UPDATE: Canada’s Anti-Spam Legislation is in full swing

This isn’t the first time we’ve addressed Canada’s increasing concern for personal privacy and data security as expressed in legislation. In particular, the Canadian Anti-Spam Legislation (hereinafter “CASL”) has finally come into effect and we’re learning about it as Canadians and those who advertise to Canadians spend time with the CASL.

CASL impacts those who use electronic and digital marketing and acts to protect Canadians from the impacts of spyware, phishing and the like. Violations of are expensive and therefore, companies were on the ball when CASL came into effect this June. If you’d like more information on CASL, please see our post “Coming to Canada this Year: The National Anti-Spam Law.

Networking. Consent can be obtained from word-of-mouth and conversations carried out on the phone or in person. Part of sealing the deal with these requests for commercial information is to obtain all of the requisite information for valid consent in the form of an email after the conversation.

Referrals. CASL allows a company to send one commercial electronic message as a referral. This must include the name of the person who referred the company to the individual. The referring individual and the company must have an existing business relationship and this relationship must be made transparent to the person obtaining the referral.

Social Media. Consent to advertise can be obtained through social media. Twitter, Facebook, Pinterest are crawling with companies wanting to advertise. If consent is given by an individual on a social media platform, the consent is limited to that social media platform. Messages posted on the public face of the platform are not under the jurisdiction of CASL, but private messages are.

Recording Consents. Because CASL requires that a company obtain consent before advertising to someone, the company must be able to prove that consent was obtained. This is easily proved when permission is obtained online or in written form, but permission can also be obtained by oral consent. In these cases, it is recommended that an email be sent after the conversation verifying that consent was given to advertise to them.

These are just some observations made by those engaging with the CASL so far. If you require more information about that CASL and your business in particular, please contact us! CASL is used to help keep the personal data of Canadians protected. For more information about data privacy, please check out our e-book! And here are the links to the Kindle edition on Amazon US and Amazon UK.


South Africa and U.S. Sign Agreement over Tax

Earlier this month, South African Finance Minister and the U.S. Ambassador to South Africa signed an inter-governmental agreement between the two nations that brought South Africa into the many jurisdictions that exchange information with the IRS under the Foreign Account Tax Compliance Act (hereinafter “FATCA”).

FATCA, enacted by the U.S. Congress in 2010, attempts to cast more transparency over the foreign accounts of U.S. citizens living in foreign countries. With this agreement made with South Africa, no longer will individual banking institutions have to make agreements for exchanging information with the U.S. government.

The impact for Americans living in South Africa will be that their banking information will be shared with the IRS and, as the agreement signed by the nations is reciprocal, the banking information of South Africans living in the U.S. will also be shared back with the South African Government and the Tax Office. The U.S. Ambassador noted upon signing: “The signing of these agreements is an important step forward in the collaboration between the United States and South Africa to combat tax evasion.”

If you are an American living or banking in South Africa or a South African living or banking the U.S. and require more information about the impact of the signing of this agreement, then please feel free to contact us for more information specific to your situation.


China’s New Trademark Law

China revamped their Trademark Law and it has been in effect now since May of this year. With so many counterfeit and imitation goods coming out of China, many people across the world struggle with giving China creditability when it comes to respecting trademarking but their new trademarking laws will give them back some of the lost credibility. Not only will trademark infringement be taken more seriously, but misuses of the system will no longer be tolerated. The aim with the new law is to increase the protection against piracy, shorten the prosecution times, strength the well-known mark protection, increase fines, compensation and statutory damages for infringers. Additionally, the legal standing for oppositions and invalidations has been narrowed, sound marks and multiple class trademark applications have been made available and now challenged marks will proceed through the registration process more easily.

China has been a hotbed for trademark squatting for years. International businesses coming to China in the past would often have found that they’re mark had already been spoken for. With the revision of the trademark law, there has been a crack down on trademark privacy and registrations made in bad faith. Additionally, misuses of well-known mark status through fake litigation will come to an end. Moreover, opposition and invalidations will only be allowed to be brought by prior rights holders or interested parties thus reducing the arbitrary and bad faith oppositions to mark registration.

In terms of filing, e-filing is now allowed but is really only available domestically at the moment for standard goods items. It seems that the early hype about original powers of attorney and trademark applications being signed by the applicant have fallen away as the China Trademark Office has reverted back to the old filing requirements as set forth before the revised trademark laws.

If your business is considering registering their mark in China or already has a registered mark in China, it is best to review the new laws. We can help with any confusion and can assist in getting your trademark through the process of registration and recordal. Please don’t hesitate to contact us if you require more information.


Post-Data Breach Notifications and Disclosures.

You are a business that holds the personal information of employees and customers and the worst has been released: there has been a data breach.

Depending on where your business, employees and customers are located, there are different requirements on how to handle such a breach.

For those jurisdictions that have laws governing this area, there will be notice and disclosure requirements.

But what happens if the breach goes unnoticed? How can your business be sure that they are keenly aware of all data breaches? Many data breaches aren’t even discovered for months. Are all data breaches created equally? What sort of breach must be reported? We hope this posting will clear up some of the questions that your business may have regarding data breaches and required action if not put your business on the right track to data security.

There are ways in which companies can monitor if breaches have happened or if any strange behaviours are happening that would suggest that they have been hacked. Still, sixty-two percent of breaches take months to be discovered.

Almost every state has requirements that in at least some cases, data breaches, once discovered, be subjected to a risk of harm analysis and parties and the Attorney General be notified. Some industries require that there be notifications made. Some suggest that all data breaches should be paired with a notification and some press about what the company is going to do in the future to prevent such events from happening.

It is important to know what the standards are for not only the jurisdiction your business is located in but the jurisdictions for every person’s data that you hold, as residency of the person’s data is the standard that must be followed to meet the standards of most state laws in addition to the industry standards.

If you have more questions about data breaches and notification and disclosure requirements more specific to your business or jurisdiction then please don’t hesitate to contact us for more personalised information. Even questions about how to get started are welcomed.

We also can suggest purchasing a copy of our e-book, Data Privacy: A Practical Guide, available at: http://intersticeconsulting.com/ibtt/tradeandtaxation/data-privacy/.


Update: FATCA Compliance

The push by the IRS to persuade countries around the world to get onboard with the Foreign Account Tax Compliance Act (“FATCA”) has been quite successful. As part of the Hiring Incentives to Restore Employment Act of 2010, FATCA requires bank and financial institutions to disclose U.S. assets being held outside the U.S. on behalf of U.S. taxpayers. Currently, over 70 countries and 77,000 banks and financial institutions have now registered under FATCA. Banks and financial institutions that fail to comply may be frozen out of U.S. markets since a 30% withholding tax penalty will be imposed on payments of U.S. source income to these foreign institutions.

Foreign holding companies formed as an integral part of global structuring strategies may be declared a foreign financial institution, based on private equity investments, and therefore would be required to register and comply with disclosure requirements. Each foreign financial institution will be required to comply with FATCA even if it has no U.S. investors or invests in U.S. markets. FATCA Regulations obligates the foreign financial institution to identify its investors or account holders, and if any are “specified U.S. persons” defined as U.S. citizen, U.S. resident, domestic corporation, or trust. As a U.S. taxpayer with investments in foreign financial institutions, including possibly foreign holding companies, you will no doubt have received a request for completion of a declaration, whether from a foreign financial institution or from the holding company local registered agent.

The information required to be disclosed includes, account numbers, balances, and identification of the U.S. taxpayer. The U.S. taxpayer with a foreign bank account with a value of over $10,000 must also disclose the particulars of the account and any assets held each year.

U.S. taxpayers can still comply with FATCA regulations by participating in the Offshore Voluntary Disclosure Program and be willing to reopen up to 8 previous tax years, paying taxes, interest and penalties. Foreign banks, including Credit Suisse and UBS are still recovering from steep fines and penalties for failure to disclose assets held by U.S. taxpayers. Foreign banks and foreign registered agents will be expected to disclose to remain in compliance with FATCA or face increased scrutiny, fines and penalties, potentially closing off the market to U.S. customers. Moving forward foreign banks and foreign financial institutions will have more stringent due diligence requirements to open accounts, form companies and purchase assets.


