Top 5 tips for organisations when introducing tech innovation

Specialist technology lawyers Mei Fern Johnson and Chris Curran presented at last week's ITx 2018 conference on their top 5 tips for organisations when introducing tech innovation, from a legal perspective. The key takeaways from their 'top tips' presentation are as follows:

1. Make good upfront choices on technology and implementation partners

• When implementing new technology it is crucial to choose a base technology that is fit for purpose, especially if the strategy is premised on adopting commercial off-the-shelf technology with minimal customisation.  
• Choosing the right implementation partners upfront is also key. Do your due diligence.
• All complex IT projects will experience issues along the way, so often the most successful projects are relationship-driven where parties can navigate issues constructively.  

2. Understand how you will be paying for the technology and what you will get for it

• Implementing new technology requires making financial decisions early on. For example, licence fees should be structured efficiently and to align with how users will interact with the technology.
• As part of agreeing to pay for the new technology, it is important to know what intellectual property belongs to you, and what the licensor and/or supplier continues to own.  
• If a third party notifies you that you have breached their IP rights by using technology you have licensed or which has been developed for you, contact the licensor/developer immediately and consider whether you can continue to use the IP.

3. Design for cyber security events and get only the insurance you actually need

• Unfortunately, cyber incidents such as hacking, ransomware or denial of service are no longer uncommon. Every new implementation should therefore have cybersecurity features designed into the system. 
• Make sure your business continuity plan is also robust, including cyber resilience measures as well as clear cyber response procedures.
• Even with preparation, dealing with the aftermath of a cyber attack is costly, so cyber insurance can provide protection against the costs of recovery. Policies should be broad, but conversely, try to avoid the inclusion of unnecessary services or duplication with other insurance policies, and only purchase cover for relevant risks.

4. Be prepared on privacy

• Increasingly, new technology is enabling the collection of personal information at a large scale and for multiple uses. It is preferable to incorporate privacy by design into the architecture of any new system, rather than trying to make use of the new technology fit with privacy requirements later on.
• It is also essential to be prepared after the Government's recent introduction of the Privacy Bill, which, if enacted, will repeal and replace the existing Privacy Act 1993. Please see our update for further details.

5. Take preventive, protective and proactive steps to address disputes

• Prevention is the best form of mitigation, so actively manage every project and keep communication clear. In terms of legal protection, technology contracts should have clear standards, adequate remedies, and appropriate caps on and exclusions to liability. 
• If something does go wrong, make sure you retain your records and avoid waiving your rights through inaction or inattention. Review the broader picture, and consider whether a project can still be completed after a dispute, or if a project reset may be preferable to litigation.

If you would like to discuss the above tips in relation to your organisation, please get in touch.