5 Things Your Company Must Know About Data Security

If your company retains personal and sensitive information about your employees, clients, or customers, you must protect this data. Cybercriminals attack businesses each day to steal data they can use for profit. As a business owner, it is important that you understand data security. A South Carolina business compliance lawyer can help you ensure that your company complies with all federal and state laws governing data security.

Beginning with the Basics of Data Security

Knowing some of the basics of data security can help you protect your data from cybercriminals. Remember, cybercriminals attack both large and small companies. Therefore, it is important for a small business owner to understand data security methods and how to protect data just as it is important for large companies to protect their data.

Five important data security basics you need to know are:
1.   Update Your Software
Setting updates to occur automatically is one way you can protect your data. You need to update all software, including operating systems, apps, and web browsers.

2. Encrypt Devices and Secure Your Files
Using encryption on all devices that could contain or access sensitive data is an essential step in data security. Devices that should have encryption software include removable drives, laptops, cloud storage accounts, tablets, cell phones, and backup tapes. In addition, secure your files by backing up data offline. You can use cloud storage solutions or an external hard drive, but do not forget to encrypt the device. Also, make sure that your paper files are secured too.

3. Require Strong Passwords
It is easy to choose a password that you can remember; however, this practice can leave your data at risk. A strong password is at least 12 characters in length. The password should be a mixture of numbers, letters, and symbols. You should also use capital letters and lowercase letters in the password. Set your systems to limit the number of unsuccessful log-in attempts to limit criminals from attempting to break your password to gain access to your data.

4. Use Multi-Factor Authentication
Secure your sensitive information by requiring multi-factor authentication to access areas of the network that contain private data. There are several types of multi-factor authentication that your business may use for data security. You might require a temporary code that is sent to a specific cell phone number or a physical key that must be inserted into the computer to complete the login process.

5. Train Employees and Develop a Data Breach Plan
You need to include your employees in your data security plan. Regular training sessions help your employees understand the need for cybersecurity. Training sessions also update employees on new vulnerabilities and risks related to data security. Businesses should require mandatory attendance for training sessions. Also, develop a data breach response plan for your company. The FTC has several resources for protecting data and developing a data breach plan on its website.

Contact a South Carolina Business Attorney For More Information

Failing to comply with federal and state laws related to data security could result in substantial penalties for your company. Contact our South Carolina business compliance lawyers at Willcox, Buyck & Williams, P.A.  Our South Carolina business attorneys can help you ensure compliance with all data security laws.

South Carolina Enacts First Insurance Data Security Act – How Will it Affect Your Business?

The National Association of Insurance Commissioners (NAIC) drafted the Insurance Data Security Model Law in 2017. On May 9, 2018, South Carolina became the first state to enact a version of the law. The provisions of the South Carolina Insurance Data Security Act will become effective for businesses on January 1, 2019. Therefore, if you are not aware of how the new law affects your business, you may want to consult a South Carolina business compliance lawyer as soon as possible to avoid any problems.

What is the South Carolina Insurance Data Security Act (“The Act”)?

The requirements of The Act are designed to protect a company’s nonpublic information, including information about a consumer such as a driver’s license number, Social Security Number, and healthcare information. In addition, the requirements are designed to protect the information system for a business.

The Act applies to licensees of the South Carolina Department of Insurance unless the licensee is exempted from the law. A licensee is an individual who is authorized, licensed, or registered or is required to be authorized, licensed, or registered under the insurance laws of South Carolina.

Exemptions from The Act include independent contractors or licensees with less than 10 employees and agents. In addition, a licensee may claim exempt status if another licensee’s cybersecurity program protects that licensee. A licensee that complies with HIPAA requirements meets the requirements of The Act upon producing written certification of HIPAA compliance.

Requirements and Implementation of a Data Security Plan

The Act requires licensees to develop, implement, and maintain a comprehensive written information security program (WISP) on or by July 1, 2019. The program must meet all requirements of The Act. The program must be based on a risk assessment so that the WISP is developed to mitigate identifiable risks for the licensee.

