What prompted you to do a new version of the book?
What prompted me was that the law had changed considerably; the sales of the first edition, much to our surprise, had gone very well and BCS was keen to have another edition.
I think, looking back on it, I’ve been very lucky in that I have only ever written one book, that book was published, and even fewer people have a second edition of a book, so in some ways I have regarded it like a third child. It’s something that you create and it goes off and you look at the effect it has on other people.
So what’s new in the book?
Thirty per cent of the book is completely new. There are four new chapters on: cloud computing, open source, WEEE and the Freedom of Information Act (FIA).
So why did you choose those four in particular?
With two of them it was clear that we needed to tackle them because they didn’t really exist when we produced the earlier version in 2004. Cloud computing was a dot on the horizon at that point and open source was coming in and wasn’t as important as it is now.
The other two areas have become much more important; the rules about getting rid of waste electrical equipment and freedom of information is becoming much more important for public sector bodies.
What is it about cloud computing that people need to know the legal situation?
The legal consequences of cloud computing are almost unknown by the general public and there is a huge amount of ignorance about what cloud computing is. And there is a huge amount of ignorance squared in relation to the implications of cloud computing from a legal point of view.
It’s not that complicated once you drill down into it; it is not as difficult as it first appears. People have got to have a reasonable understanding of what the legal relationships are between the supplier and the customer, what actions the suppliers generally take and what contractual terms the suppliers are likely to agree. Because you can ask for the world, but if the supplier won’t give it to you then you are never going to get a deal off the ground.
Do a lot of cloud computing issues concern that of data protection?
Don’t forget that data protection only applies to information about living individuals and an awful lot of businesses don’t have information about living individuals; they are dealing with stock parts, they are dealing with times for different things happening.
One of the first questions I ask, if there is a huge amount of data being shifted around, is how much of it will be subject to the DPA. Because the DPA only relates to information about living individuals and it is not necessarily as prevalent in its application as people think.
Cloud computing spans geographical borders so how does this affect the DPA?
You have got to look at data protection from three different levels. We have the DPA in this country and what we have implemented is the bedrock of what every European Union country has to implement. Some countries have tougher rules in the EU than we do. For example, Germany and Austria.
So you have our level, which is the bedrock level, you can have a higher level elsewhere in the EU and then once you get outside the EU you have some countries, such as Canada and Argentina, that have good data protection rules. You then have other countries like America where they are barely getting out of the primeval amoeba in my opinion.
What pitfalls should people avoid in regards to using open source software?
Where it comes up most in practice is where we are asked questions about some software which contains some open source software and which is being sold commercially later.
Under the rules by which they can use the open source software they have to abide by various rules. They can’t have the cake without applying by the rules that come with it. So that’s the question where it comes up most.
It also comes up in company acquisitions where an acquirer is generally quite keen to find out how much open source software is being used by the company that is being taken over.
How much of the other chapters, such as the one on the WEEE directive and the Freedom of Information Act, affect everyday businesses?
Well if you don’t abide by that rule [WEEE directive] it is a criminal offence for a start and you have to understand the types of contracts that the people who dispose of it have, whether they have registered and whether they have the authority to do that.
So in that sense the WEEE regulations apply to every business. There shouldn’t be any electrical equipment being thrown away in the rubbish of any normal business.
So far as the Freedom of Information Act (FIA) is concerned, that will largely apply to public sector bodies. It spills over into the private sector when the private sector is entering into contracts with the public sector and they have to agree to assist the public sector if there is a FIA request to the public sector customer.
Who would you say that the book is aimed at?
The original idea with the book was that if you were getting into a taxi with a managing director and they said to you ‘I don’t understand this stuff about open source, we’ve got half an hour before we get to the meeting, talk to me about the legal aspects of open source.’
Each of the chapters of the book is designed to be what you would say to the MD in the taxi in that half an hour period. So it would be a basic guide, it wouldn’t have lots of section numbers, it wouldn’t have lots of case names, but would be designed to give the recipient a good, basic knowledge of the law in that area.
