Category Archives: Technology Media & Telecoms

Why law firms can’t rest on their laurels

Our latest Legal Benchmark Report carries a clear message on its front cover: law firms need to avoid complacency.

That message is key for 2016, as the legal sector adjusts to what we refer to as “the new, post-recession norm.”

So how did we get to this “new norm”?  The answer is it’s been via a route involving significant shake-ups.

Prior to the global financial crisis, legal firms in the UK were charging their lawyers out at unprecedented rates, with highly qualified professionals carrying out relatively low-level work.

That’s all changed. Recession brought with it the challenges also faced by myriad other industries and sectors and it arguably wasn’t until 2014 that the UK was able to enjoy sustained economic performance.

That year signaled the release of pent-up demand, with the booming housing market leading to an increase in conveyancing and corporate confidence delivering additional business.

And this more stable environment rolled on into 2015, with corresponding increases in fee income and profit per equity partner.

But fast forward to 2016 and, as our Legal Benchmark Report outlines, many firms appear to be struggling to deliver growth levels achieved in the previous two years.

Delegates at our local autumn 2015 conferences signalled this too, indicating that while generally there’s a positive mood, there’s also less confidence in firms’ ability to grow revenue and profits.

So while the last couple of years have seen firms restore balance sheets that had been hit by the recession, we’ve now moved into a phase where the focus needs to be on what happens next.

This has also come about partly because more lawyers are now competing for work and, in contrast to the pre-recession days, this is a time where providing cost-effective legal services to clients is key.

Therefore, with profitability being squeezed, the avoidance of complacency and actively looking to move forward into the future is now all important for law firms.

How can this be done if profits can’t necessarily be boosted simply through extra work? The answer is one which applies to more than just the legal sector – efficiency.

A fundamental way in which law firms can become more efficient is through their use of technology. The fourth biggest cost for firms, after people, premises and insurance, is IT. And in a NatWest survey conducted in September last year, respondents attributed 7.55% of their costs to spending on technology – which equates to tens of millions of pounds for some of the higher-earning firms.

Despite the cost, a massive 96% of the leading UK law firms we questioned also said they saw IT systems as a source of competitive advantage in the legal profession. Given this importance, companies must ensure they get the best from their technology.

One of the best ways it can be done is by looking at how IT is financed and managed. Lombard, NatWest’s asset finance arm, is taking a leading role in this through its Lombard Technology Services (LTS) division.

LTS provides finance for a wide range of assets, from software to servers and tablets to telephony systems, which can mean that firms can release cash to invest in other areas. It also enables firms to match the funding cycle to the useful lives of the assets.

But efficiency can also be gained beyond the simple financing of assets, with support available throughout the lifecycle of a product. This includes the sourcing, installation, maintenance and disposal of assets so that technology inventories are as efficient as possible. The associated upgrading and updating of systems also offers improved security against cyber-attacks, which many in the legal sector view as a significant future risk.

Elsewhere, there’s also been plenty of talk about the role of artificial intelligence (AI) in the legal profession.

While this might conjure up images of robots in courtrooms, the potential reality isn’t quite that far-fetched. Yet it has the potential to bring efficiencies to many of the tasks which take place in the legal world and in professional services as a whole.

These industries rely on data, information, records and analysis. And while AI is unlikely to see massive reductions in headcount in the near future, it’s predicted that it could transform the way legal services are undertaken.

Irrespective of whether that happens sooner, later or at all, it remains vital for firms to ensure that technology investment supports their business strategy and happens in the most cash-flow and tax-efficient way.

Beyond technology, there are of course other ways in which efficiencies can be achieved, one of which is via mergers. Today’s environment of relative stability, combined with the older owners of legal firms wishing to retire, does lay a platform for merger activity.

And with mergers come efficiencies. Fewer offices, fewer partners and less admin are clearly by-products of two firms becoming one, leading to better economies of scale and increased profitability.

What this all boils down to is that the legal sector isn’t standing still – and adapting to change needs to happen if firms are to achieve success.

That’s why we’ve got such a clear message on our latest Legal Benchmarking Report, which in itself is the largest one to date, covering 390 firms and focusing on those operating within the SME sector. Contributions are up by 15%, while we’ve also incorporated data showing changes across critical business indicators over the last four years.

The report looks at areas including fees, profit, lock-up and finance, while an additional element looks at how legal firms perform compared to accountancy firms.

It’s an interesting and detailed picture of the legal sector – a sector that’s generally in good health but can’t ignore the challenges that this and future years are likely to bring.

Will the Panama Papers finally teach law firms about cybersecurity?

It was recently revealed that the data leak from Panamanian law firm Mossack Fonseca was caused by an outsider who was able to capitalise on vulnerabilities in old-fashioned technology. This is not unique or a surprise, but actually a common occurrence. Law firms around the world are constantly under attack from hackers, undoubtedly because they not only deal with a huge amount of monetary transfers each day, but also due to the wealth of confidential information contained within their servers.

All law firms, and indeed all businesses, can be hacked in a number of different ways, from stealing an office mobile phone to piecing together a shredded document. However, there are two main ways in which a firm is most likely to be breached: through software vulnerabilities or social engineering of its staff.

Susceptible software

Every day, security researchers and hackers find numerous ways to bypass security defences in a piece of software. The vendor of that software will then fix the weakness with an update, and the cycle continues. The issue lies in the window between the vulnerability being identified and ultimately being fixed by the IT team. This could be a matter of minutes, but could be days, weeks, or even years in some cases, depending on the team’s software update schedule and the level of additional security systems in place.

This is an important task, as every single device connected to a network is at risk if the weakness is not corrected in time, ranging from a server or printer, right the way through to a door entry system. It is important to consider how patient a hacker can be as it can take days, months, or even a year for a hole to appear in a network, so it is a waiting game on their part, but one they will willingly play.

Socially engineering staff

Utilising a firm’s employees is undoubtedly the most simple and effective method for breaching a firm’s network. Hackers can exploit staff within a firm to divulge information, either allowing them to directly access systems or build up a picture of the environment, which is pieced together to allow them to breach defences.

This information can be as simple as calling an individual within a firm, stating that you are new within the IT department and need to run some tests on their machine. The oblivious employee will then go onto a fake website and run a piece of software as requested, which will then give the hacker on the phone access to the firm’s network. Once a hacker has got into a network, it is simple for them to escalate system privileges and gain access to whatever they wish.

To get on the right track here, firms must train their employees well and keep them informed of any security threats that are current and could be on the horizon. By demonstrating to employees in a seminar-based format just how easy it can be to succumb to a hack, firms can help to dramatically increase their defences. Offering real world examples alongside regular updates of the latest guises of cyber attacks will help to reinforce this training.

Starting with cybersecurity

The issue facing firms for many years is that hackers can easily learn and develop these skills online – by joining a user group, watching videos or downloading more or less ready to go software applications.

Due to the number of financial transactions that occur within law firms on a daily basis, they are a prime target for hackers and if not protected by a concrete cybersecurity strategy, can be an easy source of money. Firms concerned about their own computer failures following the hack at Mossack Fonseca might not know how to implement a cybersecurity defence, or how to initiate improvements to their existing offering.

