All posts by hsmoffice

The HSM Group (which includes HSM Chambers, HSM Corporate Services and HSM IP) are supporters of Cayman Enterprise City’s Business Design Competition. This year’s Project of the Year winner is 25-year-old George Wauchope of Emailchaser.io, a website and sales tool that allows salespeople to find peoples’ email addresses, even if those email addresses are not publicly available.

In recognition of World IP Day (26 April 2022) and their theme of young innovators, HSM IP had a discussion with George to find out more about him and how IP plays a role in his company.

Emailchaser.io was born out of a personal experience when George travelled to Cuba and his luggage went missing. The frontline staff were not helpful so he took matters into his own hands by tracking down the email of the airline’s CEO and emailed them for assistance. This worked to his favour and signified the importance of being in direct contact with the right person.

Their company name was inspired by its simplicity, need to chase an email? Use Emailchaser.io. Their logo is not something you would expect and that is what helps it stand out, it showcases a gorilla wearing sunglasses with wings on its back and a halo above its head.

George is a true entrepreneur with several other companies under his portfolio, including George’s Watersports and an activity website: https://www.thingstodocayman.net/. In fact, this website is what opened George to the digital and software realm, which helped him to create Emailchaser.io.

Cayman’s legal landscape supports creators and pursuant to the Copyright (Cayman Islands) Order 2015 and the Copyright (Cayman Islands) (Amendment) Order 2016 which came into force on 30 June 2016, copyright subsists automatically in all Protected Works authored by a qualifying person. Qualifying persons are:

  • Caymanians as defined in Section 2 of the Immigration Law (2013 Revision); or
  • Individuals domiciled or resident in the Cayman Islands; or
  • Bodys incorporated or registered under the laws of the Cayman Islands.

For a full breakdown of this law and what constitutes as Protected Works, click here.

Prior to COVID-19 restrictions, HSM IP was a regular presenter of INTA’s Unreal Campaign and looks forward to reoffering. This campaign is a consumer awareness programme aimed at educating teenagers about the importance of trade marks, intellectual property and the dangers of counterfeit products.

If you are interested in protecting your creative works and the options available to you, including patent or trade mark protection, please email us at ip@hsmoffice.com.

Data breaches have made recent headlines in the Cayman Islands and you may have wondered what they were all about, and why they matter. Their significance in Cayman’s legal landscape is briefly explained below by Cory Martinson (HSM Paralegal).

The Data Protection Act (DPA), which came into force in September 2019, defines a breach as a security failure that leads to a person’s data being unlawfully exposed, accessed, transmitted or otherwise processed. Personal data is broadly defined as any information that relates to an identifiable living individual. If you own a business with employees then your business is processing personal data even if the business does not collect personal data from customers. It is difficult to think of a business, government entity or organization that does not process some amount of personal data. The DPA is far-reaching.

A breach could be a misdirected email, the insecure destruction of records, ransomware attacks, the loss of a USB drive containing personal data or even unauthorized access  to personal data by an employee of an organization. For example, if a hospital employee views an individual’s medical data without a legitimate business need, then that activity may be a breach. Any unauthorized use of personal data could be a breach under the DPA and all organizations in the Cayman Islands, including government and private entities such as law firms, supermarkets, churches, gas stations, hotels, banks and clubs, are subject to this law.

Every organization has an obligation under the DPA to ensure it has taken appropriate organizational and technical measures to guard against the unlawful processing of personal data. If an organization has a breach and is found to have not implemented appropriate technical and organizational measures, it could be subject to enforcement action by the Ombudsman. The oversight body for the DPA is the Ombudsman.  Examples of organizational measures include privacy policies, training for staff on the DPA and physical security such as locking filing cabinets and limiting access to personal data in paper format. Technical measures would include alarms, CCTV, computer firewalls and the use of encryption. Collectively, these measures increase an organization’s security posture and resilience to personal data breaches. The appropriate security measures for each organization will be dependent on the volume and types of personal data it collects, as well as its financial and technical resources. For example, the Health Services Authority would be expected to have multiple layers of security and protocols protecting the medical data it processes, while a bakery may only be required to have basic physical and technical security measures to protect employee personal data.

