Does risk management have any relevance to the technology industry or to other industries' dealings with it?
I believe it does. Where an industry has established a regular pattern of behaviour – where the legal problems which face that industry are well-known – it is reasonable to assume that people working in that industry have a reasonable degree of legal awareness: that is, awareness of the risks attached to certain actions and of the need to take precautions before venturing into a risky area.
Most of the technology industry is not like that. It is a new business and one in a constant state of flux. For many years there was even a marked reluctance to pursue matters to court. While this can hardly be portrayed as a fault on the part of the industry, it led to an atmosphere in which the law was viewed as largely irrelevant except in the field of intellectual property.
A significant factor behind this was the understanding, by customers, that they were buying "work in progress"; that product descriptions usually promised more than was delivered and perfection was not to be expected. Contracts were normally on the supplier's standard terms and had extensive exclusion clauses.
That has changed. Customers may not expect perfection, but they certainly expect basic conformity with the legislation applying to the sale and supply of goods and services.
As a rule, they are less willing to use the supplier's standard terms and, where they do, they are more likely to invoke the Unfair Contract Terms Act to strike out unreasonable exclusion clauses. If they do invoke the act, they find that the courts show considerable enthusiasm in its application – most notably in the cases of CAP v The Salvage Association and St Albans v ICL.
In both these cases, the court considered the amount of professional indemnity cover available to the software developers to be of major significance in assessing the reasonableness of an exclusion clause. Yet how many salesmen know their company's insurance position or consider it when negotiating an exclusion clause?
And how many software companies have systems which ensure that decisions on limits of liability are dealt with at an appropriate level and with reference to the company's overall exposure and global insurance premiums?
In the CAP case, it was highly significant in assessing reasonableness that a board decision to increase the maximum financial limit in exclusion clauses had been taken prior to the contract in question being signed. Yet what mechanisms do most software developers have in place to ensure, first, that the potential legal significance of any such decision is fully assessed and, second, that its contents are securely communicated to all relevant personnel as soon as possible?
Legal risk management is too often thought of as merely a new name for a familiar aspect of traditional legal services: an audit and examination of liabilities after they have arisen.
It should be something more active and interesting than that: a way of integrating legal awareness into a business's central commercial operations. As such it is appropriate to any industry but particularly to a rapidly-changing one such as the information business.
Iain Monaghan is partner in charge of Masons' non-contentious computer law services.