Return To Mondaq Homepage Media, Telecoms, IT, Entertainment
Preview most recent added content
Click to ask the author from Appleby a question

Bermuda: Dynamic Tension: Business Need Versus Business Exposure; The Systems Auditor As Referee

14 August 2001
Article by Warren Cabral

Introduction

It will probably come as no surprise to anyone in this room to know that Appleby Spurling & Kempe is bombarded with pornographic and other inappropriate images and digital files every day. Similarly, hundreds of jokes and other non-business messages are sent to our system daily, not to mention viruses. Our information systems auditors routinely spend long nights and weekends restoring systems after an attack. I am sure you will empathise. But can you empathise with the lawyers and other internal "customers" of the firm who are frustrated by the successful guardianship of our vital information systems? It sounds ironic doesn’t it, but would you believe there is a degree of frustration and tension between the users of a system and the guardian angels who keep it going?

I mentioned pornography. We all agree that our systems should not be abused to allow outside parties to send such material across our network, whether to our own people or to others. The law tells us so, the E-Commerce Code of Conduct tells us so, and common sense tells us so. But to a computer, what is pornography? It is nothing more than an image file. And that’s where bona fide users get annoyed. Many image files are perfectly innocuous, yet they get caught up in the sweep of auditing done to protect us from "naughty" image files. The good get tarnished with the bad.

Our initial response, which was the source of much of the tension in this area, was to block all image files, and to send a message back to the original sender of the email attaching the image. The sender would receive a notice saying that the file had been blocked because it contained an image. The intended recipient of the message remained in ignorance of the events until he or she more than likely received an irate phone call from a client saying that the message had been blocked.

You can imagine the phone conversation:

Sender (client):

" Hello John, your stupid computer system has rejected me!"

John (attorney):

" Sorry to hear that, client, but I am not sure I know what you mean?"

Client:

"I tried to send you an email but it got rejected"

Attorney:

"But that’s not possible, the system’s working fine. I have received many emails this morning"

Client:

"Then one or other of you don’t know what you’re doing, because I have the message right in front of me- and pretty rude it is too! It says my message has been blocked due to inappropriate content! Who does your IT department think it is? "

Attorney (wildly guessing what to say):

"What exactly were you trying to send me?"

Client:

"You know, that important prospectus for my new business I wanted you to file today. We’re nearly past the deadline. If I hadn’t happened to come in this morning I wouldn’t have seen the rejection. Obviously you don’t know anything about it. I was nearly on a plane—and then nobody would have known!"

Attorney:

"Gosh, I’m really sorry. Let me get my IT guy on the line and find out what’s happened." (he patches in IT)

"Danny, what’s this about an email from Joe Client being blocked?

Danny:

"I don’t know; we’ve had hundreds of bad files coming in lately. Can I check and get back to you?

Client:

"You guys are wasting my time—I’ll find another law firm!"

Does this story sound familiar? It turned out that the "image" in the blocked file was the logo of the company who was issuing the prospectus. And the problem was that the screening systems set up were designed to block all image files regardless of type. That’s the nature of the digital world, it’s automated, and particular file extensions are the only way of identifying files. A computer can’t tell the difference between a picture of corporate headquarters and a picture of the happy hooker!

Incidents like this precipitated a policy review, and the compromise between an absolute block on image files and a general free-for-all was to create a holding pen where images were reviewed for actual content. Protocols were established for time-frames for quick turnaround. Likewise, no message was sent out to the original sender, but instead a message is sent to the intended recipient advising that a file has been received from Joe Client and that it contains an image and that it is under review. This gives the attorney the opportunity to assure the IT department that the content is genuine and harmless, and to focus IT quickly on its review. But it took a lot of tension all round to get us there. Each person has a conflicting need: IT to protect; the attorney to serve the client.