The truth is that technology is actually the last piece of the puzzle when it comes to cybersecurity – the real work comes in undertaking risk assessments and understanding what the risks to a firm are. A firm will be truly vulnerable to hackers if these two basic exercises have not been completed.

The issue is that over time, the security landscape changes, and so do the risks. The risks have developed and moved on, but many firms are still relying on the basics to protect their firm. In order to implement an effective data leak protection policy, firms should implement controls such as portable encryption, endpoint protection, email content control, data leak prevention and intelligent firewalls as a minimum.

The ISO 27001 standard is a worldwide standard for managing IT security within a business, and is a fantastic starting point for a law firm looking to implement a cybersecurity strategy. In the main, it boils down to a firm identifying its risk, assigning controls to these risks and then continuously reviewing and improving this process. This approach will give the senior leadership team and staff throughout the firm the confidence that the business has been truly analysed and appropriate controls assigned to potential chinks in its armour.

It is likely that the security systems that are needed to protect the majority of firms from the majority of hacks are already in place. If a firm is already running an Information Security Management (ISM) system by continually monitoring, documenting, reviewing and improving its security processes, then it is certainly on the way to being truly protected. At this point, a firm should look to have its security tested by an expert, to ensure there are no weak points in its structure.

Regardless of how or when a cybersecurity strategy has been implemented, it is imperative that the senior management within a law firm takes responsibility for its security. An IT department, whether outsourced or within a firm itself, should not have the responsibility placed solely on its head if a firm does have a data leak. It is a firm’s responsibility, particularly the board’s, to understand the risks, and prepare for the constant attempts by hackers to find a way into its network. Only then can a firm and its staff feel confident that they are cyber secure.

Take Two Pills and Call Your Lawyer in The Morning: Consumers Allege They Were Misled by The Makers of COLD-FX

The makers of COLD-FX might be feeling a little under the weather after appearing in the BC Superior Court to further respond to allegations that untrue representations and omissions induced consumers to purchase the drug product that was ineffective at providing “immediate relief” and therefore “worthless” if taken in accordance with the representations.   The case is the latest class action involving misleading advertising allegations to make Canadian headlines.

The claim against Valeant Pharmaceuticals, and its subsidiary, Afexa Life Sciences, was started in 2012 by a Vancouver Island resident Don Harrison over advertising saying that COLD-FX provided “immediate relief of cold and flu” if taken over a three-day period at the first sign of cold or flu symptoms.  A study showed that the product provides no such short term relief.  Rather, patients experienced a therapeutic effect only after taking the product daily for at least two months, and six months in the case of seniors.  Harrison alleges that the companies continued to “knowingly or recklessly” promote COLD-FX as a short term remedy despite evidence to the contrary. A similar action has been commenced in Saskatchewan.

COLD-FX is a top-selling natural health product in Canada, with sales topping nearly $120-million as recently as 2011, according to a November 15, 2015 Globe and Mail article, “Why COLD-FX is too good to be true”.   As part of one COLD-FX natural health product license, Health Canada has approved a number of claims for COLD-FX, including that the product:

Helps reduce the frequency, severity and duration of cold and flu symptoms by boosting the immune system. …Provides further reduction of cold and flu symptoms when taken with a flu shot… Clinically proven to reduce the frequency, severity and duration of cold and flu symptoms in individuals over 65 by boosting the immune system. … helps reduce overall symptoms of sore throat, runny nose, sneezing, nasal congestion, malaise, fever, headache, hoarseness, ear-aches and cough.

The plaintiff in the BC action is seeking class certification so that anyone who bought COLD-FX for the short-term relief of cold and flu symptoms will be able to apply for a refund. The companies have denied the allegations and are contesting the application for class-action certification.

The BC Supreme Court has previously refused to certify a proposed consumer class action concerning misleading advertising.  In Clark v Energy Brands Inc., 2014 BCSC 1891, the plaintiff alleged that Energy Brands Inc. and Coca-Cola Ltd., systemically misrepresented bottled beverages beginning with the trademark VITAMINWATER, and the description that the beverages are “nutrient enhanced water beverage”, and misled consumers to believe the products were healthy beverages with a minimal amount of sugar.  The Court refused to certify a class stating that the plaintiff had not met the requirements of the BC Class Proceedings Act, namely, whether “the claims of the class members raise common issues, whether or not those common issues predominate over issues affecting only individual members”. The Court stated:

However, in my view whether the labelling and marketing of the product has actually misled a consumer is an inherently individualistic and fact-based question.

There is of course, no evidence that all consumers were misled, at all times, in respect of each and every consumer transaction in question. No such evidence would be possible. Yet the relief sought by the plaintiff in the context of the plaintiff’s arguments for potential remedies would practically amount to such a conclusion. Otherwise there would be no utility in the declaration sought.

The COLD-FX class action also follows other recent class actions launched against Boiron Inc. on behalf of consumers who purchased Oscillococcinum or Oscillo, a homeopathic product marketed to treat the flu.  The petitioner for the Quebec class action claimed  that consumers were misled into purchasing a product that was no more effective than a placebo sugar pill, with ingredients that are not medically effective, and diluted to the degree of being not present in the final product.  The class was not certified by the Superior Court of Quebec.  The decision has been appealed and a motion to dismiss the appeal was denied.

The Superior Court denied certification on the basis that the facts alleged by the petitioner did not justify the conclusions sought, and also that the petitioner is not in a position to adequately represent members of the class.  On the first point, the Superior Court found that the petitioner did not demonstrate a prima facie case of false representations.  The Court found that Boiron represents that the product relieves flu symptoms, and not that it prevents, cures or fights the flu, or even that it does so with an active ingredient.  Further, the evidence did not demonstrate the product is nothing more than a placebo.  In fact, the expert opinion filed by the petitioner acknowledged an ability of the product to relieve flu-like symptoms “slightly better” than a placebo. Further, evidence filed with the Natural Health Products Directorate of Health Canada in the process of obtaining a license for the product included a randomized placebo-controlled study. However, the petitioner seemed to suggest that the efficacy of the product should be assessed not solely on statistical evidence, “which seems to satisfy Health Canada”, but a higher standard.  The Court commented:

While the merits of homeopathy and the nature of the evidence required by Health Canada to issue a licence for a homeopathy product may be challenging subjects, the Court has to be concerned with the Petitioner’s allegations and whether she has an “arguable case” to present.

The COLD-FX and Oscillo cases raise the question of how to reconcile allegations of false and misleading representations against the fact that the products were licensed by the Natural Health Products Directorate.   Will a product license serve as a shield to absolve the license holder from liability for false and misleading representations in relation to licensed claims? Will the following comments by the Supreme Court of Canada in another class action case be applied to licensed products?

