IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Copyright
#
IT management
#
Law
That dirty word: compliance
Sun, 1st Nov 2009
FYI, this story is more than a year old
By Staff Writer
Follow us

Compliance isn't a very popular word for businesses. In fact, until relatively recently if you asked most companies about their IT compliance policy they would point blandly to a pro forma document warning employees not to download inappropriate material from the internet. Or they wouldn't have one at all.

However, recent changes to New Zealand's copyright legislation have brought into the spotlight the need for businesses, as employers, to have a comprehensive IT compliance policy.

To put it bluntly, employees infringe copyright on virtually a daily basis. Employers who haven't taken adequate steps to prevent this happening may be liable for that infringement. As it is no secret that many rights holders are looking for high-profile companies to make an example of, the bigger the company the bigger the risk…Why is having an IT policy (suddenly) so important? There has been a widespread media circus surrounding the proposed change to the Copyright Act in  Section 92A.

This draft section requires an ISP to have a reasonable policy to terminate the internet account of a repeat copyright infringer. Leaving aside the fact that this is something virtually every ISP's terms and conditions have allowed them to do for years, the debate has raged on as to standards of proof and who should or could be terminated or when. The result has been that Section 92A still hasn't come into force.

However, in all the excitement, everyone appears to have forgotten about all the other changes that have been enacted. These amendments make employers potentially liable for copyright infringement by their employees.  While these amendments are expressed to apply only to ‘Internet Service Providers' (ISPs), an ISP is defined to include anyone who “hosts material on websites or other electronic retrieval systems that can be accessed by a user”.

As a result, almost every business may fall within the definition of an ISP.So, what does that mean in practice? Put simply, unless a suitable compliance policy is in place, a business could be liable for any copyright infringement carried out by its employees.

Compliance requirements

Under the amendments, where a user downloads and stores material which infringes copyright, the ISP will be taken to have infringed copyright if the ISP knew or had reason to believe that it did so and did not take immediate steps to delete the material or prevent access to it.

Similar rules apply to ISPs caching material. In general, ISPs are not liable unless they modify the material, breach any conditions imposed by the copyright owner, interfere with lawful use, or omit to update the material. ISPs are liable for caching infringing material when they have noticed that the material has been deleted or blocked from its original source.

This means that employers are potentially liable for any infringing material contained in an email received by an employee, or anything downloaded by an employee.  Failure to have in place an appropriate  IT policy could be disastrous.

Related stories
Half of ANZ lawyers trial generative AI despite lingering scepticism
Smart Water Meters set to revolutionise Australian utilities
Exclusive: How BirdDog is shaking up the broadcasting industry
Titans of Tech - Mike East of Cado Security
How to converge physical security and IT to better protect businesses
Top stories
Intel reshuffles Asia Pacific leadership to boost business growth
Coalition integrates cyber risk platform with top cloud services providers
Sapia Labs presents 'revolutionary' AI research at SIOP conference
Armis warns of major cyber-attack risk to 2024 global elections
Scality & Ingram Micro partner for market distribution of ARTESCA