– Barbara Rogan,Chief Legal Counsel with LogLogic (www.loglogic.com), says:
What steps can data center and IT managers take to limit the possibility of potential legal liabilities?
The keys protecting the company is communication and knowledge:
- The first and most important level is communication between IT and the department which set the policies, which is typically the Legal Department. IT must understand what the policies say and what implementation of the policy means practically for their department. The best case scenario is when IT and the Legal Department work together to develop the policies in light of the needs of the business. IT input is invaluable to the Legal Department in setting the policies, identifying areas of vulnerability, and implementing the policy. Typically, the Legal Dept has only a rudimentary understanding of how IT works and how the data flows. If you can provide your legal team with data flows and IT processes, you will certainly be the Legal Dept’s hero!
- Ask the Legal Department for designated contact for questions about policies. Don’t guess what a policy means. Also, if a policy creates a business problem, speak up! Let the Legal Department know as many of the policies can be revised or modified to meet your business’ needs.
- Ask for training on issues that are relevant to your company. If you don’t have the expertise in-house, get outside training.
- Know what’s being stored in and what’s going on in your network.
A partial list of laws that might impact a SMB IT Department:
- HITECH ACT
- European Data Privacy Laws
- Child Online Protection Act
- Copyright laws such as Digital Millennium Copyright Act
- Various State laws such as the Massachusetts Privacy law and California Civil Code 1798.82 and 1798.29
- Trade secrets laws such as the Economic Espionage Act