[C]ompliance with statutory obligations is not always determinative of the issue of civil fault … [C]are must be taken . . .  not to conflate the notion of civil fault and the violation of a statutory norm, whether in a commercial setting or elsewhere … [J]ust because a failure to discharge a statutory obligation leads to a demonstration of fault in all but the most exceptional cases, it does not follow that a civil fault is absolved where there is no such failure.

The claimed misrepresentations in the COLD-FX case relate largely to how quickly COLD-FX takes effect (“immediate relief …”, “at the first sign of symptoms for optimal results”, “stops colds & flu in their tracks”).  The plaintiff claims “at no time has COLD-FX been permitted by Health Canada to make (such) representations.”  Interestingly, several COLD-FX licensed products are branded “COLD-FX First Signs”, with approved recommended use including “Take at first signs of cold to help reduce the frequency of colds and flus.”  These products contain additional ingredients to ginseng (panax quinquefolius).

In the VITAMINWATER case, the defendants also raised arguments concerning the effects of federal legislation and the federal regulatory scheme.  For example, the defendants argued that the regulation of the product as a natural health product specifically precluded listing the quantity of non-medicinal ingredients, such as sugar, on the label of the product.  In response, the plaintiff argued that authorization of the sale of the product as a natural health product did not provide relief from the responsibility to not mislead the public, and cited a letter from Health Canada, that stated “…you are responsible for ensuring that advertising claims on the label do not contravene s. 9 of the FDA.”  That section prohibits the labelling, sale or advertising of drugs in a manner that is “false, misleading or deceptive or is likely to create an erroneous impression regarding its character, value, quantity, composition, merit or safety.”  The plaintiff further argued that the deceptive practices of the defendants start with the name of the product itself, VITAMINWATER, which was not mandated by Health Canada. Although the Court ultimately did not certify the class, it stated the issues arising from the federal licensing regime “could potentially go to the merits of the claim … (but) do not preclude certification.”

The Boiron decision in Quebec also casts doubt on certifying a class where the representative fails to show that he or she has taken steps that illustrate his or her interest to play the role of representative.   In finding the petitioner failed to demonstrate that she was in a position to represent the members of the proposed class adequately, the Court noted:

What seems, prima facie, to be the real trigger of the recourse is the lawyer-induced opportunity to obtain a settlement in Canada, because one was achieved in the U.S. against Boiron U.S.A., based, prima facie, on different circumstances, including the representations by Boiron U.S.A. on the presence of an “active ingredient”.  The sequence of events … suggests to the Court that the Petitioner made no reasonable research on Oscillo Products and that she made no reasonable attempt to find other potential group members.

The COLD-FX and the Oscillo Boiron cases are also interesting to Canadians given that our punishing winters mean these products are likely found on the shelves of many medicine cabinets.  Beyond that, the cases are noteworthy given the attempt at class certification to address advertising claims that consumers believe are misleading.  For a few years now, we have heard from our US counterparts that that risk of misleading advertising is not just regulator or competitor action, but by consumers acting as a class. Although class actions have not been prevalent in Canada, this may mark the beginning of a trend, and a significant change to the risk to companies when they make product claims.  A quick search of the Canadian Bar Association’s class action database identifies several class actions related to misleading advertising with products ranging from Sketchers shoes to Red Bull energy drinks.

The Curious Attraction of Israel to Foreign Law Firms

For a foreign law firm, Israel is no easy market to crack.

Israel is the ‘Lawyers’ Nation’, a country which boasts 126 lawyers per capita, with no signs of a slowdown.

Imagine: for every couple of public buses that goes past, there’s one lawyer. Attend a ball game? Probably three dozen lawyers in the stands. Someone hit your car when sitting in traffic? Put your head out the window and call for a lawyer – you’ll get a couple of quotes before the lights change. We’re being facetious; still, competition for a slice of the Israeli legal pie is cutthroat.

Add to that: Israeli legal fees are extremely low by international standards.

In Israel, a lawyer works the same long hours as their EU or US cousins, and earns a third or even a quarter of the fees. A legal intern might bill $75 per hour, and at higher rungs of the ladder, $250 per hour is considered not-too-bad of a deal for associates and partners.

In some sectors of Law, dog-eat-dog competition has lawyers scrapping for minuscule margins. In real estate, some firms charge a trifling 0.5% of transaction values. Great for buyers, virtual suicide for lawyers.

No Accounting for Taste

You’d think heavy competition and low fees would chase away foreign law firms.

Think again.

Actually, more than 85 foreign law firms operate inside Israel. In 2012 new legislation opened the door to non-Israeli firms, allowing them to practice laws of their country of origin without needing to join the Israel Bar Association.

Early arrivals were Greenberg Traurig from the US and London’s BLP (Berwin Leighton Paisner), both in 2012. It’s almost as if they were bursting for the chance to get into the Start-Up nation.

There’s been an explosion of foreign activity; large firms such as Skadden Arps Slate, Freshfields Bruckhaus Deringer, Linklaters, White & Case, and DLA Piper recently entered the Israeli market.

Mid-size firms are following suit, sometimes from unexpected countries: Ireland, Poland, Belgium, Cyprus, and Greece have turned their eyes to Israel. For some firms, presence is simply a desk occupied by a visiting partner, perhaps half a week in the month. For other, braver firms, a presence inside Israel means serious investment of money and human resources.

Yingke, China’s second-largest law firm, has made heavy inroads into Israel. Through a merger, they assembled Yingke Israel in 2013, partnering with local Israeli firm Eyal Khayat Zolty Neiger & Co (who specialize in high-tech, venture capital and corporate legislation).

It’s no accident a Chinese firm has become so prominent – here’s a clear reflection of Israeli government encouragement of stronger ties with China and Southeast Asia.

There’s something in the water

Look hard enough and you’ll find plenty of opportunities for foreign law firms.

Famously fueled by high-tech and biotech, there’s more to the Israeli market than meets the eye. Foreign investors take active interest in local industries such as food, insurance, defense and, most recently, natural gas.

As mentioned, in the Holy Land, fee rates tend to favour the client; there’s nothing too special about servicing average deals in these industries. However, from time to time a treasure chest drops, for example, in the form of massive outbound and inbound international M&A deals.

Hot sectors of the Israeli Economy

Tech

As far as High Tech is concerned, Israel remains a world leader. In 2013 a total of $380 million (USD) was raised by Israeli start-ups, of which 25% went to internet companies.

Historically, Israel has played a major role in global technological developments, with Intel’s Israel Development Centre in Haifa developing the 8088 chip used for the IBM PC, plus the game-changing Pentium and Centrino chips.

There’s big money in Israel’s App niche. The $1.1bn takeover of navigation technology-maker Waze Mobile by Google is a prime example. Waze Mobile 100 employees received a reported $120m. And the lawyers didn’t do too badly, either. Any firm taking a percentage on such a deal stood to earn handsomely.

Another Israeli navigation app, Moovit, transformed the way people use public transport, providing real-time travel information about buses and trains. The funding round was closed in 2013, at $28 million (USD). Not bad returns on a few blips on a moving screen!