Now, you may say this all sounds obvious and that your IT departments would have had the matter sorted all on their own, or never even set up a block like that, but I am sure you can find plenty of other examples where there has been a dynamic tension between what you, as systems auditors, need to do to protect your systems from harmful files or from supporting content which breaks the law, as opposed to what your internal colleagues need to do to generate business for your company. Business after all is what brings in the dollars to pay all our salaries.

Tension is always present where you have conflicting goals. Both goals may be entirely legitimate. Of course it is OK to protect the expensive systems that companies have invested in so heavily. It would be negligent not to. Of course it is OK to want to render fast, seamless, and smooth service to the clients who pay our bills. It would be economic suicide not to. So how do we resolve the conflicts between these two goals? What follows in this presentation is to examine what the sources of risk are, and how tension can arise in dealing with them. I may even suggest a few compromises between absolute security and open business efficiency.

I will examine how Information Systems auditors are the gatekeepers or referees who make strategic decisions about protection versus efficiency. They have to referee the business users of the system within the rules of configuration and security. I will assert that such decisions can only be made in consultation with end users, with an eye to how your business’ clients will perceive whatever it is that you do. I will assert that auditors need to take a certain degree of risk, in agreement with senior management, otherwise the chances for business success are not being optimised.

This presentation does not address ordinary systems maintenance to avoid downtime, but rather focuses on the "people risk" element, and that means file content and file usage whether beneficent or malicious, with the systems auditor as referee between the people and the systems.

How Does The Commercial Requirement For A Business To Have User-Friendly Open Systems Conflict With The Risk Exposure To Loss And Liability?

People make money for businesses, or people cause them loss and liability. It may sound simplistic, but in order to make money, people need to be able to act and re-act quickly to market information and customer demands. In today’s world this means accessing emails, web sites and networked services smoothly and quickly. It means empowering all levels of an organisation to deal with clients and access important company information and data. But, of course, the minute you give a wide body of people wide access to vital systems and data, the opportunity for mischief arises.

Sometimes, the "bad guys" are outside the organisation. We all know what hackers can do, and likewise what the pranksters who create and transmit "viruses" can do. However, auditors probably more than anybody will be familiar with what the "good guys" can do. And that means a company’s own employees. Carelessness, failing to log-off, mis-using systems in an "honest mistake" all occur daily. Perhaps employees simply wish to copy data for home use, or to "lend" it to a friend. And it gets worse if employees are disgruntled for whatever reason, when they may even actually try to sabotage the systems. There is also a very real threat that a business rival will either infiltrate one of their own employees into your organisation, or simply subvert one of your existing employees.

So a conflict arises. How can auditors track what is going on within an organisation, ensure that access to vital data is open, but not insecure, and yet not impede the freedom of action required in today’s work environment? So the conflict is between security and access versus speed and efficiency. How many people should access what systems and when and how? Should there be a limit on the authorised users of particular systems? Should their systems be accessible offline only or online? Should particularly sensitive systems be accessed via one terminal only? All of these choices have implications for user-friendliness. Without ease of use, however, the organisation cannot function as effectively in today’s competitive market.

Ease of use in this context must mean that an authorised user can effect a communication or obtain data without error or no-access notifications, without time delay and with data integrity on forward transmission. That’s a tall order. And it conflicts with the systems auditors’ primary duty to keep track of file access (a monumental task) to verify authorised usage and to maintain gateways for security purposes.

So how can a resolution of the inherent conflict be reached. First let us look at what some of the risks are, and then see how they can be dealt with; ideally in a way that meets the need for security and the need for freedom.

From Hacking To Defamation To Breach Of Regulations And Data Protection Rules, A Company’s Exposure Increases With Every Partner Able To Use The Company’s Information Systems.

Again, it’s all about people. The more people who can access your system, the greater the risk.

