The high-profile arrest of computer programmer Aaron Swartz for illegally downloading millions of academic journal articles resulted in federal charges against him for violations of the Computer Fraud and Abuse Act (CFAA), which highlighted its use as a broad tool to combat hacking. However, varied interpretations of the CFAA have left businesses guessing when it comes to deciding how best to pursue employees who have used their access to steal and misuse confidential information.
“Currently, the law can be applied differently depending on your location. A decision in the U.S. Circuit Court of Appeals for the 9th Circuit makes it more difficult to use the law against current employees who have used their access to obtain information for the purpose of misuse. In contrast, courts in other parts of the country have adopted relatively broad readings of the statute, making it a more viable tool in those jurisdictions,” says Travis P. Brennan, a litigation attorney with Stradling Yocca Carlson & Rauth.
Smart Business spoke with Brennan about the CFAA and protecting sensitive information.
What is the CFAA and how is it applied by businesses?
The CFAA is a federal, primarily criminal, statute, though it does provide for civil remedies for private plaintiffs when someone accesses a computer without authorization or exceeds authorized access to obtain information. One of the questions presented in several cases involving the statute is: If an individual is authorized to access a company’s computer network, does that person exceed authorized access by obtaining information to use for unauthorized or competitive purposes? Some courts have said yes, which turns the statute into a tool to help police improper use of company information, in addition to a tool to help protect against outside hacking.
What are the benefits and limitations of this act?
Filing a claim under the CFAA gets the case into federal court, which is more often better equipped to handle complex disputes. Plaintiffs also aren’t required to prove the information accessed rises to the level of a trade secret. However, the remedies under the CFAA are limited. A private plaintiff has to show it suffered a loss of more than $5,000, and in most instances the recoverable loss is limited to the cost of investigating the unauthorized computer access and fixing related data disruption. That’s important to think about when considering if this is a tool that would bring a tangible benefit.
How does United States v. Nosal affect the use of the CFAA?
That case makes it more difficult to use the CFAA against current employees. The 9th Circuit affirmed a narrower interpretation, in April 2012, when it dismissed criminal counts against employees who accessed information through company-issued passwords while still employed. The court reasoned that the phrase ‘exceeds authorized access’ is limited to violations of access, not restrictions on use.
Other counts in the case dealt with access by outsiders using stolen passwords to obtain information. Some of those counts proceeded to trial and resulted in a recent conviction.
What other tools can companies use to protect their sensitive information?
State law governs the protection of trade secrets and other sensitive information. Most states have adopted some form of the Uniform Trade Secrets Act through which companies can get damages and other relief if they can show information taken contained trade secrets.
Ultimately, it behooves companies to limit or segregate access to sensitive information and have employees sign clear, written policies. If the agreements are violated, there are contractual remedies, as long as you can show harm from the breach.
While the CFAA is worth keeping an eye on, particularly in light of divergent court rulings, in instances where companies have information misappropriated, the first place to look for a remedy is through state law, such as those that govern trade secrets or the relationship between employers and employees.
Travis P. Brennan is a litigation attorney at Stradling Yocca Carlson & Rauth. Reach him at (949) 725-4271 or email@example.com.
Social media: Learn more about Travis P. Brennan.
Insights Legal Affairs is brought to you by Stradling Yocca Carlson & Rauth
When manufacturing companies are looking for a new or additional location, they’re often concerned with the availability of quality labor, utility costs, freeway and rail accessibility, local and state taxes, and building availability and costs.
While these are all important considerations, there are some things to look at that might not be as apparent, which is why working with an experienced commercial real estate broker can help.
“Brokers will talk with members of the business community from similar industries to give their client a more three-dimensional picture of what it’s like doing business in the area,” says George J. Pofok, CCIM, SIOR, senior vice president of CRESCO Real Estate. “They’ll also connect with their area colleagues who live and work in those markets to give company executives both the 30,000-foot and on-the-ground views.”
Smart Business spoke with Pofok about conducting a nationwide site search and how brokers can help companies dig deeper.
What might be the biggest hurdle in conducting a national site search?
