Pedlam Risk – a legal risk management consultancy – have kindly allowed us to feature their update on legal issues which may affect UK companies. For further information, head to www.pedlamrisk.com.
Q1. What is IPR – do we have any and do we need to bother about it?
A: ‘Intellectual Property Rights’ are valuable assets of a business. They are abstract and hard to understand. Essentially they comprise: trademarks, patents, copyright, confidential know-how and design rights. Many exist automatically – such as copyright and know-how; others need registration – such as trademarks, patents and design rights. It is worth reviewing what IPR you have, its value and whether you should be taking steps to protect it from your competitors. Having a registered trade mark for your main brand can in particular provide valuable legal protection and also help to see-off those who may attempt to register a confusingly similar brand or domain name, whether intentionally or not. There may also be revenue generating licensing opportunities from commercialising your IPR.
Tip: check what IPR you have and ensure that relevant registrations are obtained where this is justified on a cost/ benefit analysis.
Q2 How will the new European Data Protection regulation impact us?
A: The wording of the new Data Protection Regulation has finally been agreed in Brussels, after much amendment. It is likely to become law in 2016 with a two year implementation period. Main changes include: smaller companies having not more than 5,000 individuals on their database will not be required to appoint a Data Protection Officer; data protection breaches will be required to be reported ‘ without undue delay ‘ and data security will be required to be embedded into new products at the design stage.
Tip: assess the extent to which the new Regulation will impact your business and any steps required to remain data security compliant, assuming that the UK remains in the EU after the Referendum. It makes sense in any event for companies to have resilient data protection in place as the recent Talk Talk and other much publicised data breaches have shown. Customers expect their personal details to be protected. Companies should, where possible, obtain ISO 27001 certification to show that they are adopting best security practice. Having at least Cyber Essentials assurance under the government backed scheme will also make good sense, and may even be required when submitting some tenders.
Q3. Do we have a sensible social media / information security policy which is understood by all?
A: Companies are increasingly permitting employees to use their own smart phones, tablets and other devices for business use. Over 50% of UK companies are estimated to permit BYOD ( = bring your own device). A large number of companies still do not however permit BYOD due primarily to security concerns. The increasing risks of security breaches and legal claims and other sanctions need to be guarded against in any case.
Tip: review what training you provide to ensure that employees are aware of the risks. Alert them to the practical steps they can take to avoid loss of data and unauthorised access to business sensitive information. An external audit (which can involve discrete penetration testing) is a good way to test for gaps in defences and to demonstrate that all possible steps are being taken to ensure resilience against unauthorised external access.
If you would like to discuss these or other legal issues, feel free to contact:
Angus Gribbon : AngusGribbon@PedlamRisk.com or M: + 44 (0) 7917 769 391.
January 2016. © Pedlam Risk Management Limited 2016