Cyber

Surrounded by hostile neighbors for 60-odd years, it’s no surprise that Israel makes considerable military and security investments. Lately, much has been made of Cyber security, the front line in the military-industrial merry-go round.

Cyber-Security is another profitable area for Israeli business, where canny lawyers can take a lion’s share of upside. The country boasts a newly-established National Cyber Defense Authority, described by Prime Minister Binyamin Netanyahu as an ‘air force’ to protect facilities, security agencies and civilians against cyber attacks.

This compliments the existing Israel National Cyber Bureau, created in 2011, which defends business and infrastructure. The Authority and Bureau now operate in close tandem, and wield real financial and political clout.

The sector has had significant benefits for Israel, with a recent spike in commercial activity. In November 2014 Aorato – an Israeli hybrid cloud security startup – was purchased by Microsoft for an estimated $200m (USD). In September 2014 CyberArk, Israel’s largest privately-held cyber company went public on NASDAQ, reflecting a valuation just shy of $0.5 billion (USD).

Energy

Elsewhere in the economy, the energy sector is also booming. This is largely down to discovery of two major natural gas reserves off the Mediterranean coast: Tamar (2009), the larger Leviathan (2010), the latter being the largest gas field in the Mediterranean Sea. At 622 billion cubic metres, Leviathan reserves are too large for Israeli domestic use alone. Supplying this gas abroad will create an entirely new revenue stream for Israel. Naturally there are disputes between private sector and government-backed, concerning how best to divide the cake.

Real Estate

In Tel Aviv property prices are rocketing. The city’s prime residential property market grew 75.4 % in the five years to the first quarter of 2014, according to a report by Knight Frank. Having said that, the International Monetary Fund warns: this bubble ready to burst.

Despite the huge volume of work, legal fees on real estate deals have hit rock-bottom – sometimes less than 0.5 per cent of the transaction value. The Israel Bar Association pushed for a minimum legal fee on property transactions to prevent ridiculously low undercutting. As yet, this hasn’t budged an inch.

Foreign Takeovers

On the horizon is the serious prospect of lucrative foreign takeovers of Israeli firms. In 2015 a law was passed, forcing conglomerates to sell assets, part of a broader Israeli domestic war on monopolies.

One headline-making deal was Chinese state-owned Bright Food buying a 56% stake in major Israeli food maker Tnuva in May 2015 for $960m (USD) from UK private equity group Apax Partners.

Conclusion

Business in Israeli is never a walk in the park, especially for lawyers. A small competitive market with low fees never sounds as the best business plan for a law firm.

Having said that, Israel still manage to become an incredibly attractive piece of land, with industries that are in constant growth and development, offering a dynamic technological world that has much to offer to the world.

The uniqueness of Israel lies mainly on its people’s spirit of enterprise; the desire to create new and profitable ventures, tenacity in driving ideas through to delivery, sheer will power, and the relentless wish to cut inefficiencies. There’s an energy and optimism in this little country that’s hard to beat.

Israelis drive a hard, bargain and are deeply skeptical. There are many cultural barriers to overcome, not least of which a fierce independence, and lack of trust in outsiders. Israelis exude the sense ‘we know best’, even when the facts scream loudly to the contrary.

Crack past the hard ‘sabra’ shell, through to the warm, soft fruit, and you’ll find fertile soil in Israel for a patient, perhaps slightly adventurous, legal mind.

About Robus:

  • As Israel’s leading legal marketing consultants, Robus see its outbound services to foreign law firms as part of the company’s DNA.
  • Representing a full spectrum of Israeli law firms, from boutique to Israel’s largest law firms, Robus is a valuable strategic partner for foreign law firms asking to obtain a foothold in Israel.
  • Robus consult many foreign law firms, among others – US law firms, European law firms from the UK, Germany, France and east Europe, all asking to provide legal services in Israel.
  • With a team of native English speaking jurists and lawyers, rich business experience and in-depth acquaintance with the Israeli legal market, Robus is the perfect starting point from which your law firm can set sail for new opportunities in Israel.
  • Founder of Robus, Adv. Zohar Fisher is a vastly experienced strategic and business advisor, and a commercial lawyer who has been practicing Legal Marketing for many years, inter alia, as the business development manager of one of the leading and largest Israeli law firms.

Putting data in its place: How location impacts data centre outsourcing

Businesses are facing an unprecedented growth in their reliance on data. The best estimates suggest that by 2020 data production will have increased to between 40 and 50 times its 2009 level. Much of that data will be generated by individuals but they will rely on corporates to store it and there is a growing recognition that the ability to analyse and apply all forms of data can be a key competitive differentiator for businesses in many sectors.

Every business has its own requirements and priorities in relation to data storage and usage, ranging from opportunities, threats, capacity to invest, technical expertise, but most are finding that the challenges are getting greater rather than diminishing. Consumer facing businesses find that their customers are highly intolerant of slow web-based services, driving a need for high reliability and low latency. The evolution of data protection and privacy legislation around the world has increased the regulatory risks and challenges of handling data properly. The need for technical agility to meet unforeseen legal risks, such as those posed by the unexpected death of Safe Harbour arrangements, has increased the risks of individual corporate committing to their own solutions. The security issues brought to the fore by the likes of TalkTalk have taken the attention of senior management beyond what might have been perceived as a technical regulatory risk and highlighted the risks that data storage can pose to corporate survival.

As a consequence the provision of data storage and processing is becoming increasingly sophisticated and beyond the direct capabilities of many heavy data users. To meet that demand a spectrum of outsourced solutions are being deployed, ranging from simply outsourcing server management through to a complete outsource of data needs. Some of the solutions may be deployed through a public or hybrid cloud such that physical location is invisible to the service recipient. However, many solutions, including a traditional data centre deployment and private cloud implementations may offer certainty of location.

This article looks at how recent trends are influencing the choice of location for data centres and what contractual assurances customers may seek from providers to mitigate the inherent risks so that they can appropriately balance the risk with the sought after benefit.

Location Location Location

For data centre operators, choice of location must be for the long-term. Although large-scale operators may be able to balance utilisation if they operate a geographically diverse network of centres, fundamentally they aspire to each location being as highly utilised as possible.

