protecting your ip and data trustee responsibilities by brian miller (solicitor) and vicki bowles...

WELCOMEto the 23rd Annual

Catholic Charity ConferenceSponsored by Sarasin Investment

Management

Protecting Your IP and Data: Trustee Responsibilities

Brian Miller & Vicki BowlesStone King LLP

PROTECTING YOUR IP AND DATA: TRUSTEE RESPONSIBILITIES

FRAUD• What is fraud?• Where are you vulnerable?• Personal data and fraud


• What is fraud?– “form of dishonesty, involving either fake representations or

failure to disclose information or abuse of position, undertaken in order to make a gain or cause a loss”

IF IT HAPPENS, ITS HOW YOU DEAL WITH IT THAT COUNTS!!


• Particular areas of vulnerability for charities:– Overseas transactions– Cash– Use of technology…


• Focus on personal information:– Information that identifies an individual– Stored on your computer systems– Transferred between devices and applications


• Trustee responsibilities:– Data Protection Act 1998

• Schedule 1 – the data protection principles– Principle 7:

“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”


• Assess Risk:–WHAT personal information do you have?

• is any of it sensitive?

–WHY do you have that data? • is it necessary?

–WHO has access to the information?– HOW do you protect the information?

8


• Particular issue – BYOD– No control over security as data controller– Different mindset between home and office– Action should be proportionate to information

involved• Passwords• Encryption• VPN• Own devices

9

10

PROTECTING YOUR IP AND DATA:TRUSTEE RESPONSIBILITIES

THE END

(Part 1)

Protecting Your IP and Data: Trustee Responsibilities

(Part 2)

12

WEBSITES, DOMAIN NAMES & BRAND THEFT


DOMAIN NAMESHow Do I Know If Own My Domain Name? • Ensure your organisation is the registered owner of the

domain (check on WHOIS, eg. www.123-reg.co.uk/domain-names/)

• registrations in employee’s name to be avoided• Don’t forget to keep tabs on renewal

http://www.123-reg.co.uk/domain-names/

Whois record for abccharity.org.uk

Domain name:abccharity.org.uk

Registrant:ABC Charity

Registrant type:UK Registered Charity, (Charity number: 123456)

Registrant's address:ABC Charity42 Any Road

London

EC2A 3NHUnited Kingdom

Registrar:Webfusion Ltd t/a 123-reg [Tag = 123-REG]

URL: http://www.123-reg.co.uk

Relevant dates:Registered on: before Aug-1996

Expiry date: 11-May-2013Last updated: 08-Jun-2011


13

DOMAIN NAMESWhat’s to Stop Someone Registering A Similar Name?• nothing!• buy identical domains for the top-level domains (eg. .com)• if a cybersquatter appears, complain to registrar• allowing cybersquatters can result in

• damage to brand • theft of business or donations

• register a trade mark relating to domain name• Should assist in transfer of name back from cybersquatter



14

15


DOMAIN NAMESHow Do I Know My Domain Name Does Not Infringe

Another Party’s Rights?

• Carry out checks (eg. via Google)• Check Trade Marks Register and Trade Marks Journal• Look on Companies House for similar company names• Using another’s name can result in passing off etc• Use a specialised agent if concerned


http://www.companieshouse.gov.uk/

16

CLOUD COMPUTING AND WEBSITE SECURITY

Cloud computing is the name given to the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet).

(Wikipedia)

1) Security• If a cloud provider not using adequate security, data

never safe:– adequate firewalls– adequate encryption


17

1) Security (continued)

IT and legal experts must do due diligence on cloud provider

If you cannot show this, you could be liable if data breach.

Personal data accessible by a third party=

Breach of the Data Protection Act

Get your website penetration-tested regularly!


18

2) Who Are You Contracting With?• May be a number of providers involved• sub-contractors must be bound by same standards of

– security– confidentiality

• Main provider needs to carry can for subcontractors

Tip: check the sub-contractor’s T&Cs


A Salutary Tale: Charity X• Website hacked• Donor data stolen• Donor bank accounts raided


19

20

So Why Do Such Things Happen?

• It’s not just online fraudsters who want your money • Anyone with an axe to grind may try to compromise

your website to damage your reputation • Attacks aimed at or via Android phones are increasing• Think very carefully if you are contemplating

implementing a BYOD policy


21

Lesson To Be Learnt

• Office Security:

Make sure staff are not physically compromising security

Operate a clean desk policy Avoid the temptation to rely on one

individual for security Monitor bank statements daily test cash donations through your systems monitor your bank very carefully


22

Liability for Data Breach

• Fine of up to £500,000 by ICO• Civil claim by each data subject affected for

• Damages• Legal costs

• Trustees personally liable for fines without an indemnity


23


SUMMARY: HOW TO AVOID FRAUD

1. Be vigilant.2. Never become complacent.3. Report fraud.4. Highlight risk.

24


For a whistle-stop tour of today’s workshop, go to these articles on the firm’s website:

• Is Your Website Legally Compliant• Cloud Computing: What You Need To Know

ANY QUESTIONS?

Brian MillerSenior Associate

IP, IT & CommercialStone King LLP

[email protected]

brianmillersolicitor @theitsolicitor0207 324 1523

http://www.stoneking.co.uk/literature/quickpoints/-/page/1581/

http://www.stoneking.co.uk/news/articles/-/page/1615/

mailto:[email protected]


What do I do if I discover that personal information has been compromised?

• Report it– Police– ICO– Charity Commission– Individuals affected

• Consequences– Fine from ICO– Personal action by individuals– Reputational damage– Misconduct/mismanagement in a charity…


How can I control the use of personal devices?

• Restrict access to certain information– Passwords– Encryption

• Do not allow USBs/CDs etc

• Have well written and understood policies in place


How do I carry out a Risk Assessment?

• List the possible risks• Prioritise in terms of seriousness/likelihood• List mitigation actions• Review regularly• Update regularly• Record when mitigation action is put in

place

28

What can happen if you allow cybersquatters to use your domain name

• Reputation damaged• Copycat site, donations potentially diverted

What is an effective protection against this?

• Complain to the domain name registrar• Trade mark effective way of ensuring domain name

transferred back


29

What are two major risks of using cloud computing and what are the possible solutions?

Data is not secure: can be viewed by others. Solution 1: ensure T&Cs state they will keep all data

confidentialSolution 2: encrypt your data

Subcontractors may be usedSolution: ensure T&Cs state:

Any subcontractor will also agree to keep data secure


30

What internal office procedures can be adopted to help to prevent online fraud from happening?

• Implement a Security Policy

• Monitor bank statements

• Test donations


31


For a whistle-stop tour of today’s workshop, go to these articles on the firm’s website:

• Is Your Website Legally Compliant• Cloud Computing: What You Need To Know

THE END

Brian MillerSenior Associate

IP, IT & CommercialStone King LLP

www.slideshare.net/BrianMillerSolicitor [email protected]

brianmillersolicitor @theitsolicitor0207 324 1523

http://www.stoneking.co.uk/literature/quickpoints/-/page/1581/

http://www.stoneking.co.uk/news/articles/-/page/1615/

http://www.slideshare.net/BrianMillerSolicitor

mailto:[email protected]

http://www.linkedin.com/in/brianmillersolicitor

protecting your ip and data trustee responsibilities by brian miller (solicitor) and vicki bowles...

Business