The iron fist of the law can be an impenetrable barrier of entry in the world of business. It is growing more and more vital that IT managers are familiar with the basics of the law. In an article for TechRepublic, Mary Shacklett explores the legal concerns that every IT manager should be aware of. There are ten legal concerns to consider:
- Boilerplate contracts
- Liabilities of third-parties
- Hiring business partner employees
- Contractor liability
- Termination and liquidated damages clauses
- Data retention
- Vendors that are assimilated
- Security requirements
The Law & You
A boilerplate contract may seem like a simple approach to creating a contract, but in actuality it causes problems that could be easily avoided if a more unique contract was matched with the vendor. SLAs are often not specifically addressed and expectations will not be met. If a boilerplate contract is to be used, include an addendum; if there is a conflict, the addendum will have in writing the expectations. The most common element to the addendum is the SLA because it should be minimally required that the vendor meet certain standards (recovery, average time to repair, up-time, processing speed, and security).
When looking to work with a vendor using a cloud-based service, keep an eye out if they are utilizing a third-party. The third-party provider is under no direct contract with you and owes you nothing. Employers are always seeking to hire the best, most talented employees, and subsequently they often take them from other companies. It is a good rule of thumb to get in writing that the vendor cannot solicit your employees for at least a year into the relationship, unless they pay a fee.
When hiring a third-party contractor, remember to keep in mind who is liable. For the most part, the contractor is liable for their own work, but if there is a precarious safety issue, the blame can fall on the company for not implementing better controls. Always ensure there is a termination date in order to avoid exorbitant liquidation costs following the end of a contract. It needs to have in place a policy for data retention of imperative electronically stored information (emails, social media, or even website content). It should not only keep this information safe, but also include safe disposal methods.
Inevitably, the situation will arise in which a vendor will leave and a new vendor will seek to take their place. Include a line of dialogue in the contract about the possibility of termination to avoid future upsets. If the IT department is simply too small and underfunded to keep up with regulatory standards, go directly to the source to avoid legal ramifications. Regularity agencies may offer extensions in time for becoming compliant. Too often audits are perceived as unnecessary, when in actuality they are just the opposite. They are physical documentation if the need for a legal alibi arises.
You can read the original article here: http://www.techrepublic.com/blog/10-things/10-legal-areas-that-it-managers-should-know-about/