Across the breadth of this remit, you may encounter many different legal issues relating to your use of technology and the digital information stored on it and transmitted by it.
Some of the main legal issues faced by CTOs include:
- Data Protection breaches
- Intellectual Property rights
- Moral rights disputes
- Software licensing and anti-piracy
- IT service contract disputes
It’s a role that ranges from procuring new hardware and software, to carrying out scheduled maintenance and installing upgrades, to reacting to major downtime, system outages and potentially disastrous business interruption.
GDPR and Data Protection
The EU General Data Protection Regulation, or GDPR, was one of the biggest changes to data protection legislation in 20 years, and while its remit is broadly similar to that of its predecessor, the 1998 Data Protection Act, there are important changes for CTOs.
Under GDPR, the regulation covers seven fundamental principles:
- Lawfulness, fairness and transparency
- Limitation of purpose
- Minimisation of data
- Accuracy of data
- Limitation of storage
- Confidentiality and integrity/security
It is the last of these that is arguably most significant for CTOs and IT managers, as it means somebody must be held accountable not only for data loss, leaks and breaches, but also with general proof of compliance with the other principles of GDPR.
The ICO says: “There is a new accountability principle. This specifically requires you to take responsibility for complying with the principles, and to have appropriate processes and records in place to demonstrate that you comply.”
Accountability is not a one-time checklist, but an ongoing obligation to adhere to a long list of criteria, some of which are mandatory, while others are examples of best practice:
- Appointing a data protection officer.
- Adopting appropriate data protection policies.
- Making data protection a ‘by design and by default’ approach.
- Documenting your own data processing activities.
- Maintaining written contracts with companies that process data for you.
- Implementing suitable data security methods.
- Assessing potential data protection impacts for high-risk data.
- Recording and reporting data breaches.
- Adhering to relevant codes of conduct.
- Signing up to suitable certification schemes.
It’s a list that goes on and on, and in many organisations, the CTO or a senior IT manager is likely to be named as the company’s main or only data protection officer – making accountability for GDPR a very personal responsibility and personal legal liability.
Find out more about GDPR from our data protection lawyers in Sheffield, York and Leeds here.
Intellectual Property and Moral Rights
Intellectual property is essentially the copyright of ideas, from inventions and innovations to written materials, multimedia and computer programs.
While these are not tangible products – for example, somebody could reproduce a computer program by retyping the code line by line – they are protected against piracy and unauthorised duplication.
For CTOs this is another broad policy area, as it includes:
- Your own company’s IP, which must be protected against theft and against copyright claims by employees and contractors who worked to produce it.
- Third-party IP used under licence by your company, from computer operating systems and software to images and text used on your website and marketing materials.
In terms of the IP produced by and for your company, it is important to have contracts in place that transfer copyright to the company, rather than it remaining with the original author as an individual.
There are further rights granted to authors that you should be aware of, including authors’ and performers’ rights, and also moral rights. Moral rights, in particular, cannot be bought or transferred, although you can ask authors of works to waive their rights in respect to that work.
Moral rights include four basic principles:
- The right to be attributed as the author (routinely waived when employed or contracted by a third party, but worth including in contracts).
- The right to object to derogatory treatment (including edits, additions and deletions to attributed works).
- The right to object to false attribution (i.e. naming the individual as the author of a work they did not produce).
- The right to privacy of certain content (e.g. to prevent a photographer from using your wedding photos in their marketing materials).
While the last of these is largely aimed at protecting individuals who hire a creative professional to produce some form of content for them, the first three have clear implications for all kinds of content, and especially digital works, produced for companies by their employees and/or third-party contractors.
Read more on this from our intellectual property lawyers in Leeds, Sheffield and York here.
Software Licensing and Anti-Piracy
Software licensing governs how you may use software purchased from a third-party developer, usually including a limitation on the number of copies of the program you are allowed to install.
For companies that means licensing enough copies of the software for use in commercial work – and not just using a single personal licence for multiple business installations of the program.
There are certain specific exceptions to this, for example, although you may not be allowed to duplicate software under the terms of the licence, it may be necessary to download an installer or setup program and save it to disk – essentially making a duplicate of it.
You are usually also allowed to keep a backup copy of the master installation program or the setup CD-ROM (or DVD-ROM) without breaching the copyright or licence conditions, providing that you only use this backup copy as a substitute for the master copy, and not as though you have purchased a second user licence.
The flip side to all of this is if your company is a software developer, in which case it is essential to ensure any software you sell is fully protected by an end-user licence agreement (EULA) that limits the buyer’s ability to duplicate, modify or resell your work.
At Lupton Fawcett we have over 50 years’ experience working on intellectual property cases and especially on disputes involving software licences. We have represented clients in the Intellectual Property Enterprise Court and the specialist IP section of the High Court.
Find out more about our IP solicitors in York, Leeds and Sheffield here.
Working in IT/CTO Roles
If you choose to work in one of these diverse and challenging roles, it is crucial that you are aware of the legal issues you may face and how to protect both your own interests and those of your employer.
This can be even more complex if you work as a contractor or as an interim CTO on a fixed-term contract, as your interests might not align precisely with those of your employer.
At Lupton Fawcett, we understand the difficulties faced by senior IT professionals, who in many cases are what holds an organisation together in a digital era when even a short period of downtime or a relatively small data breach can be catastrophic.
With the professional advice of our IT solicitors in Sheffield, Leeds and York, you can rest assured that your interests are protected and that you have somewhere to turn in the event of a breach or dispute.