+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Policies & Laws in IT industry
1. Current Topics In Computer
Technology
Policies & Laws In IT Industry
Rohana K Amarakoon
B.Sc (SUSL), MBCS (UK), MBA (AUS-Reading)
2. Content
1. Why policies & laws needed for IT industry
2. Software Contracts & Liability
3. Standards and methods of working
4. License Agreements
5. Intellectual Property Rights
2PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
3. Content
6. Laws in IT
7. Good practice for information security
8. Expected Outcomes
3PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
4. 1. Why Policies & Laws Needed For IT
Industry
• IT policies & laws, regulations and industry guidelines has significant security and
privacy impact to the industry to prevent threats.
EX:
1. Payment Card Industry Data Security Standard (PCI DSS)
2. Electronic Fund Transfer Act, Regulation E (EFTA)
3. Children's Online Privacy Protection Act (COPPA)
4. Computer Misuse Act 1990
Privacy, Data Security and Information Laws focusing on: privacy, data protection,
information security, internet and computer law, e-commerce, consumer
protection, outsourcing, competitive intelligence and trade secrets, information
management and records retention and responding to cybercrimes and network
intrusions.
4PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
5. 2. Software Contracts and Liability
• Introduction
A contract is simply an agreement between two or more persons that can be
enforced in a court of law.
The parties involved may be legal persons or natural persons.
There is no specific form for a contract in particular
5PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
6. 2. Software Contracts and Liability
• Fixed Price Contracts for Bespoke Systems
The first type of contract we shall consider is the type that is used when an
organization is buying a system configured specifically to meet its needs.
Such systems are known as tailor-made or bespoke systems.
6PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
7. 2. Software Contracts and Liability
• Fixed Price Contracts for Bespoke Systems
Typically, the contract for the supply of a bespoke system consists of three parts:
1. A short agreement, which is signed by the parties to the contract: This states who the
parties are and very importantly says that anything that may have been said or written
before does not form part of the contract.
2. The standards terms and conditions, which are normally those under which the supplier
does business.
3. A set of schedules or annexes, which specify the particular requirements of this contract,
including what is to be supplied, when it is to be supplied, what payments are to be made
and when and so on.
7PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
8. 2. Software Contracts and Liability
• What is to be produced
It is clearly necessary that contract states what is to be produced.
There are usually two levels of reference here: the standard terms and conditions
refer to an annex and the annex then refers to a separate document that
constitutes the requirements specification. It is important that the reference to the
requirements specification identifies that document uniquely; normally this will
mean quoting a date and issue number
8PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
9. 2. Software Contracts and Liability
• What is to delivered
Producing software for a client is not, usually, a matter of simply handing over the text of the
program which does what is required
The following is a non-exhaustive list of possibilities:
1. Source code
2. Command files for building the executable code from the source and for installing it;
3. Documentation of the design and of the code
4. Reference manuals, training manuals and operations manuals:
5. Software tools to help maintain the code;
6. User training
7. Training for the client’s maintenance staff;
8. Test data and test results
document uniquely; normally this will mean quoting a date and issue number
9PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
10. 2. Software Contracts and Liability
• Ownership of Rights
It is important that the contract should also state just what legal rights are being
passed by the software house to the client under the contract.
Ownership in physical items such as books, documents or disks will usually pass
from the software house to the client, but other intangible rights, known as
intellectual property rights, present more problems.
10PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
11. 2. Software Contracts and Liability
• Confidentiality
It is almost inevitable that, when the major bespoke software system is being
developed, the two parties will acquire confidential information about each other.
The commissioning client may well have to pass confidential information about its
business operation to the software house.
11PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
12. 2. Software Contracts and Liability
• Payments Terms
The standard terms and conditions will specify the payment conditions, that is
something along the lines of : Payment shall become due within thirty days of the
date of issue of an invoice.
