OCTOBER 2008

IN THIS ISSUE

Please Select an Article to Read

• Information security
• The importance of good legal advice
• Intellectual property and Web 2.0
• Environmentally friendly, not misleading and deceptive
• Copying of software permitted for disaster recovery purposes
• Australian Law Reform Commission: Report on privacy
• NZ Patents Bill
• Trade mark office upholds foreign laws
• Chocolate war: Kit Kat shape refused trade mark registration

 

Information security

In an organisation, it is critical to control the level of access employees have to information.  Early access allows new employees to commence work as soon as possible, appropriate restrictions prevent departing employees from retaining access and likewise prevents current employees from accessing sensitive information that they should not have.  The mere use of passwords as a security device lulls many into a false sense of security.  For example, almost 90% of IT administrators surveyed at a recent information security conference confirmed that they would take sensitive information with them when fired.

This may be attributable to a lack of appropriate protocols on how to handle sensitive information (for example, the passwords scribbled down on a notepad on the desk), or from a failure to appreciate the value of the data that the IT administrator may have access to. Listed below are some issues that should be reviewed when evaluating the security of your systems. 

1. Privacy and confidentiality

• Does your online presence have a privacy policy prominently displayed on your web pages?  Is this privacy policy compliant with the National Privacy Principles?
• Do your employment contracts have strong confidentiality clauses that will protect your trade secrets or privileged passwords?
• Do your employment contracts incorporate your company’s privacy policy?
• Do you have a document retention policy and a staged document destruction process that is secure and compliant with Australian laws?
• Have you developed a policy regarding secure storage of emails, including automated deletion and storage processes?  Are your staff trained on this policy?
• Do you have a way of controlling or managing what your employees view online at the workplace, and is this compliant with laws regarding workplace surveillance?
• How quickly can access rights of employees be revoked, granted or modified as their status of employment changes?
• Do you train your employees on privacy and confidentiality issues that they should be aware of during discussions with third parties or when writing external emails?

2. Security

• Do you have an email SPAM filter that is capable of removing unwanted emails or blocking the download of suspect materials without losing important emails?
• Do you have a web filter capable of blocking the download of suspect materials without losing functionality and versatility of web access?
• Do you have an adequate and up-to-date antivirus software solution and a protocol for regular scanning of your systems?
• Do you have an established procedure to ensure that security breaches are identified and dealt with?
• How regular are passwords changed, and how accessible are those passwords to your staff?  Do these staff positions have a high turnover?
• If you are engaging in e-commerce, can you identify all the databases in which you store customer information (including their contact details and payment details)?

3. Copyright and trade marks

• Have you registered the various marks you use in the course of business as trade marks?
• Are there any registered trade marks that are similar to your own trade marks?
• Have you developed a watermark that is capable of marking and protecting your proprietary information which is available online?
• If you have substantial matter uploaded onto a website, is there a way in which you can enforce infringements of copyright or allow third parties to use your proprietary material for a fee?
• Of all the material on your website, have you obtained necessary approvals and consents required to ensure that it is not infringing a third party’s IP rights?  For example, if you use e-commerce, do you have consent to use the images and description of various products on your website?
• Are the proprietary documents and other materials you provide others access to also editable and capable of being appropriated?
• Do you have a logo usage policy available online, or considered what terms will apply to any consent you provide others to use material you have developed?

If you require a closer analysis based on your systems and business practices, to dicsuss the risk you are exposed to, or whether you need an Information Security Review please contact one of our partners listed below.

 

Written by John Graves, Partner and Kenneth Chan, Solicitor