RSSAll Entries in the "Legal" Category

Is Your Business Ready For Rhode Islands New Cyber Security Law?

Faceless hooded anonymous computer hacker with programming digital code from monitor

by Jay Madden

Attacks Hit Small Employers Big
According to a 2015 report from the Insurance Information Institute, cyber hacks increased by an estimated 27.5% from 2014 to 2015, with perpetrators coming from everywhere – politically-motivated criminal across the globe to local disgruntled employees.

While most people have heard about highly-publicized attacks targeted at big companies like retailers and health insurers, large corporations aren’t the only ones who are at risk. Increasingly small- to medium-sized business are the biggest targets. In fact, according to a recent Data Breach Investigations Report by Verizon, 72% of all attacks are now perpetrated on small businesses.

What makes these organizations most vulnerable?
• Lack of time and/or budget to implement adequate security solutions
• No dedicated IT staff
• Lack of awareness
• Belief that they’re too inconsequential, even though they often serve as “backdoors” for cyber criminals into larger and more extended systems
• Lack of proper employee training
• Failure to update technology systems, policies and procedures
• Outsourcing to unqualified vendors

The Growing Costs of the Growing Risk
Cybercrime costs the global economy an estimated $445 billion annually – a figure expected to reach $575 billion within the decade. Since all industries are prone to attack, every business – even small ones – risks significant expenses if a breach occurs, including:
• Legal liability to the injured individual or individuals
• Defense costs of regulatory actions resulting from a breach
• Fines and penalties dues to a breach
• Loss of income and revenue
• Business continuity expenses and costs
• Destruction of electronic data and equipment
• Extortion and ransom threats
• Breach management expenses (including forensics, notification costs, credit monitoring)
• Brand and reputational damage
As a result of these unanticipated costs, according to the National Cyber Security Alliance, 60% of all small businesses are forced to close their doors within six months of a data breach.

RI’s New Legal Requirements
In response to the alarming increase and the serious nature of cybercrime, Rhode Island’s new Identity Theft Protection Act of 2015 requires that businesses, individuals, and state and municipal agencies who store, collect, process, maintain, acquire, use, own or license personal information – meaning a name and one other piece of identifying data such as Social Security number, driver’s license number or even email with required access code – take a number of actions to protect the data.

Specifically, those subject to the law must:
• Implement a risk-based information security program that contains reasonable security procedures and practices to protect the personal information from unauthorized access, use, modification, destruction or disclosure
• Implement a written document retention policy
• Secure written contracts with any third party to whom it discloses the personal information of Rhode Island residents ensuring that the third party has implemented and maintains reasonable security procedures and practices to protect the information
• Notify individuals if it suffers a data breach within forty-five (45) days of confirmation of the breach – one of the shortest notification periods among the various state data breach laws – and notify the Rhode Island Attorney General if the breach involves more than 500 individuals

Penalties for violation of the Act are equally onerous, potentially including a civil suit by the Attorney General and $100 fine per record for reckless violation of the Act and $200 for knowing or willful violation – with no cap

Steps to Compliance
To avoid the fallout of an attack and ensure compliance with Rhode Island’s new law, it’s critical small businesses take several necessary steps to combat the growing threat of a breach. Consider the following actions to prepare:

• Involve all levels of the organization in creating or enhancing a written information security program to protect personal information that’s appropriate for the organization and the type of information it collects.
• Establish a policy for destroying personal information securely after a reasonable retention period, such as by shredding, pulverization, incineration, or erasure.
• Create a model form for a notice that meets the Act’s requirements in case a breach occurs. Provide fields that will allow your company to describe: 1. the incident, how it happened and the number of individuals impacted; 2 the type of information involved; 3 the date(s) of the breach; and 4 when it was discovered. Also, include remediation services that will be offered along with contact information, as well as how a consumer can file or obtain a police report, request a credit freeze and any required fees that may be required by consumer reporting agencies.

