Copyright and Software Licensing Implications for Remote Work Force During Covid-19
In the recent years, companies have slowly been incorporating more options for its employees to work remotely from home or elsewhere. However, the Covid-19 pandemic accelerated this transition and forced entire companies to work from home without time to prepare the proper infrastructure.
There are potentially serious copyright infringement, software licensing, data privacy, and information security concerns related to transitioning to a remote work force. A company could run afoul of copyright laws by failing to properly license software its employees are using during this period, resulting in costly monetary damages. See 17 U.S.C. § 504.
- Allowing Employees to Run Company Software on Personal Computers
Recent government restrictions in many jurisdictions prohibiting more than 10 people gathering has resulted in many companies shifting their workforce from offices to working remotely from home. While some may have issued work computers to employees, those not equipped or set up for working remotely may be forced to rely on their employees’ personal machines. This raises several issues related to copyright infringement, software licensing, data privacy, information security, and infrastructure.
A company is responsible for software licensing on computers it owns. However, this responsibility may be extended to machines not owned by the company that are used for commercial purposes supporting business. For example, individuals may not use their own copies of Microsoft Office Home or Personal edition while working from home to perform tasks for work. There is a specific commercial use restriction in the End User License Agreement in Section 1 (a)(iv). It states “Other Requirements. Except as permitted under Section 1.a(i) above, only one person at a time may use the service/software on each device. The service/software may not be used for commercial, non-profit, or revenue-generating activities…”
It is important for a company to either provide both the device and the software, or at the very least, correctly licensed software for its employees to use remotely. Management and IT staff should carefully review license restrictions for all software an employee may use or access remotely and evaluate whether a new license is necessary.
2. Acquiring Proper Licensing for Remote Work
Companies should consider conducting an internal audit of software and hardware for its employees in order to avoid potential copyright infringement claims for unlicensed or improperly licensed software.
Additionally, it may be necessary to upgrade the company’s infrastructure in order to enable access to its servers and software remotely. Some companies rely on VPN, while others may use different virtualization services.
If there are a number of employees accessing servers specifically spun up to provide remote employees the ability to work from home, IT should ensure than they are properly licensed and each user has the appropriate client access license (“CAL”) if necessary. Remote Desktop Users also require CALs, depending on how the server it set up. Failing to account for CALs could become costly during an audit.
In some instances, and employee may utilize the backup copy granted in specific license agreements for software for use on a laptop. Not all software allows the use of backup copies, so carefully review the provision in the license agreements regarding use in order to determine whether a backup copy may be used. Typically, if the software grants the user a backup copy, it must be used only by the original user and non-concurrently. This means that the user cannot use it on more than one machine at once and may not allow anyone else to use the software.
3. Data Privacy and Information Security Protocols Should Be Enforced
Protecting the company’s sensitive information is very important when transitioning to a work-from-home model. The risk of an incident involving sensitive information increases if the company’s employees are not using work-issued devices containing encryption and other security and access controls. The cost of a data breach from a remote user could be incalculable, depending on the nature of information disclosed.
All companies should be especially vigilant about its data, especially heavily regulated industries such as healthcare, financial, government or companies that require a security clearance. Aside from losing business and revenue, a company could violate several regulations because it failed to adequately protect the data on employee machines. It is recommended that all machines used by employees, whether company-owned or personal, should be protected by the same security protocols and encryption in order to ensure data and privacy of customers and information remains protected.
This is a difficult time and transitioning is fraught with intricate legal implications. When in doubt, consult a legal expert.