Governance, legal compliance and risk across the online economy
description
Transcript of Governance, legal compliance and risk across the online economy
What's on your E RADAR?
Governance, Compliance and Riskacross the online economy
Will RoebuckFounder and CEO
E RADAR | Smarter business online
Online in 2012 – 15 years of strengths
● Speed and convenience● Cost and inventory control● Global presence and market opportunity● Better customer service● Competitive and collaborative advantage● Innovation● Social revolution (accessibility and connecting people)
Online in 2012 – 15 years of weaknesses
● Pace of change v legacy technologies● Conflict of laws and regulations● Work place social networking v time-management● Increased globalisation = domino effect (e.g. Enron)● Security● Imitators
Online in 2012 – 15 years of opportunity
● E-commerce sales represents 16.9 per cent of total sales ● Website sales represented 4.2 per cent of total sales● 78.7 per cent of businesses had a website● 51.9 per cent of businesses had mobile broadband using
3G● 86.5 per cent of businesses used the Internet to interact
with public authorities.
Online in 2012 – 15 years of threats
● Society, business and government● Financial fraud● Children and citizens e.g. harassment, bullying...● Theft – identity, data, intellectual property● International terrorism
● UK Cyber Crime Strategy (Nov 2011)● http://www.official-
documents.gov.uk/document/cm78/7842/7842.pdf
Online business environment
● Supply and demand● Goods, services, digital downloads, financial instruments● The 'bottom line'
● Encouraged by● Competition, enterprise and innovation
● Supported by ● People, processes, technology, and information● Laws, regulations, standards and best practice
What does this all mean?
● Balance supply and demand against risk● Deploy resources carefully● Smarter business management
● Identify, develop and use 'the right' people skills● Re-engineer business processes ● Invest in enabling technology
● Provide good laws and regulations
Why governance and compliance?
● Customer trust and confidence● Business protection e.g. evidential trail● Sector requirements● Reduced insurance premiums● Corporate reputation ● Director and vicarious liability● 'The regulatory stick'
Governance and compliance issues
● Corporate● Vicarious and director liability● Duty of care towards employee● Prevent improper and illegal activity over systems /networks
● Personal● Directors failing to undertake duties implied by law or as
additional duties in their contract
Governance and compliance issues
Contractual● Prove existence of agreement in disagreement with a
customer● Defend an action for unfair dismissal before employment
tribunal● Legal
● Prove an intellectual property right or invention
Governance and compliance issues
Regulatory● Registering, reporting, retaining and disposal of records
– Annual returns– Invoicing and VAT– Health and Safety– Personnel records
● Data Protection● Consumer Protection
● Security of systems and networks... and information
Digital evidence and admissibility
● Evidence is ● the way that a fact is proved or disproved in a court, tribunal
or disciplinary.● Oral, real (primary or secondary) or hearsay (less reliable)
– Primary = e.g. signed original contract– Secondary = e.g. unsigned draft of the contract
● Burden of proof● Civil cases = with plaintiff and 'balance of probabilities'● Criminal cases = with prosecution and 'beyond reasonable
doubt'
Digital evidence and admissibility
● Evidence in electronic format is admissible● Electronic Communications Act 2000● Civil Evidence Act / Youth Justice and Criminal Evidence Act
● May be legally acceptable but may not be admissible.● Admissible document must be sufficiently relevant● Court must decide and may give different weight to primary
or secondary evidence ● British Standards Code for Legal Admissibility and
Evidential Weight of Information Stored Electronically.
Misuse of devices
● Abuse and misuse (Illegal, illicit or wrong)● Defamatory remarks● Breach of confidentiality● Using and abusing copyright without permission● Negligence in sending viruses to other business● Sexual or racial harassment
● Criminal Offences● e.g. downloading child pornography● Other illegal images
Monitoring communications
● Right to privacy – even at work● Regulation of Investigatory Powers Act 2000● Lawful Business Practice Regulations 2000
● Inform monitoring for lawful business purposes● Quality, training and security
● How do you 'monitor' remote workers?● Blanket monitoring of employees not acceptable● Must be justified● Other alternatives?
Data protection
● 8 data protection principles● Principle 7 – adequate security measures● Principle 8 – international transfers
● Cloud computing● Where is personal data● Information Commissioner's Guidance
● Sensitive personal data● Encryption
Retention, deletion and retrieval
● Organisations must have evidence to rely upon it!● Information management policy covering
● Retention, access and exchange (including security), deletion and retrieval
● Why a policy?● Business (cost, time and risk management) ● Legal (e.g. accounting records = 6 years, criminal penalties)● Regulatory (FSA Rules, Food Standards etc)
About E RADAR
● Championing enterprise and the online economy● Focus on public policy, governance, compliance and risk
● Pre-legislation and post legislation● IT and online contracting
● Membership and professional services● Monitoring and scrutiny● Thought-leadership and best practice
Back to you... and 2012
● A turning point?● Global recession with Euro under threat● £1 trillion UK government borrowing● 60% EU cross-border e-commerce transactions fail● Public sector cuts and increasing unemployment● European Single Market – working or not?
We need visionaries, innovators and entrepreneurs to recognise the opportunities and walk through the door...”
“The best way to predict the future is to create it!”