While many customers are usually not committed to a specific location to the same extent as a party actually constructing and operating a data centre, recent developments have placed an increasing importance on customers not just focusing on “instant” output measures (such as latency and availability) when contracting for data centre services but also assurance around any kind of risk associated with non delivery. Some examples of recent considerations that are driving data centre location choices are:

  • Availability of high quality telecommunications services: A remote data centre is only of use to a remote customer if it benefits from reliable communications which are not already over-loaded. Physical distance may bring with it enhanced risks of interruption of supply.
  • Achieving power savings. Volume growth means that over 10% of all electricity generated globally is now used by the technology industry and accordingly the cost of power remains a highly significant component of the operational costs. Power costs can be reduced by increasing the efficiency and/or obtaining cheaper sourcing. In particular, as artificial air conditioning to keep IT equipment running well despite its own heat generation is power intensive, a climate which is dry and cold or a location close to an abundant supply of a natural coolant such as cold water can be used to increase the power use efficiency. Accordingly, there has been an increased push to use ambient environmental factors to improve the efficiency of operating the physical infrastructure of the data centre. However, better power utilisation needs to be matched with appropriately reliable service. As an example, potential locations in Greenland which may score well on passive cooling and green power sources such as geothermal equally may carry enhanced risks of latency (or even availability) of communications to its users.
  • Assurance as to certainty and continuity of service. There are a number of factors that affect that certainty but in terms of location choice the wide variances across the globe in the level of investment in power generation and distribution with even certain advanced economies predicting shortages of generation capacity is very significant. A location which does not have sufficiently reliable primary power supplies will find itself operating at a significant disadvantage. Alongside long-term security of supply, short and medium-term resilience is also critical. Most data centres deploy backup power solutions (for example batteries of the short term and diesel generation the longer term) but these are designed to be short-term solutions and rarely utilised.
  • Sustainability of supply. The policies and buying requirements of customers themselves drive providers to focus on greener operations at all levels of the supply chain and to find ways to minimise the effect of the associated increase in regulations and taxes on the use of traditional fuels and generation of carbon emissions. In addition to using environmental factors to increase efficiency (as explored above) companies and providers are also looking to use power generated from sustainable sources. It is worth noting that despite the impression given by some publicity material for data services, grid connections in the UK cannot provide exclusively. At best, a provider is paying for the generation of green energy that will go into the supply network for general consumption
  • Data safety. The safety of the data and compliance with international data protection requirements is a particular concern for consumer facing businesses. In order to meet customer demands, providers are having to consider political influences which extend beyond questions of power assurance and pricing. For example, although the direct consequences of the recent Schrems decision in relation to Safe Harbour provisions are likely to be resolved between the relevant states, the decision serves as a warning about legal regulation and has the potential to cut established data processing operations off from their primary markets.

The nature of the contracting process means that a buyer of data centre services of any kind will retain significant risk in the non-delivery of the service. That retained risk may be as obvious as the exclusion of loss of profit claims arising from breach or characterising service credits as an exclusive remedy for failures. However, it may well be more subtle, for example it may be inflated by the time it would take to procure and utilise an alternative solution.

Individual Risk Profile

A buyer of data centre services therefore needs to understand what its own risk profile is in relation to the data services it is buying. A service which needs to prioritise low latency and real-time processing (such as e-commerce) will tend t o have a different risk profile from services which can proceed in a longer timeframe if necessary (for example some forms of inventory management and elements of payroll outsourcing). A buyer’s procurement process for data centre services should then follow that risk assessment. For example, depending upon the specific types of data, services and policy involved, the customer may wish to stipulate the level of redundancy in power supplies, and telecommunications links and mandate certain policies in relation to electronic and physical security. For both parties, choosing the right location requires a balanced risk assessment recognising that every choice will have inherent compromises and risks.

In many cases the risks a particular data centre site may face will be beyond the immediate control of the data centre operator itself but it may be able to arrange mitigations of both the risk arising and its consequences if it does. For example, there is not much which can be done about the occurrence of natural disasters but there are clear averaged assessments of historic risks of earthquakes and site visits may provide valuable clues as to the risk of flooding for a specific location. However, achieving an acceptable balance as to the appropriate level of assurances and commitments given by the provider is complex and many providers will resist commitments to even maintaining the current standards and precautions they apply. For each different project a buyer must consider how the contractual commitments of the data centre provider fit with the required risk profile:

  • Is the buyer looking for full contractual compensation for particular risks? Data centre providers often regard this kind of approach as distorting their risk/reward too far and frequently the exclusions of liability they seek (for example loss of profit and loss of goodwill) are far more significant than the limit of liability itself.
  • Is the buyer looking for an adequate incentive for the supplier to take adequate precautions and remedial actions in relation to its risks? If so how should this be captured as between firm contractual commitments, general compensatory damages (within any agreed limits and exclusions of liability) and contractual regimes such as service credits.
  • Is the buyer effectively reliant upon the reputation of the provider? While such a view might not provide specific comfort in the context of an actual outage, a competitive marketplace ensures that providers have a strong interest in their market reputation and ultimately that may prove a strong driver towards high performance.
  • Is the buyer able to rely upon any explicit assurances as to the continued development and improvement of the services? Are there any particular areas which the buyer would wish to see enhanced over the course of the term, for example security or service levels or simply price. Where the buyer is relying on improvements over a period of time is it clear whether these will be sold as “extras” or built into the base services it receives?
  • What degree of control should the customer retain over the solution? As noted, outsourcing may take many forms. A customer may choose to operate its own data centre but outsource only critical elements of the service around it. The more that the solution is shared between multiple users the greater the compromise of control by each individual user will need to be.
  • To what extent is the buyer committed or incentivised to use a single source? Some service strategies allow a buyer to purchase capacity efficiently in an incremental fashion


Consider your strategy

Not all outsourced solutions for data centres will allow a buyer to be specific in respect of location. However, a solution which is location specific can offer the buyer the opportunity to mitigate certain risks and achieve a degree of control. Each customer will value such mitigation and control differently, and may differentiate between service types in that evaluation. However, the effectiveness of the approach can be greatly enhanced by careful consideration of the accompanying contracting strategy.

What does the EU eSignature Directive mean for the private sector?

In July of 2016, the EU will enact the first phase of its new regulation on electronic identification. The Electronic Identification and Trust Services (eIDAS) law will be implemented with the aim of improving online convenience, confidence and trust. In addition to providing the framework for new EU electronic identification cards, the legislation will affect eSignatures, electronic seals and electronic registered delivery services.

This new regulation repeals the 1999 EU directive on eSignatures and will affect national laws that were enacted under it, such as the UK Electronic Communication Act of 2000. In part, this serves as an acknowledgement that the current laws around electronic signatures no longer serve the purpose for which they were intended – to increase trust in electronic transactions, promote cross border use of electronic signatures and take Europe a step closer to a single digital market. So why has the existing legislation failed to deliver?

Counteracting the confusion

Firstly, it is important to point out that the Directive was initially aimed at the European government, as opposed to the private sector. The idea was that eSignature and electronic identity would be amalgamated into one secure form of digital identity – the equivalent of an electronic passport. It was hoped that through providing this framework for governments, the private sector would follow by example and reap the benefits of a more connected digital market.

However, in hindsight, it seems that the original legislation tried to do too much at once. The fact that the directive consisted of guidance, as opposed to specific laws, meant that EU member states all followed different procedures. This caused a great deal of confusion, and resulted in some countries refusing to accept electronic documents from others, as there was a lack of consensus around what an authentic and valid transaction entailed.

The upcoming eIDAS regime serves to counteract any confusion around what constitutes a valid eSignature, because it requires member states to recognise each other’s electronic identification systems. This is perhaps the most significant step thus far towards the growth of a digital single market.

How should lawyers prepare for the eIDAS regulations?

One of the most common concerns around the eIDAS legislation seems to arise from the perception within the private sector that businesses must take some course of action to comply with the regulations. This is not the case. As previously stated, the directive is aimed at governments first and foremost, and the central regulation of trust service providers.

