Monthly Archives: January 2016

Are These Five Myths About Data Protection Putting Your Business At Risk?

Whenever I speak to people about Risk Management these days, data protection is always one of the risks I mention, and I am increasingly concerned at the number of times one or more of five popular myths pops up.

These are leading a lot of otherwise good managers to fail to take some of the necessary steps to managing this risk so as to keep their businesses safe.

Myth No.1: “It’s an IT Matter.”

This is usually followed by an invitation to speak to their IT manager, whether within their business or an outside contractor. Here are five reasons why it is wrong:

1. The Human Element. Obviously it is important to have the right software to protect your data from hackers, viruses and malware, but the Information Commissioner’s Office have reported that in the last two years more than 60% of incidents reported to them did not involve any IT failure. Most breaches were caused by human error. Except for those where “error” would be the wrong word, since deliberate wrongdoing was a significant element in many cases. This means it is a matter for your HR manager rather than your IT manager.

2. What IT? It is also important to recognise that most businesses hold and/or process data on lots of devices other than the traditional mainframe, desktop or even laptop computers. The range of items such as tablets, mobile ‘phones, storage devices and planners is growing in number and variety. Most are outside the control of the head of IT in the business.

3. How is data processed? Apart from the obvious data processing activities which take place in the course of business, a lot of data is passed around in various ways, intentionally or inadvertently every day. Some will be communicated verbally, either face to face or by ‘phone. Some will be on paper. The paperless office is not as common as we like to think, if we include everything coming off the printer and all the handwritten notes we all use.

4. Tweet Tweet! We have all noticed how often celebrities get into trouble through unwise comments on the social media. We less famous people also need to be careful. We may actually use such media in the course of our work, but we need to take into account the times we blog or tweet about our work, or just about our day, and find ourselves passing on information or comment that could get us into all sorts of trouble.

5. Where does the buck stop? In Law, the responsibility for data security rests with the business owner or whoever is in overall charge of the business. That person may have sanctions against employees or others but the buck stops at the top. The task may be delegated but the responsibility cannot be.

Myth No.2: “It’s Outsourced!”

Nowadays many businesses outsource a variety of services. IT is one of the most popular, but others include HR, payroll, accounting, maintenance, and even office management. There are many good reasons for doing this, but beware of assuming that this removes all your worries. Here are four of them:

1. The Law. Although you can outsource the function, you cannot get away from your legal responsibilities, as mentioned earlier.

2. Your Image. It is likely to be your reputation that gets damaged if it turns out that a contractor has failed to keep you clients’ or employees’ data safe.

3. The Cloud of Uncertainty. When someone tells you your data is safe because it is “in the Cloud” you should ask what that means. It will be on someone’s computer somewhere. How secure is that? Does your contractor know?

4. The EU. European Union legislation requires all personal data of EU subjects to be held within the EU or in a system which would comply with EU Law if it had been in the EU. Most U.S. companies do not comply with EU Law, not even officially!

Myth No.3: “It’s the Company’s Problem.”

Many people at all levels believe that any fines and penalties will be incurred by their employer, regardless of who has caused the data breach, or how. Here are three reasons why it is not:

1. The Law. Individuals at all levels can be prosecuted and fined or even gaoled if it can be established that they had knowingly disregarded policies and procedures put in place by their employers to protect data. Even former employees are not exempt.

2. Survival. If your employer suffers a financial loss or a loss of business due to a data breach, the profitability or even viability of the business could be at risk. How safe would your job be?

3. Your CV. Your career could suffer if your present or potential future employers believed their data was not safe with you.

Myth No. 4: “It’s a Box-Ticking Exercise.”

There are many things we are all required to do to comply with all kinds of legislation and the Data Protection Acts certainly impose a lot of requirements on everyone. This is also true of the Health and Safety at Work Acts and many others. However, just as I hope you would not want to be the cause of someone’s injury or even death, I hope you would not want a lot of information about your employees or your clients to get into the wrong hands. Apart from the power of the ICO to prosecute you, there are three other good reasons to keep data safe:

1. Civil claims. Even without the DPAs you could always have been sued for negligence or breach of contract if clients believed they had suffered losses as a result of your failure to protect their data.

2. Your reputation. Potential clients and employees might not want to know you if they do not trust you with their data.

3. The consequences. You do not know what would be the consequences if your data got into the wrong hands. Who would they pass it on to?

Myth No. 5: “It’s Only for Big Businesses.”

It is true that there are different legal requirements for different sizes and types of business, but there are two things even the owners and managers of even the smallest of businesses need to remember:

1. The Law. Any business, even a sole trader, can be prosecuted or sued for losing a client’s data. One sole trader was fined £500 in 2012 because an unencrypted hard drive was stolen from his car, putting at risk the data of 250 clients.

2. Trust. Everything said previously about reputation applies to any business.

So whoever you are, whatever size or type of business you are in, you need to forget the myths and take a long hard look at the facts. Then think how you are going to protect your data. Before it is too late!

JOHN HARVEY MURRAY
After studying Economics and Accountancy at Bristol University, John worked in accountancy and audit in several types of local authority prior to becoming Insurance Officer at St Helens Council where he achieved considerable savings in the cost of insurance, which results compared favourably with those of other authorities, according to independent sources. This was achieved by improving claims-handling and risk management as well as by restructuring the insurance programme. John also made changes to the Council’s insurance tendering process in order to obtain the best value for the money spent on premiums.
He is currently self-employed as JHM Risk Management Services, offering RM and liability claims-handling services to businesses and other organisations in Warrington, Merseyside and the North West, to enable clients to save time and stress as well as money. John is a member of the accountancy body CIPFA, is a Registered Practitioner with ALARM, and is a Specialist Member of the Institute of Risk Managers.
John now offers data-protection both as stand-alone and as part of an integrated service, and can help clients deal with claims arising from data breaches as well as from other sources.