Slightly surprisingly we found that the first edition sold very well amongst students, so this edition is targeted at managers principally, but also at IT professionals and at students as well.
Why does IT need it own subsection of the law?
It's an old chestnut that I have often heard people discuss. It isn't really a completely separate section of law, I would accept that. You can only get involved and give advice in the area if you have got a knowledge of the basic legal principles that underpin it; such as contract law and copyright law.
Increasingly, as time goes on, there are areas that are completely new and don't piggyback on some of the legal concepts that we're used to over the past 100-150 years, particularly as new legislation comes in. You can only advise in the area if you have got a nodding acquaintance with the technology that's coming in.
I enjoy it because, to put it bluntly, law is a dull profession staffed by pretty dull people, so if you want to have a more exciting life and work time some of the gloss and glamour of the people who work in IT can be transported over to the legal advisors who advise in that area.
So the book is for ordinary people?
That's right. It has sold amongst lawyers I'm told, but they are a relatively small percentage of the population. I'm a strong believer in trying to make the law accessible, I'm a strong believer in plain English drafting of legal documents and the book is one of the methods I've used to try to spread a greater public understanding of what the law is in a particular area.
Why do we have legal footers?
If you are going to learn just one thing from this interview it is the following piece of information. Under legal rules you have to identify who you are. If you are a company you have to put the full name of your company by law, your registered number and your registered office address in the footer of emails, that's by law.
If it's a partnership you have to have the names of the partners, if there are under 20 partners and if you are a sole practitioner you must the full name of the sole businessman in the footer. Apart from that there are no legal obligations about what you must put in the footer.
What happens is that people have clung to putting things in email footers like a kind of comfort blanket and added all kinds of other rubbish information, which is a complete waste of time. Therefore you get footers from someone agreeing to see you at lunchtime and the email consists of one line and the email consists of another 20 or 30 lines, which contains all kind of comfort blanket information that people don't have the guts to get rid of.
I hope that anyone who reads this book will feel they are empowered by the book to cut the length of email footers and disclaimers that basically don't work at the end of the day.
How can companies get rid of these footers?
There are two answers. First of all they need to seek advice from a solicitor who is experienced in IT law, and within the book I have explained how people can find lawyers who have got experience of IT law and can generally advise widely in that area.
Secondly, that's what the book is designed to do. It is designed to dispel ignorance, and there is a lot of ignorance about IT law, and the main function of the book is to make the reader better understand quite what the law is in that somewhat convoluted and complicated area.
What are your thoughts on personal usage of IT in the workplace?
So far as general businesses are concerned, I'm often asked about staff personal use of company IT systems. It is madness, in my view, to ban private use of a company's IT system. The same thing, I'm sure, happened to other methods of communication such as telex and fax when the telephone came in, and so it is a mistake to ban staff use. What you have to do is make sure the staff use is proportional in the circumstances.
I don't recommend that employers spend half their time monitoring staff use. It's bad for morale and sets a bad tone in the organisation. Whenever I lecture on this subject, I say to employers that their biggest ally, in relation to the amount of inappropriate amount of staff use of IT systems, is the other members of staff.
If one member of staff is not doing their fair share of work because they are spending all their time looking up holiday prices then the employer is going to be tipped off about it pretty quickly by the other members of staff.
In my own firm we don't ban the staff use of IT systems but we say it mustn't in any way influence or affect that member of staff's ability to carry out their job responsibilities properly and promptly.
What about using social media in the workplace?
Yes I am a strong believer in social networking because you can create a lot of business by social networking. I have quite a few connections on LinkedIn and it's an excellent way of keeping in touch with people who are about to drop off the edge of the world because you hadn't seen them for a while.
So I think savvy businesses recognise that they can benefit from the staff making appropriate use of social networking. Appropriate doesn't mean somebody spending four hours a day on Facebook, but it's targeted use of Twitter and LinkedIn, particularly LinkedIn because it is really Facebook for grown ups and therefore it has greater interest to businesses.