With employee use of the Internet and e-mail of growing concern to Australian enterprises, electronic usage policies are becoming an increasingly important part of an organisation's procedures. These polices are also beginning to extend beyond employee's use of the Web, to include equipment such as DVD and CD burners.
Matthew Hall, an information technology partner in the Sydney office of law firm Phillips Fox, urges caution to Australian organisations that allow employees access to DVD-burning capabilities.
"Anyone who is providing a DVD burning capability, without making it clear what the permitted use is of those devices...[is] running a significant risk of being pursued for indirect infringement by authorising the infringing activity to occur," Hall said.
Hall uses the example of a case in the UK, where a phonographic institution sued an Internet cafe, because it had allowed users to download music and then burn this to CD in the shop.
Nor is simply having an electronic usage policy necessarily enough. While Hall said that these issues were obviously always on a case-by-case basis, organisations would probably have to do more than just say 'this is our policy'. "There will be some circumstances you would have to do more than implement and promote a usage policy, in order to avoid an argument that you'd authorised infringement," he said.
Although it would be more likely that it would be the company, or management of the company, which would be seen as authorising the infringement in these sorts of situations, Hall said it could also potentially extend to the IT department or other people in the organisation.
Hall suggests that if organisations were concerned that DVD burning was taking place, in addition to monitoring the electronic use policy, they could have staff undergo training about acceptable and unacceptable use.
It may even come down to looking at who in the company has access to the DVD-burning equipment. "Certainly you need to consider where it's connected--what people properly need access to undertake the proper functions of their job," Hall said.
Likewise, Phillip Hourigan--a partner in the digital industries group at law firm Deacons--suggests enterprises look at the content which is being burned on DVD machines in the workplace.
If it's content which is licensed to them from someone else then they need to look at the terms of the license to see if copying under any circumstances is allowed, Hourigan said. "If it's for distribution you'd really have to wonder if it was going to be authorised copying," he said.
In addition, Hourigan said that if the content had its own protection mechanisms built in--such as encryption--then amendments to the copyright legislation prohibits people from circumventing that copy prevention, except in limited circumstances such as error correction, authorised back-up, or security testing.
Hourigan also highlighted the importance of looking at which employees have access to the DVD burner. "You would generally avoid networking any of this kind of equipment, so it's only going to be available next to a single desktop PC," he said.
This includes a company's approach to physical security to IT resources. Hourigan described the IT department as potentially ending up as the "meat in the sandwich" if they were asked to make copies of material. "It may be a broader organisational question, as to what controls [are put in place] in terms of making requests to IT for things to be reproduced," Hourigan said. "Policy and procedure really does have a very important role to play in all of this."
DVD copying methods and preventative measures
|
|
4%
2%
