Software developers must keep numerous legal and regulatory considerations in mind when creating software. Organizations that use the software should also be aware of these regulations in order to remain compliant, both in their record keeping and in their use of internal-use, proprietary, and open-source software.
Until 1983, computer programs could not copyrighted in the United States. A software developer could copyright source code, but not the binary program produced when this code is compiled. This is because the compiled program was viewed as a “utilitarian good” generated from the code rather than a creative work. In order to assert a copyright, the developer had to make the source code available with the program. While publishing the source code gave a developer greater control, it also made it easier for others to copy and modify the program.
Another law, the Sarbanes-Oxley Act (SOX), covers information retention. It states that all organizations, regardless of size, must retain certain business records for at least five years. E-mails and electronic records are included in this category.
There are several types of software, distinguished by which license governs their use. A software license is a legal instrument that states how copyrighted software can be used. Open-source software makes its source code available, with no restrictions on how it may be used. Its license gives users the right to modify the program, make copies, and distribute it to others. Open-source software is usually, but not always, free of charge.
Proprietary software is software on which the copyright holder has placed certain restrictions. It typically comes with a license agreement. This is an implied contract between the copyright holder and the end user. The license agreement spells out what the user can and cannot to do with the software. It may also include a disclaimer of responsibility should the software damage the user's computer in some way. As a legal contract, license agreements can, in theory, be enforced in court. In practice, enforceability may depend on the terms of the agreement, how and when the user consented to it, and even which court has jurisdiction.
Other types of software include freeware, shareware, and internal-use software. Freeware can be freely used, copied, and distributed but does not permit modification of source code. Shareware is a type of proprietary software that is initially provided for no cost and can be freely copied and distributed, but continued use under certain conditions requires the purchase of a license. Internal-use software, or private software, is developed for a company's own internal use but not made publicly available.
The Food and Drug Administration (FDA) has said that it does not intend to regulate mobile medical apps and consumer devices to the same extent as other medical software. Official guidelines state that unless an app or device makes disease-specific claims, it will receive no or low-level oversight, depending on how much risk it poses to patients. Any app that shares health information with covered medical entities must be HIPAA compliant.
Software regulations and standards provide numerous benefits, including limiting flaws in software and lessening users' exposure to viruses. They are also geared toward protecting users' privacy. Regulation is about ensuring the confidentiality, accessibility, availability, and integrity of information. It is a form of accountability that will allow both proprietary and open-source software to improve as technology moves forward.
Aziz, Scott. “With Regulation Looming, It's Time for Industry to Raise the Bar for Software Quality.” Wired. Condé Nast, 28 Aug. 2014. Web. 31 Mar. 2016.
Balovich, David. “Sarbanes-Oxley Document Retention and Best Practices.” Creditworthy News. 3JM Company, 5 Sept. 2007. Web. 1 Apr. 2016.
“Categories of Free and Nonfree Software.” GNU Operating System. Free Software Foundation, 1 Jan. 2016. Web. 31 Mar. 2016.
Gaffney, Alexander. “FDA Confirms It Won't Regulate Apps or Devices Which Store Patient Data.” Regulatory Affairs Professionals Society. Regulatory Affairs Professional Soc., 6 Feb. 2015. Web. 31 Mar. 2016.
Rouse, Margaret. “Sarbanes-Oxley Act (SOX).” TechTarget. TechTarget, June 2014. Web. 31 Mar. 2014.
Wang, Jason. “HIPAA Compliance: What Every Developer Should Know.” Information Week. UBM, 11 July 2014. Web. 26 Feb. 2016.