   |
|
Theft using IT is a rapidly growing area of crime, with ever-greater sophistication being used to plunder the bank accounts of the vulnerable and to obtain credit and/or goods. The results can be substantial financial loss (in the short term in any event) and a compromised credit history. In a recent case, a small business had its bank account cleaned out over the Christmas period after falling foul of a ‘key reading’ scam when using a laptop to access the account from an hotel. These scams occur when a public place or hotel room has a ‘key reader’ secreted nearby (or key strokes are read from a laptop situated nearby if a wireless system is used). The key reader records the key strokes and stores them, often yielding credit card numbers as well as the information needed to access online bank accounts. Here is a short guide to reducing the chances of theft from your online bank accounts: Make sure you use a secure online bank. The quality of security of Internet banking varies widely. In general, the more interactive (where you respond to prompts, as opposed to just entering information) the access to your account is, the better. Some new accounts offer a card-reader based access which is thought to be highly secure, although a recent report suggests that customers find the use of such devices cumbersome. The key here is to ask yourself how much information a fraudster would need to access your account and how much of that you are inputting. It wouldn’t take too much thought to work out that a surname keyed in by you is probably the correct response to the question ‘what is your mother’s maiden name?’ Make sure anyone with access to your IT or IT security information, or to files where such information is kept, is thoroughly vetted. This might well include cleaners, for example. Do not access your account when away if at all possible. If you do need to do so, use a wired, as opposed to a wireless, connection. Never use an Internet café or similar establishment to access your bank account. Make sure you have a good firewall as well as anti-spyware and anti-virus software and make sure you update it and run system scans frequently (daily if possible). Run a scan of your computer system immediately before accessing your bank account. If you do access your account whilst away, make sure you can prove your whereabouts. That way, if you do suffer a loss, you will be able to prove you could not have made the withdrawals. Never use a debit card for an online purchase unless you are 100 per cent sure the site you are visiting is safe. Think about risk and assess it. If in doubt, wait until you are sure you can transact your business safely. The long stop is your bank’s policy towards such losses. If you are defrauded, the bank must reimburse you. However, banks do differ greatly in their attitude and whilst some reimburse promptly and with minimal fuss, some do make the process difficult and require persuasion that the alleged fraud is genuine. Report any suspicious transaction promptly to your bank. Theft from Internet bank accounts is not usually carried out by amateur hackers, but by organised criminals. The best protection is a good defence. Partner Note The report on Chip and PIN-based authentication devices can be found at For further information please contact David Holt Recently amended provisions of the Regulation of Investigatory Powers Act 2000 could further restrict the rights of organisations and individuals wishing to protect sensitive electronic information. Part III of the Act covers the encryption of electronic data and requires holders of encrypted data to provide the means of putting this into an intelligible form when required to do so by the authorities. Failure to do so can lead to criminal charges, with a maximum sentence of up to two years in prison or five years in certain cases relating to suspected terrorism. Many people choose to use readily available encryption programs to encrypt their email, files, folders, documents and pictures. These same technologies can also be used by terrorists, paedophiles and others to hide their criminal activities. If the police or other public agency suspects that data encryption is being used to conceal any kind of criminal activity, then they have the power to serve a notice on the person in control of that data, be it an individual, company director or anyone else with responsibility. The legislation has already been used to demand encryption keys from several animal rights activists. However, the Code of Practice governing the use of such powers allows the data owner or controller ‘reasonable time’ to comply. “Data users can no longer assume that encrypting data means keeping it secret forever,” says David Holt . “Data encryption is a powerful tool that can and should be used to protect sensitive data from prying eyes, but it does not mean that public authorities cannot get at it if required.” Partner Note Applicable legislation, Part III of the Regulation of Investigatory Powers Act 2000 - Code of Practice for the Investigation of Protected Electronic Information. The Act can be found at http://www.fipr.org/rip/ripa2000.htm. The Court of Appeal recently handed down a decision which should convince directors to take great care when they sign contractual documents on behalf of their companies… because if the contract contains a misrepresentation, they can in some circumstances be held personally liable for it by the courts. The fact that the