Which Legal Entity Is Right for My Business?

Many small business owners start with a sole proprietorship to avoid the costs of forming a corporation or LLC. This is a wise decision as statistics show that most small businesses lose money for the first several years.

What about when the business starts to make a profit? There are several decisions that can be made about the type of legal entity one can form, and the tax ramifications differ as well. A general rule of thumb is to determine which entity will save the most money in taxes.

Suppose you are self-employed and your business makes a $20,000 profit for the year. The tax rate for this type of business is 15.3% in addition to the regular income tax calculated on the tax return. Once the profit is determined for the year, there are no further deductions that can be taken to reduce the tax due. Using the scenario listed above, 15.3% of $20,000 is $3,060. That amount can only be reduced if estimated tax payments are made. Let’s say we have a single taxpayer with no children, no mortgage interest and other itemized deductions. So far the tax due is $3,060.

Now we calculate if there is any income tax due. Assuming for the moment that no other income exists, we calculate taxable income by taking the profit from the business ($20,000) and subtract the standard deduction (which is $5,950 for 2012) less the exemption deduction (which is $3,800 for 2012). The taxable income would then be $20,000 – $5,950 – $3,800 which equals $10,250. Based on tax law the additional income tax due for this person would be $1,099. So, the total tax bill for this taxpayer would be $1,099 + $3,060 for a total of $4,159.

Making estimated tax payments while a wise decision, can also take money from your pocket and give it to the government unnecessarily. Suppose you were to take that $3,060 and divide it equally amongst the 4 estimated payments required to be made annually. That comes to $765 each quarter. We are not considering State estimated taxes as the rates vary widely. Many accountants and tax preparers would have you make estimated tax payments this year based on your profit and tax bill from last year. As was already stated, that is a good idea which has a downside. Suppose you have a year that is not nearly as profitable as last year and by the end of September you have actually lost money. If you have paid the three payments of $765 each in April, June and September, you have given the government a loan of $2,295. However, your business has run a loss for the year, so you won’t have a tax bill which means that the $2,295 is an overpayment. You can get that money refunded during tax season, but meanwhile that’s money you don’t have to take care of expenses. My preference is to review the profit or loss of each client business quarterly and then determine if any estimated tax payment is due.

Getting back to the decision of which legal entity to choose, let’s take each one separately. The most common form of legal entity is the corporation. There are two basic forms, C Corp and S Corp. A C Corp pays tax based on its profit for the year and then any dividends paid to shareholders is also taxed. Hence the term double-taxation. An S Corp however works differently. The S Corp pays no tax on profits. The profit flows through to the shareholders who then pay tax on that money. The big difference here is that the 15.3% self-employment tax does not apply. So, by forming an S Corporation, your business saves $3,060 for the year on a profit of $20,000. The income tax still applies, but I am sure someone would rather pay $1,099 than $4,159. That is a huge savings.

Another angle to consider: suppose your business takes a loss for the year. As a C Corp there is no tax on the loss, however there is also no flow-through to the shareholders as with an S Corp. The loss will not help your personal tax return at all. A loss from an S Corp will reduce taxable income, provided there is other taxable income to reduce. If not, then there is no income tax due.

The next popular business entity is the LLC. There are many advantages to the LLC. Keep in mind; if you are a single member LLC, then your business will be taxed as a sole proprietorship, meaning that 15.3% self-employment tax comes back into play. Unless you like paying higher taxes, a single member LLC is not the way to go. A husband and wife LLC is considered in community property states to be a single member LLC and is taxed the same as a regular single member LLC.

If the LLC is owned by a corporation or partnership, it is also considered to be a single member LLC. The income and expenses are added to the income and expenses of the Corporation or partnership and taxed accordingly.

Multiple member LLCs are taxed as a partnership. The profit or loss is distributed to each member according to the LLC agreement. This distribution is taxed the same as a sole-proprietorship, so here comes the 15.3% tax again. LLCs are great due to limited liability for each member, however for tax purposes, the tax benefits are not the same as for an S Corp.

The other legal entity is the partnership. This is an entity made up of two or more partners who start a business and bring a certain amount of money or other asset to the partnership. Each partner is entitled to a distribution from the partnership based on their percentage of ownership. Again, the income tax rate is 15.3% on partnership distribution plus the income tax calculated on the tax return.

Which entity is right for you? Only you can decide. You should consider all avenues before making a decision. If you wanted limited liability, the then LLC would be right. If you want to pay the least amount of taxes, the Sub S Corporation is the best. Requirements for recordkeeping for a corporation are more involved than an LLC, but they are not so overwhelming as to be a burden.

Costs involved in forming a legal entity as stated in this article varies by state. Each state has its own filing fee. You do not need an attorney to create an LLC or Corporation. You can find a variety of web sites that offer the service and their fees for handling the filing for you can also vary.

My personal choice I believe has been given herein. An S Corporation pays the least amount of taxes. In addition, forming an S Corp in Nevada avoids any state income tax as it does not exist. If you want more information, feel free to contact me via my website.