From Simon Briskman, Partner at Field Fisher Waterhouse: www.ffw.com
Security will be a prominent issue, as data protection laws and the government’s stance continues to toughen. Procurement teams will seek to shave money off outsourcings in a softening market and renegotiations will proliferate. Commodity outsourcing will be on the rise. I forecast some rays of sunshine with increased uptake of converged media – iplayer to my ipod and TV on my PC – net neutrality will remain a prominent debate.
From Kit Burden, Partner at DLA Piper UK LLP and SCL Trustee
2009 looks set to be a difficult years for many an IT department and IT/outsourcing supplier. Undoubtedly it will be a year when cost will be king, and the winners (such as they are) will be those who are best placed to play this card. So, step forward the offshore service providers in India and beyond (for whom profits may be down, but they will still be healthy), open source software and services vendors, and the purveyors of more flexible and lower cost Software as a Service offerings. What will be interesting to track will be whether there is any change in tack by customers in the procurement and contracting process (ie to lighten the load in terms of the length of the process or the types of clauses being sought) in return for lower costs.
From Guy Burgess, IT lawyer based in New Zealand: grb@ihug.co.nz
Prediction 1: 2009 will see an increase in data loss incidents, in particular in the private sector. While the past few years have seen major failings in government institutions, the public sector is well placed to implement stringent, mandated risk management processes to reduce such incidents. The private sector, with far fewer resources, more exposure, and more commercial pressure to take risks, will therefore pick up where HM Revenue & Customs left off (albeit, one hopes, on a significantly lesser scale).
Why the continued surge in data loss incidents? Many factors are involved:
- more data exists in electronic form
- more data is held off-site and by third-parties (think outsourcing, cloud computing, software as a service, offsite backups, etc.)
- more data is mobile (think memory sticks, PDAs, CDs in the post)
- more data is interchanged
- systems are more complex.
There is also a cultural element. The July 2008 Burton Report for the Ministry of Defence described the ‘Facebook generation’ as having ‘a culture where the rapid and often uninhibited exchange of information is the norm… [The] younger generation of MoD staff are not inculcated with the same culture of protecting information as their counterparts from previous generations’ (http://news.bbc.co.uk/1/hi/uk_politics/7473818.stm).
As the opportunities for data loss have increased, so too has the scope of potential loss. Expanding storage capacities and technical advances mean that an ‘incident’ could result in much more damage than was previously possible. As an example: a decade or two ago losing a briefcase would only result in the loss of the papers within that briefcase, probably numbering no more than a few hundred pages. Today, losing a tiny memory stick, PDA or CD may result in vast amounts of information being lost.
Similarly, the ‘foreseeable damage’ of data loss has increased alongside the rising value of data. For many businesses, losing all of their data would mean near total business interruption. In other words, it is now commonly understood that data is mission critical.
Prediction 2: OpenOffice, the free, open source office-software suite, will continue to make small but impressive gains in market share. There is little question that Microsoft Office will remain the weapon of choice for many years to come, but with the full specifications for Microsoft’s proprietary file formats having been released in February 2008, file format compatibility between the competing suites is now almost perfect. This makes OpenOffice a truly viable (and did I mention free?) alternative to the pricey Microsoft Office. Even if you have no intention of switching, it certainly makes for a useful bargaining tool when renewing Microsoft licensing subscriptions.
From Clive Davies, Senior Counsel, Government Business Unit, Fujitsu and SCL Trustee
The economic and financial crisis coupled with global warming will finally convince all organisations that morning and evening rush hours are a thing of the past. Flexible working using the vast array of technology at our fingertips or a mouse click away enable us to work from home or at our clients’ locations – from anywhere in fact where the work justifies the need rather than a lemming like rush each day to crowded offices buildings. The industrial revolution saw a move from the fields to factories. This will finally be reversed as the prejudice against home working is laid to rest.
From Ian De Freitas Partner at Berwin Leighton Paisner LLP
2009 will see a number of cases testing the law of publication of private information over the Internet. Over the last eight years we have seen the development of a law of privacy relating to material published in print, but little in the way of reported cases relating to internet publication of private information. The Max Mosley case opened the door to consideration of Internet publication (I expect the decision to refuse to grant an interim injunction to stop publication over the Internet to be tested and over-ruled in a subsequent case). Now we are likely to see cases testing when the English court will be prepared to take jurisdiction over material posted to the internet from overseas. Will forum shopping in privacy cases begin to rival that in defamation claims? Watch this space.
