10 commercial reasons for complying with cyber laws

Actually, there are really only two good commercial reasons why your online business should comply with laws and regulations: (1) competitive advantage and (2) collaborative advantage.

But, it takes another 8 reasons to explain why!

Business enterprise fuels the online economy by generating the wealth to provide public services, more and better jobs, higher standards of living and a more sustainable economy. Financed through taxation, the public sector's role is to deliver goods and services efficiently for the benefit of government and the citizen. As the commercial decision maker responsible for your organisation' s online strategy, be on top of your game when it comes to cyber governance and compliance.

Both the public and private sectors' reputations have been damaged recently with the economic crisis. Right or wrong, the public sector has been vilified for inefficiency and over-indulgence, the private sector accused of avarice and greed. Some have even labelled charities over-commercial - after all they do have to make money. Others argue that business processes are over-complicated, technology overwhelming, and information a constant barrage which is difficult to evaluate.

Stirred into the cyber melting pot are complicated, confusing and uncertain laws and regulations that remain a regular source of irritation in meetings, discussion groups and other activities promoting good practice.

Laws and regulations defend the rights of organisations and people. When these rights are infringed, deliberately or not, others are liable. Organisations must therefore take the necessary steps during the course of business to protect their own rights and put appropriate policies and procedures in place to prevent the infringement of the rights of another.

Red tape on increase despite deregulation strategy

Not that I'm saying that law makers and regulators always get the rules right. The recent EU regulation on cookies, for example, clearly demonstrates that those drafting the text had not the faintest idea about how online technologies work. And this uncertainty does not help businesses already struggling to cope with the increasing bundles of red tape. Despite all the work on deregulation, a recent UK government report has concluded that costs to business from red tape have increased by18 million GBP

Not the best track record from the Coalition Government. Yet, the previous Labour Government's red tape record was far worse with the total costs of new regulation under Blair and Brown reaching 90 billion GBP.

Red tape aside, compliance can be achieved as part of an organisation's governance strategy. Legal risk management is the decision-making, control tool that enables this to happen. Governance is top-down, compliance bottom up. For example, an organisation might comply with data protection across several business functions but the whole is brought together under one data governance strategy.

Legal risk management

So here are E RADAR's 8 key reasons why you need to embed a legal risk management strategy across your business, all based upon achieving competitive and collaborative advantage.

1. Customer trust and confidence

Customers need to have trust and confidence in suppliers and find goods and services to be fit for purpose. The transaction must be reliable and adequate protections put in place for when something goes wrong. Doing business online has necessitated more openness and transparency about who suppliers are, what they are selling and the terms upon which the contracting relationship is based.

2. Corporate brand and reputation

How does an organisation quantify the damage done to its corporate brand and reputation from a bad compliance judgment? It is difficult to evaluate, but organisations can be held responsible for the actions of employees (known as vicarious liability) and be sued for an unlimited amount in compensation. For example, in 2000 corporate giant Enron lost everything when IT systems failed to spot the high-level corruption by senior directors in the company. As a result, the company collapsed with the loss of 20,000 jobs around the world.

3. Director liability

A director has a duty to the company, and it is possible for individual directors to be found personally liable for failing to undertake duties implied by law. A director's service contract might also require them to provide additional obligations that go beyond the duties set out in law. For example, the past directors of Equitable Life faced legal proceedings against them for the failure of the world's oldest life assurance company.

The board of directors (or ruling council/committee, depending upon the organisation) must provide a senior champion who is accountable for the corporate use of digital systems and networks, applications and services. The champion can then delegate down and across the management structure in accordance with governance principles.

4. Cost of litigation

Litigation - the act of being taken to court or taking another to court under a civil action costs time, money, and other resources, and should only be used as the final option. Negotiation and dispute resolution are preferable. The outcome for litigation can be uncertain, particularly when legal argument becomes very technical, especially during patent cases. Negotiation and dispute resolution work so long as all parties agree to participate and courts, before a hearing, usually ask whether the parties have tried to negotiate or use dispute resolution to resolve their differences.

Once judgment is pronounced, the losing party may appeal which will extend the litigation process. Finally, a winning party will still need to collect any monies awarded which may not be possible.

5. Supply chain partners

A chain is only as strong as its weakest link. For government and large corporations, doing business with smaller organisations across the supply chain can bring a whole new set of challenges: the financial stability of the supply chain partner (especially relevant in the current economic climate); their levels of security; and ability to deliver on time and within budget.

Some larger suppliers try to help their supply chain partners understand the legal risks associated with digital trading. Microsoft, for example, provides some basic information on rules and regulations on its website: data protection; security and e-invoicing for the benefit of its resellers.

What has been lacking is a comprehensive checklist of relevant laws and regulations, standards and best practice relating to IT use. E RADAR now provides this service online for free.

6. Public procurement

Public procurement is a particular issue for small and medium-sized enterprises, which must work hard to meet the basic compliance requirements expected from government and other public bodies. Whilst governance and legal compliance is an essential component in the procurement process, the UK stands accused of not deploying EU public procurement rules correctly. This is due to the different legal approach taken by the English common law system from the continental statute approach.

As public procurement opens up to small and medium sized business, so more opportunities will become available. Compliance is an integral part of government contracts so you need to ensure that your organisation can meet the standards required

7. Investor relations

If your business is looking for new investment you will need to ensure that legal compliance is addressed in your business plan. Investors will want to see that you have done due diligence across all you markets and are able to manage any risks associated with trading electronically.

8. Insurance premiums

Finding appropriate (and discounted) insurance that reflects your organisation's level of legal compliance remains a challenge. If you have done your due diligence (as described in 7 above) you would expect your insurance premiums to be much lower than organisations that are not as thorough. You can get insurance protection against any legal actions caused by the behaviour of your staff when sending emails or browsing the Internet. Discuss with your insurance broker to see whether you can get any additional discounts.