If payment is delayed more than thirty days from the due date, the company shall
have the right, at its discretion, to terminate the contract, or to apply surcharge at
an interest rate of 2% above the bank base lending rate.
12PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
13. 2. Software Contracts and Liability
• Payments Terms
It would be unusual, in a project of any significant length , for all payment to be
delayed until the work is complete and accepted. An annex will usually specify a
pattern of payments such as the following:
An initial payment of say, 15% of the contract value becomes due on signature of
the contract;
1. Further stage payments become due at various points during the development, bringing
the total up to say, 65%
2. A further 25% becomes due on acceptance of the software
3. The final 10% becomes due at the end of the warranty period
13PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
14. 2. Software Contracts and Liability
• Penalty clauses
The previous subsection dealt with compensation for delays caused by the client;
delays caused by the supplier are handled differently
The normal mechanism used is to include a penalty clause that provides that the
sum payable to the supplier is reduced by a specified amount for each week that
acceptance of the product is delayed, up to certain maximum.
14PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
15. 3. Standards and methods of working
• Applicable Law
Where the supplier and the client have their registered offices in different legal
jurisdictions or performance of the contract involves more than one jurisdiction, it
is necessary to state under which laws the contract is to be interpreted.
• Warranty and maintenance
1. Once the product has been accepted, it is common practice to offer a warranty
period of , typically, 90 days.
2. Any errors found in the software and reported with in this period will be
corrected free of charge.
15PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
16. 3. Standards and methods of working
• Termination of the contract
1. There are many reasons why it may become necessary to terminate a contract
before it has been completed.
2. It is not uncommon, for example, for the client to be taken over by another
company that already has a system of the type being developed, or for a
change in policy on the part of the client to mean that the system is no longer
relevant to its needs.
16PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
17. 4. License Agreements
• When customers buy some software, they are buying a copy of the software
together with the right to use it in certain ways.
• There are many different types of restrictions that a license agreement may place
on the extent to which a customer can use the soft ware
some examples:
1. A license may allow the licensee to use one copy of the software on his computer. This is
the type of license commonly granted when software such as a computer game is
purchased form a retail outlet.
2. A license allow the licensee to run as many copies of the software as be wishes on
computers at specified premises . This known as the site license.
17PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
18. 4. License Agreements
18PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
19. 5. Intellectual Property Rights
The legal definition of theft involves taking away a piece of someone’s property
with the intention permanently to deprive them of it.
As we have just seen, this cannot apply to a piece of information.
Property such as bicycles or computers is called tangible property, that is, property
that can be touched. It is protected by laws relating to theft and damage. Property
that is intangible is known as intellectual property.
It is governed by a different set of laws, concerned with intellectual property rights,
that is, rights to use, copy, or reveal information about intellectual property.
19PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
20. 5. Intellectual Property Rights
Intellectual property crosses national borders much more readily than tangible
property and the international nature of intellectual property rights has long been
recognized.
The international law relating to trade marks and patents is based on the Paris
Convention, which was signed in 1883.
The Berne convention, which lies at the basis of international copy rights law, was
signed in 1886.
20PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
21. 5. Intellectual Property Rights
Rapid changes in technology and the commercial developments that follow them
present the law with new problems.
The law relating to intellectual property rights is evolving very rapidly and most of
this evolution is taking place in a global or regional context.
21PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
22. 5. Intellectual Property Rights
Different Types of Intellectual Property Rights
There are several different rights that relate to intellectual property.
We shall only be concerned with those that are relevant to software and the
information system industry.
These rights should be looked on as a package; different rights may be used
22PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
23. 5. Intellectual Property Rights
Different Types of Intellectual Property Rights
• Copyright
Copyrights is, as the name suggests, concerned with the right to copy something . It
may be a written document, a picture or photograph, a piece of music, a recording,
or many other things, including a computer program.
The law of copyrights automatically protects the source code and all
documentation of the package from copying.
23PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
24. 5. Intellectual Property Rights
Different Types of Intellectual Property Rights
• Copyright
The primary source of law relating to copyright in the UK is the copyright, Design
and Patents Act 1988;
Important amendments to the Act were made by the copyright (computer
Program) regulations 1992, the Copyright and Rights in Databases Regulations
1997, and the Copyright and Related Rights Regulations 2003.
24PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
25. 5. Intellectual Property Rights
Different Types of Intellectual Property Rights
• Copyright : Sri Lanka Position (Intellectual Property Act, No.36 of 2003)
According to Section 6 the work shall be protected as literary, artistic or scientific
work. Which includes books, pamphlets, articles, computer programs and other
writings.
According to section 8 no protection shall be extended to any idea, procedure,
system, method of operation, concept, principle, discovery or mere data, even if
expressed, described, explained, illustrated or embodied in a work.
25PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
26. 5. Intellectual Property Rights
Different Types of Intellectual Property Rights
• Copyright : Sri Lanka Position (Intellectual Property Act, No.36 of 2003)
Reproduction of the work, translation of the work, adaptation, arrangement or
other transformation of the work , public distribution of the original and each copy
of the work by sale, rental, export or otherwise.
Rental of the original or a copy of an audiovisual work, a work embodied in a sound
recording, a computer program, a database or a musical work in the form of
notation, irrespective of the ownership of the original or copy concerned;
importation of copies, public display of the original or a copy of the work
26PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
27. 5. Intellectual Property Rights
Different Types of Intellectual Property Rights
• Copyright
The 1988 Copyright design and Patents Act states that the term ‘literary work’
includes a table or compilation, a computer program, preparatory design material
for a computer program and certain databases.
Copyright law gives the owner of the copyright certain exclusive rights.
27PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
28. 5. Intellectual Property Rights
Different Types of Intellectual Property Rights
• Copyright
The rights that are relevant to software and , more generally, to written documents,
are the following;
1. The right to make copies of the work: Making a copy of a work includes copying code from a
disc into RAM (random access memory) in order to execute the code.
2. It also includes downloading a page from the web to view on your computer, whether or not
you then store the page on your local disk.
28PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
29. 5. Intellectual Property Rights
Different Types of Intellectual Property Rights
• Copyright
very important to realize that copyright law does not give the owner of the
copyright any power to prevent someone else using or publishing identical
material, provided they can show that they did not produce it by copying the
copyright work. (This is in marked contrast to patent law).
This means that programmers do not need to worry that they will be breaching
copyright if they inadvertently produce code that is identical to that produced by
another programmer somewhere else- something that can easily happen.
29PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
30. 5. Intellectual Property Rights
Different Types of Intellectual Property Rights
• Patents
Patents are primarily intended to protect inventions, by giving inventors a
monopoly exploiting their inventions for a certain period.
The company might be able to patent the wailer. In which case no one else would
be able to produce a similar product.
30PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
31. 5. Intellectual Property Rights
Different Types of Intellectual Property Rights
• Trade marks
Trade marks identify the product
of a particular manufacturer or supplier.
31PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
32. 5. Intellectual Property Rights
• Trade marks
32PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
33. 6. Laws in IT
The Computer Misuse Act 1990
The Computer Misuse Act creates three new offences that can briefly be described
as:
1. Unauthorized access to a computer;
2. Unauthorized access to a computer with intention to commit a serious crime; and
3. Unauthorized modification of the content of a computer
Section 1 : of the Computer Misuse Act 1990 states that, a person is guilty of an
offence if
1. Person causes a computer to perform any function with intent to secure access to any program
or data held in any computer;
2. Person access he intends to secure is unauthorized; and
3. Person knows at the time when he caused the computer to perform the function that that is the
case.
33PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
34. 6. Laws in IT
The Computer Misuse Act 1990
Section 2 : of the Act is concerned with gaining unauthorized access to a computer
with the intention of committing a more serious offence.