Hacking

We mentioned hacking earlier. Essentially, if you have a link to the outside world, you are at risk. The risk is of damage or loss to vital data. Equally, it is the reputational risk to your organisation: who would trust their money or credit card details to an organisation that gets hacked? As you all undoubtedly know, any 17-year-old can come in over the web and attack your system. That’s why you all no doubt have firewalls, which you assume are effective. But people are the problem, and people wander in the front door in a variety of guises. Once inside, there’s no saying how they may acquire passwords, dial-up numbers and find other ways in to your "fortress" system. But do you want a fortress, even to prevent hacking, if to do so means your co-workers can only get on the Net with special permissions and assistance. Surely, the better approach is to institute protocols for screening visitors and rotate passwords? There are plenty of low-tech, user-friendly solutions to hacking risk: people preparedness.

Computer Misuse By Staff

You will have heard many times that the true value of a company these days lies in its Intellectual Capital. What that is, of course, is its people, know-how and databases. Unfortunately, Intellectual Property is the most vulnerable to theft and misuse. Whether innocently or maliciously co-workers can gain access to confidential information or general databases. The information can then be copied, deleted, altered or broadcast. Proprietary business systems or business methods can be leaked to competitors. Sensitive, perhaps embarrassing information could suddenly appear on an Internet bulletin board. The only way, it might appear, to protect against this risk is to keep all these intellectual assets under lock and key. But as I say above, if you do that, how can productive workers use them to make profits for the company? Information systems auditors play a key role, therefore, in working with management in establishing appropriate flexible security and staff vetting systems. Auditors must be able to monitor data tampering, but simultaneously allow data flow, for the reasons discussed above. Protocols need to be developed for risk tolerance. And the bottom line is, you need to take some risks if you want to succeed in business. Fortunately, risk management boils down to hiring and retaining the right people. Good hiring practices are the best mitigator of risk. Motivate staff by giving them a stake in the intellectual property they help to create and your systems will be that much more secure and effective.

Alliances

A major feature of doing business today, given the need for global scale and the concentration of companies on their "core competencies" rather than trying to be all things to all people, is the building of alliances. In the bricks and mortar world, we see the One World Alliance of the various airlines so that they can share codes. But equally, in the age of the Internet, and perhaps less visibly, there are essential alliances necessary in order to deliver even the most basic products: take books. Amazon.com has to work in electronic tandem with its own book indexing system, non-proprietary warehouses, payment systems and banks, courier companies, shippers, and rare books acquisitions teams among others. Each one of these is plugged in electronically into Amazon.com headquarters and systems. Just like the internal staff of any company, each one of these "partners’ represents a security risk once they are hooked to a company’s system. Certainly access can be restricted to non-related parts of the alliance service, but once there is a route in a "partner" could have access to do wrong if the partnership ever falls apart. Indeed, there need be no difficulties between the partners, just simply a disgruntled employee of any one of the partners who can then infect the whole chain of relationships. What can Auditors do about it? They must be involved with management from the very early days of discussing trading partnerships which involve a mutual electronic hook-up. There must be early planning of security structures which firewall each separate partner from the other except in relation to the mutual project. Each partner must have similar staff screening systems to the other.

Distance Workers

Virtual Private Networks, dial-up access, wide-area networks. They sound great for enabling travelling members of staff or distance-commuters to log-into their company’s systems. Certainly, I myself was a distance commuter for several months a few years ago, though I used principally email. But the same principles discussed above apply. The minute there is an external line into your network, there is risk exposure. Auditors need to be particularly vigilant with distance workers, who themselves may not be technologically savvy and that adds an extra dimension of risk in that travelling workers may leave passwords on laptops which are then stolen or accessed by unauthorised persons. Distance workers present a very real risk, in that they may easily be subverted, and operate their computers without any risk of physical oversight.The dynamic tension between business need and security in this instance tilts heavily in favour of the auditors, who should be setting strict guidelines for distance workers on systems security.

