ANY enterprise involved in business typically encounters different typesof risk in its daily operations. These include credit risks, technologyrisks, market risks and legal risks. As professional service providers, lawyers offer legal risk managementadvice to businesses as one of their core services. But being driven bycost-saving considerations, businesses (whether "e" or brick-and-mortar)tend to be reluctant users of such risk management services until majorlegal problems arise. This reactive mode of legal risk management thendrives the business process, resulting in, more often than not, highercosts. All businesses want to deepen their overseas market share, but most tendto be uncertain about their legal rights in foreign jurisdictions. So, howbest does one manage one's legal risk exposures in foreign jurisdictions? For an enterprise venturing overseas for e-business, the legal minefieldcan be boggling. Not only do you have language and cultural barriers, themyriad of differing and often immature laws and regulations governing e-business also present tremendous challenges. There are essentially two types of legal risks that flow from theconduct of e-businesses: direct and indirect consequences. The direct legal risks involve potential liabilities in relation to: * compliance requirements at the regulatory level, both at home and inforeign jurisdictions with regard to the legislative and regulatoryenvironment; * contracting parties (breach of contract); * third parties (for example, violation of intellectual propertyrights); and * the enterprise's employees in their dealings with third parties whichmay lead to potential liabilities for their employer. The indirect legal risks, in turn, are those risks that flow fromtechnical risks such as: * poor system design or architecture that may result in system failure,which could lead to potential legal liability for the software developer,for instance; * computer viruses which may cause the whole network to collapse,leading to legal liabilities for service providers; and * intrusion by hackers and other criminal activities such as theft orcorporate espionage which lead to potential legal liability for bothservice and content providers. Thus, businesses need to manage their legal risk exposures in astructured and proactive manner. Structured risk management is a processof identifying and managing legal risk exposures and taking proactivesteps within a clear framework to avoid and/or minimise the aforementionedforms of legal risk liabilities. First, the enterprise must determine the awareness level at both theinstitutional (corporate) and personal (employee) levels. Second, a legal risk audit should be carried out across the enterprisecovering every aspect of corporate work. These include reviewingdocumentation, seeking legal advice confirming compliance with prevailinglaws and regulations, and reviewing of corporate e-policy. Third, there has to be a risk management framework at the enterpriselevel. This framework should determine the programme and methodology forproactive management of such legal risk exposure. It must determine theacceptable level of risk tolerance and should include the tools as well asthe system for management and decision support. And finally, there has to be systematic review. The risk exposures mustbe identified carefully and evaluated by senior management together withthe guidance of legal counsel. * The writer is a technology lawyer and author of E-Security Law &Strategy. He is a visiting associate professor at a local university andan associate fellow at the Centre for Asia Pacific Technology Law & Policyin Singapore.Reference:
Zaid Hamzah.(2005, September 15).New Straits Times.
No comments:
Post a Comment