1. A black mailer might attempt to gain unauthorized access to medical records
2. A terrorist might try to get access to a computer system to cause accidents to happen
Section 3 : of the Act states that: a person is guilty of an offence if
1. He does any act which causes an unauthorized modification of the contents of any
computer.
2. At the time when he does the act he has the requisite intent and the requisite knowledge
34PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
35. 6. Laws in IT
The Data Protection Act 1998 (DPA)
The DPA contains eight data protection principles.
The seventh principle in Schedule 1 of the DPA requires data controllers to take
appropriate technical and organizational measures against both:
• Unauthorized or unlawful processing of personal data.
• Accidental loss or destruction of, or damage to, personal data.
35PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
36. 6. Laws in IT
The Data Protection Act 1998 (DPA)
To determine the appropriateness of security measures, you should consider all of
the following:
• implementation costs
• technological developments
• the nature of the data - sensitive personal data will merit particular attention
• the harm that might result from unauthorized or unlawful processing or from
accidental loss destruction and damage to the data
36PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
37. 6. Laws in IT
The Data Protection Act 1998 (DPA)
• You should adopt a risk-based approach to compliance, giving appropriate weight
to each of these factors. This is discussed in more depth in section 4 of this
practice note.
• You must also take reasonable steps to ensure the reliability of any employees
who have access to the personal data. Special rules apply to contractors or others
who process personal data on your behalf.
37PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
38. 6. Laws in IT
Regulation of Investigatory Powers Act 2000
• If you monitor or store the electronic communications of fee-earners and other
staff for business / security reasons you must comply with the relevant provisions
of:
1. the Regulatory and Investigatory Powers Act 2000
2. the Lawful Business Practice Regulations 2000
• You should also consult Part 3 of the Information Commissioner's consolidated
Employment Practices Data Protection Code. The code gives guidance for
businesses on monitoring or recording emails in the workplace.
38PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
39. 7. Good practice for information security
The following good practice recommendations offer a foundation relevant to all
practice sizes and types in developing their own, risk-based policies and procedures
for information security.
• Written policy
You should set out your information security practices in a written policy.
The policy should reflect solicitors' professional and legal obligations. You should
supplement this with implementation procedures. You should monitor these and
review them at least annually.
39PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
40. 7. Good practice for information security
• Reliable people
You should implement and maintain effective systems to ensure the continuing
reliability of all persons, including non-employees, with access to information held
by the firm.
• General awareness
You should ensure that all staff and contractors are aware of their duties and
responsibilities under the firm's information security policy. This includes
understanding how different types of information may need to be managed.
40PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
41. 7. Good practice for information security
• Effective systems
You should identify and invest in suitable organizational and technical systems to
manage and protect the confidentiality, integrity and availability of the various
types of information you hold.
41PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
42. Expected Outcomes
• Understand about the why we need policies & laws for IT
• Understand about the policies & laws in IT
• Get to know about what are the ways that policies & laws help to prevent
different threats.
• Study about how we could apply IT policies & laws to prevent different threats.
42PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
43. Thank You!
43PST 32220 - Current Topics In Computer Technology (Lecturer : Mr. Rohana K Amarakoon)
Editor's Notes
The law specifically permits certain action in relation to a copyright work and some of these are of particular relevancy to software.
•First , it is explicitly stated that it is not an infringement of copyright to make a backup of a program that you are authorized to use.
•However, only one such copy is allowed. if the program is stored in filing system with a sophisticated backup system, multiple backup copies are likely to come into existence.
•Secondly, you can ‘decompile’ a program in order to correct errors in it.
You can also decompile a program in order to obtain the information you need to write a program that will ‘interoperate’ with it, provided this information is not available to you in any other way.
•Thirdly , you can sell your right to use a program in much the same way that you can sell a book you own. When you do this, you sell all your rights. In particular, you must not retain a copy of the program