Interactive Web Sites

My firm, for example, has an interactive web site called www.justaskinc.bm. The servers are separate from our main system, and thus there is no direct connection with our main network. So where is the risk? Well, it’s not direct to our network, but there are substantial risks to our reputation if it all goes wrong in some way. If people who use the service lose their data, or we fail to deliver a company due to systems error, or, worse, if the data we have collected is stolen or abused we are exposed. We are fortunate first in having web support engineers who act as auditors and monitor all traffic. But this all serves to illustrate what you as systems auditors need to ensure in relation to online, particularly interactive sites operated by your companies. Just to be clear, by interactive I mean that there is real time querying of a company’s data by its clients on payment of a fee, and whereby services are initiated by dynamic questionnaires that inform the resulting service. What can go wrong is many and various, but it is particularly on the payment side that there needs to be very careful interaction between the systems auditors, the company’s finance department and the online payment gateway company. Otherwise there is exposure to credit card fraud, or client denial of a previously authorised credit card use. Getting your systems wrong can result in clients "charging back" the debit to their credit card. This imposes costs and penalties on your company. And yet, the controls you institute cannot be so rigorous as to slow down the interactivity. What degree of risk can you afford to take?

There is a huge degree of tension between the business people who have conceived the web service. The marketing people who promote it and the engineers who run it. Only by arbitrating risk can this tension be resolved. Everyone wants the systems to be fast and easy to use. Yet everyone wants it to be 100% reliable and secure. These aims are not necessarily mutually compatible. Trade-offs will be necessary to get to launch and to react competitively afterwards. Systems auditors will be the key arbiters of these risks, and should be suggesting solutions which do in fact carry some risk.

Corporate Bulletin Boards & Chat Rooms

Systems auditors sometime need to be moral policemen as well as technical officers. It may well be that there is a duty on auditors to be the "web master" of corporate bulletin boards or of employee access to chat rooms. At any rate, auditors will need to ensure that somebody from management is reviewing bulletin board usage by staff. The risk is that either confidential information will be posted, causing liability to clients and loss of business to the company itself. Or that something damaging will be said about a competitor which will amount to defamation, thus opening the way to lawsuits and huge damages. Auditors are on the front line to defend their companies against such risks. Here again the dynamic tension tilts in favour of the auditor. There is only perhaps marginal economic value in chat rooms, though internal bulletin boards may have more value. Appropriate screening needs to be instituted so that doubtful material can be removed. Certainly, the law courts have found liability where a company knowingly allows defamatory or confidential material to remain on bulletin boards. And, further, companies have what is known as "vicarious" liability for messages posted by the employees on outside chatrooms.

Extranets

There is an increasing practice for companies to create extranets with their clients whereby key business partners can view their files held by the other and generally share information in relation to their mutual dealings. All of the same concerns apply as expressed under Alliances above. There is also of course the added concern of violation of confidentiality, where one client accidentally or maliciously is able to view the client data of another client. Here there is a dynamic tension between the ease of use by the client and the absolute necessity to preserve confidentiality. The security systems for firewalling data belonging to different clients must receive particular focus, and there must be staff training to ensure that access to non-authorised data is not inadvertently given out.

IS Auditors Play A Vital Role As Gatekeeper

I have tried to explain above the vital role that systems auditors play in the modern economy. Certainly in your own jobs you will be aware of the sensitivity of the material you encounter. One can learn a surprising amount about the operation of the business by watching what runs through the pipes. So there is a heavy responsibility on the auditor. This responsibility starts well before anyone switches on their computer in the morning. Auditors in my view must be involved from the initial stages of a businesses investment in systems in planning security and monitoring systems, and into the mix of their considerations they must bear in mind the dynamic tension with the business needs of the organisation. Auditors are gatekeepers. Since you have your finger literally on the switches which control the flow of data, since you have the capacity to view people’s sessions as they happen live, there is a tremendous responsibility to ensure that the systems are being used properly. Yet you cannot abuse that power, because to do so is to reduce the economic opportunities of the organisation. So what then should auditors do to get the balance right, to keep the door open wide enough to enable effective commerce but closed enough to keep out the bad guys. How do they referee the conflicting needs of business and systems?