If an organization experiences a breach, the DPA requires that it be reported to the Ombudsman within 5 days. All individuals affected by the breach must also be notified within the same period. This requirement can be difficult to meet in some cases, especially when hundreds, or thousands, of people may be affected.

The Ombudsman’s office has broad investigative and enforcement powers that enable it to regulate and enforce compliance with the DPA. The office can issue fines of up to $250,000KYD for non-compliance with the DPA, and if a matter is referred to the Department of Public Prosecutions, the courts may also impose penalties up to $100,000KYD. The chances of being penalized for a first offence that is relatively minor is unlikely and the Ombudsman has yet to levy any financial penalties. However, over time, the Ombudsman may become less willing to forego enforcement action as the DPA will no longer be considered “new” (it came into effect in September 2019) and there will be more of an expectation that organizations should “know better”. As well, under the DPA, a person who suffers damage (which may include financial damage or mental pain or anguish) by reason of a contravention by an organization of any requirement of the law has a cause of action for compensation from the data controller for that damage.

When an organization experiences a breach there is a 4-step process it should follow:

  1. Contain the Breach: just as if you were on the water in a boat and it sprung a leak, you would want to do everything possible to stem the flow of water; the same goes for a breach. The organization must take immediate steps to prevent the further exposure of the personal data. These steps may involve shutting down computer systems, reporting a stolen laptop to the police or the physical or technical recovery of the compromised personal data.
  2. Evaluate the Risks: carefully consider the risk of harm to the individuals affected as well as to your organization. Some of these risks include financial harm, reputational harm, embarrassment, physical harm and identity theft.
  3. Notify: notify the Ombudsman and the individuals affected within 5 days of discovering a breach. The notification of a breach to the Ombudsman should be in writing, but notification to the individuals affected could be by phone, a prominent ad in the newspaper, an email or in person. Notification by phone or in person should be followed up in writing. The notification must describe the nature of the breach, the consequences of the breach, the steps taken or proposed by the organization to address the breach and the recommended measures to the affected individuals to mitigate the possible adverse effects of the breach.
  4. Prevention: carefully investigate the cause of the breach and take reasonable steps to prevent breaches in the future. The cause of some breaches may be self-evident and easily rectified, while others may require forensic computer analysis and the implementation of robust security measures, including staff training and written policies and procedures.

Breaches can be time-consuming and costly. The costs of legal advice, notification of the individuals affected, potential lawsuits, security audits and potential fines from the Ombudsman and the courts have the potential to be devastating to some businesses and individuals affected. In IBM Security’s Cost of a Data Breach Report for 2021, it was found that, globally, the average per-record cost of a breach was $161USD. Prevention is key and while it is often not a high priority for organizations it has the added benefit of enhancing customer satisfaction which can, in turn, increase reputation and revenues. Privacy is becoming ever more essential to a modern economy. As data protection awareness grows, so will the need for Cayman businesses and organizations to be privacy savvy.

The Coronavirus pandemic, and subsequent lockdowns, required timely amendments to many Cayman laws and regulations to enable the business community to continue to function. One such innovative change was the passing of the Notaries Public (Virtual Conduct of Notarial Acts) Regulations, 2020 which when combined with The Property (Miscellaneous Provisions) (Amendment Act), 2020 enabled persons to sign property related deeds or instruments remotely and removed the need for their physical presence before the notary.

HSM Property Partner Linda DaCosta explains that through video conferencing (Zoom, Teams etc.), lawyers in the Cayman Islands were for the first time permitted to meet virtually with clients to present passports and sign documents without compromising public health and safety. The amended law allowed unprecedented continuity and facilitated transactions effectively ensuring business generally and property transactions were still taking place during lockdown.

Unfortunately as of 13 April 2022, the Notaries Public (Virtual Conduct of Notarial Acts) Regulations, 2020 were stated to only be in effect for a period of 2 years and will expire on 16 April 2022. Whilst COVID related issues continue, it can only be hoped that the Regulations will be extended. Even in a post-COVID world the need for such a provision to assist the elderly and disabled is obvious. Further in a Green Cayman it cuts down on at least a few otherwise unnecessary car trips to the lawyer’s office.

There is still opportunity for further improvements. The amendments did not effectively allow for statutory documents to be executed remotely by a person located outside Cayman, we would like to see the scope extended to at least cover Caymanians overseas.

