This week saw the Information Commissioner’s Office (“ICO”) issue its largest monetary penalty to date of £130,000 on Powys County Council in Wales. The breach – the Council sent personal details of a child protection case to the wrong recipient – is unfortunately not that uncommon and the penalty is the third monetary penalty issued by the ICO to a council in the last month, all for similar incidents. Data protection compliance would appear to be a serious issue amongst councils and whilst there are examples of good practice there are equally examples of poor practice too.

What happened? The breach, which was made by the council’s social work department in February involved staff mistakenly combining two separate child protection reports which they then failed to check before they were sent out, so that confidential information was sent to the wrong recipient.

Why such a huge fine? The ICO decided to serve the £130,000 penalty because:

• This was the second breach by the council involving the same recipient- an almost identical breach was made in 2010;

• In both incidents the recipient knew the identities of those detailed in the confidential information because they lived in the same area;

• The council failed to put in place appropriate procedures for the processing of personal data and failed to train its staff in such procedures and;

• The breach was considered likely to cause substantial distress to those involved The ICO has once again demonstrated that it is not afraid to serve large penalties and also publicly name and shame those organisations that breach the Data Protection Act; however once again the fine is on a public authority and ultimately is a penalty on the tax payers of that community…

A copy of the ICO’s decision can be found here: http://www.ico.gov.uk/what_we_cover/taking_action/dp_pecr.aspx


The Patent Box   

What is The Patent Box?

The Government is eager to encourage companies involved in the development, manufacture and exploitation of patents in the UK (see its document “Corporate Tax Reform: Delivering a More Competitive System”) and to this end, it commenced its consultation on a preferential tax regime for those profits which arise from patents late last year. The proposed preferential regime for profits resulting from patents has been called the “Patent Box”.

The proposed Patent Box regime would allow companies to elect to apply a 10% corporation tax rate to profits arising from or attributable to patents.  The regime would work by allowing companies to claim an additional tax deduction against profits which fall within the regime, with the result that the effective rate of tax on those profits would be 10%.  It is proposed that the regime will apply to profits arising after 1 April 2013, and that the full benefit of the regime will be phased in over a five year period.  As a consequence of responses to the initial consultation it is now proposed that the regime should apply to all patents, not just those first commercialised after 29 November 2010. 

It is intended that draft legislation for inclusion in the Finance Bill 2012 will be published this autumn.

What is the purpose of the Patent Box

The Government aims to support innovation through the Patent Box, but taxation and innovation are not natural bedfellows!

The consultation on the Patent Box, which is now closed, is part of the Government’s wider consultation on measures intended to ensure that the UK’s tax system is the most competitive in the G20; making the UK the best location in Europe for starting and expanding a business. 

The Government hopes that the preferential regime will encourage companies to locate high-value jobs related to the development, manufacture and exploitation of patents in the UK and assist in furthering the development of a “high-tech manufacturing economy.” The idea is to motivate companies in the UKto retain and commercialise any existing patents and to design new cutting edge patented products. Companies who actively further these objectives will, it is suggested, prosper as a result of the scheme. The Government intends that the rewards available under the Patent Box regime should only be available to those who are actively developing patents rather than those who are passive in the process and merely benefit financially from holding patents.

The proposals for the new regime have been widely welcomed, but some commentators have suggested that the new regime will simply add to our already overly complex tax regime and do little to promote new research in the UK as the benefits arise as a result of the income generated from the patented technology as opposed to the commissioning of the research itself.

So what are the key points?

Qualifying Patents –The proposed Patent Box regime is intended to apply to worldwide profits resulting from “qualifying patents”; which are patents granted by theUK’s Intellectual Property Office (IPO) and the European Patent Office (EPO). As the invention is individually examined by an independent patent authority prior to being granted thereby ensuring that the invention meets the requirements of being genuinely novel and useful, this, it is argued, is fundamental to the success of the Patent Box initiative as it makes certain that the tax benefits are focused on real technological advances. The Government has yet to determine whether the patent regimes of other Member States should be included within the Patent Box.

