The past few years have seen the entry of major brands such as Microsoft, Coca-Cola, BMW and Dell into the virtual world Second Life, alongside millions of traditional individual users.

Businesses typically use Second Life as a marketing tool to raise brand awareness and as a shop window for products, but it is also used for direct sales and recruitment.

Second Life and similar sites have been likened to a frontier environment in which opportunities exist for the legitimate and unscrupulous user alike. In-game currency, goods and property can have real-world value and are routinely traded between users for cash. One Second Life user recently claimed to have amassed $1m (£505,000) through developing and trading virtual real estate.

The fact that virtual worlds generate real financial transactions has led to concerns being raised with the UK government about the risk for credit card fraud, money laundering, tax evasion and identity theft.

One of the main legal concerns is infringement of intellectual property rights (IPR). Infringements of IPR appear common; for instance, copying people’s in-game creations, using branding without permission, and distributing pirated media that
may be loaded on businesses’ legitimately-sold goods.

While the law will apply to such issues and uses, two key problems exist.

First, the difficulty of taking legal action against the perpetrators ­ users often exist in the guise of a character that conceals their real identity, which can impede legal action.

Second, the borderless nature of the internet presents significant issues. Even if you wish to bring an action, what laws will apply? Can a successful prosecution be enforced? In the UK, for example, foreign laws can apply to UK web sites as well as UK laws.

While virtual worlds could face more wide-reaching regulation in the not-too-distant future, there will still be jurisdictional complexities to resolve ­ issues that face those tackling cyber crime today and that have yet to be fully addressed.

On the corporate side, many employers now ban the use of social networking sites altogether and, if you haven’t done so already, you should consider your organisation’s stance on usage during business time ­ there are many legal implications arising out of employees’ use.

For employers wishing to block or limit usage, a key step is to ensure that a written IT usage policy is in place to make clear which activities are not permitted and the disciplinary consequences. Employers may also seek to monitor employees’ internet use to help enforce this, but must bear in mind that the Data Protection Act 1998 and other legislation imposes limits on how far this can be taken.

For businesses who want a Second Life presence, as well as those who want to set down usage rules for employees, it is important to be aware of the legal issues. This may be virtual reality, but the risks are real.

Lawyer Charlotte Walker-Osborn belongs to the BCS security specialist group ISSG