It can be difficult to get quality and timely data on building availability from existing databases. When casting a search that wide, it’s important to talk with state economic development groups in addition to searching the national databases such as CoStar and LoopNet. Commercial real estate brokers also can help companies in their search by tapping into the Society of Industrial and Office Realtors (SIOR) professional network to solicit potential sites that suit a client’s needs.
However, relying on listings is precarious. Properties as advertised are not always what they seem. Once properties of interest have been identified, phone calls should be made to all the listing agents to start verifying accuracy and solicit property brochures, photographs, floor plans and site plans.
How much weight should a company give to economic incentives?
Economic incentives can be extremely beneficial, but they often come with strings attached. Sometimes to get the benefit of an incentive a company needs to meet certain hiring requirements or pay a certain wage. But if the company fails to do so, which can be the result of factors outside of the company’s control, there can be clawback provisions.
Incentives are helpful but shouldn’t be the key driver for a decision to move. They should be weighed against other factors such as the state or county’s environmental regulations, corporate income tax and municipal tax rates. But all things being equal, incentives can tip the scales.
How can commercial real estate brokers help companies choose a site?
Many brokers come from full-service firms with coverage in most major markets, both nationally and globally. They can help tenants and/or buyers with site acquisition, incentive and location analysis, and often partner with their consulting arm to perform a network rationalization study, which allows companies to compare regions to determine the impact each would have on the different aspects of their businesses and end users.
Further, brokers can work closely with key individuals in federal, state and local government to vet initial search findings and see how each agency might be able to work with the incoming company. Being on the ground also allows a broker to determine if the local quality of life suits the business. They’ll look at housing values, the retail areas and other local amenities to give CEOs a good sense of the community they could soon become a part of.
What are some important qualities of the agent who helps conduct the search?
Look for a broker who has experience. If an agent hasn’t completed similar deals he or she won’t know the right questions to ask. Also, a broad network is key, in regards to both the firm he or she represents as well as his or her professional network. An affiliation with groups such as SIOR and the Certified Commercial Investment Member Institute (CCIM) provides a network of top-producing real estate professionals throughout the country. Ultimately, you need a broker who is diligent, works hard to earn your business, and is timely and responsive.
George J. Pofok, CCIM, SIOR, is senior vice president at CRESCO Real Estate. Reach him at (216) 525-1469 or firstname.lastname@example.org.
Social media: Stay in touch with CRESCO Real Estate on twitter or Facebook.
Insights Real Estate is brought to you by CRESCO
Cloud computing is a broad term that can include hosting a website and data management. Unfortunately, small businesses are picking up many misconceptions in the marketplace about what the cloud is and what it means to be in the cloud.
“It’s not always the right solution for every business,” says Ryan Niddel, CEO of QuickLaunch Solutions. “It takes research and consultation from someone with knowledge to really understand how it can work for your business.”
Smart Business spoke with Niddel about cloud computing and its applications for small businesses.
What is the cloud?
There are two main aspects to cloud computing. There’s the data management side, which is primarily utilized to back up files — think Dropbox or iCloud. This allows anyone, anytime, anywhere to store and access files on servers that exist all over the world.
The other aspect to cloud computing is hosting services, which provides the infrastructure that allows a company to host its website entirely in the cloud. Anything from an entry-level blog to something of enterprise value could be hosted in the cloud. There’s no need for redundancy between the cloud and a dedicated server because the cloud gives you myriad hosting options in its architecture. Even if you’re on a dedicated server now, that data can be easily migrated to the cloud.
Is cloud hosting cost prohibitive?
Cloud hosting for small businesses is really the entry-level for commoditization of a website, and there are pay-as-you-go options that suit each company’s needs. While many hosting services take a one-size-fits-all approach, the pay-as-you-go model is more fluid, offering a billing program similar to those offered by utility companies where you pay for what you use. Using this model, business owners can spend 20 percent less than those using a dedicated server.
There are also deeper cost savings. For example, research has shown that cloud computing reduces IT labor by more than 50 percent. Because the cloud is extremely stable, it’s unnecessary to pay for IT support staff to ensure infrastructure stays operational. Cloud hosting saves money on maintenance, hardware, licensing and support, and is all around more efficient than using a dedicated server.