From Professor Lilian Edwards, Professor of Internet Law at the University of Sheffield
I’d predict that in the wake of the credit crunch and the contraction of the financial sector, a very few institutions will make cuts on security spending, which will lead to disastrous leakages of personal data, leading to yet more confusion and insecurity in the consumer market, and the erosion of trust in e-government.
Phishing will continue to skyrocket in this maelstrom of confusion over mergers, failures, liquidations etc, and banks will start to become more and more reluctant to pay out on phishing losses as a matter of course. The Government may then be forced to consider some of the ignored provisions of the House of Lords personal internet security report, such as explicit liability for phishing losses on banks just as on credit card issuers, or even to seek an industry sector norm of two-factor identification.
Obama will become the darling of Hollywood, and contrary to what lefty liberals might have hoped, IP maximalism will accelerate not reduce.
From Beverley Flynn, Partner in the Commercial and IT Sector Group at Stevens-Bolton.co.uk
Regulatory and compliance issues will become increasingly significant for the compliance departments of businesses and in-house legal departments. Following the heady years of acquisitions, time can now be invested into the bedding down and streamlining of businesses acquired. In particular, e-mail monitoring/computer use for social and work purposes and data protection compliance will gain prominence, particularly if the ICO gets its increased powers of enforcement. Given the large numbers of high profile data losses, businesses will also be encouraged by the regulators to reduce the risk of and look at the prevention of data loss.
There will be proliferation in the use of data access requests. Businesses and individuals will become more adept and knowledgeable at accessing data by use of tools such as making of Freedom of Information Act requests and Data Subject Access requests. The number of these requests will increase rapidly as businesses realise these can arm them with a commercial advantage and cutting-edge when bidding for work and dealing with competitors.
From Paul Gershlick, Associate at Mathew Arnold & Baldwin
I expect two topical themes to continue to take hold.
First, the impact of the downturn on IT. For too long, IT has just been seen within many businesses as occupying a certain percentage of their budget, with a deference to the IT department to prioritise those IT projects which they most wish to see implemented. 2009 will see a change as many businesses move further down the line of ‘zero-based budgeting’. Since many businesses are finding it harder to grow their top line, the way to increase their profits will be to reduce costs. IT is a major cost that will come under attack. With times getting tougher and it becoming harder to justify IT spend based on its impact on revenue growth, the software that directly results in saving costs will be the sort that does well in 2009.
Secondly, I envisage continued growth in the protection of personal data and privacy. In view of the continuing series of high-profile data security breaches in the public and the private sectors as reported at www.upload-it.com, I expect there to be a growing clamour for better tools available to the Information Commissioner’s Office in three areas: unannounced audits, fines for serious data breaches, and prison sentences for unauthorised obtaining of personal data. In addition, I expect the continued development of celebrities’ right to privacy, with some interesting cross-border twists as people try to stop the publication of material about them on the Internet.
From Rosemary Jay, Partner at Pinsent Masons LLP and the Information Law Team there
The next big issue in DP will be accuracy and data quality following the poor quality lending that contributed to the credit crunch and some scandal in which data is found to be grimly poor. The security breaches will also keep on coming probably through internal (ie employee) breaches rather than losses of removable media. Some major law firm will end up in the firing line in 2009, along with a long list of public authorities.
Despite the failure of credit data so far, lenders will put on pressure to get hold of even more personal information to help them lend/repossess safely as fraud continues to increase. Data sharing across the public, banking, insurance and energy sectors to claw back fraud losses will be the top of boardroom agendas and the ICO will clash with the FSA as the latter requires more and more information to be collected about banking customers and shared between newly merged banks – thereby leaving the banks in a tough spot in the middle.
Western credit referencing models will begin to take root in emerging economies, despite their slightly tarnished reputation at home, as CRAs try and seek out new markets. In the UK ‘manage your own credit file’ services will have a good year as people are refused credit and start to take more of an interest in managing their credit file, and question why they are being asked for endless information.