HSM stands ready to assist any clients with any appropriate notarial assistance and count five notaries amongst our team members. Notarial acts can be done either at our offices or remotely if the Regulations are extended. In cases of urgency or where clients are unable to attend our offices, we can also notarise documents at our client’s homes or at a hospital.

HSM hope that the Government will extend the Regulations and make the change a permanent one, embracing the electronic world we now live in.

World Trade Mark Review (WTR) 1000 has once again recognised HSM IP in their WTR 1000 2022 guide.

This is the fifth year in a row that we have been recommended by WTR 1000. HSM IP is honoured to receive this recognition as it highlights our practice as a world-class, go-to resource for trade mark services across the Caribbean.

HSM IP Managing Partner Huw Moses is also a recommended trade mark lawyer by WTR 1000.

Cited from WTR’s website, commentators said:

“IP stakeholders globally look to HSM for staunch A-to-Z trade mark protection in the Caribbean and Central and Latin America, as well as in offshore financial centres. Its professional team are “highly responsive, knowledgeable, courteous and communicative”. “If you ask for assistance, you get it quickly and in a way that is sensitive not just to your immediate but your broader strategic needs.” Key contact Huw Moses is a top lawyer in many areas including trade marks and is the founder of the Intellectual Property Caribbean Association.

The WTR 1000 identifies the leading trade mark practitioners and firms from around the globe, offering the definitive ‘go-to’ guide for those seeking legal trade mark expertise.

Jamaica is set to become a part of the Madrid System. Pursuant to the Trade Marks (Amendment) Act, which took effect on 30 June 2021, Jamaica acceded into the Madrid system on 27 December 2021 and is now the 110th member to join the Madrid protocol. The Madrid Protocol will take effect on 27 March 2022.

Trade Marks

We believe the change is largely unwelcomed by many practitioners given the anticipated reduction in the filing of new applications for registration in the jurisdiction. Applicants will still be able to utilize the option to file direct applications at the local office. For those proprietors that use Jamaica for “stealth filings” these will need to continue to be done outside of the Madrid system.

The Madrid System/Protocol

Under the Madrid System, protection for a trade mark can be gained through one single international filing of an application with the applicants choosing designated countries in which they wish to extend the rights of the protection. All applications are still subject to local formalities and requirements, in order for registrations to be granted.

Patents and Designs

The long serving and historic Patent Act of 1857 and the Designs Act of 1937 have been repealed in Jamaica and is now replaced by the modern Patents and Designs Act, 2020, which took effect on 11 February 2022. All Patents and Designs that were in force as at 11 February 2022 or filings made before this date, will still have legal effect and will continue to be governed by the Patent Act of 1857 and the Designs Act of 1937.

New Patent and Designs Act and the Patent Cooperation Treaty

One of the most notable impacts of the Patents and Designs Act 2020, is the provision for filings under the Patent Cooperation Treaty (PCT) and Designs under the Hague Convention. According to Section 33 (1) of the Act, an international application in which Jamaica is designated for the purpose of obtaining a patent for which a filing date has been accorded under the Patent Cooperation Treaty shall be treated as a patent application under this Act. Among other benefits, the PCT allows for priority claims under the Paris Convention and the life of a Patent is now 20 years instead of 14 years.

The Patent Cooperation Treaty (PCT)

The PCT allows applicants to obtain patent protection for an invention simultaneously in many countries that are a member of the treaty also known as contracting states, by filing a single international patent application instead of individual applications in each country. Some of the benefits include the reduction in filing fees and processing times for applications. Applicants who wish to file in Jamaica can now designate this jurisdiction as one of the countries. An applicant has the option to file an application under the PCT directly or alternatively, can choose to file within the 12 month period, as stipulated by the Paris Convention, from the filing date of a first application, which has legal effect in all PCT member states.

HSM is proud to be recognised again as a Chamber Champion Advocate at the Cayman Islands Chamber of Commerce Annual General Meeting on 21 February 2022 at The Westin Resort.

For the second year in a row, HSM’s recognition highlights the firm’s continuous involvement with the Cayman Chamber by offering training seminars to their members and businesses in the local community. Members in the top category of Chamber Advocate invested staff hours and contributed more than $10,000 in kind or in sponsorship over the past year.