Is cloud hosting secure and reliable?
Cloud infrastructure is at least as secure and possibly more secure than the dedicated servers many companies are currently using. The hardware virtualization architecture used in cloud hosting keeps systems working through redundancy, which means utilizing multiple servers to back up clients’ data. And the transition from one environment to another happens with no perceived interruption in service. There’s no easier way to have that kind of redundancy. It’s a very fluid, secure and dynamic environment that seamlessly adapts to the needs of the client.
Is cloud computing a fad?
Amazon, Google and Apple have adopted the cloud as the new wave of Internet technology, and this new commoditization, pay-as-you-go model is being widely used. More companies are shifting to the cloud from dedicated servers, and much of the new infrastructure being developed by startup companies is in the cloud, so it’s here to stay. It’s where data management and hosting are going.
What sort of savings might a company realize by utilizing the cloud?
On average, companies can expect to realize an 80 percent reduction in their hosting bill if they can optimize their cloud correctly. Once in the cloud, a company can have its bandwidth utilization monitored to establish benchmarks that show usage during high- and low-traffic periods. Bandwidth will be monitored during a three-month settling period to determine the right services for that company’s needs and ensure it’s only paying for what it uses.
Hosting in the cloud is the wave of future. It allows companies to operate more efficiently and effectively, and keeps the bottom line healthy. It’s also the logical progression in the evolution of data management. And with a good partner in the endeavor, it can be a painless and seamless transition.
Ryan Niddel is CEO of QuickLaunch Solutions. Reach him at (419) 631-1270 or email@example.com.
Insights Internet is brought to you by QuickLaunch Solutions
California passed more than 800 new laws in 2012, and Shane P. Criqui, litigation attorney at Stradling Yocca Carlson & Rauth, says, “It’s virtually impossible for any business person to keep track.”
He says among those of interest to businesses are new laws that govern social media in the context of an employee and employer relationship, and broad legislative changes regarding California LLCs.
“That’s why it’s important to have a discussion with your counsel and make sure you understand how these laws may affect your business,” Criqui says.
Smart Business spoke with Criqui to better understand two of California’s law changes.
What is changing regarding social media?
California has added protections for employees using social media to the state’s labor code, which establishes privacy protections for individuals and limits what employers can lawfully demand of employees. It helps avoid situations where employers demand private social media passwords and take adverse actions against an employee based on the content of his or her account. The law also applies to job applicants.
Specifically, an employer can’t require an employee to disclose username or password information for personal social media accounts; require an employee to access his or her social media accounts in the presence of the employer; or otherwise divulge personal social media information. Further, employers can’t discharge, discipline or retaliate against employees for not complying with such requests.
There are, however, exceptions. An employer can go after information on a social media account that’s reasonably believed to be relevant to investigations of employee misconduct or a violation of law. Employers also may require employee disclosure of passwords necessary for accessing an employer-issued electronic device.
What constitutes social media?
The definition of social media as it applies to this law is very broad and can include any electronic service, account or content such as videos, photos, blogs, podcasts, text and instant messages, and websites.
Further, while the law applies to accessing ‘personal social media,’ the term ‘personal’ is not further defined, which may create ambiguity. For example, an employee’s LinkedIn account could be used to promote his or her employer’s business but is also ‘personal’ to the employee.
What changes are coming for limited liability companies?
A 2012 bill that becomes effective Jan. 1, 2014, repeals California’s Beverly-Killea Limited Liability Company Act and replaces it with the California Revised Uniform Limited Liability Company Act. It will apply to all California LLCs existing on Jan. 1, 2014, and no LLC can opt out.
The new law presumes an LLC is member managed, unless the company’s articles of incorporation and operating agreement specifically provide otherwise. In member-managed agreements, all members can act as agents of the LLC, where in manager managed arrangements, it’s only the managers.