The Government will be forced back on some of its more intrusive proposals following public response but will go ahead with them anyway even if in a slimmed down form The ramifications of Marper (the ECHR judgment that held the UK DNA database should not hold records of those who are not charged or convicted) will start to bite and, against this backdrop, 2009 will see continuing high profile flashpoints in the liberty v security debate, but little will have changed by the year end.
On the growth of regulation, the extension of the Freedom of Information Act to contractors by order will be kicked firmly into the long grass on the basis that ‘its an extra burden on business in hard times’ but FOI requests made to the Government re the banking bailout will clog up the ICO’s inbox. Globally, new privacy laws may well be stalled for the same reason. If we have a general election in the summer and the Conservatives win, we may see a push towards more ‘principles based regulation’ on privacy issues as Cameron looks to cut perceived bureaucracy. Environmental concerns will push the government to again look at legislating on junk mail, despite attempts at DMA self regulation in this area.
Whatever happens we will continue to see a flurry of ‘new initiatives’ many of which are the same old stuff dressed up in new clothes but that finally PIA (privacy impact assessment) technical protection might catch on…
From Bill Jones, SCL Chair and of Counsel at Wragge & Co LLP:www.wragge.com
‘More for Less’ will be the mantra for 2009. When top lines stop growing, costs come under the microscope. Management’s top question is how can we save money now. This is the easy bit because it has already happened and is bound to continue. Outsourcing will therefore continue to be an appealing business model, although revisiting political risk after recent events in Mumbai might blunt the appetite of some for offshoring, at least in the immediate short term.
Another story of the moment is Software as a Service (‘SaaS’). It ties in with the ‘more for less’ mantra because analysing IT spend in terms of total cost of ownership indicates significant cost advantages for many SaaS offerings compared with traditional licensing models. The ball is already rolling but will gain further momentum next year not just with SMEs but also with major corporates.
From Laurie Kaye of Laurence Kaye Solicitors
- The extent of liability of ISPs, social network sites and other intermediaries for illegal content will continue to be under the regulator’s microscope. The three main drivers here are infringing content distributed via P2P, the protection of children from harmful and illegal content and privacy concerns.
- Information within an organisation will be seen more and more as both an asset and as a risk and will continue to rise up the agenda of in-house counsel.
- The pressure will increase on content owners to provide new, innovative business models. This will be both for ‘bottom line’ reasons and as a quid pro quo for strong and enforceable IP rights.
- Lawyers in Europe will be looking very closely at the implications in Europe of the far-reaching deal struck in the US between Google, the Association of American Publishers, the Authors Guild and five publishers to settle the ‘are snippets displayed by Google fair use’ litigation. In turn, this will bring the relationship between copyright and competition law into sharp focus.
- The credit crunch + recession will accelerate client pressure to move from time-based costs to fixed fees and other non-time-based fee arrangements. In turn, this will drive the profession to improve efficiencies and cut costs. With that in mind, Richard Susskind’s latest book. ‘The End of Lawyers’ is a must read.
- We’ll see more and more ‘boutique law’ firms – yes, I declare my interest! – offering in-depth, specialist advice at competitive rates to in-house counsel and to clients who want a ‘virtual’ in-house legal service.
- Against the backdrop of the Legal Services Act 2007, we’ll start to see some new businesses offering legal and non-legal services, drawing lawyers and other ‘knowledge-experts’ together.
From Chris Marsden, Director LLM in IT Media and E-commerce Law, University of Essex Law School
2009 will be the year of Obama’s reforms – both privacy and telecoms legislation is expected. It will not entirely roll back Bush’s FCC do-nothing attitude, but it may be more radical than many expect. On the ‘home’ front, European legislators will pass the Electronic Communications package, and expect vigorous action on social networks from the privacy and child protection perspectives. This may well converge with the wider (co-)regulatory agenda for search engines and ISPs. Economic recession will impact surprisingly little on these agendas.
From Iain G. Mitchell QC, Chairman, SSCL
The year will be a year of increased tension between the opening up and the closing down of information.
