There have been some discussions as to an organization’s responsibilities for enforcing copyright protections and preventing digital piracy. The Digital Millennium Copyright Act (DMCA) includes a safe harbor provisions that shield service providers from fines if their networks are used for digital piracy. A comparable safe harbor does not exist for organization’s private networks. Thus, the first area to secure is the network against it from being used to breach copyright. Due diligence applies again insofar as an organization must demonstrate an active security program with regular reviews. Many commercial firewalls can be configured to block software that facilitates piracy. From an administrative perspective, the organization’s acceptable use policy must explicitly forbid violating the intellectual property rights of others using the organization’s technology.
As part of the information security education program, copyright and fair use can be explained. Copy writers and the creative staff must understand how they can reuse text from copyrighted materials without opening the organization to liability. Application developers must understand the differences in software copyrights and respect the various licenses when making derivative works. Systems engineers must understand how software licenses allow and restrict use, and follow these licenses when deploying software onto the organization’s equipment. The legal and information security departments can perform subsequent audits to ensure that people are aware of the laws and the policies, and are taking appropriate steps to respect other’s property.
Posted by