Other provisions are specific to fiduciary duties. Expressly, the law says managers can’t eliminate the duty of loyalty, which a manager typically owes to the LLC along with the duty of care. However, duties of care and loyalty can be modified ‘in a written operating agreement with the informed written consent of the members.’ For instance, the duty of care can be lowered, although not ‘unreasonably reduced.’
The new act also states that while an operating agreement may ‘eliminate or limit’ a member or manager’s liability for monetary damages with respect to a breach of the duty of care, it cannot do so with respect to a breach of the duty of loyalty.
What should affected companies do?
While prior operating agreements will remain in effect after Jan. 1, 2014, the new act will apply to ‘acts,’ ‘transactions’ and ‘contracts’ entered into on or after that date. Accordingly, it makes sense for LLCs to talk with counsel to make sure the new default rules don’t change an LLC’s understanding of its existing rights and obligations.
Shane P. Criqui is a litigation attorney at Stradling Yocca Carlson & Rauth. Reach him at (949) 725-4226 or firstname.lastname@example.org.
Insights Legal Affairs is brought to you by Stradling Yocca Carlson & Rauth
Companies have information that gives each of them a competitive advantage over competitors. Patenting this information is sometimes legally impossible or disadvantageous — patents expire, leaving vitally important information publically exposed.
Some companies choose to treat the information as a trade secret because such a designation can offer legal leverage in certain situations. And unlike a patent, a trade secret can last forever.
A patent expires 20 years from its effective date of filing, and that previously protected invention enters the public domain. With a patent, you’re disclosing how to make and practice an invention in exchange for 20 years of exclusive rights to do so,” says Daniel R. Ling, an associate with Fay Sharpe LLP.
He says many companies, especially smaller ones, don’t often consider the role of trade secrets, but in certain instances companies could be well served by recognizing and protecting such valuable information. But there’s one catch: “You have to take reasonable steps to maintain it as a secret.”
Smart Business spoke with Ling about identifying and protecting trade secrets.
What are some examples of information that could be a trade secret?
Customer and supplier lists, the arrangement of equipment in a factory and certain manufacturing processes are examples of valuable proprietary information that may not rise to the level of something that can be patented. Often, it comes down to that which makes your product better than that of your competitors but can’t be patented because it doesn’t meet the basic legal standards, which are that the invention is new, not obvious, useful and eligible to be patented.
How long does trade secret protection last?
Trade secrets last indefinitely, as long as the information is maintained confidential and the holder of the trade secret continues to take reasonable precautions against disclosure.
How are trade secrets best protected?
There are many methods of protecting sensitive information. If it’s a process that involves multiple steps, a company could isolate the responsibility for each of those steps across multiple locations so the entire process isn’t carried out in one place and a single person isn’t privy to the entire production.
It’s also fairly common to include confidentiality agreements and nondisclosure clauses in employment contracts for not only employees who might be aware of a trade secret in its entirety, but also for employees who may have only some knowledge of the process. Companies with such sensitive information should work with a business attorney to put together those agreements.
What can be done if a trade secret is leaked?
If the trade secret was misappropriated — obtained illegally or otherwise improperly disclosed — there are steps that can be taken to prosecute the perpetrator. The Uniform Trade Secrets Act, the general framework of which has been enacted by 46 U.S. states, offers remedies when a trade secret is acquired through improper means or through a breach of confidence. This can provide some relief to a trade secret holder in the form of injunctive relief (e.g., stopping the use of a misappropriated trade secret), monetary damages and/or attorney’s fees.
However, if the information is developed independently or introduced to the public lawfully, nothing can be done. Further, if the secret that was being held is a patentable idea, another company or individual could secure the rights to it and bar others from acting on it. That’s why it’s important to carefully consider what you hold as a trade secret; if it can be easily reverse engineered it’s not right for trade secret protection.
Regardless of whether the secret got out legally or illegally, once it’s widely disclosed the remedies under the law might not be sufficient to make a company whole again — once it’s out, it’s out. The trade secret holder ultimately has an obligation to take reasonable protective measures to guard its secrets.
Daniel R. Ling is an associate at Fay Sharpe LLP. Reach him at (216) 363-9000 or email@example.com.