Other key requirements of The Act include:

  • Requirements for executive management involvement in the cybersecurity program. The Act specifies certain duties of executive management regarding the information security program. It also requires a written annual report to the Board of Directors providing information related to the WISP.
  • A third-party service provider program must be developed and implemented by July 1, 2020. Licensees must conduct due diligence when selecting a third party service provider to ensure the protection of the licensee’s nonpublic information and information systems.
  • Develop and implement a written incident response plan by January 1, 2019, to respond to and recover from a cybersecurity event.
  • Provide an annual certification of compliance with all requirements under The Act to the South Carolina Department of Insurance. All records supporting the certification must be maintained and produced for inspection by the Department of Insurance.
  • Requires licensees to investigate and disclose certain cybersecurity events within 72 hours of the discovery of the event. The Act also provides detailed requirements for the investigation, disclosure, and response for a cybersecurity event.

Contact a South Carolina Business Compliance Attorney

The above information is not intended to be an exhaustive discussion of all requirements under The Act. To ensure your company complies with all requirements of The Act, contact a South Carolina business compliance attorney.

The steps to comply with the requirements of The Act can be complicated. It is best to work with an attorney to develop your cybersecurity program to avoid penalties and fines. Schedule a consult with a member of our team at Willcox, Buyck & Williams, P.A. today.

 

Six Steps You Need to Take to Get Your Business GDPR Compliant

Do you have an office or other operation in the European Union? Does your business sell products or services in the European Union? If you monitor, collect, or maintain personal data within the European Union, you need to ensure that your company complies fully with the requirements of the General Data Protection Regulation (GDPR) for the European Union. Steps that our South Carolina compliance lawyers advise you take to determine if you are GDPR compliant include:

1. Updating Your Privacy Policy

If you collect data from any individual, you must provide that individual with an explanation of your collection practices and notice of their rights. However, updating your privacy policy is only the first step in becoming GDPR compliant.

2. Adopting or Reviewing Internal Security and Data Policies

In addition to a public privacy policy, you should also have an internal policy regarding data collection and data protection. The policy should cover procedures for responding to a data breach. Do not forget to include GDPR requirements for responding to a data breach, such as the mandatory notification of breaches to supervising authorities within 72 hours. Employee data collection policies should comply with all federal, state, and GDPR requirements for collecting and storing an employee’s personal data.

3. Reviewing Contracts and Agreements

All contracts and agreements should address GDPR requirements. The GDPR requires you to have written contracts with any companies, individuals, or services that handle the data you collect and maintain.

4. Re-Assessing Security Measures

Compare your data security measures to the industry standards for protecting data. Several data privacy frameworks can provide a guideline for ensuring your security levels meet the GDPR requirements. Reviewing Article 32 of the GDPR can help you assess the security of your data encryption, processing systems, storage, testing, and backup systems.

5. Adopting Procedures for Purging Data

The GDPR limits the time you can store an individual’s data without a valid reason for maintaining the data. You need to review the GDPR guidelines for maintaining and purging data to ensure your procedures comply with the GDPR laws. Your purging process should also include steps for destroying data that is no longer needed that complies with the GDPR rules for disposing of and destroying personal data and information.

6. Keeping Detailed Record Keeping

You should maintain detailed records of the steps you take to comply with GDPR requirements. Your records should reflect the steps you have taken, and you are currently taking to comply with the GDPR. As you continue to comply with the law, maintain records of your efforts toward compliance to mitigate the risks of non-compliance if a complaint is filed against your company.

Our South Carolina Business Compliance Attorneys Know GDPR

It can be difficult to know if you are GDPR compliant, especially if you are a small business that has not instituted detailed data privacy procedures. Larger companies may believe their policies for data collection are sufficient; however, they may not be GDPR compliant.

Contact our South Carolina business compliance lawyers at Willcox, Buyck & Williams, P.A.  Our South Carolina business law attorneys help businesses evaluate their privacy policies and data collection policies to ensure they are complying with all GDPR rules and laws.

Understanding Breach of Duty Claims and Defenses

There are many reasons why a person or company may file a breach of duty claim. A breach of duty can occur for a variety of reasons related to several different areas of law, including personal injury claims, medical malpractice, probate law, and business law. The breach occurs when a company or a person owes a duty of care to another company or person and fails to adhere to the standard of reasonable care in a specific situation. When a company or person breaches a duty of care, that person may be held liable for negligence.

