Part 2: Legal Risks for IT Professionals
We've established that lawsuits can cost big bucks for IT businesses. Now let's take a closer look at the various reasons your business can be sued – in other words, at the legal risks your business faces.
In essence, your business can be sued for not upholding its legal obligations to customers, clients, or business associates. One subset of these obligations is called professional liabilities – the things you're responsible for specifically
because of your role as an IT professional.
What are IT Professionals Legally Responsible For?
Technology professionals typically have professional liabilities that fall into three categories:
- Data security.
Read on for a closer look at each.
Accessibility Requirements for IT Professionals
The Americans with Disabilities Act (ADA) requires that most public physical locations in the U.S. be accessible to people with disabilities. At present, state and federal laws aren't 100 percent clear about whether all software and web pages must
be similarly accessible. In fact, the courts have gone both ways on their rulings. For a long time, judges did not assume that the Americans with Disabilities Act applied to e-commerce. But lately, the interpretation of the law appears to be shifting.
In 2012, as part of a settlement following a lawsuit by the National Association of the Deaf, Netflix agreed to start offering closed captioning for its streaming video (and pay almost $800,000 in legal fees).
As enforcement of accessibility laws evolves, it's essential to make sure your business is in compliance so you don't inadvertently do work that could trigger a lawsuit. Here are some specific situations where you might come under scrutiny or
face an E & O claim for failing to meet accessibility standards.
- Serving clients whose employees have disabilities. If you're designing software for a company with disabled employees, you will probably have to accommodate their accessibility concerns. The specifics will depend on the needs
of your client's employees. If you're designing an IT solution for a company with blind employees, for example, the American Foundation for the Blind put together this guide to making IT-infrastructure accessible.
- Working with government contracts. Section 508 of the Amendment to the Rehabilitation Act of 1973 requires that all government agencies make their web pages and information technologies accessible to people with disabilities. This
law applies to all IT project managers hired by a government agency or its contractor.
- Working in industries with specific accessibility standards. Some industries have specific laws that govern accessibility requirements. For instance, publishers have to make eBooks available to disabled students who use them for a
class. Before starting on a project, check with your client to see if there are any such laws.
For more on making a web page ADA-compliant, read TechRepublic's guide to accessibility and web design or the W3C's resources for web accessibility.
Data Security Requirements for IT Businesses
IT professionals are responsible for maintaining the security of customer and client data. Sometimes, data security liabilities are called "cyber liabilities," but for IT professionals, cyber liabilities are usually considered a subset of professional
liabilities. (It's good to know, too, that most Errors and Omissions policies sold to IT professionals include third-party cyber liability protection.)
Your data security obligations are governed by three major legal doctrines:
- State data breach laws, which regulate how and when you need to inform customers when their data has been unlawfully accessed (by hackers and others).
- HIPAA and HITECH laws, which are enforced at the federal level and mandate strict regulations to protect medical records and related data.
- The Data Protection Act, a European law that specifies how U.S. companies are required to handle data from citizens of the European Union.
Violating any of these laws can expose your business to both lawsuits and fines. HITECH outlines fines that can exceed $1 million for medical data breaches. Make sure you're in compliance.
Copyright Concerns for IT Professionals
Copyright laws are of special concern for web developers and programmers, who can be sued for copyright infringement over images, videos, other media, and even the code they use.
That's right. You could be sued for using someone else's code. What's more, judges have ruled that web developers who use a competitor's brand name or trademark in their metadata (in order to rank higher in search ratings) can also
be sued for infringement.
How Can IT Professionals Protect Themselves from E and O Lawsuits?
To recap: IT businesses are exposed to a variety of risks linked to their professional responsibilities. If they fail to uphold any of these responsibilities (or if a client believes they have failed to uphold one of these responsibilities), they can
Protecting yourself from lawsuits requires a robust risk management plan. We'll go over what a solid risk management plan looks like for IT freelancers, independent contractors, and business owners later in the eBook (jump ahead to "Managing Risk as an IT Professional" to take a look at that now). In essence, though, effective risk management includes contracts, communication, client education, and adequate business
Next: Part 3: Reputational Risks for IT Professionals