Insights Legal Affairs is brought to you by Fay Sharpe LLP.
Securing trademark protection provides a company with legal rights to market and sell its services or products, and offers this same company an opportunity to stop other companies from marketing or selling services or products that are, or could be, infringing upon its protected marks.
However, each country has different criteria guiding the trademark process, which introduces varied time and cost elements that can be difficult to navigate. Ignoring these laws could mean forever losing legal protection and the opportunity to market and sell goods or services under a valued brand name in key markets.
“There is no such thing as an international trademark, but U.S. copyrights can be enforced internationally,” says Tom Speiss, a shareholder at Stradling Yocca Carlson & Rauth, who works as a business adviser and brand manager.
Smart Business spoke with Speiss about managing domestic and global brand portfolios for companies operating at home and abroad.
How can companies protect their brands domestically?
Companies can protect their brands domestically through both trademark and copyright law. For trademark, the U.S. is a common-law country, which means trademark rights begin to be established as soon as a company starts using a mark in commerce. But it’s important to conduct a trademark availability search and, if the mark doesn’t infringe upon another’s mark and appears to be available as a federal trademark, then file an application with the U.S. Patent and Trademark Office to acquire federal trademark protection.
In addition, companies also can file for federal copyright protection through the Copyright Office. To start this process, product packaging, website material or other advertising material can be used as part of a copyright application. Once a copyright registration issues, the registration potentially can protect a company’s product packaging, Web content and advertising content, as well as the design elements of a trademark. The U.S. copyright registrations then may be enforced internationally, through a treaty known as the Berne Convention Treaty.
If a company has plans to expand in foreign markets, when should management consult an intellectual property (IP) attorney?
A company should bring in an IP attorney as soon as it starts thinking about foreign market expansion, even if the plan’s realization is years away. Companies must be advised concerning all trademark rules for the countries in consideration, including possible infringement issues; whether the brand name is even available; the timelines and costs for applications; how use and non-use might affect the rights being granted; and when a company is required to exercise any rights it has been granted before a mark is vulnerable to cancelation. Each of these steps can be measured in years and have a lot of moving pieces, so — as ideas are generated — counsel needs to be involved.
What are the criteria for foreign market selection?
Companies can point to home successes with their products, including sales and brand equity, as they venture out. However, the mark used in their home country may be unavailable in a foreign market, which means the company won’t be able to transfer that equity even though it’s a proven brand.
The recourse is to develop a new name. But that brings risk because then its history at home won’t translate to the new market. This is another reason to bring in an IP attorney at the onset of brand expansion to assist in successful brand development or expansion.
What should you ask your attorney regarding brand management in other countries?
The most important first step is determining whether the target country’s trademark laws are governed by the principle of first-to-use or first-to-file. IP attorneys also can help companies establish timelines, such as when a company needs to start using or selling a product in the target country. Good counsel will thoroughly search to discover if the mark to be used in the foreign market is already in use for the same or similar goods or services. Along the way, counsel can help clients understand what other regulations might be advantageous or impede selling in foreign markets.
Tom Speiss is a shareholder at Stradling Yocca Carlson & Rauth. Reach him at (424) 214-7042 or firstname.lastname@example.org.
Insights Legal Affairs is brought to you by Stradling Yocca Carlson & Rauth
In the past 20 years, companies have been generating an increasing amount of data. The growth of social media has also created a massive pool of information that any company can access, mine and use.
“Utilizing big data can help a company uncover the relationships it has with consumers and businesses that perhaps it didn’t previously realize it had,” says Pervez Delawalla, president and CEO of Net2EZ. “In many ways, that data can help a company gain a better understanding of its clients’ needs and formulate its products to win more business.”
Smart Business spoke with Delawalla about big data and how to effectively store and utilize it to the benefit of your business.
Where can companies find big data, and how can they use it?
With the advent and proliferation of social media, there is information that companies can collect called ‘big data,’ which can be used to analyze, in a cost-effective and time-efficient way, the social habits of consumers. This information allows them to devise targeted marketing campaigns and develop products.
