Comment: Let’s focus on the best people, not the cheats

In business, as in sport, there is dishonesty and cheating. However, the bad guys get the headlines in sport and business cheats very rarely make the news at all. In sport, an athlete might later receive a medal once a doper is disqualified, but in business the victims of the cheats are rarely even identified, let alone compensated. Alison Marshall writes in The Scotsman to explore these issues and suggests we should champion the good guys both in sport and the business world.

Cyber Bullying in the Workplace

Cyber bullying is probably more closely associated with children and teenagers, but digital bullying represents an extension of traditional workplace bullying that is now recognised as a growing problem. The growth of new technologies, and the anonymity offered by them, has dramatically increased the opportunity to bully and harass colleagues. And if there were fifty ways to leave your lover, there must be at least that number of opportunities for electronic intimidation capable of invading our private lives 24/7.

The good news is that many employers have sought to articulate anti-bullying principles and policies. The bad news is that some are failing to effectively implement them. In fairness, what is tagged as bullying by one person may be regarded by another as perfectly appropriate work place behaviour. Team-building is great but when does the banter become bullying? Bullying is just so diverse; it may be as subtle as simply excluding a colleague from round robin emails or as demeaning as a supervisor launching into what is effectively a public dressing down by sending an email. Many bewildered employers are simply at a loss how to effectively tackle the issue.

There is no consolidated piece of legislation dealing with cyber-bullying unlawful but there are various ways in which employees can bring employment tribunal proceedings in relation to bullying for which the employer may be liable, either directly or vicariously, if the bullying is perpetrated by employees in the course of their employment. These range from contractually based claims, such as, failing to provide a safe system of work or a breach of the implied duty of mutual trust and confidence to the statutory rights afforded, for example, under the Employment Rights Act 1996 (both examples typically depending on the employee resigning and claiming constructive dismissal). There is also discrimination legislation where the bullying or harassment is based on, or makes reference to, someone’s sex, age, race, sexual orientation, religion and/or disability. Sending racist jokes or pornographic pictures by text or email to a colleague may, if perceived as offensive by the recipient, amount to harassment.

Additionally, employees may seek to address cyber-bullying by means of the Protection from Harassment Act 1997. Though originally intended to deal with the problem of stalking, it allows an employee to complain about a course of conduct pursued by a colleague that causes alarm or distress, even though it may not amount to harassment under discrimination legislation. This is a criminal offence and substantial damages can be awarded where the conduct engaged in by employees is likely to cause harassment that has a close connection with their work.

But when are cyber-bullies misbehaving in the course of their employment? What people get up to in their private lives is largely their own business. However, if an employee conducts himself in a manner so described within the vicinity of the workplace, or during an occasion which is associated with the employer, which brings the employer into disrepute, it could result in a disciplinary warning or even dismissal. Thus a negative characterisation of a colleague posted by a cyber-bully on a workplace blog or social media could be deemed to be in the course of employment

Employers can minimise the risk faced by cyber-bullying by devising a policy that makes it clear that there is zero tolerance towards bullying and harassment. Giving a number of non-exhaustive examples is likely to be helpful. In any event, the policy should also provide employees with a safe and, at least in the first instance, private means of redress either through the grievance procedure or a specific procedure for allegations of bullying and harassment. Employers may also wish to consider whether lawfully monitoring employees’ use of email, internet and social networking sites might go some way to deterring bullies who use the employer’s technology.

How to navigate data protection like a superhero: what UK businesses need to be aware of

If we talk about a David and Goliath case and heroic titles like “The Privacy Shield” (you have to say that in a voiceover tone of voice), we might be likely to think more about Marvel superheroes than EU legislation. The average news consumer is already fed up with talk of the EU due to the upcoming referendum, and, when we say “data protection”, most people’s eyes glaze over and they inwardly feel happy it is someone else’s problem. However, the truth is that some very interesting developments have taken place in this area recently, and new legislation coming soon will make the dreaded “data protection” relevant for many more people.

As you might have heard, last year someone took on Facebook and won. His name was Max Schrems and he had issues with Facebook sending his data to the USA.