In terms of the application of the Patent Box, it will cover owners of patents as well as patent rights which are derived from an exclusive licence. Patents designed under partnership, joint venturing and cost sharing arrangements will also benefit from the Patent Box regime, so long as certain conditions as to the development of the patent are satisfied.

In addition the tax discount will apply to acquired patents, provided the Company can show that they participated in developing the patent.

 Qualifying Income- At present it is proposed that the Patent Box will cover the following income types:

  •  Income from royalty or licence fees for use of patented inventions;
  •  Income from the sale of products incorporating the patented invention (“embedded income”);
  •  Pre-grant income (note that this is subject to a four year limitation);
  •  Damages for patent infringement will also be covered by the Patent Box;
  • Income from spare parts for a qualifying product;
  • Income from the sale of patents; and
  • Income from licensing products genuinely related to the patent.

 The types of income which will fall within the regime was part of the consultation which has just closed.  This is something which will require close scrutiny when the draft legislation is published this autumn.

 The current proposal is that Patent Box profits will be calculated by applying a three step formula,  based on the recognised transfer pricing “residual profit split” method of determining patent profits.  Again the exact formula which should be used to calculate the Patent Box profits has been subject to further consultation in the consultation which has just closed.

 What should we take note of?

 The Patent Box regime demonstrates the Government’s commitment to encouraging innovative Companies and the creation of patented designs. Arguably, the Patent Box scheme should create a greater demand for the grant of UKpatents at an early stage since the patent will qualify for patent box relief in full from the date of grant.

 Once the final details of the Patent Box  regime are known it will be important to be aware of the potential tax implications which could arise in any transaction involving qualifying patents. 

One issue which may cause some difficulty is how to interpret an “active” development of the patent and how this can be demonstrated by a company. Clarification of this requirement would be useful, based on the information which is currently available, it seems relatively clear that companies should either remain actively involved in the ongoing decision making regarding the exploitation of the patent or have carried out substantial work to develop the patented invention or its use. 

For businesses involved in the development of patents it is important to note that at present there is no “clawback” power; if a patent is revoked at a later stage then the company will not have to pay the tax they saved back. This should provide some reassurance to those creators already reluctant to register their inventions.

 It is also important to note that anti-avoidance rules are in place to ensure that there is no abuse of the Patent Box scheme.

I have been assisted in the production of this latest blog by my colleague Ainsley MacLaren, Corporate Tax Partner of MacRoberts LLP, to whom I am grateful for her thoughts and comments.

#IP #Innovation #Tax #PatentBox #Patent

Beggars Belief”: ICO insists on prison time for data thieves

This was meant to be a short piece simply reflecting the facts of the particular case and that the ICO has called for custodial sentences. I am, however, of the view that there needs to be greater use of the powers currently available to act as both a deterrent and to protect the general public from misuse of our personal data. I apologise in advance for committing a ‘bloggers sin’ – this blog is not short!

The call for custodial sentencing

Information Commissioner Christopher Graham has called for custodial sentences to be available to the courts in an attempt to deter cases of unlawful use of personal information. The demands follow the shocking news of a sex offender’s wife pleading guilty to illegally accessing personal data belonging to the victim by abusing her position as a bank cashier. Mr Graham appeared before the Justice Committee earlier this week to discuss his concerns and urge the government to take action.

The disturbing facts of the cashier case highlight the shortfall in the penalties on offer for serious breaches of data protection law. The cashier, Mrs Langridge, accessed the victim’s current account records and personal information relating to transactions, lending and employment details. She maintained that she did not keep a copy of any data nor had she passed on the information to any other party. Her position was that she was only creating a profile of the victim who had claimed her husband was guilty of sexual assault. Brighton Magistrates Court imposed a fine of £800, costs of £400 and a £15 victim’s surcharge. According to the ICO however, the absence of imprisonment as a sentencing option in this case provides an inadequate outcome.