In one sense information wants to be free, because it is increasingly cheap, easy to replicate and disseminate, and sitting in a cultural context where old paradigms of property are breaking down. This is reinforced by changing cultural aspirations from a generation that is at home with You Tube, Wikipedia and social networking sites, where barriers to the flow of information (and, from time to time, misinformation) are at least permeable if not non-existent.
In another sense, information wants to be corralled, restricted, fenced and meted out sparingly – knowledge and information give power and are of financial value, whilst people rightly expect that their personal information will be kept secure.
These tensions will manifest themselves as follows.
- The impulse of Governments to regulate, control and snoop will increase as rapidly as their ability to succeed in doing so effectively will diminish.
- Well meaning systems of data regulation and control will continue to be frustrated by employees, data handlers and others who, viscerally, fail to take it all seriously – discs, memory sticks and computers will continue to be left on trains, pubs and restaurants, and there will continue to be temptations to share juicy gossip.
- More people in the entertainment industry will get to thinking that they need to find new ways to make money which recognise the outmoded nature of the present economic model; those who don’t will notice that the waves which were lapping around their feet are now pretty near their thighs.
- The battle between Open Source and Proprietary models will continue to be fought, but it will still be too early to call.
People who rashly make generalisations will be proven wrong.
From Simon Morrisey, Partner, Media Brands & Technology, Lewis Silkin
- We will continue to see a further increase in the supply of technology services by companies whose core business is not technology, ie companies supplying services to the marcomms and media industries. Such companies will struggle to manage these projects as internal resource will not be adequate to meet supply and service demands which in turn will mean an increasing reliance on sub-contracting.
- The old financial model of fixed fees, time and materials (or a combination of the two) will be eroded by the increasing realisation by suppliers of bespoke systems that such remuneration does not adequately compensate for technological deliverables that have a wider utility (and therefore value) beyond that for the project and client for which they are created. This will lead to more complex remuneration and licensing structures with customers and suppliers entering into collaboration and revenue sharing agreements.
From Alex Newson, Solicitor at Shoosmiths: www.shoosmiths.com
Last year I predicted the use of mobile phones in place of full-blown computers for many tasks. In 2009, that revolution will continue as smartphones become an increasingly popular way of using the internet, to get LinkedIn to our business contacts and talk nonsense with Tweeple on Twitter.
Windows 7 will disappoint, but provides me with a tenuous link to another trend of 2009: the increasing use of Software as a Service (SaaS). Online applications will be serious competitors for the (decreasing) IT budget against costly ‘traditional’ software and hardware solutions.
Outsourcing and the renegotiation of existing IT contracts will keep lawyers busy as their clients seek to rein in costs. Data protection will remain in the spotlight, being highly relevant to both SaaS and to the continuing losses of personal data by both the public and private sector. The Information Commissioner will continue to flex his muscles in response to such losses.
From Jeremy Phillips, inter alia consultant at Olswang, Professor at UCL and co-blogmeister of IPKat
A boom in internet-related IP infringement litigation, as the increasingly bored, frustrated and IT-savvy unemployed sector pits its wits against increasingly vigilant, organised and litigation-oriented rights owners.
Unnamed minor civil servants in the UK to lose ten times as many personal records as there are residents in the UK.
Action and reaction are equal and opposite, so no change in the war between pro- and anti-software patent lobbies.
From Gregor Pryor, Senior Associate in the Advertising Technology and Media team at Reed Smith.
My prediction for 2009 is that there will be an ever-increasing amount of emphasis being placed on the way that companies handle and exploit data that is collected from consumer Web sites, both in terms of: (i) the way that they leverage their data to create value for their business by becoming a ‘semantic’ web company; and (ii) whether their use of that data is in line with legal and regulatory requirements. This is very relevant to online media companies; the more effectively they can use the data they collect, the more valuable they become to advertisers and content providers looking to reach an increasingly fragmented audience.
From Chris Spencer, Group Legal Counsel and Company Secretary, EMIS and EMIS Group
Hardly a day passes without the Press being exercised (quite rightly) about another massive and embarrassing data loss.
Whilst every such loss does not inevitably lead to loss to the public (for example because the data is never found or never used) it almost always leads to loss for the data loser (for example because of reputational damage or loss of contracts – as in the PA Consulting case).