Filing a breach of duty claim or defending a breach of duty claim can be very difficult. The laws regarding breach of duty claims in South Carolina can be complex. We encourage you to contact our South Carolina negligence defense lawyers to discuss filing a claim or potential defenses to a breach of duty claim.

Types of Breach of Duty Cases

As stated above, a breach of duty can occur in a variety of scenarios. Some of the common negligence cases involving a breach of duty include:

  • Motor Vehicle Accident Cases — All drivers owe a duty of care to everyone on the road to use reasonable care to avoid an accident. A driver can be held liable for negligence when the driver breaches his duty of care by recklessly or carelessly causing a traffic accident.

  • Premises Liability Cases — Property owners have a responsibility to provide safe premises for their guests and visitors. If the property owner does not use reasonable care to prevent, correct, or warn individuals of dangerous conditions, the property owner may be held liable for breaching the duty of care owed to visitors and guests to prevent accidents and injuries.

  • Medical Malpractice Cases — Doctors and other health care providers owe a duty of care to their patients. The duty of care is measured by what a reasonable doctor would have done in a similar situation with similar circumstances. A bad result is not necessarily medical malpractice. The actions of the doctor must be measured against the medical community’s duty of care to determine negligence.

  • Breach of Fiduciary Duty — When a person or company has a duty to act in the best interest of another party, the duty of care is referred to as a fiduciary duty. The person with the duty of care is referred to as a fiduciary. When a fiduciary acts in a manner that is contrary to the other party’s best interest, the fiduciary may be subject to a breach of duty claim. Examples of fiduciary relationships include attorney-client, trustee-beneficiary, principal-agent, and board-shareholders.

When filing a breach of duty claim, the plaintiff must prove that a duty existed, the duty was breached, and the plaintiff suffered damages because of the breach.

It can be difficult to prove a breach of duty claim because there are several valid defenses to these claims, including a duty did not exist, or the breach did not cause damage. A South Carolina negligence defense lawyer can help you develop a strong legal defense to a breach of duty claim.

Contact a South Carolina Negligence Defense Lawyer to Discuss Your Case

If you have been accused of a breach of duty, it is very important to hire an experienced South Carolina negligence defense lawyer immediately. Remedies in a breach of duty claim could include substantial compensation for damages. Schedule a consult with a member of our team at Willcox, Buyck & Williams, P.A. today.  Our South Carolina negligence defense lawyers can help you defend the breach of duty claim to mitigate your liability for damages.

Eight Business Compliance Issues Your Company May Face

Operating a successful business can be extremely satisfying. However, it can be overwhelming, especially when you consider the federal, state, and local laws and regulations that your business must comply with each day. The federal fines, lawsuits, criminal penalties, and other damages that can result when a company experiences compliance issues can be costly. Our South Carolina business compliance lawyers help businesses review their compliance requirements to ensure they are adhering to the requirements for their business.

Common Compliance Issues That Many Companies Face

Each company is different; therefore, your company may or may not face these compliance issues. In addition, companies in specific industries may have compliance issues that are unique to the industry. A South Carolina business compliance lawyer can help you understand which laws and regulations apply to your business and institute a plan to ensure compliance.

1. Wage and Hour Laws

Most companies understand wage and hour requirements for minimum wage and normal working hours. However, you may need assistance to ensure you are complying with wage and hour laws for overtime pay. Failing to pay overtime can result in costly fines. You need to understand how to identify the employees who must be paid overtime wages and the employees who are exempt from this requirement.

2. Franchise Agreements

If you opened your business under a franchise agreement, you must comply with all terms within the agreement. Some franchise agreements contain numerous terms and conditions that regulate even the smallest detail of operating the business under the franchise’s name. Reviewing the agreement with a South Carolina business compliance lawyer is a good idea.

3. Protection of Client’s Data

With the numerous security breaches being reported by businesses throughout the United States, it is crucial that companies take steps to prevent data breaches. Compliance when protecting consumer data is essential for companies to avoid legal issues.

4. Distinguishing Between Employees and Independent Contractors

Companies must be very careful when distinguishing between employees and independent contractors. Employers are required to withhold taxes and pay taxes for employees. However, independent contractors have different rules for taxes.  Employers need to make sure they comply with all tax laws and labor laws regarding the distinction between various service providers and workers.

