Thought for the day: The right side of the law

Legal knowledge is now essential for IT professionals, writes Roger Bickerstaff


Legal knowledge is now essential for IT professionals, writes Roger Bickerstaff




Did IT practitioners ever expect that they would need to understand legal issues? Probably not. However, there is a growing need for an introduction to law and regulation to be included within basic IT training programmes.

Regulation is now right at the top of most IT director's lists of hot topics. The intrusion of regulatory requirements into IT provision is becoming more burdensome by the day, with a seemingly never-ending list of laws that have to be complied with.

Virtually every aspect of the IT world is severely affected by regulation. For example, compliance with new corporate governance rules, mainly Sarbanes-Oxley, is reported to be costing BP in the order of £70m.

The financial services community has even more regulation. Compliance with the Money Laundering Regulations is a major headache, and the regulation of outsourcing in the financial services sector is increasing in a variety of European countries.

The public sector is struggling, as always, to be able to meet the "right to know" deadline of 1 January 2005, imposed by the Freedom of Information Act. Even the online trading community needs to ensure that its businesses comply with the Electronic Commerce Regulations and the Electronic Communications Act.

A decade of difference

This is a huge change from a decade ago, when IT was relatively immune from regulatory intrusion. Back in the mid-1990s, there was a genuine debate over whether e-commerce should be subject to statutory regulation or whether the law relating to e-commerce should evolve through case law on a case-by-case basis.

There is a strong argument that allowing development through case law would be more likely to lead to focused regulation. Nonetheless, a significant momentum developed for laws to be enacted that would resolve issues relatively quickly, such as the E-commerce Regulations.

The combined effect of all these regulations adds another dimension of complexity to an already challenging world.

Of course, by regulating an industry in the course of a decade, there have been quirks and problems in the new legislation.

The current acrimonious debates in Brussels over the patentability of software indicate that vested interests on all sides will seek to gain advantage through legislative processes.

The example of the Humberside police force in the Soham murder case, where information held on Ian Huntley was not made available to all agencies, showed that there is relatively little understanding of the application in practice of regulatory requirements such as the Data Protection Act.

At the heart of the business

One reading of the rising importance of regulation to IT is that it is a sign of the increasing maturity of the IT industry. As IT is now at the heart of virtually every business, it is inevitable that it will be subject to more regulatory scrutiny.

This underlines a vital need for IT practitioners to have a better understanding of the legal framework in which they operate, in much the same way that doctors and architects need to have an understanding of the legal frameworks that govern their fields.

At present, most computer science degrees do not include any introduction to regulatory matters. This absence of legal training for most IT practitioners means that it is inevitable that many will be uncomfortable with the increasing impact of regulation on their work.

If a basic introduction to law and regulation were to be included within most IT training programmes, IT practitioners would be more fluent in dealing with regulatory requirements. The compliance of IT systems with regulatory requirements may also be improved if practitioners have a better understanding of the legal framework surrounding IT.

A better understanding by IT practitioners of the regulatory environment in which IT operates is indicative of the increasing professionalisation of IT.

A basic understanding of the relevant law is taken for granted in other professions. The IT community needs to follow these examples.

Roger Bickerstaff is joint head of the international intellectual property group at law firm Bird & Bird

Read more on IT legislation and regulation