Outsourcing Data Management: The Risk.

Owing to a lack of knowledgeable or skilled staff or simply due to wanting to shift the risk, many businesses have their data managed by third parties. Database administrators help businesses manage, maintain, monitor and secure their data, among other important functions. Having the help of a database administrator can be invaluable to a business. When businesses choose to outsource their data management, database administration companies can take on the responsibility on behalf of the business. As with all services purchased, a contract will be drafted to outline the relationship-to-be and expectations upon the cessation of services among all other contractual needs. A recent English Court of Appeal case has brought to light some things that British companies outsourcing database and data management should be aware of.

Datateam, a publishing company had employed the database management services of Your Response, database administrators. Their contract was partially oral and written but failed to denote what a reasonable notice period was for cancellation of services. When Datateam gave what Your Response deemed to be too short of notice to end their contract and had outstanding fees, Your Response did not return the electronic database that they had been maintaining as a lien. The lower court determined that the Your Response was entitled to exercise a possessory lien over the database, but Datateam appealed arguing that the lien was incorrect as the database was intangible property and thus a possessory lien was not allowed. The Court of Appeal decision does not stray from the common law and in an age when most documents are stored electronically parties must take extra precaution during their negotiation and bargaining phase to contract for these types of situations.

If your business’ data is managed by a third party or is looking at the option, then please contact us so that you can be confident that your contract will protect your interests in a similar case. Data protection is essential to protecting your business interests. Check out our latest e-book, Data Privacy: A Practical Guide. It is the perfect guiding tool for a small-to-medium-sized business tackling data privacy issues. Available at: http://intersticeconsulting.com/ibtt/tradeandtaxation/data-privacy/.


Big News in the EU: Court Strikes Down Data Retention Directive.

The European Union has been praised for being so forward with their data privacy laws, however, one law that was designed to aid in the apprehension of terrorists in the wake of terror scares and threats in the past decade, has been struck down by the Court of Justice of the European Union. The Court explained that whilst national security concerns are indeed very important and very alive, that personal privacy and data protection was in this case, more important.

The directive that was struck down is called the Data Retention Directive. The Directive required that internet service providers and telecom companies retain data for up to two years. The Court found that this requirement was a “wide-ranging and particularly serious interference” with the fundamental rights to communication, private life and protection of personal data. The Court opined that some data could be retained but data that was in violation of the fundamental rights was to be left. This certainly speaks loudly to how the European courts value data protection. In defence of upcoming trials, Google has said that they believe that the courts will not uphold strict data protection laws and thus rule in their favour… perhaps they ought to re-think their statements.

If your company has a presence online and is concerned that it is not meeting the standards set forth in legislation about gathering and protecting customer or user data, or perhaps you have international users and customers and worry about different legal standards from the differing jurisdictions, then please contact us for more assistance. Also, check out our newest e-book, Data Privacy: A Practical Guide, available at this link: http://intersticeconsulting.com/ibtt/tradeandtaxation/data-privacy/ . This guide is the perfect way to get your business started on the path to complete data security for your customers and employees. With easy access to the authors for follow-up or more specific jurisdictional advice and updates, this e-books is the perfect read for any business.

Cayman Islands Companies.

For those wishing to form an offshore business, the Cayman Islands is probably the first place considered, and for good reason. One of the most well known major offshore financial centres, the Cayman Islands, a British Overseas Territory attracts businesses and individuals trying to take advantage of the island’s tax policy. For some companies incorporated in the Cayman Islands, there is no corporate income tax. For this reason, many others top businesses list their address with the Securities and Exchange Commission as George Town, Cayman Islands. So many companies find it advantageous to be incorporated in the Cayman Islands, in fact, that there are more registered companies in Cayman than there are people!