Under the Data Protection Act it is an offence to “knowingly or recklessly, without the consent of the data controller, obtain or disclose personal data.” The maximum penalty for an offence at present is £5000 for cases heard in the Sheriff court (Magistrates CourtinEngland) and an unlimited fine in the High Court (Crown Court inEngland). However, the Commissioner argues that if courts had a wider variety of sentences at their disposal, ranging from fines to prison terms and other penalties depending on what the case warranted, the law would act as a deterrent to those intending to commit data protection violations.

At the moment the punishment does not fit the crime in many cases. Mr Graham commented that “it beggars belief” that in this age where personal details are stored and viewed by many organisations, the consequences for breaching the system does not include the option of prison sentences. The ICO also referred to previous examples of breaches, including T-Mobile employees selling customer data to third parties, highlighting the need for a sanction beyond a financial penalty.

A 2006 government consultation (“Increasing penalties for wilful misuse of personal information”) attracted substantial support from its respondents and thereafter the Government expressed its commitment to the introduction of custodial sentences. During the passage of the Criminal Justice and Immigration Act 2008 the Secretary of State was given a power to introduce a custodial sentence. However, the relevant sections have not yet commenced. How the Justice Committee will respond to the latest requests for custodial sentences is something that will be closely watched in the coming months and years. 

Use of powers available today

Whilst this case highlights that serious data breaches occur and that some individuals can and do abuse their position where they have legitimate access to personal data, it is clear to me that a much bigger concern is the lack of prosecutions made under section 55 of the Data Protection Act. There have been pitifully few. Increasing the maximum penalty and / or providing alternative sentencing powers are only going to act as a deterrent and / or protect the general public if they are used!  But the ICO already has a number of powers available.

The UK Data Protection Act 1998 was amended in April 2010 to create monetary penalties of up to £500,000 which can be imposed for serious breaches of the Act. Despite the powers being in force for over a year, the powers have been used in only a handful of cases and the penalty imposed a fraction of the maximum which can be imposed. Further, the ‘fines’ which have been issued have been in respect of public bodies or ‘quasi-public’ bodies and as such are really only penalising the general public (as it is our taxes which pay for public services and from where the fines are paid!). Where is the justice in this and where is the deterrent?

A strange question you may think – and a more personal blog as opposed to legal one from me today.

By way of some background: I was recently assumed as a partner in the law firm for whom I have been with since 1999 starting out as a trainee (it seems a long long time ago).  I am regularly asked the question how does it feel to be a new partner in your firm? In fact the question is more frequently asked than that old chestnut “how do you find time to tweet and blog and be a lawyer?”

Aside from the administrative matters, life continues with pretty much the same routine (I am glossing over here (of course)). Although I must admit the day I was handed my P45 was pretty weird to see the least (it was one of those big gulp moments for me). However, one particular area of my working life has changed – my scenery on a Wednesday and a Friday – I now work out of our Edinburgh Office, two days a week, instead of spending my working week inGlasgow. I should say that this is not a prerequisite for all new partners at my firm but was something which I have encouraged for reasons which I won’t and can’t go into here, nor is the move itself that remarkable or noteworthy as such.

It is still the early days of  my great adventure to the East and, apart from having to remember to turn right instead of left at the end of the road every morning (yes I travel by CAR!), it has been a most enjoyable experience thus far.  Do I sound surprised, maybe I do, but I have found the experience refreshing. It is surprising how removing yourself from what are conceivably your comfort zones (but really just routines (but then maybe that means your comfort zone!?!)) can be quite a refreshing and rewarding experience.

And hence to the reason for my blog this fine Thursday afternoon in Glasgow.  Networking! Eh? Yes, we all network (some to a greater or lesser extent), and it is seen by most as a must do and by some as a must do but can’t find the time. That said we all can easily slip into one of the cardinal networking sins – retreating to your comfort zone.

