IT Manager's Legal Guide: Data Handling and Security

Tips about legal safeguards in the workplace for copyright, P2P, Internet access, data breaches and more.
Posted September 18, 2008

David Strom

David Strom

(Page 1 of 3)

As computers have permeated our society, it was only a matter of time before the lawyers started getting involved. And it seems that lately there are more laws on the books and pending regulations that influence how IT managers will run their computing infrastructure and manage their desktops.

While some of these legal matters originate from personal situations, they have broader implications for corporate computing too. Let’s take a look at some of these recent actions and suggest ways you can cope and plan for what will certainly be our more litigious future.

Copyrighted content

Certainly, the area around digital copyrights is an active one, as the courts and content creators such as the RIAA try to define what is allowed (not much) and what is illegal (just about everything).

But some of these legal actions are showing just how global the Internet has become and how widespread what can be considered a copyrighted work can be. As examples, one lawsuit originates from Italy’s MediaSet, a powerful conglomerate run by the son of the country’s prime minister. Another is that the popular game Scrabulous was removed from Facebook due to copyright actions by the makers of Scrabble, even though the game continues to be available on the Scrabulous Web site itself.

One could argue that the popularity of the game, combined with the power of the social networking site, made it more egregious for the game’s copyright holders. A cynic could also counter argue that the companies involved were doing their best to annoy their biggest fans, and it all boiled down to a matter of royalty payments. Certainly, posting video clips of popular TV shows should be avoided, especially if these clips have been put anywhere on enterprise-owned storage.

TIP: Employ endpoint scanning technology to determine what your users save to their desktops and also examine network servers for illegal content. "We can tell at any time if one of our workstations contains a catalog of MP3 files, or perhaps has a particular spyware application installed. It is disturbing that our current legal environment forces us to take these steps, but the equipment and network are not personal property and cannot be treated as such," says Tony Maro, Chief Information Officer for HCR Imaging, Inc. in White Sulphur Springs, WVa.

Peer file sharing services

Last month, FCC Commissioner Robert McDowell asked AT&T Wireless to provide the information regarding its peer-to-peer policy during a recent FCC hearing tied to broadband issues.

While they currently don't block peer-to-peer traffic across their wireless network, clearly it is a concern. And as more smart phones with broadband wireless coverage become popular, clearly it isn’t just what p2p traffic transits your own corporate network, but how your users interact with the wireless vendors too.

This makes it even more important to have a policy on usage of peer file services by corporate-owned computing devices, including phones and PDAs. “We prohibit peer to peer across our network because of the security aspects and the bandwidth concerns at our remote sites,” says David O’Berry, Director of IT Systems for the South Carolina Dept. of Probation, Parole and Pardon services.

TIP: For some IT managers, such as those at colleges, it isn’t a matter of blocking peer file sharing, but putting in place enough protection to make sure that other network traffic has priority. One manager said, “If we block it completely, the students would just figure out a way around the blocks. So we slow it down, particularly during the work day when staff and others need Internet access, and open it up more at night.” In any case, make sure you understand the nature of your traffic with respect to protocols, ports, and applications.

Net neutrality

Speaking of slowing down traffic, part of the debate over net neutrality has to do with what traffic gets carried by which Internet provider, and the priority assigned to various users, protocols, and applications. And while the FTC has ruled that Comcast can't entirely block peer file sharing traffic, at least not without prior notification of its customers, the ruling has major implications for distributed corporate workforces and a greater reliance on cloud computing and Web-based services and applications.

TIP: Consider carefully which services you migrate out of your data center, and who and how your users will have access. "I absolutely won't move a service to the cloud unless it is a commodity and I can manage its delivery," says O'Berry. Currently, he is exploring Web services to deliver email, spam and virus filtering for his users as well as to provide more secure Internet access for his most mobile users while they are away from their offices.

Page 1 of 3

1 2 3
Next Page

Tags: Facebook, wireless, FCC, FTC, policy

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.