Monday, April 27, 2009

IT professionals - whether employees, contractors, or freelance -- need to pay attention to changing legal requirements carefully

One of the critical tips for “staying out of trouble” in the “conventional” workplace (including working for a contractor) and when working as an entrepreneur (running and Internet publishing business, for example) is to stay alert to the “little things” that other parties require, sometimes contractually, sometimes as a result in more distant changes in the legal or technical environment.

A good example is provided by change control mechanisms. About twenty years ago, mainframe shops starting using them more rigorously (I’m talking about CA-Librarian and Endeavor, and Changeman, for example, or Harvest in client server environments). The point of following the procedures carefully was to guarantee that a link-edited load module matched the source (that is, that the source couldn’t have changed since, hiding the possibility of fraud, the way the risk could play out in the world of 20 years ago). But sometimes these packages were only partially implemented, and programmers had to remember to follow each step (such as “processing” a module in Librarian before link-editing it) to obtain the protection of the software. Sometimes management would mention the new software but not point out the reason why it was important to follow the procedures carefully. So the programmer had to remain alert.

Another example is recent: bloggers placing advertisers find out that they need to take responsibility to state “privacy policies”, that they are responsible for playing “brother’s keeper” with their visitors (see my main blog April 24). There could follow a good legal or ethics-based debate here as to whether this is necessary and the right way to do if once it is required. Bloggers might have thought this was only necessary if they required a login by the user, but one could even debate that they should require a login so that the visitor agrees to the policy. There is a always a good question in deciding when professionals need to protect themselves, and to help others using their services or content protect themselves.

Still another field with many examples comes in the territory of HIPAA, the Health Insurance Portability and Accountability Act. There are plenty of traps for IT people in all the rules.

Picture: A high school architecture project, Arlington VA: perhaps a recreation of "The Bridge of San Luis Rey".

No comments: