Business organisations do and should have big worries about data security. The potential losses to business and reputation by a breach of data privacy can be great enough to have to shut the doors for good.

But whilst data privacy and data security may weigh heavy on the minds of the organisation’s leaders, employees usually fail to understand how essential data security is to their job as well. Employees will often think that there is a department or person that hangs those things or that there is software that protects them. However, educating and training employees on the importance of data security to everyone in the organisation sets the organisation on a path towards locking up any gaps in their data security network.

An important concept to focus on throughout employee training is that data security is the responsibility of everyone. Whilst a department or individual may manage security, individual security obligations should be undertaken by everyone employed by the company. Not only does this make the security managers more accessible for the employees, but also encourages the employees to release the important of and to take pride in the organisation’s data security.

Data security training shouldn’t be a one-time event but should be addressed at every training session from orientation to farewells. Building data security training into every training session will highlight the importance of it and continue to remind employees of their individual security obligations. This could also be a time to update employees on news in the data security field and updates that the organisation has made to its own data security network.

Employees also need to be made aware of the responses that the organisation has planned for data security failures. For employees to know that there are plans and what the plans are, even just generally, executing them will be much less confusing and perhaps even more effective because the employees have been trained to handle the situations.

If you require assistance in training your employees about the risks in security breaches and data privacy then please contact us.

Also, be on the lookout for our new e-book, Data Privacy: A Practical Guide to assist you further in this matter and with other important issues surrounding data privacy.

SHARE THIS:

A French consumer protection group is fed up with unreadable, inaccessible and illegal user agreements of three major companies: Facebook, Twitter and Google.

The UFC-Que Choisir, France’s top consumer rights group, isn’t the only European consumer group with major concerns about how these websites are run and collect data on their countrymen. In December, Spain fined Google €900.000 for breaking data protection laws, another French group CNIL fined Google €150.000 for failing to meet a three-month long deadline to align the practice of tracking and storing user information with France’s law and the Netherlands have accused Google of violating privacy protection laws. Several other European consumer protection groups have been investigating the Google privacy policy as well.

The UFC-Que Choisir argues that the user agreements presented by these websites are only available on the website, are too long with too many hypertext links that often aren’t available in French. UFC-Que Choisir sent letters to these companies in June of last year asking that they bring their policies within the letter of French law. The user agreement is a contract between the user of the website and the company itself. French contract law requires that the entire contract be in French. Additionally, UFC-Que Choisir argues that the enormous number of hypertext links make it unclear to the consumers whether or not they form part of the agreement. Because the letters to the companies yielded no responses, the consumer group has issued the companies with summons to appear before the Paris High Court. UFC-Que Choisir has asked that the court strike out what they allege to be unfair or illegal clauses in the user agreements.

Check back with us soon for an update on what the French courts decide in this matter and for our new e-book, Data Privacy: A Practical Guide for more information about data privacy issues and solutions!

SHARE THIS:

Carrying insurance as business is commonplace and depending on what type of business one is involved in there are a myriad of different insurance policies and coverage types that may be used to ensure that the business is protected in the event of some sort of unplanned event. As an increasing number of businesses are falling victim to cyber attack during which sensitive personal data is stolen many businesses are purchasing Data Breach Insurance or Cyber Security Liability Insurance, all depending on which plan a business chooses to protect them in the event of a data breach. So, is this insurance coverage the right thing for your business?

Deciding on whether or not coverage of this sort is something that your business must consider shouldn’t hinge on whether or not data is stored on the Internet. In some cases, data breach insurance covers stolen laptops and computers and even paper files, though it is a coverage aimed at protecting against cyber attack, in general. If your business collects, stores or transmits personal data of others, including employees, or would suffer monetarily in the event of an attack then this coverage is something that should be investigated.

Once a business has decided that further investigation is warranted, the next place to start is with the business’ current insurance coverage plans as some types of data breach events may already be coverage. A small business may find that for its needs the current coverage is sufficient. Following, the business should acquire as many coverage plans as they can and read them thoroughly as to find the coverage that meets their needs. In this case the business will consider the types of attacks that they would be looking to prevent, breach of customer data or distributed denial of service attack, for example. As well as considering the type of the attack, the type of damage covered also needs to be considered: first-party expenses and third-party liabilities. First-party expenses will be the costs to the business in notifying customers of the breach and offering data monitoring services, forensic analysis, boosting bandwidth or even paying an extortionist’s ransom to prevent an attack. Third-party liabilities will be lawsuits brought by customers or employees whose data has been compromised, fines or redress sought by regulators.

Reputational damage and loss of business will probably not be covered by insurance therefore it is important to safeguard the business’ data holdings. Insurance alone will not suffice to cover all potential damage that could arise in the event of a cyber attack.

If your business is evaluating its data security or considering purchasing cyber attack insurance or data breach insurance, then please contact us for assistance with this matter.

SHARE THIS:

Africa has historically been a place where foreigners come and take; take people, take land, take resources and opportunity. Unfortunately, even as we progress into modern times, Africa is still a place where foreigners come and take advantage. Tax avoidance is not unique to Africa or other developing countries, but African nations recently banded together to take a stand against tax avoidance by foreign nationals and domestics as part of a worldwide new global tax agenda action plan set out by the Organisation for Economic Cooperation and Development (hereinafter “OECD”).

The OECD’s 15-point action plan was recently considered in a historic meeting by the council of the African Tax Administration Forum (hereinafter “ATAF”).  The ATAF joined twenty-nine African nations to deliberate the action plan assuring Africa’s participation in the new rules of the global tax agenda.

High on the list of matters discussed by at the ATAF conference was the developing nations’ struggle with base erosion and profit shifting (hereinafter “BEPS”). BEPS is a practice usually associated with large, multinational corporations where taxable income is shifted to other low-tax locations thus eroding the taxable base of the country. This practice has resulted in overall lower prices for natural resource in Africa paired with tax incentives to multinational corporations working in those industries. The result is that African nations are robbed of good prices for their resource wealth, and taxes they would have been able to collect if profit shifting had not been occurring, thus keeping them as developing nations always reaching for developed status.

South Africa, in particular, has come up with three measures to defend against foreign tax evasion. The first, transfer pricing rules to ensure that any foreign debt is introduced at a reasonable interest rate and that the capitalisation of the local company does not rely too heavily on that debt. Second, an interest withholding tax that will impose a tax rate of 15-percent on non-resident South African earnings. Finally, a new rule applying to interest earned by non-residents where the debtor in the arrangement is a connect person to the creditor and where the non-resident creditor is not subject to South African tax on the interest earned. There may be a specific exemption for the non-resident depending on the double tax agreements between their country and South Africa.

If you are involved with a multinational corporation with ties to Africa or specifically South Africa and would like more information about these changes and their coming impact, then please contact us for help navigating the ever-changing domestic and global tax agenda.

SHARE THIS:

Online targeted advertising, such as Google’s Adwords, uses potential customer demographics and behaviour online to specifically target brands, products and services to that individual. When using these services, a business can purchase advertising rights to certain searched words and locations and geographical locations. As courts around the world are finding, many businesses are choosing to use their competitor’s trademark in addition to their own for keyword searches that will trigger their own advertisement to be shown. Depending on where you are advertising and targeting, different rules and judgments will apply to what situations use of a competitor’s trademark as a keyword to activate your advertisement is allowed, because believe it or not, it isn’t always against the law.

In Australia, a high court decision of Google v. ACCC found that Google itself wasn’t responsible if an Adwords customer used an infringing trademark however, did not expand on whether or not the Adwords customer would be held liable for damages if using an infringing trademark.

In the UK, two cases have shone light on situations when it is legal and illegal to use a competitor’s trademark in online targeted advertising. The Interflora case gave a more specific guide in the case of business networks. In this case, Interflora is a vast network of florists that trade under individual names but all are part of the Interflora network. M&S, not a part of the Interflora network of florists, used the Interflora trademark as a keyword indicator for their advertisement. The court found that because of the nature of the business network, it was misleading to the customers that they did not indicate that they were not a part of the Interflora network and thus, the use of the trademark was illegal. In a case involving Amazon.co.uk and Lush, Amazon used Lush’s trademark in Google Adword advertising suggestive that Amazon had for purchase Lush products. The court determined that the average customer would not be able to ascertain without difficulty that the Amazon goods did not originate from Lush.

Whilst these decisions are based on different sets of laws, they do help to guide future customers of such advertising companies on the best manner in which to make use of trademarks. If you are advertising using Google Adwords or a similar company and want to get the most from your advertising or are unsure if your advertising constitutes a trademark infringement, or if you have found that a competing business has been using your trademark then please contact us so that we examine the situation and advise you further.

The world stood absolutely shocked when Russia invaded the territorial sovereignty of Ukraine this late February staking claim to the Ukrainian Territory of Crimea, a peninsula in the Black Sea with no land border with Russia. All reasons aside, Crimea is now faced with a massive change: time zone, flag, anthem, water and power supply, laws, currency, and military. These aren’t the things that an international business or a former Ukrainian business turned into an international business because of contracts and business activities carried out in Crimea will be worried about. These businesses need to know how the life of the business will continue and whether or not the Russian courts will continue to honour their business contracts.

Many countries have issued sanctions and as the situation develops, it is a near certainty that more sanctions will be issued. In more specific cases, some countries and its citizens have essentially embargoed 18 individuals that the EU has determined to be deeply rooted in the cause of the occupation. The US has issued visa bans for 20 individuals involved in the crisis. Export licenses have been suspended for military equipment or equipment to be used internally to continue the suppression.

For impacted businesses it is essential to continually monitor the situation. The divorcing of a country and remarrying of another is a painstakingly difficult process and will take a long time, especially with overseeing groups such as the European Union and the United Nations. Exchange controls will be imposed to prevent a runaway with the currency, a business can prepare for this. Whilst the negotiations will take place in the background of the developing law, the courts will find one voice. Russia stands in the face of major worldwide opposition to its actions and will almost certainly make decisions now to make Crimeans happy. If a business is currently involved in products used for military or suppressive purposes then exportation limitations will have to be managed for the meantime. If a business is involved with any of the sanctioned and restricted individuals, a further limitation will be imposed. As negotiations continue and more things are resolved, then some of these important and burning questions about businesses will take place. In the meantime, finding a professional to help guide a business through this transition period will make a very real difference.

If you or your business has been impacted by the Russia takeover of the Crimea Peninsula and you require assistance or more information about what this means for you and your business, how to proceed or whether or not you must just let go, please contact us immediately as swifter actions can make a difference.

Privacy has been a hot topic as of late all over the world. Legislation is often years behind changes in technology and in the case of privacy this is definitely the case. Two weeks ago, Australia’s new amendments for its privacy law came into effect updating the law to the impacts of today’s technological advancements. The original Privacy Act (1988) is being reformed and updated to protect Australians in the digital revolution. Not only will Australian businesses be making changes to be compliant but certain international organisations and businesses will also have to do the same or face steep fines. The first thing either organisation will have to consider is how it collects, uses, discloses, and handles personal information data. Without this information, determining whether or not the organisation is compliant with the amendment is impossible.

Australian Organisations. A key change in the Act is the addition of the Australian Privacy Principles (APPs) replacing the National Privacy Principles and the Information Privacy Principles. The thirteen APPs apply to organisations and agencies doing business in Australia with over AU$3-million in revenue. These entities will certain have big changes to implement if preparations had not been made before the effective date of the amendment. The biggest changes are how to deal with unsolicited personal information, using previously obtained information for direct marking purposes, obligations in regards to international data sharing, and increased protection and security for holding data.

International Organisations. As mentioned previously, this amendment not only applies to Australian businesses but to agencies and organisations doing business in Australia with over AU$3-million in revenue so many international businesses and organisations will be impacted. One very important change relates to personal information collected in Australia leaving the country. Now, if this particular information leaves Australia, the disclosing entity must take reasonable steps under the circumstances to assure that the receiving entity applies the thirteen APPs. There are some exceptions to this rule and an international organisation that is compliant with privacy laws in the EU and the US, for instance, should not think that they would be compliant in regards to Australia. The amendments are similar to other countries but tend to come out stronger in practice.

If your business is located in Australia, is an international business impacted by this amendment, or you just aren’t quite sure, please don’t hesitate to contact us for help in tackling this change for your organisation. We can help with determining if this amendment impacts you, how to avoid its impact or how to avoid fines and be compliant if you are impacted including but not limited to drafting new privacy policies, amending complaint procedures and being more transparent.

SHARE THIS:

Engaging with customers via social media is a cheap option for businesses and thus an attractive one to take advantage of. As with all things, there are risks that must be examined and planned for when choosing to use social media as a tool for your organisation.

Key to effective consideration of risks is developing a carefully deliberated social media strategy. This plan should examine three different categories of social media usage as they will apply to the organisation:

• the individual employee’s personal use of social media,
• the organisation’s advertising, marketing and internal use of social media, and
• the organisation’s and individual employee’s professional use of social media for building connections, hiring personnel and networking

Following consideration of the different categories of social media that your organisation would or could allow within their strategy there are five different areas of legal risk that the strategists need to be aware of: legislative risks, contractual rights, non-contractual obligations, non-contractual rights and dispute risks. Within these legal risks, consideration of trademark and copyright laws, advertising, fair trade and ethical standards, employment contracts, protection of confidential information, product disparagement, patent infringement risks and prevention of defamation, to name a few, should be examined and managed.