contract may not benefit the director is not a defence. In the case in point, a company entered into a contract to pay for goods it then received. A director of the company signed the contract knowing that the company was insolvent and would be unable to pay for the goods. The Court of Appeal ruled that the director had made an implied misrepresentation to the supplier. Since he knew the goods would not be paid for, the Court found him personally liable for the sum owed, on account of his deceit. The message for directors is to be careful what you sign. ‘Limited liability’ may not be limited if the court decides that the director knew that the company could not meet its obligations. This could apply in a variety of instances, for example where the company enters into a long-term agreement such as a lease of new premises. Says David Holt, “The Companies Act 2006 places a statutory burden on directors to adhere to certain standards and consider specifically the effects of their decisions in various ways. A part-time, non-executive or even ‘shadow’ director (one who has no official position in the company but whose decisions are normally followed) can be in the firing line when things go wrong just as surely as can the full-time working directors.” Partner Note The Companies Act 2006, most of which is now in force, imposes tough new criteria governing the behaviour of directors. In particular, when making decisions directors must bear in mind the potential effects of those decisions on various ‘stakeholders’ (those with an interest in their outcome, such as employees and shareholders) and the environment. In several circumstances, miscreant directors can be disqualified by the Secretary of State from acting as directors. These include:
It is important to note that disqualification may not necessarily be as a result of a criminal offence or because the company with which the director was involved has failed. Just because a person does not carry the title ‘director’ or is a non-executive director does not mean they are not subject to these rules. They apply to anyone who acts in a directorial capacity (whether their title is director or not) or who is on the board of directors of a company. Disqualification orders can be made for a minimum of two and a maximum of 15 years. Recently, a director was disqualified for refusing to cooperate with an investigation into another company with which he had dealings but of which he was not a director. For advice on your responsibilities and rights as a director, contact David Holt. Partner Note From 6 April 2008 the Control of Noise at Work Regulations 2005 apply to the music and entertainment sectors. For other industry sectors these Regulations have been in force since April 2006, but the music and entertainment industry was given a two-year transitional period before implementation of the Regulations. Although there is ample evidence that exposure to live music can cause hearing damage, it was recognised that music is different from other noise as it is created deliberately for entertainment purposes and therefore guidance was necessary to help employers, workers and freelancers in the industry to protect their hearing. The music and entertainment sectors are defined in the Control of Noise at Work Regulations as all workplaces where: live music is played; or recorded music is played in a restaurant, bar, public house, discotheque or nightclub, or alongside live music or a live dramatic or dance performance. Employers in these sectors will be required to assess and manage the risks to employees and freelancers from damage due to exposure to noise and to put effective controls and protective measures in place to ensure the legal limits on noise exposure are not exceeded. For more information, see http://www.hse.gov.uk/noise/musicsound.htm. For further information please contact Helen Korfanty In conducting legal disputes, it is normally important to raise the issues you want to contest at the beginning of the proceedings. Otherwise, there is a risk that the court will not allow them to be argued, or possibly that it will make an unfavourable order for the division of legal costs. A recent case illustrates the point. A property dispute had arisen because a house builder, which had used the claimants’ land to construct a sewer, had failed to reinstate the land as required under their agreement. The land owners issued a statement of claim. The builder wished to argue that the claim was issued in the wrong court, which, in its view, did not have jurisdiction to hear the matter in dispute. However, the acknowledgement of claim did not indicate that the matter of the court’s jurisdiction was to be argued, with the result that the Court of Appeal ruled that the house builder had accepted the jurisdiction of the court. The Court therefore rejected the house builder’s right to argue the point. For advice on any litigation matters, please contact Kate Barnes. Partner Note Many forms of commercial contract these days contain clauses which seek to bring about a resolution of disputes by referral to an independent expert who ‘determines’ the outcome. Sometimes these work well, offering a flexible and straightforward way to settle the dispute. Sometimes, however, having an expert’s determination might not be at all satisfactory – at least from the standpoint of one of the parties to the dispute. The main advantages of using an expert determination clause are:
The main disadvantages are:
There will be some sorts of dispute, therefore, which are best dealt with through legal process rather than expert determination. The problem which can arise, however, is that when the contract provides that a dispute will be settled by expert determination, the courts are reluctant to intervene, so in the event of a ‘bad’ decision by the expert, unless the aggrieved party can persuade the expert to issue a revised decision, they may well be stuck with it. Clearly, the overriding argument for the use of such a clause will be where commercial expediency dictates that the speed and informality of the approach has advantages which outweigh the benefits of using the courts. If such a clause is used, it is essential to make sure that the expert has appropriate qualifications and experience, and that the terms of reference of the decision are very carefully drawn up. David Holt can advise you on any aspect of contract law. The Advocate General has handed down his opinion in the case of Attridge Law v Coleman. The case concerns the interpretation of the EU Equal Treatment Framework Directive and its impact on disability discrimination legislation in the UK. Sharon Coleman brought a claim of disability discrimination and constructive dismissal against her ex-employer on the grounds that she had been discriminated against because of her son’s disability. Amongst her claims of unfair treatment were that she was not permitted to work from home, even though other employees were allowed to do so to care for non-disabled children, and that she was placed in a pool of staff selected for redundancy after she said that she intended to make a formal request for flexible working in order to care for her son. Ms Coleman claimed that her employer’s actions had created a hostile environment which forced her to resign. Section 3A(5) of the Disability Discrimination Act 1995 (DDA) is worded such that a person who is not disabled but who is discriminated against because of another person’s disability cannot bring a claim. It would not appear, therefore, to protect someone caring for a disabled person. Ms Coleman argued that the Equal Treatment Framework Directive does give protection from unfair treatment which arises out of association with a disabled person. The Employment Tribunal referred the question to the European Court of Justice (ECJ) in order to establish whether the UK law properly implements the Directive. The Advocate General’s opinion is that such discrimination is prohibited under the Directive. He said, “One way of undermining the dignity and autonomy of people who belong to a certain group is to target not them, but third persons who are closely associated with them.” In his view, to be protected by the Directive it is not necessary for someone who is the object of discrimination to have been mistreated on account of their disability. It is enough that they were mistreated on account of disability. Therefore, if Mrs Coleman can prove that she suffered less favourable treatment than other members of staff because of her son’s disability, she should be able to rely on the Directive. The Advocate General’s opinion is not binding on the ECJ but it is followed in 80 per cent of cases. If the Court does support his decision, it will apply to UK laws on discrimination on other grounds, for example age discrimination, and may require amendments to domestic legislation to make it compatible with EU law. The ECJ’s decision is expected in May 2008. For further information please contact Antony Arbuthnot If an employer is proposing to make redundant 20 or more employees at one establishment within a period of 90 days, the collective consultation provisions of Section 188 of the Trade Union and Labour Relations (Consolidation) Act 1992 (TULRCA) come into play. Where the employer is proposing to dismiss 100 or more employees, the consultation period must be at least 90 days; otherwise it must be at least 30 days. Failure to consult with the appropriate representatives of affected employees can lead to a protective award requiring the employer to pay each affected employee 90 days’ pay. In Evans, Motture and Hutchins v Permacell Finesse Ltd., the Employment Appeal Tribunal (EAT) considered the amount of the award payable when there has been a failure to follow the collective consultation provisions. Mr Hutchins worked for Permacell Finesse Ltd. as a supervisor. He was one of approximately 77 employees that the company proposed to make redundant during a 90 day period, thus triggering an obligation to consult for a minimum of 30 days. However, Permacell made no provision for the election of employee representatives and was therefore unable to consult them. Several employees brought claims for a protective award on account of this failure. The Employment Tribunal (ET) found that there had been a serious failure to comply with the consultation requirements, with no evidence of any mitigating factors. However, it considered that the breach did not have as great an adverse effect as would have been the case if 100 or more employees had been deprived of a minimum of 90 days consultation and so the sanction should be a 30 day protective award, which amounted to Mr Hutchinson being awarded £2,742. The level of the award was the subject of an appeal to the EAT, which took as its starting point the judgment in the 2004 case of Susie Radin Ltd. v GMB and Others. This offered guidance on what matters the ET should take into