IT lawyer Anthony Lee explains how to tackle the legal issues that can threaten to derail large systems integration projects

IT Week: As a lawyer, can you explain when companies can claim damages for the failure of their IT systems?

Anthony Lee: Users want to know the extent to which they can claim consequential losses or indirect losses if systems fall down. If the system crashes because there is a fault in the software, the user that has become dependent on it may incur damages through loss of data or loss of productivity. Case law is constantly evolving and this will dictate whether users are entitled to compensation.

With system integrators playing such an important role in installing new apps, who is responsible when things go wrong?

One of the major issues is where should firms point the finger if things go wrong? As a lawyer, it is crucial to understand who is responsible for what. If you have entered an agreement with a system integrator and they have an enterprise-wide solution embracing enterprise resource planning (ERP), customer relationship management (CRM) and supply chain management software, you need to know who is responsible in the event of a project failure. The best solution for buyers is to appoint the systems integrator as a prime contractor. In this case, it does not matter which part of the system goes wrong, because they must shoulder the burden of responsibility.

But what if the buyer contributes to integration failure?

Current case law dictates that a big system project is a two-way process. For a systems integrator to deliver an efficient solution to the client, the client must co-operate by providing the right resources, the correct environment and whatever else they need to do to ensure that the system will work properly. In the event of a dispute, it will come down to providing evidence that both parties fulfilled their side of the contract.

What other factors contribute to integration failure?

More often than not the underlying tools and software work very well. It's more a case of getting the right integration team together to make it happen. It's when project teams are not working together properly that problems occur, and this can be the fault of the supplier, the partner or the customer, and sometimes the fault of all three. It is important that contractual relationships lay out a clear route map as to who is responsible for what, and they should guarantee the stability of the resource. Sometimes, systems integrators will field an excellent team on a project only to switch to a less experienced team at a later date. It is possible to guard against such eventualities in the contract.

What are the legal pitfalls that IT managers should look out for when integrating systems?

Database mergers can sometimes throw up legal problems because of data protection laws. If you are in an organisation involved in the analysis of customer data you should be very concerned if you are taking feeds of information from your partners and customers. You must ensure that they have done everything they should to comply with the data protection rules, and that the data is clean.

What issues should you be aware of when connecting back-office systems to clients and partners?

The main issue is one of security and authentication. You need to be sure that the companies are who they say they are. This relies on public and private key infrastructure (PKI) encryption technology. (Firms must ensure that the way they handle data does not) breach confidentiality or the Computer Misuse Act.

Have your say: contact IT Week

ABOUT ANTHONY LEE
Anthony Lee is a director within the technology practice of KLegal, the associated law firm of KPMG.

He has extensive experience in identifying, managing and minimising legal and commercial risks in relation to the roll out and management of IT systems.