Having a trained professional lead your organisation’s formation of the social media strategy can help set at ease any lingering concerns about missing an important legal risk that must be mitigated.

By taking the time to either re-evaluate your social media strategy or take control of the employee’s social media usage by drafting a strategy, your organisation can prevent the more typical impacts of social media risks to the more extreme impacts, such as major damage to the organisation’s reputation leading to embarrassment or heavy costs due to court-ordered damages. Having some control over social media usage within the organisation will also help set at ease any worry about these risks not being managed.

If your organisation is considering drafting and social media strategy or requires guidance in re-evaluating or updating the strategy in the face of ever changing legislation and international standards, please contact us for our help.

SHARE THIS:

Social media has blossomed into almost every person’s life on earth. The effects of social media, however, seem to be that those who choose to express themselves online do so with a bit more bravado than they would do in person. The result has been a rise in cyber-bullying and the like and a reduction in privacy expectations by many. Internet defamation is a growing tort heard by judges the world over. With the near limitless reach of the Internet, the expectation is that Internet defamation cases will be costing people and businesses big money.

Countries around the world are hearing the first social media defamation cases: Australia, South Africa, the US, and more. In the UK, a New Zealander brought an Indian to answer for a defamatory tweet which will cost him £90.000 in damages and around £1-million in attorney’s fees.

Online defamation isn’t limited to social media. Posters should be wary of blogs and comments to blog postings, chat rooms and comments made on any site where the option is given. While most victims of online defamation would look to the defamer for resolution, it has not been uncommon for them to look to website hosts and Internet Service Providers for restitution. In the US, a federal law called the Communications Decency Act protects this group.

Product Defamation. Just as individuals tend to feel more shielded online, so do businesses. Online unsubstantiated claims made about a competitor’s goods or services are landing businesses in trouble in court. Those who hide behind some type of online alias wont be spared having to answer for defamatory conduct online. Attorneys work with Internet Service Providers and private detectives to uncover the true identities of those who are defaming businesses. A business’ online presence must guard against defamation, trademark infringement and consumer fraud. It is extremely important for businesses to coach those in charge of the business’ online contributions, website and social media about the dangers of online defamation and product defamation.

If you or your business has been defamed or is accused of being defamed, please reach out to us for assistance. We can also help with laying the ground rules to avoid defamatory conduct online.

SHARE THIS:

When founding a registered business, be it a partnership or a corporation, the beginning stages are exciting and often less focused on the business aspects and more on the sales, advertising or innovation sides of the table. This can in the long run be detrimental to the business’ future needs, such as confidentiality and expansion. Many such start-ups will simply form their entity in the location that they operate in from the get-go; however, the start-ups that have good advisors may choose offshore financial centres as the perfect place to grow their business. The most popular offshore financial centre, with good reason, is the British Virgin Islands (hereinafter “BVI”).  The BVI has over 800,000 incorporated businesses and one of the most modern and progressive company laws in the world, the BVI Business Companies Act of 2004.

Choosing the BVI. As with many offshore financial centres, the BVI offers those who incorporate within its borders many benefits. A start-up would find the speed and cost associated with incorporation to be less compared to other options, that there is a wealth of legal, business and accounting experts to be had, a tax neutral environment, and no requirement that any of the directors reside in the BVI. Moreover, there is a huge decree of freedom with decision-making, whether the directors or the shareholders make the decisions. Many of the provisions in the BVI Business Companies Act can be disapplied in the Articles or Memorandum creating the opportunity for more control. There are of course, many more advantages with being incorporated in the BVI but these are just a few.

Recordkeeping Requirements. A few recent changes in legislation have altered the way BVI businesses need to keep records and supporting documentation. Under the BVI Business Companies Act of 2004, a BVI business must keep records to show and explain its transactions which enable the financial position of the company to be determined within reasonable accuracy at any time. This not only extends to corporations but also to limited partnerships. The terms required to keep these records is five-years. Whilst there is no requirement that the records be kept in the BVI, the registered agent must be apprised of the location and notified within two-weeks of any change to the location.

If you are considering founding your business in an offshore financial centre, the BVI or are already incorporated in the BVI and need to review your recordkeeping policies, please contract us and we’ll be glad to advise you further.