5. Verification of Employee Identity

Employers should verify employment eligibility for all employees. Companies can utilize a Form I-9 to verify an employee’s identity and eligibility to work in the United States.

6. Employment Policies

A South Carolina business compliance lawyer can help a company ensure that it complies with all federal and state labor laws and employment laws. From anti-discrimination policies and employment contracts to privacy concerns and benefits management, there are several employment policies that can create compliance problems if a business is not on top of each of these matters.

7. Professional Licenses and Business Licenses

If anyone in your company is required to have a professional license, you must ensure you have a procedure to ensure those licenses are kept up-to-date.  Noncompliance with regulations governing professional licenses and business licenses can result in fines and unnecessary interruption to business.

8.  Federal Health Insurance Laws

Compliance with federal health insurance laws can be a complex undertaking, especially for a new business. However, failing to comply with these laws and regulations can result in significant fines. If you do not understand the federal health insurance laws as they apply to your business, our South Carolina business compliance lawyer can help ensure you are compliant with all existing laws.

Call A South Carolina Business Compliance Lawyer for More Information

Compliance issues can be a difficult business matter. Schedule a consult with a member of our team at Willcox, Buyck & Williams, P.A. today.  Our attorneys are ready to help you protect your investment and your business from costly fines, lawsuits, and other penalties for non-compliance.

Does Your Company Need to Comply With GDPR?

If you assume that you do not need to comply with a regulation passed by the European Union (EU), you are wrong. Companies in the United States, including South Carolina, may be required to comply with the data privacy measures of the GDPR or face substantial fines. If you are unsure whether you need to comply with the GDPR or if you have questions about the regulation, call our South Carolina business compliance lawyer for more information.

What is the GDPR and What Businesses Will Be Impacted?

The General Data Protection Regulation (GDPR) is a set of standardized data privacy measures to protect citizens and residents in the European Union (EU). Violations of the GDPR could result in fines of four percent of the business’s annual gross global revenue or EUR 20 million. Therefore, it is important for companies in South Carolina to understand if they need to comply with the conditions and terms of the GDPR.

Companies that collect and store the personal information of EU citizens, process the personal information of EU citizens, or conduct business in the EU are impacted by the GDPR, even if the home country for the business is not within the EU. Companies and entities that may be impacted include online companies, companies that ship overseas, government agencies, and any business that receives or collects the personal information of EU citizens. In addition, companies that are “processors” of data, such as IT companies, are also included in the GDPR.

Some questions you can ask yourself that will help you know if your company must comply include:

  • Do you or your company sell items or offer services to anyone living in a member state of the European Union?

  • Does an agent for your company operate from the EU?

  • Does your online e-commerce site offer pricing for goods and services in Euros?

  • Does your company provide services that allow you access to personal data for another company that collects personal data from EU residents?

  • Do you or your business monitor the behavior or collect data on EU residents?

The above list is not an exhaustive list of conditions that might require you or your company to comply with the GDPR. If you answered yes to any of these questions or you are unsure whether the GDPR applies to your business, call our South Carolina business compliance lawyer for assistance.

Responsibilities and Duties Under the GDPR

It is extremely important that you understand what you should do to protect an EU resident’s personal data to avoid fines and penalties for non-compliance. Some of the things that you might be required to do if you have personal data from EU residents include:

  • Delete personal data upon request of the individual;

  • Keep detailed records of the data you collect or process;

  • Collect personal data through opt-in consent of the parties;

  • Perform assessments for data protection; and,

  • Notify individuals of a data security breach within 72 hours of the breach.

There could be additional responsibilities that your company may have under the GDPR. Contact our South Carolina business compliance lawyers at Willcox, Buyck & Williams, P.A. to discuss steps you need to take to protect your company from liability.

Compliance Audit Basics & Why Your Company Needs Them

The very words “compliance audit” are enough to send chills down the spines of many entrepreneurs and business executives in the state. Why do many people get anxious at the thought of having their businesses audited by compliance agents? It may be because they are aware of the tough penalties facing non-compliant companies or because they are not 100 percent certain their entire company operations are compliant with federal and state regulations.

If you are having doubts as to whether your company’s top-down operations comply with the law, reach out to an experienced South Carolina compliance lawyer to help you identify non-compliance hotspots.

