E-Commerce: Legal and Practical Issues - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

E-Commerce: Legal and Practical Issues

Description:

... of 2002 Focused on federal information ... (directors have no duty affirmatively to seek out corporate employees wrongdoing) SOX and Security New law: ... – PowerPoint PPT presentation

Number of Views:127
Avg rating:3.0/5.0
Slides: 11
Provided by: ESCM
Category:

less

Transcript and Presenter's Notes

Title: E-Commerce: Legal and Practical Issues


1
E-CommerceLegal and Practical Issues
  • Legal Issues Security December 2, 2005
  • Stephen M. Foxman
  • Philadelphia

2
Security - Federal Legislation
  • Computer Fraud and Abuse Act 18 U.S.C. 1030
  • Identity Theft and Assumption Deterrence Act of
    1998
  • Amends 18 U.S.C. 1028
  • Gramm Leach Bliley requirements for financial
    institutions - (Public Law 106-102) 15 U.S.C.
    6801 et seq.
  • HIPAA requirements for healthcare services -
    Health Insurance Portability and Accountability
    Act of 1996
  • Childrens Online Privacy Protection Act of 1998
    15 U.S.C. 6501 et seq.
  • Federal Trade Commission Act

3
Security Federal Legislation
  • Federal Focus on Protecting Infrastructure
  • USA Patriot Act
  • Creation of National Infrastructure Protection
    Center
  • Maritime Transportation and Security Act of 2002
  • Sarbanes-Oxley Act of 2002

4
Security State Legislation
  • Pennsylvania legislation
  • Wiretapping and Electronic Surveillance Control
    Act 19 Pa.C.S.A. 5701 et seq.
  • Hacking and Similar Offenses 18 Pa.C.S.A. 7611
    et seq.
  • Computer Theft (unlawful access) 7613
  • Unlawful Duplication of Computer Data 7614
  • California SB1386 law relating to disclosure to
    public if private information is hacked or
    inadvertently disclosed to third parties
    (effective July 1, 2003)

5
SOX and Security
  • Moving away from business judgment rule
    Delaware Law
  • Old law Directors not obligated to ferret out
    wrongful conduct
  • Graham v. Allis-Chalmers Mfg. Co., 188 A.2d 125,
    130 (Del. 1963) (directors have no duty
    affirmatively to seek out corporate employees
    wrongdoing)

6
SOX and Security
  • New law Directors must develop internal
    programs to assure compliance with laws
  • Smith v. VanGorkom, 488 A.2d 858 (Del. 1985)
    (board decision must be informed)
  • Kahn v. MSB Bancorp., Inc., 24 Del. J. Corp. L.
    266, 1998 (Del. Ch.) (protection under the
    business judgment rule may be lost through gross
    negligence)
  • In re Caremark International Derivative
    Litigation, 698 A.2d 959 (Del Ch. 1996) (even
    though directors and officers may not be liable
    for wrongdoing that they have no reason to
    suspect, they have an affirmative duty to
    establish a compliance system).

7
SOX and Security
  • Moving away from business judgment rule
    Criminal Sentencing
  • Sentencing Reform Act of 1984 Organizational
    Sentencing Guidelines cited in Caremark as
    evidencing need for corporations to adopt
    effective compliance programs to detect
    violations of law
  • U.S. Sentencing Commission (Jan. 10, 2003) adopts
    emergency plan for harsher sentences in corporate
    crime cases
  • Advisory Commission (Oct. 7, 2003) report to U.S.
    Sentencing Commission on sentencing organizations
    that recommends more sophisticated compliance
    programs.

8
SOX and Security
  • Moving away from business judgment rule Duties
    under SOX
  • Section 404 -- SEC must prescribe rules requiring
    annual reports to contain an internal control
    report stating managements responsibility for
    establishing and maintaining an adequate internal
    control structure and procedures for financial
    reporting and assesses the effectiveness of
    such structure and procedures
  • Requires management to assess and implement
    internal controls for security of MIS and
    business process security responsibility likely
    with audit committee

9
SOX and Security
  • Moving away from business judgment rule Duties
    under SOX
  • Section 409 -- public companies must disclose on
    a rapid and current basis such additional
    information concerning material changes in the
    financial condition or operations of the issuer
    necessary to protect investors and the public
    interest
  • Section 302 certifications required from
    executives covers internal controls
  • Directors and audit committee in particular, to
    meet new standards, must develop risk assessment
    and response to protect company information
    infrastructure

10
SOX and Security
  • Developing and implementing appropriate security
    procedures
  • National Institute of Standards and Technology
    800 Series
  • supports the implementation of the Federal
    Information Security Management Act (FISMA) of
    2002
  • Focused on federal information systems, but
    relevant to private systems, processes and
    assessment issues
  • For more information -- http//csrc.nist.gov/index
    .html
Write a Comment
User Comments (0)
About PowerShow.com