The basic rule under EU law is that you aren’t allowed to send personal data outside the EU without special provisions. Some countries are on a special list which confirms their DP rules are acceptable to the EU. Others have different arrangements. The USA had a system called Safe Harbour, which allowed EU entities to transfer data to US entities who had signed up to the Safe Harbour charter. This was like a promise to follow rules roughly equivalent to the EU’s rules.

However, Mr Schrems’ case ultimately resulted in the Court of Justice finding the Safe Harbour regime invalid. The main problems identified were that there was a lack of effective enforcement remedies and evidence of government interference in the safeguards. This removal of the Safe Harbour framework resulted in many businesses that regularly do business with the US panicking and rushing into place alternative arrangements (such as using EU entities or data centres, or model contractual clauses with their US partners).

In the months since that case, the various EU authorities have been working feverishly with their US counterparts to put something else in place to replace Safe Harbour. Without it, transatlantic trade is damaged and uncertainty exists. On 29 February 2016, a new regime called The Privacy Shield was published in which a similar system to Safe Harbour is proposed (although still to be formally approved). At the same time, the US Judicial Redress Act has been made law by President Obama. It addresses many of the concerns of the Schrems case in relation to suitable enforcement remedies. The need to address the absence of Safe Harbour has pushed the Americans to get this legislation through, which many see as a singularly worthwhile result from the whole Safe Harbour debacle.

In parallel with those developments, the new EU General Data Protection Regulation has also been published in recent months. It has a number of potentially wide-ranging consequences which will increase the compliance and regulatory burden for businesses, so organisations should be glad that there are two years to prepare for it coming into force. This type of EU law doesn’t require the UK to implement it with its own Act – it will have “direct effect”, and the aim is for it to be enforced consistently across the EU.

Some headline developments in the new Regulation are as follows:

  • It is to apply to non-EU entities that process the data of those in the EU, regardless of where they are based. An interesting point in the context of Brexit.
  • It extends some obligations from controllers to processors (i.e. more individuals further down the hierarchy will have responsibilities).
  • There are stricter and much more onerous reporting requirements.
  • There are increased rights for individuals, including a right to erasure, a right to portability and a right to object to profiling.
  • There are heavier fines of up to €20m or 4% of global turnover.

So, it might not be quite as exciting as the latest Marvel movies (I may have exaggerated a little there), but there is a lot going on in the world of data protection, and some of it is very relevant to businesses of all shapes and sizes.

If you have any concerns about using US entities in relation to data storage, processing, etc or what preparations you need to make for the new Data Protection Regulation, please get in touch with Alison Marshall or Emma Arcari.

A War on Trade Mark Cons

Now is the time for spring cleaning and to take control over your junk mail. Anyone who has registered a trade mark in recent years will be all too familiar with the scam notices that follow asking for additional fees to be paid. What typically happens is that, after you have registered your mark, you receive a notice which looks like a formal invoice requesting payment. If you read the small print, it will often say something like “upon payment your trade mark will be entered on the XYZ trade mark register”. This might very well be true, but being on the XYZ register doesn’t actually mean anything or protect your mark in any way.

The Institute of Trade Mark Attorneys released a report recently saying that this issue could cost small businesses some £1.25m per year and that there has been a rise of 45% of instances between 2013 and 2014.

This seems to be replacing the previous practice of false renewal reminders (down 29%), against which the Advertising Standards Authority and the UK Intellectual Property Office have been having some success in recent months.

However, there is some difficulty in taking action against the unofficial trade mark registers, as they are potentially providing exactly what they claim to be. The best way to combat this is therefore awareness.

Our top tips to wage war on these scams are:

  • If you have a trade mark attorney or solicitor (agent) acting for you, almost every piece of official correspondence should be sent to them and not directly to you, so be suspicious immediately when you receive a notice direct.
  • If in doubt, show the notice to your agent, as they should be able to tell you within moments of seeing a notice if it is unofficial.
  • It may be in legalese, but read the small print – many notices aren’t dishonest and tell you exactly what they will do for their fee (i.e. very little).
  • Contact the UK Intellectual Property Office to report the scam or fraud, as they (in conjunction with Action Fraud) keep records to help them combat these problems.
  • Finally, simply throw the scam notices straight into the bin!

Alison Marshall is an experienced lawyer and business advisor providing Intellectual Property and IT advice to SMEs in Fife, Edinburgh and across Scotland.