Although the aspects of copyright law remained the same as they were pre‐pandemic, it’s important to revisit them in light of your institution’s new and increased uses of e‐learning, Peterson advised.
First of all, institution‐owned work (i.e., original works created by your institution’s staff or faculty without using other people’s music, images, text, etc.) and public domain work don’t fall subject to copyright restrictions, Peterson clarified.
Some copyrighted work might qualify as Creative Commons Licenses, which offers free permitted uses as long as you cut and paste the license and include that with the copyrighted material in your PowerPoint presentation, he advised.
Sometimes, you might be required to also include an attribution line somewhere in your online class presentation, and you might not be permitted to redistribute the material beyond that one class, he added.
But either way, a royalty doesn’t come into play, he said.
- ➤ The purpose and character of your use. (Are you using the material to generate revenue?)
- ➤ The nature of the copyrighted work. (Is the material in a textbook for sale or are you using 30 seconds from a movie or TV episode?)
- ➤ The amount and substantiality of the portion taken. (Are you copying an entire course book or just taking a brief clip from a movie or play?)
- ➤ The effect of the use upon the potential market. (Are you robbing the copyholder of profiting from that material because you could/should have just purchased that original course material packet?)
- ➤ Ensure the work was lawfully acquired.
- ➤ Limit the amount of work accessed (i.e., a portion of the work versus the entirety of the work).
- ➤ Limit access to the work to students currently enrolled in the class (i.e., present the material in a way that only students who registered for the class will have access to it as part of the educational process rather than just posting it to YouTube).
- ➤ Limit access only for the time needed to complete the class session or course, rather than an unlimited posting for five or 10 years.
- ➤ Inform instructors, students, and staff of copyright laws and policies, and establish policies explaining the copyright laws and the requirement to follow them.
- ➤ Prevent further copying or redistribution of copyrighted works (e.g., your students can view the material as part of your presentation but they can’t download the copyrighted work from your presentation).
- ➤ Not interfere with copyright protection mechanisms (e.g., you can’t strip the copyright notice off a copyrighted work).
REVIEW, UPDATE POLICIES FOR REMOTE WORK
As the pandemic forced an unprecedented number of college and university employees into remote work arrangements, many institutions became unknowingly exposed to a variety of employment‐related legal issues.
To help institutions successfully adapt to the virtual workplace environment while complying with relevant laws, regulations, and policies, the Employment Law Alliance hosted a webinar featuring Kathleen Henn, Esq., Associate General Counsel for TCS Education System.
If you don’t already have a policy for remote work now’s the time to develop one, and if you do have a remote work policy now’s the time to review and update it.
If you don’t already have a policy for remote work now’s the time to develop one, and if you do have a remote work policy now’s the time to review and update it, Henn advised.
To help make sure your policy is legally sound, follow Henn’s recommendations:
- Address short‐term considerations right away. Review your institution’s IT and intellectual property policies. Because work‐at‐home injuries could be eligible for workers’ compensation claims, consult with your institution’s insurer on the specific advice and recommendations you should provide to employees to help them set up safe workspaces at home (e.g., smoke detector installation, trip‐and‐fall prevention).
- Plan ahead for long‐term considerations. In case some remote work continues even after the pandemic, consider adopting a signed acknowledgment/agreement between the institution and the employees. Identify which states and/or countries employees may work from and require employees to specific their home’s location, which influences employment and wage laws. Consider including in the policy a section differentiating mandated work‐from‐home versus voluntary or agreed‐upon work‐from‐home.
- Address stipends for work‐from‐home business expenses. Some employers provide a monthly across‐the‐board expense stipend included in employees’ paychecks while others rely on expense reports. Laws in some states require employers to cover remote workers’ business expenses (e.g., internet). This may vary depending on whether remote work qualifies as permitted, voluntary, or required. Consult with legal counsel to be sure.
- Know how to handle accommodations requests. The pandemic doesn’t change the basic principles of the Americans with Disabilities Act, such as the requirement to engage in an interactive process with employees requesting accommodations. The Equal Employment Opportunity Commission has provided guidance for various scenarios at www.eeoc.gov/wysk/what‐you‐should‐know‐about‐covid‐19‐and‐ada‐rehabilitation‐act‐and‐other‐eeo‐laws. For example, although the ADA doesn’t apply to employee requests for remote work because a household member qualifies as high risk for COVID‐19, the EEOC does encourage employers to extend flexibility to such employees and how to apply policies fairly to avoid discrimination.
REMOTE WORK RAISES INFORMATION SECURITY RISKS
The recent increase in working, learning, and conducting research remotely should trigger higher education administrators to pay more attention to information security considerations, according to Sam Sneed, Esq., Director at the law firm of ES&A in Hawaii, and a panelist in an Employment Law Alliance webinar.
The security considerations aren’t necessarily new but definitely have increased, partly due to the decreased ability for in‐person oversight, she noted.
“The number of security exploits — bad actors doing bad things — are on the rise,” Sneed said.
In fact, during the pandemic, she noted, the FBI has had a fourfold increase in information security‐related complaints, with common concerns including Zoombombing and other problems with videoconferencing security.
A lot of the concerns were preventable, and while Zoom has increased its security features, she recommended that higher ed administrators take additional risk management steps regarding information security:
- Use passwords and security features. For online classes and meetings, take advantage of available security features. “The more secure you need a meeting, the more secure you need to keep your passwords,” Sneed noted.
- Beware of phishing, smishing (phishing via text), spoofing, and social engineering attacks. Bad actors use email or text to pose as someone else (often a person in a position of authority) with the intention of getting you to do them a favor or to click/open a link or attachment that contains a malicious code. For example, beware texts from your “boss” telling you to immediately wire money to an account. With the increase in remote work, many people will act on spoofing requests without first verifying the validity. If you receive emails or texts requesting a financial favor, first call the individual’s regular phone number to confirm before acting. If in doubt, don’t respond to messages or requests, and don’t run or open files, attachments, or links.
- Avoid public networks. If you’re working in a public place, such as a local coffee shop, keep in mind that you don’t have control over that network’s security and that someone can be watching everything you’re doing online. If you must go online in a public place, try to use a VPN, encrypt your internet traffic, don’t log in to any sensitive information or accounts (such as banking), and use multifactor authentication.
- Have and know the data breach plan. If a data breach occurs, your institution should have written procedures to follow and a phone tree specifying who to call and in what order. Depending on the level of involvement and severity and/or public impact, your institution might need to reach out to cybersecurity consultants, legal counsel, and communications/public relations staff. Depending on the level of impact and the jurisdiction, you might need to report the data breach to law enforcement, regulators, the public, and/or contractors.
- Look into cybersecurity insurance. General liability policies have increasingly excluded cybersecurity. Check the limits and exclusions. Some insurers will offer a panel counsel and panel consultants to help you navigate the breach, remediation, and litigation process, and provide access to and incentives for better preventive measures.
- Confirm access control measures. Make sure employees/contractors aren’t accessing systems/information they shouldn’t. And keep in mind that just because you can monitor employees’ remote work doesn’t mean you should.
- Address export controls. Remember that exporting doesn’t just involve shipping something in a box it also involves communicating with a foreign national. This is especially relevant because faculty, students, and researchers can be from all over the world.
- Check storage security. Make sure all cloud storage has been vetted by your IT department. Identify the physical storage location of all hard and electronic copies of information.