Now I am not saying that Glasgow is my comfort zone but how easy would it have been to stick with what I know? Easy? Anyhow, networking for me  is (and this is not an exhaustive nor very learned list) about meeting new people, an opportunity to broaden your knowledge base (intelligence gathering), helping others where you can, creating opportunities to keep in touch with those that you know and develop a meaningful business relationship (and friendship) with and, a great way of getting introduced, by people you already know, to people you don’t! There are no great secrets to networking but being positive, setting yourself realistic and achievable goals, asking the right questions and knowing how to deal with awkward or difficult questions, knowing when to take the time to stand back and survey the scene; and remembering there is good reason for not having a plate and a wine glass together in your right hand – are all important to me – do they equally apply to being a new Partner in a law firm – time will tell.   

#Law #Networking #Edinburgh #Glasgow

Bribery Act 2010 and Adequate Procedures Guidance (the “Guidance”)

Publication of the Guidance was delayed by the coalition, amidst concerns raised by businesses in relation to the new corporate offence under section 7 of the legislation, which penalises the failure of commercial organisations ‘carrying on business in the UK’ to prevent bribery by persons associated to them.

Some of the key concerns raised by the business generally included:

  • a lack of clarity as to the meaning of taking “adequate procedures” in defence of the new strict liability offence for commercial organisations where they fail to prevent bribery by those persons associated with it;
  • that the scope of “persons associated” (defined as one who “performs services for the commercial organisation”) was so wide that not only would it catch employees but could potentially catch joint venture arrangements, parent and subsidiary arrangements, suppliers, third-party agents, consultants, distributors, and subcontractors;
  • the extra-territorial application of the Act (an act of bribery does not need to take place in the UK to be caught under the Act. It is sufficient that the person who commits the bribery offence has a connection with the UK);
  • an outright prohibition of facilitation payments (unofficial payments to government officials); and
  • whether hospitality and corporate entertainment would be considered bribery under the new legislation.

Despite the delay in its implementation, it is important to note that the Act itself remains intact, however the Guidance has, following quite extensive consultation, including a number of ‘road shows’ around the country, been improved upon from its initial draft and provides, on the whole, much needed clarity on those matters concerning business.

Kenneth Clarke, Lord Chancellor and Secretary of State for Justice, stated:

“The guidance does not and cannot change the substance of the Act. But by improving clarity about its intentions, it should arm organisations of all sizes against the fears that millions of pounds must be spent on procedures, that in my opinion, no honest business will require ……. [T]he ultimate aim of this legislation is to make life difficult for the minority of organisations responsible for corruption, not to burden the vast majority of decent and law-abiding businesses.”

Are his words, cold comfort to business or does this herald a common sense approach?

There has been a mixed reaction, very much depending on which ‘camp’ you are in. Some parties who see the impact corruption has on communities particularly in war-torn countries ravaged by poverty and ‘poor’ leadership first hand, have seen the Guidance as providing loopholes particularly to joint venture arrangements in its interpretation of what is meant by “persons associated”. Business has broadly taken an approach ranging from it doesn’t go far enough to at least it attempts to sprinkle some common sense. Perhaps business is more relaxed by the thought that there is recognition that hospitality is an important part of doing business and does not seek to prohibit hospitality and corporate entertainment which is reasonable and proportionate?

One issue that is not mentioned in the Guidance is of course the approach of the Scottish Courts with regard to what the Guidance calls prosecutorial discretion. The Guidance highlights the Joint Prosecution Guidance of the Director of the SFO and the Director of Public Prosecutions Bribery Act Guidance which does provide to some helpful analysis for business when carrying out its risk assessment. But as far as I am aware there is little to nothing by way of comment/guidance north of the Border – if anyone knows differently please do let me know.

This blog is for information only and is not intended to be relied upon and specific advice should always be sought.


What a great subject to talk about on this special day “Roll on Friday”! There seems to be a bit of a spat going on over Stornoway Black Pudding of all things (or Marag Dhubh in Gaelic). And for those of you reading this and who are old enough to remember the Goodies and various references to black pudding and someone called Bertha, this story is made of far more serious stuff and no laughing matter!

For the uninitiated, black pudding is a well seasoned, meaty (it contains beef suet and other ingredients) ‘food product’ and in some quarters, considered a delicacy, but the Stornoway Black Pudding is particularly ‘noted’ for its distinctive flavour, and indeed one I can personally vouch for having sampled it in a couple of restaurants in Glasgow, who are noted for their use of it in their dishes.

