Recently I worked with a group to create a logging system for tutoring labs to track Tutor hours, and usage of the labs. We had to change the design a fair amount to be in compliance with FERPA.
My question stems from the curiosity that in my course of study there has never been a real mention of how people in this field have to deal with complying with the law in their work. So I would like to know how much programmers have to consider the law in the work they do.
In many fields dealing with legal or regulatory requirements are a daily thing. Sarbanes Oxley compliance is critical for large businesses, health care organizations have to consider HIPAA, programming for state, local or federal government projects tends to have lots of regulatory requirements. You may also need to consider Government Accounting Standards to make sure you have what auditors need. You may have to deal with privacy considerations and there are laws about how the disabled must have ways to access the data.
In our business we have government regulations that vary by state that our clients must follow and spend a fair amount of time making sure the compliance rules are followed and in creating reports to show that we have complied with regulations. If you are selling anything, at a minimum you need to consider taxes. You may also get stuck dealing with things like ISO certification requirements which aren't legal, but are simliar in their pain in the posterior factor.
In general if you are doing business programming (especially anything to do with health care or finances) and you are unaware of any legal or regulatory requirements, you have a good chance of doing something wrong. If you (or your company) have never asked about them, then you are definitely doing something wrong as it should be one of the first questions that almost every project starts with. You don't know if the answer is no unless you ask.
If you are selling software to businesses (not so much individuals), regulatory compliance is often a key selling point as not everyone does a good job with this. We get a lot of our clients specifically because we do a much better job of this than our competition and regulatory compliance is critical for our clients.
If you are in Gaming, I would expect less of a need for this although, I'd bet there are still disability laws to comply with.
I personally have never worked on a major project that didn't have some regulatory or legal needs to consider.
well, as my products are for the Public Safety sector (911 software, etc.) pretty much every day.
Though I've never had to deal with it, I have heard that Sarbanes-Oxley compliance has forced a fair bit onto many projects.
I don't know of any specific programming related legal considerations, but there are a vast number of business or organization related regulations and laws that may impact software as either a service or a product. From privacy, accessibility, intellectual property that apply to all sorts of businesses, to sector-oriented financial, medical regulations.
One Sarbanes-Oxley control I'm familliar with is the requirement where no developer is permitted to deploy into production... only a System Administrator may deploy binaries.
I develop for a company involved with medical software, and HIPAA compliance does affect the design of our programs. Anything that may contain patient information must have options for restricting and logging access.
In the course of supporting our clients, our engineers may chance to view patient-specific information, so our company also held HIPAA training sessions we had to attend to make sure we were aware of how to be HIPAA-compliant.