Why Are Many Companies Not Ready for Audits?

There are many reasons. Taking first place is the sheer volume of federal and state regulations that companies are subject to. In addition, private sector alliances and professional organizations also have laws governing member companies’ conduct. Together, public and private regulations can fill thousands of pages, many of which are regularly updated. It’s hard for a company executive to keep up with all of them.

Other reasons companies get anxious about compliance audits include: poor record keeping, negligent misclassification of independent contractors and poor operational oversight.

What Are the Hotspots for Non-compliance?

When compliance auditors from the Office of the Inspector General, the Department of Labor, the Equal Employment opportunity Commission or the IRS come knocking, here are some of the go-to areas they start with:

  1. Employment and labor law policies. Does the organization comply with labor laws relating to working hours, working conditions, compensation, human rights, underage workers and discrimination?  

    In addition, employees must comply with anti-trust and competition laws in their respective regions. This means they cannot take advantage of customers, suppliers or competitors through manipulation or misrepresentation. Do employees conduct themselves fairly?

  2. Regulatory compliance. Does the company abide by federal, state and municipal legislations? Does the company comply with the US Environmental Protection Agency’s laws on toxic waste disposal? Does it abide by federal laws on charging of credit cards? 

  3. Securities laws.  If the company is a public company, are all its disclosures full, accurate, fair and comprehensible? Do all employees maintain confidentiality when privy to non-public information?

    Tax compliance. Many audits in the United States are actually done by IRS agents. They examine business and tax returns for signs of non-compliance. Often, companies get blacklisted after these audits because the IRS calculates tax returns using the Internal Revenue Code, which is significantly different from the general accounting principles used by business owners and accountants. 

    State agencies can also perform tax audits to ensure businesses pay state income tax. They check whether a business is collecting sales tax on applicable transactions and whether it is remitting all taxes to the appropriate agencies on time. 

    In addition, as many as 46 percent of companies wrongly classify their independent contractors, causing them to understate their taxes and insurance costs. 

Many compliance errors are not done willfully or knowingly, but rather out of a lack of knowledge. Sadly, ignorance of the law is not a defense. This is why companies should take steps to boost their compliance practice by working with an experienced South Carolina corporate law attorney at Willcox, Buyck & Williams, PA. Schedule a consultation today.

Overtime Overhaul: Understanding the New DOL Rule

Will my business be affected by the new overtime rule?

On December 1, 2016, a new overtime rule will go into effect, impacting an anticipated four million employees and their employers.  The changes, enacted by the United States Department of Labor (DOL), will significantly increase the annual salary requirement needed for employees to be considered exempt from overtime pay.  With less than five months before all employers must comply with this new federal regulation, many are scrambling to understand what it may mean for their business.

The Final DOL Overtime Rule

The Final Rule, announced on May 18, 2016 by President Obama and Secretary Perez, can be summarized as follows:

  • The salary threshold for exempt white collar workers will increase from $23,660 a year (or $455 per week) to $47,476 a year (or $913 per week).
  • For highly compensated employees, the salary threshold will increase from $100,000 a year to $134,000 per year.
  • Employers can use non-discretionary bonuses, commissions, and incentive payments for up to 10% of the minimum salary if these amounts are paid at least quarterly. 
  • Minimum salary levels will additionally be adjusted every three years, beginning in January of 2020.

Impact on Employers

The overtime rule will require many employers to reevaluate their workforce and pay structure.  There are several steps employers can take to comply with the new regulation, including:

  • Increase their employees’ salaries to meet the new threshold;
  • Limit workers’ hours to 40 per week;
  • Convert their exempt employees to non-exempt, hourly employees;
  • Or employ a combination of the above strategies.

The DOL’s new overtime rule will present numerous challenges for many businesses as they struggle to weigh the costs of raising base salaries or reclassifying workers.  Businesses with questions about the new overtime rule should contact the South Carolina business and employment law attorneys at Willcox, Buyck & Williams.  With office locations in Florence and Myrtle Beach, we serve businesses throughout Florence, Marion, Horry, Darlington, and Georgetown Counties.  Contact us today to schedule your initial consultation by calling us in Florence at (843) 536-8050 or Myrtle Beach at (843) 461-3020.