Data about consumers is being collected from social media outlets such as Facebook and Twitter, data about businesses can be collected from sources such as LinkedIn and Foursquare, and there is data contained in emails coming into a company.
Do all companies have access to big data?
In today’s world, any company that uses computers has a big data resource or is collecting it without realizing it. For example, most salespeople have a contact database that includes people they’ve met through work, in their personal lives and through networking. If you are going to meet with the CFO of a potential client company and you learn that someone on your sales team knows that CFO, that is an invaluable personal connection. Knowing about that relationship allows you to bring the person to the meeting and quickly establish a connection.
What challenges come with big data?
Storing big data was traditionally cost prohibitive, which is why only large companies could do it. However, solutions such as new, lower-cost hardware have recently hit the market, which has given smaller companies the ability to have large sets of storage devices to store big data. At the same time, cloud computing allows a company to rent storage on a monthly or short-term basis, meaning more companies can collect, store and mine big data.
Indexing this data so that it can be used to benefit the company is a challenge, but there are plenty of tools available from major software manufacturers that can be used to mine it.
What methods are available to companies to help store this data?
Big data can be stored privately or on servers that host multiple clients. Which option a company chooses depends on how important it is to keep information secure.
Private cloud services give companies a certain amount of secure storage on a server that only belongs to them. The type of data being stored determines which tools are applied to extract it, such as a dashboard through which a company can query or search its data. There are also data feeds that provide ticker updates as data comes in, giving fast access to information.
Public cloud services are available, but are less secure than private services.
How can companies efficiently navigate such large data sets to get the most use out of the information being retained?
It takes some time to understand which data is going to be useful and to learn which tools are available to store and sort it. For example, you could buy and deploy big data-mining tools to start collecting various sets of data from multiple sources, then create a dashboard that puts that information at your fingertips. However, you can’t simply keep storing information and expect results. You need to better understand your company’s demographics and understand what is going to help your company grow. You have to know your end result and employ the tools necessary to achieve it.
Many companies don’t realize what they have beyond their traditional database and that is sometimes where the treasure trove of data exists. Accessing that data will open a world of opportunities.
Pervez Delawalla is president and CEO of Net2EZ. Reach him at (310) 426-6700 or email@example.com.
Insights Technology is brought to you by Net2EZ
The financial impact of the Patient Protection and Affordable Care Act (PPACA) may seem to be its most challenging aspect. Mitigating that impact may seem like the most practical solution. However, Ron Present, health care industry group leader at Brown Smith Wallace, says, “There are a lot of strategic implications to what you do and how you do it. Management should avoid just calculating the math and saying, ‘This saves us money so it’s what we’re doing.’”
To that point, Bill Goddard, principal, insurance consulting at Brown Smith Wallace, says, “You should consider many potential solutions before making a decision that could drastically diminish your ability to retain and acquire talent, and keep your workforce engaged.”
Smart Business spoke with Present and Goddard about dealing with health care insurance after the PPACA from a cost and strategic perspective.
How has the PPACA affected private insurance?
Starting Jan. 1, 2014, employers with 50 or more full time or full-time equivalent employees, considered large employers, must offer health insurance that fits certain affordability and coverage criteria or face a penalty. This could have an immediate impact on an employer’s cost to provide health insurance because a group of employees that had not had insurance may enroll in the plan and because of pre-existing conditions or high use of care, will cost the employer a significant amount of money.
Also, the health care law changes the status of some who had been considered part timers for insurance purposes to full-time employees. In some industries, many employees have not historically taken health insurance, sometimes as much as 66 percent of a company’s workforce. These employees will need to be offered coverage, potentially tripling costs.
How might that impact employers?
Companies are calculating their potential risk to cost. However, that’s only one aspect. The other is the strategic impact.
Some companies have considered limiting their variable hour, or part time, employees, to less than 30 hours per week to reduce the number of employees considered full time. To maintain an adequate workforce, such changes can require hiring additional employees, or changing existing employees’ workloads and job descriptions to keep up production and prepare for 2014.
Should employers not provide coverage?
