What's on your E RADAR?

Governance, Compliance and Riskacross the online economy

Will RoebuckFounder and CEO

E RADAR | Smarter business online

Online in 2012 – 15 years of strengths

● Speed and convenience● Cost and inventory control● Global presence and market opportunity● Better customer service● Competitive and collaborative advantage● Innovation● Social revolution (accessibility and connecting people)

Online in 2012 – 15 years of weaknesses

● Pace of change v legacy technologies● Conflict of laws and regulations● Work place social networking v time-management● Increased globalisation = domino effect (e.g. Enron)● Security● Imitators

Online in 2012 – 15 years of opportunity

● E-commerce sales represents 16.9 per cent of total sales ● Website sales represented 4.2 per cent of total sales● 78.7 per cent of businesses had a website● 51.9 per cent of businesses had mobile broadband using

3G● 86.5 per cent of businesses used the Internet to interact

with public authorities.

Online in 2012 – 15 years of threats

● Society, business and government● Financial fraud● Children and citizens e.g. harassment, bullying...● Theft – identity, data, intellectual property● International terrorism

● UK Cyber Crime Strategy (Nov 2011)● http://www.official-

documents.gov.uk/document/cm78/7842/7842.pdf

Online business environment

● Supply and demand● Goods, services, digital downloads, financial instruments● The 'bottom line'

● Encouraged by● Competition, enterprise and innovation

● Supported by ● People, processes, technology, and information● Laws, regulations, standards and best practice

What does this all mean?

● Balance supply and demand against risk● Deploy resources carefully● Smarter business management

● Identify, develop and use 'the right' people skills● Re-engineer business processes ● Invest in enabling technology

● Provide good laws and regulations

Why governance and compliance?

● Customer trust and confidence● Business protection e.g. evidential trail● Sector requirements● Reduced insurance premiums● Corporate reputation ● Director and vicarious liability● 'The regulatory stick'

Governance and compliance issues

● Corporate● Vicarious and director liability● Duty of care towards employee● Prevent improper and illegal activity over systems /networks

● Personal● Directors failing to undertake duties implied by law or as

additional duties in their contract

Governance and compliance issues

Contractual● Prove existence of agreement in disagreement with a

customer● Defend an action for unfair dismissal before employment

tribunal● Legal

● Prove an intellectual property right or invention

Governance and compliance issues

Regulatory● Registering, reporting, retaining and disposal of records

– Annual returns– Invoicing and VAT– Health and Safety– Personnel records

● Data Protection● Consumer Protection

● Security of systems and networks... and information

Digital evidence and admissibility

● Evidence is ● the way that a fact is proved or disproved in a court, tribunal

or disciplinary.● Oral, real (primary or secondary) or hearsay (less reliable)

– Primary = e.g. signed original contract– Secondary = e.g. unsigned draft of the contract

● Burden of proof● Civil cases = with plaintiff and 'balance of probabilities'● Criminal cases = with prosecution and 'beyond reasonable

doubt'

Digital evidence and admissibility

● Evidence in electronic format is admissible● Electronic Communications Act 2000● Civil Evidence Act / Youth Justice and Criminal Evidence Act

● May be legally acceptable but may not be admissible.● Admissible document must be sufficiently relevant● Court must decide and may give different weight to primary

or secondary evidence ● British Standards Code for Legal Admissibility and

Evidential Weight of Information Stored Electronically.

Misuse of devices

● Abuse and misuse (Illegal, illicit or wrong)● Defamatory remarks● Breach of confidentiality● Using and abusing copyright without permission● Negligence in sending viruses to other business● Sexual or racial harassment

● Criminal Offences● e.g. downloading child pornography● Other illegal images

Monitoring communications

● Right to privacy – even at work● Regulation of Investigatory Powers Act 2000● Lawful Business Practice Regulations 2000

● Inform monitoring for lawful business purposes● Quality, training and security

● How do you 'monitor' remote workers?● Blanket monitoring of employees not acceptable● Must be justified● Other alternatives?

Data protection

● 8 data protection principles● Principle 7 – adequate security measures● Principle 8 – international transfers

● Cloud computing● Where is personal data● Information Commissioner's Guidance

● Sensitive personal data● Encryption

Retention, deletion and retrieval

● Organisations must have evidence to rely upon it!● Information management policy covering

● Retention, access and exchange (including security), deletion and retrieval

● Why a policy?● Business (cost, time and risk management) ● Legal (e.g. accounting records = 6 years, criminal penalties)● Regulatory (FSA Rules, Food Standards etc)

About E RADAR

● Championing enterprise and the online economy● Focus on public policy, governance, compliance and risk

● Pre-legislation and post legislation● IT and online contracting

● Membership and professional services● Monitoring and scrutiny● Thought-leadership and best practice

Back to you... and 2012

● A turning point?● Global recession with Euro under threat● £1 trillion UK government borrowing● 60% EU cross-border e-commerce transactions fail● Public sector cuts and increasing unemployment● European Single Market – working or not?

We need visionaries, innovators and entrepreneurs to recognise the opportunities and walk through the door...”

“The best way to predict the future is to create it!”

Thank you!

will@eradar.euhttp://www.eradar.eu