Throughout 2021, HSM presented many courses across the legal field such as employment, immigration and work permits, business liabilities, debt collection, and wills and estate planning.

HSM has been an active member of the Cayman Chamber since opening its doors in 2012.

With effect from 8 January 2021, the Honourable Chief Justice via Practice Direction 11 of 2020 (“PD”) implemented an electronic filing and service platform (the “Platform”) pursuant to Order 1, rule 12(1) of the Grand Court Rules 1995 (Revised) (the “GCR”).

The Platform enables parties to issue proceedings and file Court documents electronically by uploading the same to the Platform, departing from the traditional practice of physically filing hard-copy documents at Court and the temporary post-COVID-19 practice of emailing the same to the registry. According to the PD, the objective of the Platform is to “improve access to justice by increasing efficiencies, timeliness and reducing costs.”

Until recently, use of the Platform was limited to all new matters commenced in the Financial Services Division of the Grand Court issued on or after the commencement date of the PD. However, use of the Platform has been extended to all divisions of the Civil Registry (in both Summary and Grand Court) and it is anticipated that the Platform will be extended to the Criminal Registry in the near future.

In order to file documents using the Platform, a party must register an account via the Judicial Administration website www.judicial.ky and click onto the e-filing Platform.

The effect of this PD impacts the manner in which parties interact with the Court and by extension each other. Subject to the GCR requirements for personal service of documents in the first instance, in addition to the methods of substituted service set out in GCR Order 65, the PD permits the electronic service of documents via e-mail and SMS or text message. A party is deemed to consent to electronic service by, inter alia, registering an account on the Platform and the email address provided during registration shall be presumed valid unless the party files and services a notice indicating otherwise. Similarly, the Court may also serve any notice, order or Judgment on a party to a case via electronic service.

The implementation of the electronic filing system in the jurisdiction presents a most welcome modernization to the procedures, in line with other jurisdictions around the world, which will hopefully bring material benefits to litigations in the long-term.

Lexology’s Getting The Deal Through guides are a trusted resource and allows professionals to directly compare laws and regulations between jurisdictions.

HSM is pleased to have contributed to their Insolvency Litigation 2021 publication and provided insight into the Cayman Islands regime covering commencing proceedings; avoidance actions; claims against directors, officers and shareholders; creditor actions and strategic considerations; pre-insolvency debtor claims; other claims; cross-border proceedings; remedies and enforcement; settlement and mediation; update and trends.

Click here to view our online chapter at no cost.

Alternatively, you can download the PDF chapter by clicking the icon below:

Insolvency Litigation Cayman Islands

HSM’s newest lawyer Stephanie Mills became a qualified attorney-at-law in the Cayman Islands on 17 November.

Stephanie’s admission was moved by HSM Partner, Sarah Allison, who summarised her qualifications for Justice Richard Williams.

During her admission, Stephanie expressed her gratitude to the Court as well as her family and friends, and is thrilled to put her experience to use in her homeland.

Stephanie has over five years of experience in the legal field and prior to joining HSM, she practiced as a paralegal and subsequently as a solicitor at a UK law firm before returning to the Cayman Islands. Whilst working in the UK she was exposed to a wide range of practice areas and gained considerable experience in residential conveyancing matters.

Stephanie successfully completed her Legal Practice Course at Manchester Metropolitan University in 2015 and received a Bachelor of Laws (Hons) degree from the Truman Bodden Law School in 2014. During her studies she represented the Cayman Islands Law School in the Caribbean Law Clinic in Florida and their team received an ovation from the judges. Stephanie was admitted as a solicitor of the Superior Courts of England & Wales in 2020.

Stephanie is a part of HSM’s Litigation team and specialises in Debt Solutions and Recovery by providing assistance to a variety of banks and leading businesses enforcing secured/unsecured loan agreements, credit facilities and contracts for the supply of goods/services.

Managing Partner, Huw Moses, OBE notes, “We are proud to witness this significant milestone in Stephanie’s career and are delighted to see our firm grow with the addition of another qualified Caymanian professional. Congratulations Stephanie.”

Cayman Islands Litigation Lawyer

Photo (L-R): Justice Williams, Stephanie Mills (HSM Associate) and Sarah Allison (HSM Partner)

Employers in the Cayman Islands are faced with a new challenge: how do we keep our doors open and our staff safe? In an effort to achieve this, some employers have been asking staff to disclose whether or not they have taken the COVID-19 vaccine.