Let’s say a large employer decides not to offer health insurance and instead pay the $2,000 per employee (minus 30) penalty, which may seem cheaper. However, the law requires individuals to have insurance regardless of employer coverage, so employees may leave for a competitor that provides it. Those who stay out of necessity may always be looking for another employer that provides coverage, lessening their productivity and loyalty while raising turnover, which is a significant expense.
Counsel employees. Let them know that they can refuse insurance coverage from the employer and either purchase insurance through a public exchange/marketplace or instead pay an annual penalty. Employees may prefer to pay the penalty instead of paying far more each month for coverage.
How can employers that provide insurance cope with rising premiums?
Large employers offering health insurance to a population of purely full-time employees can potentially control premium costs by forming a captive insurance company. This is an insurance company that non-insurance companies with 50 or more full-time employees can start. It is generally owned by the company that forms it and insures a limited population, typically just its own employees.
Another potential solution is to form a private exchange, which may be complementary to forming a captive insurance company, in that the entity forming it creates its own marketplace, which means it may qualify as providing insurance with a defined contribution that may help control costs.
Bill Goddard is a principal, insurance consulting, at Brown Smith Wallace. Reach him at (314) 983-1253 or firstname.lastname@example.org.
Ron Present is a health care industry group leader at Brown Smith Wallace. Reach him at (314) 406-5105 or email@example.com.
WEBSITE: For more on this topic, visit http://bswllc.com/industries/health-care.
Insights Accounting is brought to you by Brown Smith Wallace LLC
Enforcement of the Foreign Corrupt Practices Act (FCPA), which addresses the bribing of foreign officials, has increased significantly against both large multinational companies and small, private, domestic companies.
“If you’ve been hearing about the FCPA but haven’t addressed it fully, there is a reason to take the concern seriously from a reputational risk perspective and because you could face serious criminal and civil consequences if there is a breach,” says Jason de Bretteville, a shareholder at Stradling Yocca Carlson & Rauth.
There is also reason to be familiar with foreign laws. U.S. legislation, he says, only regulates bribes to foreign officials, which can include any employee of a government-owned or controlled entity. Foreign legislation, including the U.K. Bribery Act, doesn’t maintain this distinction and prohibits potentially corrupt payments to both foreign officials and private counterparties, highlighting the need for due diligence.
Smart Business spoke to de Bretteville about ways to limit FCPA exposure.
What are the highest areas of risk U.S. companies may tend to neglect?
One area businesses often discount is the risk posed by foreign distributors. Companies tend to mistakenly assume that if their title transfers to a foreign distributor, there is no risk posed to them if the distributor engages in corrupt payments, and that’s not the case.
The lack of understanding of a counterparty’s ownership structure is another risk. For example, in China and former Soviet-bloc countries, there is government ownership of what Westerners may assume are purely commercial entities. You may think you’re engaging — having a dinner or entertaining — a private party but, in the view of U.S. regulators, you’re entertaining a foreign official.
One evolving risk area is engaging in cooperative research with academics. They may hold dual positions and privileges at foreign academic institutions that could render them a foreign official.
What else is affecting the need to pay greater attention to FCPA?
The merger and acquisition market is heating up, including more acquisitions of foreign companies. These foreign businesses may not have a compliance culture or the same policies as many U.S. companies. The acquirer may face difficult questions of whether to go through with the transaction, and when or whether to disclose any pre- or post-acquisition conduct to U.S. regulators.
Further, reconciling U.S. policy with those in foreign jurisdictions can be difficult. For instance, the U.K. Bribery Act addresses not only foreign officials but also corrupt payments to private counterparties and does not allow an exemption for minor ‘grease’ or facilitation payments. It has more expansive jurisdictional limits and would appear to allow for the prosecution of U.S. entities with a relatively small footprint in the U.K.
How can companies best address this risk?
First, conduct meaningful due diligence on all business partners. Determine their potential to be viewed as a foreign official, understand who they are, their ownership structure and their shareholders.
