Legal knowledge is now essential for IT professionals,
writes Roger Bickerstaff
Did IT practitioners ever expect that they would need to
understand legal issues? Probably not. However, there is a growing
need for an introduction to law and regulation to be included
within basic IT training programmes.
Regulation is now right at the top of most IT director's lists of
hot topics. The intrusion of regulatory requirements into IT
provision is becoming more burdensome by the day, with a seemingly
never-ending list of laws that have to be complied with.
Virtually every aspect of the IT world is severely affected by
regulation. For example, compliance with new corporate governance
rules, mainly Sarbanes-Oxley, is reported to be costing BP in the
order of £70m.
The financial services community has even more regulation.
Compliance with the Money Laundering Regulations is a major
headache, and the regulation of outsourcing in the financial
services sector is increasing in a variety of European
countries.
The public sector is struggling, as always, to be able to meet the
"right to know" deadline of 1 January 2005, imposed by the Freedom
of Information Act. Even the online trading community needs to
ensure that its businesses comply with the Electronic Commerce
Regulations and the Electronic Communications Act.
A decade of difference
This is a huge change from a decade ago, when IT was relatively
immune from regulatory intrusion. Back in the mid-1990s, there was
a genuine debate over whether e-commerce should be subject to
statutory regulation or whether the law relating to e-commerce
should evolve through case law on a case-by-case basis.
There is a strong argument that allowing development through case
law would be more likely to lead to focused regulation.
Nonetheless, a significant momentum developed for laws to be
enacted that would resolve issues relatively quickly, such as the
E-commerce Regulations.
The combined effect of all these regulations adds another dimension
of complexity to an already challenging world.
Of course, by regulating an industry in the course of a decade,
there have been quirks and problems in the new legislation.
The current acrimonious debates in Brussels over the patentability
of software indicate that vested interests on all sides will seek
to gain advantage through legislative processes.
The example of the Humberside police force in the Soham murder
case, where information held on Ian Huntley was not made available
to all agencies, showed that there is relatively little
understanding of the application in practice of regulatory
requirements such as the Data Protection Act.
At the heart of the business
One reading of the rising importance of regulation to IT is that it
is a sign of the increasing maturity of the IT industry. As IT is
now at the heart of virtually every business, it is inevitable that
it will be subject to more regulatory scrutiny.
This underlines a vital need for IT practitioners to have a better
understanding of the legal framework in which they operate, in much
the same way that doctors and architects need to have an
understanding of the legal frameworks that govern their
fields.
At present, most computer science degrees do not include any
introduction to regulatory matters. This absence of legal training
for most IT practitioners means that it is inevitable that many
will be uncomfortable with the increasing impact of regulation on
their work.
If a basic introduction to law and regulation were to be included
within most IT training programmes, IT practitioners would be more
fluent in dealing with regulatory requirements. The compliance of
IT systems with regulatory requirements may also be improved if
practitioners have a better understanding of the legal framework
surrounding IT.
A better understanding by IT practitioners of the regulatory
environment in which IT operates is indicative of the increasing
professionalisation of IT.
A basic understanding of the relevant law is taken for granted in
other professions. The IT community needs to follow these
examples.
Roger Bickerstaff is joint head of the international
intellectual property group at law firm Bird & Bird
