to make available to the public for free work product that you thought was going to be proprietary to you.

Therefore, it’s extremely important to have your IT department  – and other business units in your organization that use open-source-type tools and content – identify all the instances where open-source items are used.  You then need to get a handle on all the relevant license agreements and understand them in detail relative to your organization’s business objectives.  We see so many clients surprised by open-source issues when they finally come to understand them – you don’t want to be among this group in 2012.

2. Privacy Law Review

When was the last time you updated your privacy policy?  Silence.  I thought so.  Well, you’re not alone.  Most organizations write it once, and then essentially leave it unchanged for years.  But legal apathy is not an option.

If you operate in Alberta, or at least have data from individuals in Alberta, at a minimum you’ll want to review your privacy policy from the perspective of reflecting the recent changes made to Alberta’s privacy law.  In addition, however, there is also the update exercise whereby you review all the activities going on on your website, and then you ask whether your privacy policy is appropriate to cover all these moving parts.  In an ideal world, by the way, this would be done quarterly, and not just once a year, given how dynamic your web presence is nowadays.

3. Using User-Generated Content

Speaking of reviewing websites, you should also keep in mind user-generated content (UGC).  Chances are over the last little while your marketing people have added to your website the ability to collect from users (young and old) content of various forms (written, photographic, voice, musical, just to name four).  This UGC is great in terms of making your web presence fresh and vital.  But it also presents a certain legal risk profile.

For example, if the UGC contains the image of the person posting it, then an IP and personality rights waiver is required from this individual.  This is the (relatively) easy part.   More challenging, is to deal with the picture of the friend in the image (if there are two or more subjects in the image).  Likely this “innocent” third party will have no inkling that the camera wielding friend has done this.  And if they chance upon it, can he or she ask that the court remove the image?  Ideally you want to deal with the situation proactively, before it ever gets to a complaint stage (let alone a proceeding before a court).

4. Cloudy Computing

Chances are someone in your organization is considering a cloud IT solution as you read this – but you haven’t been informed of this yet.  This is one tech development you shouldn’t wait to get the email for.  And of course IT will come to you on a Friday, expecting your legal review and sign off, by Monday.  Sounds familiar?  To avoid this scenario, you should actively go out to the business and find the one or two cloud pilot projects that are now being worked up by the IT group for implementation in 2012. 

The three-day legal review scenario (Friday to Monday) can work on something like a sign off on some advertising copy.  But cloud computing is way more complicated.  Just wrapping your head around how it works, and what the different features of the cloud infrastructure are that you’ll be using, is a big job but a completely necessary one.  And again, you can either wait to work out this issue (with all sorts of pressure to get it done yesterday), or you can conduct a review at your own leisure (well, maybe not “leisure,” but at least your own cadence).  This will then allow you the time it will take to review properly the security and contractual provisions from the cloud service producer.

5. Online Security Review

Security is a critical concern for your website, or your IT facility generally, or your cloud computing relationship.  Indeed, security is perhaps the single most important issue in tech right now.

Therefore, 2012 should be the year you get around to taking that course in “online security for non techies.”  And ideally it is focussed on ISO standards, as our federal Privacy Commissioner is quite keen on ISO security standards.  But even if you don’t take the course, this is the year you read up on security, and become much more conversant in online security, privacy and protection issues.  Your organization’s potential liability may depend on it!

6. Implementing the Anti-Spam Law

Later this year, the federal government’s new anti-spam law will likely come into effect.  Which means now is precisely the time to get going on the review process, so that you will have plenty of time to go through your organization’s electronic messaging practices in order to determine what you need to do to comply with the new law.

Some lead time here is truly in order.  From the early work we did last year with some clients in this area, I can tell you that complying with the anti-spam law is not a simple exercise.  There are lots of nooks and crannies in the new statute.  But most importantly – and most time consumingly – you will need to get to the bottom of how exactly your organization reaches out to customers and prospects electronically.  You will be surprised at what a multiplicity of channels and content you will discover – and how each one requires a slightly different anti-spam law response.

7. New Domain Names

An additional international domain name system will be establishing a range of new domain names this year.  All sorts of opportunities will be opened up to acquire names with possibly very significant marketing, economic and strategic value.

You may not initially see a pressing need for pursuing such a new domain name – why not “leave well enough alone,” etc.  But at a minimum you should research the new domain name horizon being opened up, and determine whether (or not) it impacts you, and in what ways.  An informed decision (one way or the other) now will let you sleep better as the year wears on and some high profile new domain name operators are announced.

8. It’s A Wrap

Last year the BC Supreme Court delivered a judgment that upheld a website’s “browse wrap” terms and conditions against a third party who had used the site in a manner contrary to such terms and conditions.  This was an important decision (and echoed an earlier decision from Quebec) because it means that in the online world “express click consent” is not required in all circumstances where you are looking to have users adhere to your website terms and conditions.

What this means is that now is a good time to review your website’s approach, or more likely approaches, to end user/customer consent.  And especially if to-date you have put your users through a fairly rigorous express click consent process, maybe you can dial that back to a browse wrap format, thereby making the user experience a simpler one.  Imagine, you get to visit marketing and tell them they can make the website less onerous from a legal design perspective – hey, watching the smile on their faces is reason enough to undertake this particular New Year’s resolution.

9. Looser Links

In a similar vein, last year the Supreme Court of Canada released a decision that now makes it far less likely that a link from your website to a problematic third party website will get you in trouble legally.

Therefore, as with the browse wrap issue noted immediately above, again you could visit marketing and give them the good news that they have more leeway now in determining who they want to link to on your organization’s website.  You should space this visit about two weeks after your visit to talk about the greater flexibility on browse wrap procedures, so that marketing begins to really get the sense that you are incredibly smart and helpful to them.

10. Just Do Them

Finally, don’t allow the above list of “to-do’s” to become 101-109 on your list of 100 things to do.  Just do them.  Now.