It is a delicacy which the Scottish Government are not alone in thinking it worthy of Protected Geographical Indication status (PGI) and they are currently considering an application in this regard; PGI status is an EU ‘scheme’ designed to promote and provide ‘protected status’ to regional products against imposters by hopefully protecting consumers from being mis-lead into thinking they have purchased the “real” deal whilst eliminating unfair competition. You may be interested to read the application and in particular the ingredients section contained at 4.2 of the Specification at http://bit.ly/dXAx0Q (but don’t be put off; it is indeed a delicacy!)

Seeking PGI status is not an easy task nor a short one and indeed this matter goes back several years, and has culminated in an application being submitted to the Scottish Government last year which has had to go through a consultation process. Any objections to that application must be received by 5pm today, 4th March 2011. Only following this and the Scottish Government’s consideration of any objections and their deeming the application acceptable, will the matter then be referred to the Commission. The Commission will publish the application (where the application has met all the necessary conditions of EC Regulation 510/2006) in the Official Journal of the European Union. The purpose of the publication is to permit those parties holding a legitimate objection to raise it, within 6 months of publication. If there are no objections received, the Commission will then proceed to register the name “Stornoway Black Pudding”! Harrah!

Should the application be granted PGI status, it will hopefully bring a welcome boost to the local economy whilst protecting the traditional skills used and providing consumers certainty of the product they are purchasing. I hope they are successful. Watch this space as they say.

This blog post contains my own views; is for comment only and is not intended to be used as legal advice in any way.

I posted a piece on 24th November entitled “First Monetary Penalties issued by ICO for serious data breaches”; following on from this the ICO has today issued two further monetary penalties for serious breaches of the Data Protection Act 1998 on Ealing Council and Hounslow Council. Their actions resulting in the penalties – the loss of two unencrypted laptops which unfortunately contained sensitive personal data. The laptops had been stolen from the home of an employee and whilst they were password protected the data was unencrypted.  The laptops contained data from both Councils.

The ICO held that Ealing were in breach of its own Data Protection policy by allowing the laptop to leave the premises without being encrypted and Hounslow  were in breach of the Act by not having the necessary contractual provisions in place with Ealing Council to allow for the data to be “shared” in this way between the two Councils.  It would also appear that the level of checks and reviews to ensure policies were being adhered to (or understood) were insufficient.

You could take from these latest “fines” that we have learned little so far – unencrypted laptops have featured heavily in the four cases – but perhaps one of the (many) questions we should be asking is why are we imposing monetary penalties on public bodies (three councils and one in receipt of public funding)? Surely when we fine a public body this is tantamount to a further tax on the public – where does the public body get its funding from?  This seems a trifle unfair – or am I missing something. I would like to think that my taxes went to fund the essential services we expect from our authorities?

A second question is of course why are we not handing out monetary penalties to private organisations. We know from the ICO website that private organisation’s are not immune from breaches of the Data Protection Act; there have over the years been numerous sets of undertakings given by bodies who have “promised to do better” where their practices have found to be wanting – has the private sector cleaned up its ‘act’ to the extent that it is not at risk from the ICO? Perhaps they have, however I am sure there are some out there who haven’t, so why is the ICO not tackling them?

The ICO will only issue monetary penalties in the most serious of circumstances (as per his Guidance   http://bit.ly/5byF1f ) and he will take into account the market area which the business operates, its size, the resources the organisation (the data controller) has (very little I would have thought in the case of public bodies) before determining the level of monetary penalty to be issued.  And I quote from the Guidance “The purpose of a monetary penalty notice is not impose undue financial hardship on an otherwise responsible data controller.”  This seems a rather odd statement when you consider that less serious contraventions can be dealt with by way of enforcement notices.  Surely serious breaches require serious consequences?

It will be interesting to see when the ICO imposes a monetary penalty on a private body; from which market sector it will come and what the level of ‘fine’ it will be.