The Information Commissioner’s Office (ICO) has recorded 277 separate data losses in the year ended November 2008. This contrasts strongly with a recorded 80 in the year ending November 2006. Perhaps this is simply because more were reported in 2008?
As Richard Thomas, the Information Commissioner recently said:
‘I recognise that some breaches are being discovered because of improved checks and audits as a welcome result of taking data security more seriously. More laptops have now been encrypted and thousands of staff have been trained. But the number of breaches notified to us must still be well short of the total. How many PCs and laptops are junked with live data? How many staff do not tell their managers when they have lost a memory stick, laptop or disc? Many losses are probably simply undetected.’
Whatever the reason for the increase in reported data losses, the 277 that ended up with the ICO included:
28 by central government;
75 in the NHS;
26 by local authorities;
68 in other parts of the public sector;
80 in the private sector.
Am I alone in noting the absence of law firms from the above list?
There have been law firm prosecutions of course: Sajjad Khan of Knights Solicitors, based in London, was fined £650 and ordered to pay costs of £525.40 plus a victims’ surcharge of £15 at London City Magistrates’ Court for failure to notify as a data controller despite repeated reminders from the ICO of his obligations under the Data Protection Act. But no high-profile data losses by lawyers.
Perhaps this is because as a profession we have no stolen laptops, no lost memory sticks, no hard drives left on trains. Or perhaps this is because we have been very very lucky so far.
So, unless you believe that the ICO Commissioner Richard Thomas (in a previous life was Director of Public Policy at Clifford Chance) is acting as a ‘data fairy’ cleaning up after the legal profession, I’d recommend data encryption, training and enforcement of data policies. It won’t prevent a loss – that is inevitable – but it will lessen the reputational damage when – also inevitably – a law firm is added to the loss list and the Press gets its daily data exercise.
From Andrew Tibber, Associate at Burges Salmon LLP
Given that recession is now squeezing profits even harder, and after the recent PR and court successes of the games industry in taking action against illegal file-sharing, my prediction is that the music industry will follow suit, making increased use of Norwich Pharmacal orders and copyright infringement proceedings to crack down on infringers.
From Bonita Trimmer, Associate at Wragge & Co LLP: www.wragge.com
Next year will be an interesting period for those advising on issues where IT and intellectual property interact. It is an absolute certainty that even more of the blogsphere will be devoted to software patents and the ’as such’ exclusion in the months to come, but the questions which have been referred to the Enlarged Board aren’t likely to get answered for another two to three years, assuming that is that they are admissible which is itself debateable. Therefore I wouldn’t hold my breath for big changes in that area in 2009.
In contrast, with several references from different courts pending before the European Court of Justice concerning whether the use of someone else’s trade mark as a Google/Yahoo keyword infringes, I hope we will get some clarity on this issue soon. It is a close one to call but my instinct is that the ECJ will say ’yes, it infringes in some circumstances’ . On the question of whether Google/Yahoo can be indirectly liable alongside the keyword user, my bet, with higher odds, would be ’possibly’ but only after they have been put on notice – so Google/Yahoo may have to adapt their practices sometime next year.
Finally in view of the consultation on proposed changes to the copyright exceptions, who knows we British might legally be able to rip our CDs and play them on our MP3 players by Christmas 2009. Oh, and I also predict there will be even more IT/IP lawyer blogs and even fewer non-lawyers reading them – with notable exceptions, of course
From John Yates, Partner at Beachcrofts LLP
The end of the NHS National Programme for IT and a return to local IT procurement in the NHS
The last few years has seen a steady erosion of the NHS National Programme for IT (NPfIT) : Fujitsu’s recent contract termination in the South, Accenture’s withdrawal from North East and East of England, the deployment freeze in London cluster, and the new framework for additional supply capability and capacity (ASCC). As the Department of Health loosens its vice-like grip over procurement of IT systems and services, freedom of choice is flowing back to NHS trusts. But have we not been here before? When the regional computer centres were privatised in the late 80s, trusts spent more than a decade creating islands of legacy systems and data that NPfIT was designed to fix. Sounds like Back to the Future…