Insure For Added Protection
In addition to meeting the state’s legal requirements, small businesses can take additional steps to help prevent catastrophic losses from an attack by performing a threat assessment to understand its potential vulnerabilities. Once a company has a picture of its security exposures, it can transfer much of the risk with an insurance policy tailored to its specific business risks that can mitigate the costs and losses attributable to a cyber event. While many traditional insurance policies don’t offer adequate levels of protection or exclude these types of occurrences, in response to the growing threat, many insurers now offer stand-alone cyber-specific policies. In fact, over sixty different insurance carriers now underwrite some form of cyber insurance that can cover:

• Legal liability (to the injured individual or individuals)
• Loss of income and revenue
• Defense costs of regulatory actions resulting from a breach
• Fines and penalties dues to a breach
• Extortion and ransom threats
• Breach management expenses (including forensics, notification costs, credit monitoring)

As cybercrime continues to evolve, so will a small business’ risk. While Rhode Island’s new law is designed to protect consumers against the threat, companies need to take precautions to protect themselves. Because their survival may very well depend on it. Jay Madden

| Jun 22, 2016
Read More

A New Bill Seeks To Improve Gender Diversity on Corporate Boards

Male Judge Signing Document At DeskIn March of this year, U.S. Rep. Carolyn Maloney of New York introduced the Gender Diversity in Corporate Leadership Act. The bill is intended to increase the number of women on corporate boards, and would require public corporations to report the gender composition of their boards and board nominees to the U.S. Securities and Exchange Commission (the “SEC”). It would also create an SEC advisory group to study and recommend ways to increase gender diversity on corporate boards.

In January, the Government Accountability Office (“GAO”) released a study showing that women held just 16% of seats in corporate boardrooms. This number was up from 8% in 1997. Based on these numbers, even if equal proportions of women and men joined boards each year beginning in 2015, it would take until 2065 for women’s representation on boards to be on par with that of men’s.

Proponents of the Bill argue that what gets measured, gets results. The theory is that, by turning the resources of Congress to the issue of board diversity, it is likely that public companies will devote more effort to diversifying their boards. Research shows that public companies with boards that are reflective of the diversity of the population of the United States have better decision-making processes and overall stronger organizational health. In other words, diverse boards are good for business and this translates into being good for the economy.

Those opposed to the Bill suggest that it is an unnecessary intrusion into the boardroom. Importantly, however, the Bill stops short of creating any mandatory quotas. Many European countries, on the other hand, have attempted to achieve boardroom diversity through quotas.

Germany recently became the latest country so far to pass a law that requires some of Europe’s biggest companies to give 30% of supervisory seats to women. In passing the law, Germany joined a trend in Europe to accomplish what has not happened organically, or through general pressure: to legislate a greater role for women in boardrooms.

Norway was the first country in Europe to legislate boardroom quotas, joined by Spain, France and Iceland, which all set their minimums at 40%. Italy has a quota of 1/3 and Belgium of 30%. Britain has not legislated quotas, but a voluntary effort, known as the 30% Club, has helped to substantially increase women’s representation. The group has used persuasion to help double the percentage of women on the boards of major British companies since 2010 – up to 23%.

The notion of government quotas for company boards has met substantial resistance in the United States. Representative Maloney’s Bill is one example of an advocate attempting to achieve boardroom diversity in another way. The Bill has been referred to the House Committee on Financial Services.

If you have questions or would like to speak to Attorney Sally P. McDonald, please call 401-824-5100 or email her at smcdonald@pldw.com.

Sally P. McDonald, Esq.
Attorney, Pannone Lopes Devereaux & West LLC
| Apr 22, 2016
Read More

Cindy Burke, Esq., Burke Law Group LLC

Cindy BurkeBurke Law Group, LLC. was created by Robert J. Burke II and Cindy Burke to provide legal assistance to the Hispanic community. “The focus of the company is Immigration Law, but we have found so many other aspects of law we can assist with, that we never turn anyone away from at least an initial consultation on any legal issues,” said Cindy. “Our belief is that the client works just as hard as we do for their money, and we charge fees that are sometimes 70-percent lower than most Immigration attorneys in our area.”

Cindy warmly welcomes people who are sometimes turned away from legal assistance, and this has garnered much respect in the community for her firm. Her goal is to make a difference in the community and she in fact does this on a daily basis, “We have become an integral part of the community, and very quickly everyone has learned who we are. The best part of offering my services to Central Falls is the fact that my parents have owned a night club there for over 28 years, and when they see me they ask if I am their daughter,” said Cindy. “I’m always proud to say I am, and the community knows we are trustworthy.”

Their firm is set apart by honesty, placing their clients’ needs in the forefront of their business policies. Cindy has received both a Mayor’s Citation from the City of Central Falls and certificates of congressional recognition for the outstanding impact she has made in the lives of people in Rhode Island.

