At the beginning of this month, the long arm of the law got even longer. It now stretches into the IT domain in ways that IT managers shouldn't - but do - ignore.
On 2 October, the Human Rights Act was officially incorporated in English law. At the same time, a survey by Cameron McKenna showed that only 18% of FTSE 350 companies had amended their e-mail policies in line with the Act, while a survey by Content Technologies showed that 58% of companies didn't even have an e-mail policy.
That kind of laxity is dangerous and the new Act makes it even more so. Suppose you find pornographic material stored in e-mails on an employee's hard drive. Clear grounds, you might suppose, for the summary dismissal of the employee, aware as you are (aren't you?) that anybody who saw and was offended by the material could bring a case of sexual harassment against your company. But it may not be quite as simple as that. In fact, the Obscene Publications Act 1959, the Data Protection Act 1998, the Employment Relations Act 1999 and the Regulation of Investigatory Powers Act 2000, let alone the Human Rights Act 2000, could all have bearing on the situation.
Let's then turn to law as it applies to e-commerce, an issue as evident and multi-faceted as a rainbow and about as substantial, with the crock of gold at the end of it beckoning flocks of legal eagles. How much do you honestly know about the extent to which UK publishing (digital rights management), financial and sale of goods legislation might apply to an international transaction completed over the Internet? If things go wrong, who does what to whom, where and when, legally? And in what way, if at all, does the new Act affect all that?
The last question is easy. All existing UK law must be interpreted to be compatible with the Human Rights Act. That means reconsidering potentially everything you previously knew - if you thought you already knew anything pertinent, that is. It means, for example, that a company may no longer have the automatic right to review employees' e-mail, let alone dismiss them instantly or summarily (there's a legal difference) because of it.
I'm not going to try to provide any definite answers, not least because I'm not legally trained. If you based any incorrect decisions on the assumption that my comments were legally qualified advice (which they aren't), you could sue me.
My point is that the Human Rights Act is the latest legal bomb in an internationally expanding minefield. And if you're not actively taking good legal advice to guide you through it, your organisation are in serious danger of suffering painful injury to delicate parts of its financial anatomy. If you think I'm exaggerating, take a look through the legal press at the size of salaries being offered for Internet-literate legal eagles; if they're not for you, they're liable to be against you.
For some time now I've found it amazing how many users fail to put IT-related contracts routinely through legal scrutiny before signing them: outsourcing contracts, software contracts, and so on. The Human Rights Act should serve as a wake-up call to repair all such omissions and get your act together, legally speaking. The extent to which you ignore this warning will be a measure of your risk exposure - and an indecent degree of exposure is in itself a legal offence.
Read more on IT risk management
Draft Covid-19 contact tracing legislation proposes formal oversight
Civil liberties groups to challenge bulk surveillance and intelligence sharing in Strasbourg
Liberty heads for judicial review over Investigatory Powers Act
Barclays aims to drive entrepreneur startup development with law incubator