Until now, the confusion that has arisen as a result of different authentication standards in different countries, coupled with a fear of inadequate compliance, has served as a barrier to the digital single market. One of the core aims of the updated eIDAS regulations is to eliminate any fears that businesses may have around deploying a new approach to transaction management. The harmonization of trust services throughout the EU will simultaneously unify the private sector’s understanding of the available levels of identity assurance, and make it clear that the Regulation fosters flexibility and choice for private parties – there is no longer a “one size fits all” dilemma.

In terms of the advice lawyers should be providing to companies ahead of the legislation, it is important to approach the issue with a mind to solving problems, as opposed to creating them. Any guidance that lawyers provide to business about the regulations should ensure that they are better able to transact online with confidence as a result. Essentially, lawyers should focus on the impact of the legislation (or lack thereof) for businesses, and reassurance that there are really no new compliance requirements for the private sector.

What are the business benefits of a single digital market?

Whilst the EU eSignature directive will affect governments first and foremost, increased trust in electronic transactions across borders should lead to a culture of interoperability, co-operation and innovation throughout industry. eSignatures present a real opportunity for companies to take vital steps towards becoming a 100% digital business, and take advantage of all that this provides. Further legislation from the EU reinforces the original message from the 1999 and 2000 acts; electronic signatures are safe, secure and legally binding. In turn, wider recognition of these facts should help to speed up transactions across Europe.

In addition to improving the speed of transactions, the benefits of electronic identification are wide-ranging. Global enterprises are able to save millions by switching their paper-based legacy processes to digital. The ability to send documents across borders electronically will reduce printing and faxing costs, whilst increasing visibility of the status of a transaction – all of which can drastically reduce turn-around time.

From a legal perspective, the benefits are much the same. The ability to request signatures and process documents online can vastly reduce the time spent on administrative tasks such as printing, faxing, scanning, and overnighting documents. In addition, the eIDAS regulations will make it even easier to complete document-intensive processes such as asset purchase agreements, merger and acquisition agreements and board consents.

The consequences of clearer EU legislation on eSignatures and services will be initially felt by governments. However, the standardisation of trust services should in turn lead to far greater recognition of cloud-based services as a viable means of high-assurance online identity. For legal professionals, it is a case of ensuring that businesses are as well informed as possible about how the regulations will impact them.

Loss of Safe Harbor Agreement Leaves Thousands of Multinationals in Breach of Data Protection

The European Court of Justice (ECJ) recently ruled that the US Safe Harbor agreement, which allowed the safe transfer of European citizens’ data to US companies, is no longer valid, placing many multinationals in murky water.

The 15-year-old data transfer agreement between the EU and the US allowed multinational companies such as Google, Microsoft and Facebook to store European citizen’s data in the US, so long as the companies agreed to comply with data protection laws.

The abolishment of the agreement comes after the ECJ ruled that the US does not have adequate data protection laws and the Safe Harbor scheme didn’t protect consumers in the wake of the Snowden revelations.

What is the ‘Safe Harbor’ agreement?

Back in 2000, the Safe Harbor agreement was created to find a practical means to deal with data transfer. The scheme allowed companies to self-certify that they would protect EU citizens’ data when transferred to, and stored within, US data centres. This made the Safe Harbor scheme a sort of one-stop-shop, allowing for the export of personal data without the need for consent, speeding up processes and significantly reducing the amount of paperwork required.

Currently there are over 5,000 US companies registered on the program. The courts have not provided any transitional period for companies to adapt and, as a result, these businesses have been left non-compliant with EU data protection rules. Businesses that fall into this area include EU-based multinationals transferring data between group companies and their US parents, and companies based in the US with EU customers.

Implications for your business

Until the EU and US agree a successor program that is compatible with EU data protection law, a large number of companies are left in the lurch.

The Information Commissioner’s Office in the UK (“ICO”) has released a statement following the ruling. They noted: “The judgment means that businesses that use Safe Harbor will need to review how they ensure that data transferred to the US is transferred in-line with the law.

“We recognise that it will take some time for them to do so…. We will now be considering the judgment in detail, working with our counterpart data protection authorities in other EU member states and issuing further guidance for businesses on options open to them.”

ICO also noted that negotiations have been going on for some time between the European Commission and the EU to replace the Safe Harbor program with a new, more privacy protective arrangement.

One of the more troubling parts of the judgment is that the decision was largely based on the ability of US intelligence agencies, such as the National Security Agency, to view personal information transmitted to the US. It is unlikely that US security agencies will ever defer to EU privacy legislation over perceived national security needs. So how will this be reconciled in the Safe Harbor 2.0 program?

ALTERNATIVES

The most obvious and cleanest alternative for compliance is not to transfer personal data outside the EEA and to install and maintain servers for information storing personal data about EEA residents within the boundaries of the EEA. This is, unfortunately, not a practical solution for many companies that need to centralise functions requiring collection storage and use of EEA customer, supplier and employee data in the US.

There are other means approved by the EU for transmission of personal data internationally. One of these is known as “binding corporate rules.” With this scheme, companies within a corporate group can agree to transfer personal data within the group under certain rules compatible with EU data protection legislation. The binding corporate rules must be approved by the information commissioner in the EEA country of transmission. However, the use of binding corporate rules only applies to use intra-company, so does not solve the problem of transmission of data between a customer in the EEA and supplier in the US.

Another alternative is the use of “model clauses“ in contracts between persons or companies sending data from within the EEA and the companies or persons receiving them in the US. The EU has pre-approved a certain template for use in contracts that it considers will provide adequate protection.

A third alternative is to obtain express consent from the data subject to the cross border transmission of his or her data for a specific use or uses of the US recipient. This would not be a viable option for situations where mass data passes international borders.

Whatever solution companies find for the interim, all US companies registered on the Safe Harbor program will need to urgently assess their data protection programs to find another means to comply. There is no certainty about enforcement actions that may be taken in the interim period so companies who are unsure of their position are urged to seek legal advice immediately.

How Law Firms Can Gain Competitive Edge through a Managed Service Approach to IT – Top Tips to Make it Happen

The legal sector’s uptake of outsourced IT solutions – services hosted or managed by third parties – has been steady but unspectacular to date. Understandably, the onus so far has been on lightening the administrative and housekeeping load, minimising the need for expensive hardware implementations and maximising valuable time. The emergence of cloud-based services over recent years has added a new dimension to the outsourcing picture but it’s less clear whether it’s added any dynamism.

The latest Legal IT Landscapes report from Legal Support Network (LSN), Legal IT Landscapes 2015 Top 100 firms report indicates that it could take two years for migration rates of key legal applications to the Cloud (think PMS, CMS, DMS, CRM etc.) to hit the 60% mark. And ‘could’ is the operative word because in a follow up question, over half of respondents answered either ‘undecided’ or ‘not very likely’ to the question ‘How likely is your firm to adopt Cloud-based solutions for its significant systems?’