 

 

 

 

 

 

 

 

 

 

 

Corporate Law Tax Updates

As a small business owner, compliance with business and tax laws are likely at the forefront of your to-do list each month. Most notably, compliance with state and federal tax laws is one of the simplest ways to avoid fines and penalties – as well as insulate the business from unnecessary auditing and records inspection.

As the current quarter nears a close, the following corporate law tax changes me be of assistance to your business as you prepare your filings. As always, if you have business law or tax-related questions, the knowledgeable attorneys of Willcox, Buyck & Williams, P.A. can help ensure seamless compliance with all applicable regulations.

#1: Federal PATH Act: The “Protecting Americans from Tax Hikes” Act of 2015 was signed into law in December 2016, perpetuating several temporary tax breaks for business into permanent status. The impact of the passage of the PATH Act will vary depending on the type of business involved, but many stand to benefit from some of the nuanced provisions of the Act – so plan accordingly. As well, the Act was enacted retroactive to the beginning of 2015, thereby maximizing the possible available savings.

#2: Property Deductions (Section 179): Businesses are now permitted to deduct up to $500,000 in new or used purchases of property (a steep increase from the former maximum deduction of $25,000). Only catch? The property must have a “class life” of at least 20 years to qualify for the deduction.

#3: Medical Excise Tax: For the 2016 and 2017 tax years, all excise taxes formerly imposed on the sale of medical equipment and devices will be alleviated, saving healthcare businesses 2.3 percent.

#4: Work opportunity tax: Under currently laws, the Work Opportunity Tax Credit will be extended, allowing businesses the opportunity to qualify for credits upon hiring veterans and those enduring long-term unemployment.

#5: Bonus Depreciation: Businesses may now (through 2017) write off 50 percent of the costs to acquire qualified new assets with a recovery period of 20 years or less. The recovery amount decreases to 40 percent in 2018 and 30 percent in 2019.

If you would like to speak to an experienced attorney about your corporate compliance issues, please contact Willcox, Buyck & Williams, P.A.

Court Decision in Favor of Employer in Disability Accommodations Case

How accommodating does an employer have to be to an employee with disabilities?

A case was recently brought before the 4th U.S. Circuit Court of Appeals concerning a disabled employee seeking accommodations beyond those required by the Americans with Disabilities Act (ADA). Both ADA federal regulations for businesses with more than 15 employees and state laws for smaller businesses require that employers make “reasonable” accommodations to disabled employees unless doing so would create “undue hardship.”

The case in question involves a man who worked as a human resources specialist for the Durham Veterans Administration Medical Center in North Carolina from 2003 until his termination in 2011 for poor job performance. The employee suffers from dyslexia and attention deficit disorder (ADD). For most of his time working for the Veterans Administration, he did not request or receive special accommodation and his work was considered acceptable. His duties included customer service, recruitment, and providing technical advice and assistance.

About one year before his termination, however, he received a poor performance report. At that time, he was given a Performance Improvement Plan which he successfully completed. Nonetheless, in May, 2011, for the first time, he made a request for accommodation of his disabilities, including that his duties be limited and his performance standards lowered; he also requested an assistant. He stated that, due to organizational, leadership, and technological changes, his job had become untenable and that he had been “hospitalized twice due to the stress of the position.”

In response, the Durham Veterans Administration Medical Center offered him a possible transfer to a less stressful, albeit lower-salaried, position, but he refused. He said he was interested only in the chaplain or patient advocate position, but neither was available. At this point, the employee filed a formal Equal Employment Opportunity complaint and in August, 2011 was terminated for documented performance violations, including failure to perform necessary tasks in a timely manner.

The employee sued under the Rehabilitation Act and the U.S. District Court for the Middle District of North Carolina dismissed the lawsuit in favor of the employer. Although the employee appealed his case to the 4th U.S. Circuit Court of Appeals, the appellate court upheld the lower court’s decision. Both stated that employer was not compelled to change either the employee’s workload, its own performance standards, or to hire an extra employee to assist him.

If you are having legal difficulties with employment or labor law issues, or would like to discuss other business-related matters of law, please contact one of our highly qualified attorneys at Willcox, Buyck & Williams. Serving clients throughout South Carolina, we can be reached at: 843.536.8050 or 843.461.3020.