1. Privacy. With federal privacy/data protection now in effect (since January 1, 2001), we resolve to develop a privacy policy that not only complies with the legislation, but is sensible and practical. Perhaps more importantly, we will carry out a privacy audit so that we can understand how our organization collects, stores, uses and disseminates personal information. And if we're doing joint marketing deals over the Internet, for example, we'll need to figure out seemingly simple - but in fact non-trivial - questions, like "where is our data?". It is no coincidence that privacy is our number one e-resolution for 2001.
2. Internet User Policy. If we're going to review our data protection policies and procedures, we should also have a look at our Internet use policy. Or, if we don't have one, now's a good time to resolve to put one in place. Fact is, a lot of staff don't realize the various ways in which their Internet-related behaviour can get them - and us, their employer - in trouble. An Internet use policy is all about making clear what is not acceptable, thereby protecting us from the unfortunate and dangerous aspects of the computer/Internet revolution.
3. Software Use Policy. And if we're going to brush up (or create) our Internet use policy, why not do the same for our software use rules at the same time. Recent industry estimates peg illegal software use at 42 per cent; that is, almost half of all software in Canada is not properly licensed and paid for. This results in lawsuits, most of which settle with organizations paying 1.5 to 3 times the original price of the software. This can be a career limiting expense no one in our organization personally wants to be tainted by. So, a software policy that addresses this area makes a lot of sense.
4. Enforcing Internet And Software Policies. Resolutions 2 and 3 are actually not enough. Once we develop (or fine tune) the Internet and software use policies, we have to resolve to enforce them. It's actually worse having these policies, and not enforcing them, than not having them at all. If, for example, we learn that an employee is sending unwanted off-colour e-mails to other staff (which happens far more regularly than one would think), we've got to promptly take action to put an end to it. Discipline, up to and including termination, has to be considered. It's a tough job, but somebody has to do it.
5. Teach Our Children Well. At the risk of sounding awfully "law and order-ish", sensible Internet and software use doesn't stop at the office; in fact, it should start in the home. Many kids and teenagers are heavily into pulling down songs off the Internet without compensation. They can't imagine that something done so easily can be illegal, even when they go on to burn a best hits CD of their own making and start selling copies for five or six bucks. Or, if they think it's illegal, they put it into the same category as jay-walking. Pretty small potatoes. Wired magazine recently had a story on teenagers using standard colour scanners and printers to create high quality counterfeit copies of US bank notes. Most probably knew they were breaking the law, but a bunch of them think "how serious can it be if I can do it on my PC at home?". Well, plenty serious, as those with permanent criminal records now realize. So, we need to teach our children well about the temptations of the new technology.
6. Protect Our .ca Domain Name. We resolve to better understand the dynamics and legal underpinnings of what amounts, essentially, to a new form of intellectual property. The new CIRA rules for the .ca space offer new opportunities and risks. We need to understand these, both from a defensive perspective (i.e. preserve our current domain name asset), and from an offensive point of view (i.e. how to create additional value by acquiring the right name(s)). Equally, we need to keep a close eye on the .com space, as well as on the use of other soon to be unveiled top level domains.
7. Fight For Our Domain Name. And if someone has scooped our name, there is now a better chance than ever to get it back with a minimum of expense, using the ICANN or CIRA dispute resolution mechanisms. These systems, essentially, give our trademarks an opportunity to trump someone else sitting on our domain name if they have made no bona fide use of it and/or they have offered to sell it for money (a key sign of prohibited "cyber squatting"). To be clear, legitimate users can still continue to use their domain names, but not if their primary objective is to flip the name for profit.
8. Consider Software And Internet Patents. While we're still in an intellectual property frame of mind, how about a resolution to review whether people in our organization are creating new software and Internet-based business methods that may be patentable. These patents are issuing with great regularity now, especially in the US, and again, we have to consider them both defensively and offensively. And remember, we generally lose our patent rights once we've disclosed the invention if by the time of disclosure we haven't filed with the patent office. So, the additional resolution here is, "act early".
9. Check E-commerce Insurance Cover. Last year was the year of the Mellisa, Love Bug and other notorious viruses that caused huge amounts of damage. It was also the year of the major "denial of service" attacks against Web sites. The need to beef-up Internet-related security became painfully clear. So too, the requirement to review our organization's insurance policies to see if they cover adequately (or at all) the new risks posed by the Internet hacker and cyber criminal.
10. Review Web Site Enforceability. With Ontario and several other provinces having recently enacted electronic commerce statutes, now's a good time to reconsider our Web site and see if our terms and conditions are consistent with these statutes. Moreover, based on these statutes, and a couple of recent cases, it's becoming fairly clear that we have to bring online legalese to the attention of users of the site in order for these provisions to be enforceable. The ideal method is the full "clickwrap" agreement, assented to by the user with an express click of the "I Agree" button. Other mechanisms are less certain, but arguably can still be made to work if designed well.
So, ten simple and straightforward e-resolutions? Not quite. They will all take creativity and, like all New Year's resolutions, stamina. Nevertheless, they are probably easier to stick with and make good on than those nagging resolutions involving personal behavioural change and weight loss.
George S. Takach is the Head of the High-Tech Law Group at McCarthy Tétrault. He practises out of the firm's Toronto office. Mr. Takach is the author of Computer Law, and a Special Lecturer in Computer Law at Osgoode Hall Law School. This column is intended to convey brief, timely but only general information and does not constitute legal advice; readers are encouraged to speak with legal counsel to understand how the general issues noted above apply to their particular circumstances.