Second, determine an efficient and practical means of mitigating risk. Have the party commit to comply with your code of ethics and restrictions on corrupt payments, and have as much transparency as possible regarding what work they’re doing on your behalf that may involve foreign officials. Also, any payments to any officials made on your behalf need to be used for wholly legitimate purposes, and not to facilitate sales to government customers or obtain government approvals — permits, licenses, customs clearances — in inappropriate ways.
How might compliance policies fail?
Too often, companies implement overly complex or one-size-fits-all compliance procedures that don’t address specific risks in a way that allows for meaningful risk mitigation. Policies not designed in a way that is intelligible or useful to people in the field can invite non-compliance.
An effective policy provides for simple ways to deal with concerns that may arise in the field and encourages people to find effective business solutions. Having an overly cumbersome policy on the shelf doesn’t help anyone. In fact, it can hurt.
Jason de Bretteville is a shareholder at Stradling Yocca Carlson & Rauth. Reach him at (949) 725-4094 or firstname.lastname@example.org.
Insights Legal Affairs is brought to you by Stradling Yocca Carlson & Rauth
Installing the redundancy measures necessary to make sure company data is available 24/7, regardless of calamity, is prohibitively expensive and requires a great deal of know-how, which is why many organizations outsource their data protection to companies that are specialized to guard it.
“We live in an age where data has a critical role in our lives on a daily basis. Losing access to that data, whether from being knocked offline or because of a catastrophe, can be terminally disruptive, so having backup systems in place is critical,” says Pervez Delawalla, president and CEO of Net2EZ.
Specialized data centers are dedicated buildings constructed to house server equipment that hold data — business or personal, critical or otherwise. They are designed for redundancy in physical functions, such as power and cooling, as well as network redundancy to keep data available to its customers. But what separates one from another?
Smart Business spoke with Delawalla about how to grade data centers to ensure you find one that offers the best protection for your most valuable commodity, your data.
What are the differences between data centers?
The biggest misconception is that all data centers are built the same, which leads many to ask the question, ‘Why would I pay more for one when I could get it cheaper down the street?’ The answer lies partly in Tier rating.
What is Tier rating?
Tiers represent the availability of your data based on the probabilities of system failures in a given year. Tier 1 guarantees 99.67 percent data availability in a year. Tier 4 is 99.995 percent availability. These percentages are based on the life expectancy of equipment such as power and cooling systems and distribution panels.
So that 99.67 percent represented by Tier 1 equates to, in any given year, 29 hours that systems could be offline and data inaccessible. While that might not sound like much, if you’re doing the volume of online business Amazon does, you can’t afford that. In instances where customers are trying to get to your site nearly every minute of the day, it needs to be up all the time to accommodate them, so you need the maximum level of redundancy for protection.
Tier 4 data centers, on the other hand, guarantee a maximum of 2.4 minutes offline in any given year. The percentage differences, measured in tenths, may seem negligible, but it accounts for a big difference when your data is affected.
How reliable is a Tier rating?
Data centers can have their Tier rating certified by a third party. Certification bodies include the Uptime Institute, as well as more traditional auditing firms such as Deloitte and Ernst & Young, which have technology arms capable of making an assessment. There’s also SSAE 16 certification for service organizations, which is used for reporting on controls.
How can companies ensure they have the highest level of data protection?
There are different methods for achieving redundancy. For instance, you could employ multiple Tier 1 data centers that fail over to each other. But that can be expensive. It might make more sense to use two Tier 4 data centers, one of which can serve as a geographic redundancy — it should be located a great distance from your main office and your primary data center to guard against failure caused from natural disasters, such as earthquakes.
What else should companies ask?
Make sure you’re aware of a data center’s redundancy for its network — the physical fiber that comes through the building — and how it interconnects with the rest of the network and Internet exchange points.
Also consider the support environment. Not all centers have 24/7 on-site engineering support to take care of the back of the house, such as the generators. While customers often overlook it, it’s critically important to have someone physically monitoring those systems and on hand to react to any major outages or prolonged system failures. Similarly, it’s great to have engineering and technical support on the server and router side of it to work directly with customers.
Pervez Delawalla is president and CEO at Net2EZ. Reach him at (310) 426-6700 or email@example.com.
Insights Technology is brought to you by Net2EZ