continued from page 6

Prosecutors and plaintiffs’ attorneys often will seek to comb through a firm’s e-mail files during investigations or in the discovery process. A document retention plan should ensure that crucial e-mail is not deleted and also establish a regular schedule for the deletion of unnecessary e-mail.

Another important consideration is that under the Electronic Signatures in Global and National Commerce Act, communications via e-mail can be as legally binding as signed contracts on paper.(36) Signed into law by President Bill Clinton in June 2000, the act gives electronic signatures the same weight as those written in ink on paper. It also requires that, to be legally enforceable, electronic contracts and records must be in a form that is capable of being retained and accurately reproduced for later reference.

To prevent unwanted acceptance of changes in design or even contractual terms, firms should establish contractual controls over customer communications. This should clearly set out what constitutes authorized communications and who within the client company has the authority to approve or to recommend changes in the scope of the project or in design. Firms also should place a disclaimer on e-mail that sets out their policy for design use.

A firm’s procedures to deal with project communications via e-mail should cover what constitutes delivery of a document via e-mail or the Internet and what constitutes a sealed deliverable. To track crucial documents, such as sealed plans or original versions of a design, firms should use a docket system that will monitor and manage document changes and protect against unauthorized alterations.

For their own employees, firms should have a clear policy stating what may or may not be sent via e-mail and strictly prohibiting the sending of material that is objectionable or that possibly defames another employee or a rival firm. Even when sent to a small group of people, e-mails can be potentially libelous. In a recent libel action seeking $100,000 in damages, a member of a Massachusetts civic group was sued by another member over an e-mail that was sent to just two people.(37)

Storage and Network Security
Along with the risks brought about by e-mail, firms also need to take measures to protect themselves against exposures brought about by the use of the Internet and internal corporate networks.

While paper plans and files can be lost or destroyed, they generally don’t simply vanish or become unreadable when the file cabinet is damaged. If a computer system is damaged or compromised, however, many hours or even weeks of work can be lost in an instant. For an architectural or engineering firm, the loss of data can mean penalties for missed deadlines as they are forced to recreate work.

Computer files should be protected with formal plans to back up digital data. Those plans should include periodic testing to ensure that the documents would be restored to their original condition in the event of a system crash.

Because computer systems also can be damaged physically, firms should maintain offsite backup storage. Then, if the office is destroyed in a fire or damaged in a flood or even closed down due to an accident at a nearby building, computer files can still be accessed from the remote location, enabling employees to continue to work and communicate on a project and ensuring that the work in progress as well as finished, copyrighted designs are not lost.

As a number of incidents have shown, electronic data and documents can be pilfered, damaged, or destroyed by computer criminals hacking into a system. Viruses can delete whole files, render them unreliable by deleting portions of them, or make them totally unreadable. To protect against those dangers, firms
need to maintain full firewalls and keep antivirus programs up to date.

To ensure that files or computer systems are not misused by employees, firms should institute formally documented access controls, such as passwords that are maintained by managers and changed frequently. A key part of the effort to maintain computer security is adequate employee training.

Internet Exposures
As A&E firms make greater use of the Internet in daily commerce, they also open themselves to exposures that had previously been limited to broadcasters and publishers, including the unauthorized use of copyrighted images. To manage those risks, firms should establish policies and procedures regarding intellectual property rights that include proper content clearance procedures and define what employee and client information should be considered confidential. Firms should also seek outside counsel as needed to protect against personal injury or copyright infringement issues.

continued on next page>>
1|2|3|4|5|6|7|8