account when determining the level of the protective award and made it clear that the purpose of the award is to punish the employer for breach of its obligations under Section 188 of TULRCA, rather than to compensate the employee for any loss, and that a proper approach where there has been no consultation is to start with the maximum period and to then reduce it only if there are mitigating circumstances. The EAT stated that there is now no specific link between the consultation period and the protected period. The EAT also referred to the recent case of UK Coal Mining Ltd. v NUM in which the EAT held that protective awards of the maximum 90 days were correct for a serious breach of the statutory requirements on the part of the employer. The limited consultation that had taken place did not mitigate the seriousness of the conduct. The EAT held that a serious breach of the collective consultation requirements must put the protective award near the maximum payable. The ET had made an error of law. It should have started at 90 days and worked downwards if there were mitigating factors. In this case, however, there was no evidence of mitigating or special circumstances so the EAT substituted a protective award of 90 days. Says Antony Arbuthnot, “This case serves as a further reminder to employers of the potentially serious financial consequences of failing to consult when making collective redundancies. Even if the obligation to consult is for a minimum 30 day period, a serious breach of the requirement can result in employees being granted a 90 day protective award.” New measures designed to tackle illegal migrant working came into force on 29 February 2008. These measures, contained in the Immigration, Asylum and Nationality Act 2006, include:
The new measures do not significantly alter employers' responsibilities. Employers were already required to check a prospective employee’s right to work in the UK in order to establish a defence against conviction for employing an illegal migrant worker. Under the new measures, employers can obtain a statutory excuse from payment of a civil penalty if they have carried out the required checks on a prospective employee’s documents. In addition, employers are required to undertake repeat document checks, at least once a year, for those employees who have limited leave to enter or remain in the UK, if they are to retain the statutory excuse. However, the excuse will not apply where an employer knowingly employs an illegal migrant worker. A code of practice is now available containing guidance on the civil penalties for employers. This contains information on how the level of penalty may be determined and on the documents required for the purpose of establishing the statutory excuse. It can be found on the website of the Border and Immigration Agency at http://www.bia.homeoffice.gov.uk/. For further information please contact Antony Arbuthnot In December 2006, the House of Lords remitted to the European Court of Justice (ECJ) certain questions concerning the European Working Time Directive, regarding paid annual leave for employees on long-term sick leave. The Working Time Regulations 1998 (WTR) implement the Working Time Directive in the UK. The Advocate General (AG) has now handed down her preliminary opinion in the case of Stringer & Others v HM Revenue and Customs, which concerns employees who had been off work for substantial periods without pay but who remained employees, for example on account of long-term sickness. The Court of Appeal had ruled, in a unanimous decision, that the right to four weeks’ statutory paid holiday under the WTR does not continue to accrue whilst an employee is absent on long-term sick leave. The decision only referred to employees who are absent for an entire holiday year and was based on the argument that leave cannot be taken by someone who is not at work. In addition, the holiday entitlement under the WTR is designed to ensure that minimum health and safety standards apply to working time. If an employee is not at work, he or she cannot derive any health benefit from taking leave. In the AG’s opinion, however, ‘sick leave and annual leave serve different purposes and therefore must not, for legal purposes, be regarded as interchangeable’. The right to annual leave is a fundamental right and this cannot be taken away by illness. Therefore, the entitlement to paid holiday does accrue while an employee is absent on sick leave. However, a worker may not take this holiday whilst still on sick leave, but only on their return to work. In addition, if the employment contract of a worker on long-term sickness leave is terminated, he or she is entitled to payment in lieu of accrued holiday leave untaken, even if they have been on sick leave for all of the relevant holiday year. This opinion is not binding and it remains to be seen whether the ECJ will support the AG’s view. Says Antony Arbuthnot, “If the ECJ does follow this preliminary opinion, it could prove costly for employers. We can advise you on managing long-term sickness without falling foul of the law.” **** The information contained in this newsletter is intended for general guidance only. It provides useful information in a concise form and is not a substitute for obtaining professional advice. We respect your time online and your privacy. If you would not like to receive any further newsletters then please send an email to opt-out.newsletter@bwblegal.com with 'unsubscribe |
||