But is this hesitancy misguided?  Today, there is a greater motivation than ever for legal firms to make the move from on-premise to off-premise IT solutions. And that’s largely because the off-premise proposition has matured to such an extent. Many off-premise providers have been successful in transforming themselves from ‘old school’ IT commodity providers to valued IT partners. Rather than forcing organisations into wholesale adoption of cloud, their focus has been on encouraging the judicious use of multiple services as part of a hybrid on/off premise IT environment.

Its time legal firms and more specifically their IT departments, started taking broader advantage of the richer propositions now available from off-premise/ managed specialists operating in the cloud. Here are our top tips, outlining how they can best do this.

  • Be open to new ways of effecting rapid change

If you are a CIO in a legal firm or a member of the IT team, you’ll recognise the pressure on the one hand to innovate and differentiate and on the other to save money and deliver efficiencies. And yet capital constraints and legacy infrastructure are gross inhibitors; lengthy procurement cycles breed inertia, and protracted provisioning undermines confidence and buy-in.

Don’t be blindsided by all of this. Ensure you have the capability and capacity to deliver a pragmatic, urgent response – to effect change rapidly and easily and starting today. And remember all of that may well involve leveraging the richer proposition now available from off premise/managed specialists.

  • Think long-term not short-term when it comes to data management

As a member of a legal firm’s IT department, data storage and management will inevitably be one of your biggest headaches and daily aggravations.  It will inevitably be tempting to think about short-term fixes and fall into the trap of treating the symptoms of data management issues – rapid data growth – rather than the cause.

You can invest x now, but in 12 months’ time, the inexorable mushrooming of data could well outstrip your storage and tape-based or online back-up facilities; so worst case scenario is back to the drawing board for a new plan, best case is allocating yet more budget to the problem. There is a third way though which involves applying more vigour when it comes to data management and looking seriously at adopting a new more structured approach.

  • Don’t treat all storage exactly the same

Most law firms are guilty of storing too much. They then typically backup anything and everything. Storage is cheaper now than ever but there is still a significant backup cost attached, especially when demands can grow by up to 50% annually. Moreover, you don’t need to back everything to primary or secondary storage. It’s estimated that 70% of files and emails on the average system will not have been accessed for six months or more.

Having said that, there’s also a small amount of data that’s critical for normal operations, that needs to be replicated or backed up and accessible on an almost real-time basis. And in between is about 25% of data that’s accessed regularly and is key to the normalcy of everyday working.  Given these different grades of data and given their widely varying value to the business, make sure you treat them differently when it comes to storing and backing them up.

  • Put data tiering in place

Data tiering is a cloud-based service that can be utilised as a simple discrete, one off solution; it can also fit into a longer/broader cloud journey. For any business that’s looking for a more workable, cost-effective and efficient framework for data management, it’s an approach worth considering. After all, here is a solution that leverages technology, policy and business rules to allow for the easy archiving of aged data, reducing the size and cost of the core back up volume, whilst making replication of mission-critical data that more accessible and affordable.

The topline benefits range from reduction of spend on data management; greater control over data growth by classifying and archiving inactive data; reduction of primary and backup data and backup window, shorter disaster recovery times; increased data availability by lessening the load on primary servers and storage; and more resources, money and energy freed up to spend on ‘added value’ projects.

  • Make use of unified communications

Unified communications (UC) is a technology model that is already gaining momentum in legal because it’s seen as an enabler for collaborative effort, but it should be viewed as a more fundamental development than just the addition of some new comms tools.

Today, with cost reduction and efficiency high on the legal agenda, is the ideal time to start looking at UC.  It has the potential to recast the operational landscape, eliminating the waste of time, money and resources inherent in pointless phone calls, redundant emails, myriad devices and offsite meetings. But the challenge is making it happen. On-premise deployment of UC is a major project, big on capital expense and having the right skills in place

That’s why you should consider an off-premise approach. There are service providers that can deliver the full spectrum of UC capabilities giving you access to every element from a single vendor. They can deliver a converged IP telephony environment; best-of-breed communication and productivity tools; together with fully managed, cloud-based delivery that assumes the burden of risk and cost while assuring the quality of performance and support. As a client, you get a coherent migration strategy: effectively a flexible, fast-track route to the world of UC with nothing to pay other than your per seat per month costs.

Plotting a Future Vision of IT

While the migration of legal firms to cloud-based off-premise IT solutions has been less than spectacular so far, the available evidence suggests that this will change in the long-term. Legal firms can tap into significant benefits by moving certain key applications like data management and unified communications over to a cloud-based off-premise approach, thereby knocking down the barriers of cost, skilled resource and risk, and its accompanying migration wrap suitably designed to overcome legacy issues and secure a smooth, rapid transition to a new order. It is not a necessity to move wholesale to a cloud-based off-premise approach. You can and should take your time devising your strategy. But there is real merit in having a taste right now.

Communications & Multimedia

 Section 114A… Guilty until proved innocent?

In this day and age of technology, where information is easily available and communication is just an email away, internet-related crimes have also been increasingly rampant.

Section 114A of the Evidence Act 1950, was introduced in the hope of enabling law enforcement officers to successfully identify the online perpetrators. In the recent months, cases on the interpretation of section 114A have reached the Malaysian courts.

Introduction

Section 114A, referred to as the Presumption of Fact in Publication, was introduced via the Evidence (Amendment) (No 2) Act 2012 (“the Amendment Act”). The amendment came into force on 31 July 2012.

The amendment aims to facilitate the identification and proving of the identity of an anonymous person involved in the publication through the Internet.

Section 114A – Presumption of fact in publication

  • A person whose name, photograph or pseudonym appears on any publication depicting himself as the owner, host, administrator, editor or sub-editor, or who in any manner, facilitates to publish or re- publish the publication is presumed to have published or re-published the contents of the publication unless the contrary is proved.
  • A person who is registered with a network service provider as a subscriber of a network service on which any publication originates from is presumed to be the person who published or re-published the publication unless the contrary is proved.
  • Any person who has in his custody or control any computer on which any publication originates from is presumed to have published or re-published the content of the publication unless the contrary is proved.
  • For the purpose of this section:

(a) “network service” and “network service provider” have the meaning assigned to them in section 6 of the Communications and Multimedia Act 1998 [Act 588]; and

(b) “publication” means a statement or a representation, whether in written, printed, pictorial, film, graphical, acoustic or other form displayed on the screen of a computer.

The implications

According to sub-section (1) of section 114A, if your name, photograph or pseudonym appears on any publication on the Internet, representing yourself as the publisher, you are presumed to have published the contents of such publication. For example, if someone creates a blogsite in your name, you are presumed to have published the contents on that site, unless you prove otherwise. If someone posts a comment on your blog, you are also presumed to have published it. This will apply to Facebook, Twitter, or any form of social networking service, where you are deemed to have published anything posted on their wall, if that posting is published under your name.

A scrutiny of subsection (2) also appears to have serious consequences. If a posting originates from your account with a network service provider, you are deemed to be the publisher unless the contrary is proved.