The biggest benefit to incorporating in the Cayman Islands shouldn’t be thought of as tax avoidance, but rather as raising capital and becoming a global business. If a business is able to take the money that would have gone to taxes and invest in their business, there is an obvious benefit. For years, the US government in particular, has been trying to find a way to get these clever companies to pay taxes in the US and has painted them as unpatriotic and tax-avoiding, but it is completely legal.

If you are interested in incorporating your business in the Cayman Islands, then please contact us. Not only do we have years of experience on the Island but retain many contacts that can prove helpful during the incorporation process. Please, don’t hesitate to contact with questions.

Google Facing Lawsuit for Scanning Data of Students.

Google will be facing the courts again soon in California where a class action lawsuit has been brought against the company for data-mining emails. This is certainly not Google’s first encounter with the court system and not even the first time that the company has been accused of violating the privacy of its users. Google has been called to answer for data privacy violations all over the world: the French have warned, fined and are currently suing the company, the Spanish, British, Dutch, Germans and Italians are following a similar path with the company as well. Google’s particular trouble in Europe stems from the EU’s data protection rules overhaul that Google is strongly resisting. In the US, claims have been made against the company for violation of federal wiretapping laws by scanning Gmail emails as well as state privacy laws and with the most recent allegation, violation of the Family Educational Rights and Privacy Act (hereinafter “FERPA”) for scanning of students using Google’s Apps for Education.

Google’s Apps for Education is part of the growing group of Google Apps. The education Apps do differ from the other Apps as these are aimed specifically at K-12, college and university students, staff and faculty for which there are no Google Adwords targeted ads displayed. The accusation by two students party to the class action is that Google has violated their rights under FERPA by scanning and indexing their Google emails, used as tools for education, to provide certain features that cannot be turned off. FERPA was written and contemplated before cloud computing and Google believes that it will be interpreted by the courts in such a way that they will find success. Check back for updates!

If your company has a presence online and is concerned that it is not meeting the standards set forth in legislation about gathering and protecting customer or user data, or perhaps you have international users and customers and worry about different legal standards from the differing jurisdictions, then please contact us for more assistance. Also, check out our newest e-book, Data Privacy: A Practical Guide. This guide is the perfect way to get your business started on the path to complete data security for your customers and employees. With easy access to the authors for follow-up or more specific jurisdictional advice and updates, this e-book is the perfect read for any business.


Small to Medium-Sized Business with Data Security Worries?

Data security is not something that only large businesses and corporations need to be worried about. Any business with an online presence must be even more worried about it. However, securing customer and employee data is something that is either passed on to a third party to deal with or is largely ignored because businesses are unaware of their obligation to do protect the data or because it is just too overwhelming and confusing. It is true that data protection regulation and legislation can be confusing especially when having to meet the standards of both domestic and international legislation. A breach in data security could range from the system being hacked and held for ransom or a retired employee’s access not being closed by mistake. The result of misuse, loss or theft of data could be a lawsuit, loss of reputation and business or fines. Whilst these may not be devastating for a large business or corporation such as Google, a repeat offender, to a small to medium-sized business, the result could mean closing the doors.

Owing to these problems faced by the small to medium-sized businesses and even some of the newer larger businesses, two of our top consultants of Interstice Consulting have gathered together their valuable insight to help guide businesses through the process of setting up data security measure to meet the stringent requirements of legislation. Data Privacy: A Practical Guide examines global trends in data security and data privacy, analyses in depth the larger jurisdiction’s legislation and how to be in compliance, touches on business-to-business issues as well as data breach insurance, informs on what to do in the case of a data breach and provides ways to be continually updated. There is no to wait for your book to arrive in the mail because it is available immediately as an e-book only.

This guide will give small to medium-sized business not only the information they need to set up their data protection scheme but will also give them to confidence to be able to reach out to the authors should they have a more specific question or assistance in a jurisdiction not covered by this guide. By starting on the right path to data security for your business, you can assure your customers that they made the right choice to continue their business relationship with you.

To purchase your copy of Data Privacy: A Practical Guide, please follow this link: http://intersticeconsulting.com/ibtt/tradeandtaxation/data-privacy/.