In strictly legal terms, YouTube should probably never have got off the ground. Yet it certainly works commercially. Last year, the video-sharing web site was sold for £880m after just 18 months of operation, even though it had to set aside £100m for potential claims for copyright breaches.

For firms, the lesson is that with the right business model, the potential upside of online content offerings may be enormous. But they should not ignore the issues of digital rights – though they may take a commercial view to predict how the law will be applied, rather than assume it will be enforced to the letter.

IT directors frequently have to make such judgements. In devising systems and managing projects, they often create many different layers of rights that have to be properly assigned and protected, otherwise any value may swiftly evaporate, because the web is the most efficient copying machine ever invented. At the touch of a button, ideas and information can be copied around the world, instantly escaping the national confines of copyright law.

For many suppliers of content it has been a disaster, because piracy and file sharing have become businesses in their own right. Record sales, for instance, have fallen 20 per cent in the past five years, and in 2005 it is estimated the UK film industry lost £719m at the box office and £3.5bn in video sales because of piracy. For software vendors, the pain was just as bad with an estimated £1.5bn of lost sales.

For other types of organisation, the losses are less direct, but nonetheless real. Their rights have been infringed for content such as software, documents, brands, logos and databases, often developed with third parties and critical to operations.

Trusting to firewalls and network security is not enough. Information moves so quickly and widely that mechanisms to protect it have to be embedded in organisations in the form of notices, licences and terms, and technical measures to safeguard rights.

Five years ago, many people said that copyright could not be protected online. Now there are signs that the tide might be turning. Landmark legal cases against filesharers brought by MGM in the US and by Universal Studios in Australia have enforced legal rights.

Meanwhile, in the UK, campaigns by trade bodies against infringers are having an impact. Record industry body the BPI has been successfully proceeding against file-sharers since 2004, and last year the Federation Against Software Theft (Fast) conducted a successful covert operation against software sharing online.

More eye-catchingly, just before Christmas, the Business Software Alliance filed claims against a global teleconferencing operation and a London solicitor for running unlicensed software.

More action can be expected. In December, the government published a major review of intellectual property, by the former editor of the Financial Times, Andrew Gowers. The report recommends tightening up enforcement and putting digital infringements on the same basis as physical infringements. Instead of facing a maximum sentence of two years for communicating a copyright work to the public, online pirates may face 10 years.

For rights holders, the fightback has begun, says Jonathan Cornthwaite, a partner in the IT and intellectual property practice at law firm Wedlake Bell.

‘Illegitimate systems are becoming more legitimate and ISPs are becoming more co-operative in disclosing the infringers’ names. Even so, it is hard to conceive that all online infringing could be closed down,’ he says.

To bring the law into line with modern consumer behaviour, the Gowers report also recommends introducing a limited right of private use, allowing individuals to switch the content of DVDs and CDs from one format to another.

The report also recognises that the market for downloads is not just driven by pirates, but reflects consumer desire to use content on a wide range of devices.

‘Wherever and whenever on whatever device is what consumers want,’ says Simon Crouch, a senior manager at Spectrum Strategy, which advises broadcasters, mobile operators, record labels and sports organisations on new media.

‘They do not want to pay more than once. So if you subscribe to sport on TV, you do not want to have to pay for it again if you are away and watch it on your mobile. It should just be a data charge.’

At first, content suppliers ignored these new patterns of consumption, which led to the emergence of online services such as Napster and illegal downloading of songs. So far, the most successful response has been iTunes, which makes downloaded music available legally at a price. But it locks consumers into its system.

Crouch says that the trend in digital rights management (DRM) is for more interoperability. ‘It means having the flexibility to take payment for content wherever it goes,’ he says. ‘The difficulty should not be in making payments go in the right direction, but persuading everyone to agree a common set of standards where terms can easily be translated.’

The danger with DRM is that it could just become a protective coating for old business models as they move online, says Mark Isherwood at Rightscom. He argues that the problem with focusing on technical measures for DRM is that they

could end up limiting access to content that people have a perfect right to see.

After 17 years in the music business, Isherwood now advises content owners and technology firms on digital rights. The best strategy, he says, is to determine a policy first, then apply appropriate technology to protect rights. ‘Figure out the policies for what people can access and on what terms. Ask what you’re trying to do with content. Who is it for? Who needs to see it?

‘Some documents might only be available to the top three executives in an organisation or they might be open to everyone with access to the intranet. Are they allowed to download it? Or just to view it? Can they email it to friends? You want an across-the-board view of rights management in a networked environment.’

Only when the policy is decided should firms start to consider particular techniques to protect content, such as hard coding access, tracking data with meta tags or setting up passwords and authentication. In more complex business models, the policies that apply to a particular piece of content might be expressed when it is moving around the network, whether on a PC or on a mobile, says Isherwood.

‘These are still fairly early days for rights expression language, apart from insulated systems such as iTunes,’ he adds. ‘To avoid any ambiguity between networks, we still need a rights data dictionary for terms such as “copy”.’

For digital content to have any value in the eyes of investors and bankers, owners must be able to prove a clear title to it. That is where mistakes are often made, particularly by large organisations, which may wrongly assume that they own all rights. In reality, there is almost always third-party content in products, particularly with Web 2.0 systems where users create content.

From the outset, firms should lay out the terms under which material is submitted, so they can reuse it, says technology lawyer Maitland Kalton. ‘The tendency now is not to seek ownership, but to reserve the right to use material for any purpose on a royalty-free basis.’

‘Specify whether you will give a credit or not and always gain a warranty. You could be exposing yourself to potential

liabilities through uploads. Ensure you have a complaints system, so things can be pulled down fast. If there is a risk from third parties, consider getting insurance.’

This is an excerpt from the cover story of this month’s Computing Business, the magazine for IT leaders from the publishers of Computing. Visit: www.computingbusiness.co.uk