Welcome to the January issue of the Credential Check Examiner! This month we will look at international anonymous incident reporting, more on the attorney client privilege, and the latest IRS trends. Please feel free to offer your feedback. We appreciate hearing from our subscribers.

On November 10, 2005, the French data protection agency, Commission nationale de l'informatique et des libertés (CNIL), released a document containing detailed guidelines for European Union (EU) operated companies related to the implementation and existence of anonymous incident reporting systems.

The widespread use of whistleblowing systems, including hotlines and other such solutions in the United States, stems from legal obligations of corporations under the Sarbanes-Oxley Act (SOX), Section 301.

"Under SOX, employees who blow the whistle on financially related improprieties have, in addition to protection from retaliation, the opportunity for monetary damages if they are subjected to any type of retaliation," said Timothy D. Whiting, Director of Applicant Screening for Credential Check Corporation.

The formal guidelines stem primarily from two cases involving the well known McDonald's France fast food restaurant and the retail giant Wal-Mart. McDonald's France sought permission to implement systems allowing its employees to report workplace misconduct on the part of managers in an anonymous fashion either via mail or fax. The ruling against McDonald's was based on the fundamental principles of individual rights to privacy.

Wal-Mart's German subsidiaries implemented a code of ethical conduct and an anonymous alert hotline for employees to report workplace misconduct while maintaining their identity. Similarly to the findings of the French Data Protection Authority in the case of McDonald's France, the German Labor Court ruled the implementation of such an ethical code (and specifically certain rules within the code) may violate the personal rights of employees and that an alert hotline was invalid without prior approval from the company's works council. Not surprisingly, such rulings have resulted in widespread ambiguity for US based corporations who have multi-national interests.

In an effort to clarify the legalities surrounding anonymous reporting systems in the EU, below is a brief summary of the CNIL guidelines:

• Whistleblowing systems must be designed as solely complementary to other reporting systems in companies and should be limited in scope to include financial, accounting, banking, and anti-bribery matters.
• Controllers of such data must clearly indicate that the whistleblowing system is strictly reserved for financial, accounting, banking, and anti-bribery matters only.
• Employers must not encourage employees to utilize such systems in an anonymously.
• Only relevant data should be included in a report of wrongdoing with the wording used in the report expressing that the facts are alleged.
• The collection and handling of reports must be entrusted to individuals within the company with specific training and are bound by a contractually defined obligation of confidentiality.
• Data relating to a report found to be unsubstantiated by the entity in charge of processing such reports must be deleted immediately.
• The alleged wrongdoer must be informed of the entity responsible for the system, the facts he is accused of, any departments which might receive the report, as well as how to exercise his/her rights of access and correction.
• Any person identified through the whistleblowing system may access data concerning him/her and request, as applicable, its correction or removal.

top

The IRS has more than doubled its examination activity for small firms in the fiscal year of 2005. Approximately one out of every 127 returns from corporations with total assets of less than $10 million were examined in 2005, twice the rate of 2004 according to the IRS. Small business owners should take notice and prepare for every year as if this was the year of their audit.

Individual IRS examinations are increasing as well with approximately one out of every 108 tax returns being audited in 2005 as opposed to only one out of about 130 in 2004.

It should be noted that the vast majority of individual examinations (about 80%) were correspondence audits, or audits of a particular tax issue. Furthermore, face-to-face audits are becoming exceedingly rare with approximately one out of 526 returns receiving such attention.

Source: Kiplinger Tax Letter

top

At least two dozen Red Cross contract workers have been indicted for filing false relief claims and collecting funds earmarked for victims of Hurricane Katrina. The fraudsters created fake accounts issued relief checks.

A Western Union employee notified authorities after she observed the same individual visiting the same store multiple times to pick up wire transfers. Red Cross employees also became suspicious after noticing an unusual amount of funds going to the Bakersfield, CA Western Union thousands of miles away from the areas affected by Hurricane Katrina.

"The FBI's investigation is expected to last several months and will look at thousands of other claims made in California and other states," said George M. Patak, Risk Management Consultant for Credential Check Corporation.

The Red Cross has admitted that its system for receiving charity funds was not perfect, and that a premium was placed on having the necessary support in place to receive the high volume of donations.