Ensuring The Door Is Open Wide Enough For The Company To Profit From Its Investments In Systems, But Closed Enough To Prevent The Bad Guys From Getting In, Or Privileged Information From Getting Out.

I am a great believer in the "keep it simple" philosophy. I also believe, and I can’t emphasise this enough, in getting in the right people from the outset. This is in fact the single most important thing to prevent internal fraud and subversion. If your staff are competent and committed to your business, not themselves or someone else, you will be fairly safe. Thus, I would advise against creating systemic risk before you even get started. What that means is the more independent systems which try to link together the worse it is. Wherever possible try to build unitary systems, and then control access by a combination of well-trained and well-screened people using clever password security systems. If you have numerous separate databases being run with numerous different front ends from different locations, it is inevitable that you will be exposed to risk. You can respond harshly, and then slow down the business or you can respond pro-actively by working towards simpler more inherently secure systems. Where there is "inherent" security, you are then able to be more flexible with the users. The dynamic tension eases.

So, where you have one door, it is easier to keep it open to the right degree. But the more doors you have the more difficult it is to monitor them and the more tightly jammed an auditor might feel each one needs to be to be, simply because of the difficulty of keeping track of so many at the same time. Again, unify systems, limit the routes in, work with the users and you will be able to find that delicate balance between protection and profit.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Specific Questions relating to this article should be addressed directly to the author.

View Popular Related Articles on Media, Telecoms, IT, Entertainment from Offshore
Remote Gaming In Malta - Our Service Offering
In the last few years, a large number of remote gaming operators have established themselves in Malta.
CISO – The Voice For Information Security
Business leaders have come to realise that their organisations’ dependency on information technology is now more prevalent than ever.
How Firms Can Implement A Social Media Strategy
Facebook, Twitter, e-mails, blogs, YouTube, Linked-In and Skype - words that we are all familiar with as they permeate our day-to-day lives.
Opportunity Calls - An Update On The Evolution Of Mobile Payments
At the latest iPad launch event, Apple CEO Tim Cook announced that we have now entered the post-PC era.
The Future Of Gambling: A Multi-Faceted Quandary
By creating a highly regulated environment and enticing fiscal incentives, Malta has been on the winning side of the sphere and many operators have set up or relocated to the island.
Averting A Digital Pearl Harbour?
This year could well be remembered in technology law circles as the Year of the Acronym. From SOPA to PIPA to ACTA and we are still in the second quarter of the year.
E-Commerce - Thinking Tax
Login
Register for Free
First Time Here?
 
Mondaq Topics
 
Our Services
 
About This Site
 
Advertise with Us
Unsubscribe
Copyright
Close Me
Register for Access and our Free Biweekly Alert
About You
Title Forename Surname
Email Address
Company Name
Password Confirm
Mondaq Topics --Select your interest
Accounting and Audit Anti-trust/Competition Law Consumer Protection Corporate/Commercial Law
Criminal Law Employment and HR Energy and Natural Resources Environment
Family and Matrimonial Finance and Banking Food, Drugs, Healthcare, Life Sciences Government, Public Sector
Immigration Insolvency/Bankruptcy, Re-structuring Insurance Intellectual Property
International Law Litigation, Mediation & Arbitration Media, Telecoms, IT, Entertainment Privacy
Real Estate and Construction Strategy Tax Transport
Wealth Management  

Regions
Worldwide Updates Africa Asia Asia Pacific
Australasia Canada Caribbean Europe
European Union Latin America Middle East U.K.
United States  

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.

Disclaimer

Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.

Registration

Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.

Cookies

A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Links

This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

Mail-A-Friend

If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.

Security

This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.

Mondaq 1994-2013.
All Rights Reserved