A further presumption in subsection (3) is for the contents that originate from a computer. You are deemed to be the publisher so long as your computer was the device used to post that content.

The section is also said to automatically apply when the act complained involves cyber-crime. [1]

Reversing the burden of proof

The section has caused some uneasiness in criminal cases, as it appears to impose the burden on the person to prove his innocence, as opposed to the prosecution to prove its guilt. Furthermore, since computers may be easily manipulated and hacked into, the issue that arises is whether it is too risky to reverse the onus onto Internet users, network services subscribers and computer owners, to prove their innocence.

Retrospective

Furthermore in the recent High Court case of Tong Seak Kan & anor v Loke Ah Kin[2] it was ruled that the presumption has retrospective effect. In that case the defamatory statements complained of were published of the blogsite on 8 August 2011. Although the Amendment Act took effect from 31 July 2012, section 114A applied, nevertheless. Although Tong Seak Kan & anor v Loke Ah Kin is of a civil nature, the question prompted revolves around the constitutionality of section 114A, if applied retrospectively in criminal proceedings.

Rebuttable

Although the presumption is rebuttable, the argument, however, is that there may be difficulties in adducing evidence for the same. It may not only be difficult for the layman to navigate his way through the maze of technology, there may also be other legal hindrances. Furthermore, the standard to achieve in rebutting the presumption is on a balance of probabilities. A mere denial is insufficient. This has been argued to be too onerous a burden.

Much ado about nothing?

The law-makers, however, claim that this section is not as oppressive as it sounds, arguing that section 114A merely renders specific, a power that the court already has in another provision in the Evidence Act, namely, section 114. That section reads:

Section 114

 The court may presume the existence of any fact which it thinks likely to have happened, regard being had to the common course of natural events, human conduct, and public and private business, in their relation to the facts of the particular case.

This provision suggests that the court may already invoke a presumption that could have the same effect as section 114A, except for the fact that section 114A is more specific.

Conclusion

Although the section is intended to balance the right of aggrieved persons, especially of those maligned through social media, it begs the question of whether this presumption, if applied especially in criminal cases, is one of guilt, and therefore goes against the very grain of the criminal justice system.

[1] YB Dato’ HJ Husam HJ Musa v Mohd Faisal Rohban Ahmad [2015]1 CLJ 787

[2] [2014] 6 CLJ 904.

Update On The Recent Developments From The Tipo Regarding Examination Practice For Computer Software Related Invention

In 2014, the Ministry of Economic Affairs issued an amended Patent Examination Guide for computer software related inventions, and it definitely will substantially affect the examination practices of the Taiwan Intellectual Property Office (TIPO). Some of the essential amendments are summarized as follows:

 

  1. INVENTION DEFINITION

To judge whether a claimed invention meets the definition of an invention, one must consider the contents of the claimed invention, rather than the recitation form of the claims, so as to identify whether the invention as a whole is of a technical nature. If only a portion of the claimed invention does not utilize the laws of nature, one cannot assert that the claimed invention does not meet the definition of an invention.

The judgment of the above is based on the technical features recited in the claims, but due to the special nature of a computer software related invention, one usually needs to refer to the contents of the specification in order to understand the essential meaning of each feature of the claims. Therefore, during examination, one conducts a synthetic judgment by examining the invention recited in the claims as a whole and referring to the specification, drawings, and common knowledge at the time of filing to consider as a whole the problems intended to be solved by the invention and the technical means for solving the problems with reference to common knowledge at the time of filing.

If the claims do not specifically recite essential technical features, but after referring to the specification, drawings and common knowledge at the time of filing, the examiner can find that the invention as a whole is of a technical nature but is not something simply based on the laws of nature, mathematical formulas, business methods, artificial rules, information disclosure, or aesthetical creation, etc., then the examiner will notify the applicant to make a response or amendments on the grounds that the claims are unclear. If the examiner finds that the computer software or hardware plays a significant role in the invention, but the specification does not clearly and sufficiently disclose this, for example, or how the software and the hardware cooperate, how the problems are solved, this raises the issue that the skilled person in the art will be unable to implement the invention according to the specification.

 

  1. DEFINITENESS OF CLAIMS

A claim for a computer software related invention is usually drafted using the language of general-function-defined object or means-plus-function. Regarding a general-function-defined object claim, to be definite, the skilled person in the art of the invention must be able to concretely imagine a hardware component or software module in view of the common knowledge at the time of filing for the function. Regarding a means (step)-plus-function claim, if the specification fails to recite the structure, material, operation corresponding to the function or computer program algorithm or hardware component achieving the function, then it will render the claim indefinite and cannot be supported by the specification, and at the same time will fail to meet the enablement requirement.

 

  1. FEATURES HAVING CONTRIBUTIONS IN RESPECT OF TECHNICAL NATURE OR NOT

An invention under the Patent Act must have a technical nature, specifically, the means of solving the problems must involve the technical means of the technical field.

An invention protects the creation of technical ideas which utilize natural laws, and the examination of its patentability is generally based on all the technical features recited in the claims. Therefore, when examining the novelty of the invention claims, any example of the prior art that discloses all of the technical features recited in the claims will result in a lack of novelty. However, because the applicant may recite technical features that do not have a technical nature in the claims of a computer software related invention, when examining the non-obviousness, one shall consider whether the technical features that do not make a technical nature have contributions to the one having a technical nature.

In a computer software related invention, if a feature recited in a claim has a technical nature, then the feature makes a contribution to the technical nature; if the technical feature does not have a technical nature, then one shall judge whether it contributes to the technical nature of the claim after cooperating with a technical feature having the technical nature; if the technical feature does not have a technical nature, and fails to cooperate with a technical feature having the technical nature and thus, does not belong to a part of the technical means which solves the problems, then it shall be deemed as a utilization of prior art and can be easily combined with other prior art.

Therefore, as illustrated in the flow charts below, a claim partially recites a feature having a technical nature (A: image processing device), and at the same time partially recites the features having no technical nature (B: “mathematical formula” for the image processing device; C: business method of “distributing as a gift”). In this situation, the claim includes feature (A) having a technical nature, so the claim as a whole meets the definition of an invention; however, when judging whether the claim meets the requirement of non-obviousness, the examiner only needs to compare “the feature contributing in respect of the technical nature” – feature (A) having a technical nature, and feature (B) cooperating with a technical feature having the technical nature and belonging to a part of the technical means which solves the problems. The remaining technical feature (C) “having no contribution in respect of the technical nature” shall be deemed as a utilization of the prior art and can be easily combined with other prior arts.

images for text

  1. Conclusion

The recent developments from the TIPO regarding examination practice for computer software related invention seems to have become more sophisticated and systematic when judging whether a computer software related invention meets the requirements of definition, enablement, definiteness, novelty, and non-obviousness. The author believes that readers will become more familiar with Taiwan’s current computer software patent practices and have a clearer direction in pursuing future software patents in Taiwan. If you or your clients have any questions on patent protection in Taiwan, please contact the author at 886-2-25856688 X 8139 or [email protected].