Cindy most notably is a representative of those who are unable to advocate for themselves. “The work I put into building this empire is just starting, but it won’t end there. I intend on being the voice of Immigration, and the person that everyone in the Hispanic community knows,” said Cindy. Her plans are to continue to do the work that most will shy away from to make a difference in the lives of others.

| Apr 20, 2016
Read More

A Primer on Corporate Governance for Business Ownership

By PLDW Managing Partner Gary R. Pannone and Attorney Benjamin L. Rackliffe

16561251_editThe entrepreneurial spirit is alive and well in the U.S. with millions of businesses created each year. Some will survive and others will vanish. Those that flourish and grow are most likely to have established the corporate governance structures that are essential to thrive and survive. These critical keys to success are described below as a primer for start-up business owners and entrepreneurs to consider implementing as best business practices.

Corporate Governance

What is “corporate governance” and what does it mean for my organization?

Corporate governance refers to the manner in which a corporation is directed, and laws and customs affecting that direction. It includes laws governing the formation of firms, by-laws established by the firm itself, and the structure of the firm. A company’s corporate governance refers to the relations, distribution of rights and responsibilities by and among four primary groups of participants: the board of directors, managers, employees and shareholders. Corporate governance includes rules and procedures for making decisions and provides structure through which company objectives are established. Corporate governance also includes the means by which stated goals are achieved and how performance of those objectives is monitored. In short, the corporate governance system of an organization is the structure by which a company’s directors and managers act in the interests of the firm, its shareholders and employees. The corporate governance system is also how the company holds the board of directors, managers and employees accountable to capital providers and third parties who rely upon the value of the company’s assets. Fiduciary duty and accountability issues are often discussed within the framework of corporate governance.

Articles of Incorporation

How do I go about forming my corporation and what lays the basic framework for proper corporate governance?

A corporation’s Articles of Incorporation, when filed with the Secretary of State, serve as both the formation document and primary source of a corporation’s governance system. A corporation’s Articles set the par value for the corporation’s stock as well as cap the number of shares a corporation is authorized to issue to shareholders. Individuals forming the corporation, called “incorporators,” have the option to set forth additional language pertaining to governance structure of the corporation such as the size and manner in which a board of directors may vote in relation to various business decisions, although these provisions are also frequently found in a corporation’s by-laws (discussed below). Articles frequently define a corporation’s corporate purpose and provide for the indemnification of directors and officers acting in good faith for the benefit of the corporation. Articles of Incorporation are supreme to any other corporate governance documents, and therefore, critically important to corporation’s governance.

By-Laws

What are “by-laws” and how do they benefit my corporation?

Only second in supremacy to a corporation’s Articles, a corporation’s By-Laws are the essential outline of a corporation’s governance structure. They define the general authority of corporate shareholders, the election and removal of directors and officers, and the division of authority among these subsets of corporate decision makers. By-Laws define standards for meetings including the constitution of a quorum for purposes of corporate action and set forth instances where actions by decision makers may be had in the absence of formal meetings.

Other Governance Policies and Procedures

When setting up my corporation, are there any other polices or procedures my corporation should consider adopting?

While there are certainly corporations which operate without supplemental policies and procedures, it is a “best practice” for corporations to adopt additional policies and procedures to supplement the basic governance framework set forth in corporate Articles and By-Laws. Some of the most common supplemental policies are as follows:

  • Conflict of Interest Policy: The purpose of a Conflict Policy is to protect the corporation’s interests when it is contemplating entering into a transaction or arrangement that might benefit the private interest of an officer, director or high level manager within the corporation. The Policy defines what constitutes a conflict and provides a framework by which conflicts are identified and addressed in order to facilitate the healthy operations of a corporation and stymie abuse by corporate decision makers.
  • Whistleblower Policy: A Whistleblower Policy is intended to deter corruption and abuse within a corporation by setting forth guidelines for directors, and officers and employees to raise concerns regarding the rogue practices of individuals within a corporation while assuring that such individuals will be safeguarded from harassment, victimization and/ or retaliation for reporting. The basic concept is that with assurances and protections afforded to reporters, malfeasance taking place within the corporate setting will diminish.
  • Document Retention Policy:  Document Retention policies set forth corporate-wide standards for the retention and destruction of physical and electronic records received, created, and stored by a corporation in connection with its business operations. These policies are intended to remove the guess work of corporate employees in terms of how long to keep records and to comply with various governmental and industry laws and regulations.

In addition to the foregoing, it should be noted that industry specific laws, regulations and practices may require the development of additional policies and procedures. If you have questions about your business or are planning to start a business, and would like to speak with business attorneys Gary R. Pannone or Benjamin L. Rackliffe, please call 401-824-5100 or email gpannone@pldw.com or brackliffe@pldw.com

| Mar 22, 2016
Read More
« Previous PageOlder Entries
Newer EntriesNext Page »
previous arrow
next arrow
Slider