Source: http://www.cnn.com/2005/LAW/12/28/katrina.fraud/index.html

top

Attempting to secure the perfect domain name for your website can be tricky, especially if the name you already want is already taken. Oftentimes there may not even be a functional website at that address, yet someone has purchased the rights to the name.

Visiting a site like Whois.com can yield some information as to who owns the domain rights and for how much longer. Such sites can even help put you in touch with a broker who can attempt to purchase the name for you from the owner.

Domain rights expire in stages. When a domain owner allows its ownership to lapse there is time period of anywhere between 10 to 45 days (depending on the domain registrar) during which the now previous-owner has a chance to reacquire the rights. When a domain is actually released to the public after it has expired, it is not broadcasted for all to see although sites like Dropwatch.com are attempting to change that. One who lives in hope of acquiring the claimed domain must now monitor the various domain registration sites vigorously, or bring in assistance.

There are services and brokers who can scour for the availability of domains that are due to be available to the public. Check out these helpful sites:

• Snapnames.com
• GoDaddy.com
• Enom.com
• Pool.com and
• Dropshark.com

top

The advent of the Internet has brought with it innumerable challenges for our legal system not the least of which includes the vast amounts of unsolicited email swimming through cyberspace.

We all well understand the inconvenience and annoyance associated with receiving slews of spam or "junk" email and the impact it has on our ability to most effectively use email as the timesaving communication tool that it is. However, the Federal Trade Commission (FTC) recently announced in a report to Congress that the incidence of spam email has actually declined by as much as 9% in the two years since the CAN-SPAM Act of 2003 was enacted. This legislation contains four primary provisions:

• Header information must be accurate. The Act prohibits false or misleading information to be contained in the "From" and "To" sections of the e-mail's header. The originating domain name and email address must accurately identify the initiating party.
• Recipients must be provided with a method by which they can request to be removed from the mailing list for future correspondence. The method must include a return email address or other internet-based response mechanism.
• Subject lines cannot be deceptive or misleading in any way regarding the subject matter contained within the email message.
• Commercial email must contain a valid physical postal address for the sending organization and must identify itself as an advertisement or solicitation.

top

This is the second article in a two-part series addressing the attorney-client privilege. Last month's article defined and discussed the nature of the privilege and how it may apply to your organization.

Here are some common mistakes that may nullify the attorney-client privilege:

Inadvertent Distribution - Disclosure of confidential communications between an attorney and his or her client to individuals who have no decision-making authority over the scope of the incident will void the privilege. Moreover, disclosure to individuals without direct responsibility for the matter communicated can also void the privilege. The most common real world example is through e-mail. Confidential e-mail communications can be accidentally or inadvertently forwarded outside your organization with great ease and harmful consequences. Many organizations that regularly deal with private and confidential information have instituted formal policies mandating that all emails include a confidentiality statement.

Partial Disclosure - Disclosing part of a discussion or advice rendered by your attorney may negate the privilege. You may be tempted to disclose what you conclude to be superficial or cursory information to answer questions with regard to how you came to a decision. For example, you might be asked "Why are your procedures that way?" and a common response might be "Because our attorney suggested we develop such a procedure." At first thought, this is a rather innocuous statement.

However, should this conversation either proceed to, or result in, litigation, it can be argued (and most probably with great success) that your partial disclosure constitutes a forfeiture of the privilege. If you are aware that a conversation is privileged, do not disclose even seemingly harmless content.

Using your Counsel as an Investigator - Probably the most common mistake with regard to investigations of whistleblower, sexual harassment, or most any type of workplace misconduct claims, is to use your attorney to investigate the claim. For example, in a sexual harassment claim the amount of time an individual has to endure the harassment is paramount to the penalty imposed on the organization. In making the claim that the harassment was dealt with in an expedient manner by your organization, you may have to make the investigator, in this case the attorney, available as a witness. In doing so, the attorney would have to disclose any relevant information eliminating the privilege and confidentiality.

Clearly, working with your attorney to formulate specific protocols with regard to the attorney-client privilege as it relates to your organization is extremely important. By following some simple guidelines you can assure that your organization is in the best legal position moving forward.

The advice given in the article above is not intended to serve as legal advice.

top

Quote of the Month: “Human beings, by changing the inner attitudes of their minds, can change the outer aspects of their lives.”

-William James (1842 - 1910)

top