HSM Paralegal Cory Martinson explores if employers are legally able to record this data and areas that should be considered:

Q: Does the Data Protection Act (2021 Revision) (DPA) apply if I want to record the vaccination status of my employees?

A: Absolutely the DPA applies. Any information about your employees is personal data under the DPA. Vaccination information is medical data which falls under the definition of sensitive personal data in the DPA which means an employer must meet stricter legal requirements before processing. Processing is broadly defined as recording, holding, obtaining or carrying out any operations on the personal data.

Q: What is meant by “stricter legal requirements” when it comes to processing sensitive personal data?

A: Under the DPA, to legally process sensitive personal data the data controller (i.e. the employer) must identify a legal basis for processing from both Schedule 2 and Schedule 3 of the DPA.

Additionally, the more sensitive the personal data the more security is required to ensure against unlawful processing. Security measures can include policies, access controls, technical and physical measures.

Q: What are the appropriate legal bases for processing sensitive personal data under Schedule 2 and 3 in this context?

A: The appropriate legal basis for processing will vary depending on the specific employer, the employee’s position within the organization and any legal framework to which the employer must adhere. For example, there will be a stronger legal basis for knowing the vaccination status of an ICU nurse than a dump truck driver. Legal frameworks will be employment sector specific but the Labour Act (2021 Revision) has a general requirement under section 58 that “Every employer shall ensure so far as is reasonably practicable the health, safety and welfare at work of that person’s employees.” This may provide a legal basis for processing, however, an argument exists that the interpretation of the words “necessary” and “reasonably practicable” are open to distinction.

Q: Is the collection of vaccination data a reasonably practicable measure and, if so, is the collection of the vaccination data then necessary as required by the DPA?

A: The answer to this question will vary from employer to employer as well as between occupations. However, before asking this question the organization should first consider less privacy intrusive means of achieving the same goal. For example, can the risk to employees be sufficiently reduced through mandatory mask requirements, social distancing and hand hygiene? Can employees work from home or alternate between home and the workplace so not all employees are in the workplace at once? Is a blanket policy necessary or is a more strategic approach just as effective but less privacy intrusive? There is no “one size fits all” solution. If in doubt, you should seek legal advice.

Q: What are the possible repercussions to my organization if I collect vaccination data in contravention of the DPA?

If the Ombudsman receives a complaint, or initiates their own investigation, and finds that the business is not in compliance with the DPA, they can issue an Enforcement Order which may require the cessation of processing and that the data be destroyed. Non-compliance with an Enforcement Order is an offence and the business and/or director(s) could face a fine of up to $100,000KYD or imprisonment for up to five years, or both, as a result of court proceedings. Enforcement Orders are routinely published on the Ombudsman’s website so this type of enforcement action also has a high likelihood of becoming public knowledge.

Additionally, if there has been a “serious contravention” of the DPA and “the contravention was of a kind likely to cause substantial damage or substantial distress” the Ombudsman may levy a monetary penalty of up to $250,000KYD.

Under section 13 of the DPA an individual who has suffered damage as a result of a contravention of the law also has a cause of action for compensation against the organization. It should be noted that courts in the European Union have now recognized that damages include mental distress.

Conclusion

Vaccination status and data protection laws worldwide are a rapidly evolving area of jurisprudence. Some governments are taking legislative measures to mandate vaccinations in an attempt to provide a degree of certainty and it is only in the event of a judicial challenge will more “comprehensive” legal guidance be available.

As we navigate through this COVID-19 era, HSM strongly encourages people to reach out to their legal advisors to assess whether or not they are within their legal rights.

Key Contact

Cory Martinson
Paralegal
Tel: 1 345 815 7420
cmartinson@hsmoffice.com

Cory Martinson previously worked for the Office of the information and Privacy Commissioner for BC, Canada where part of that time was spent working with Elizabeth Denham who is currently the Information Commissioner for the UK. He is a Certified Information and Privacy Professional with the International Association of Privacy Professionals, is certified at the Master level with the Canadian Institute of Access and Privacy Professionals and has a Post Graduate Diploma in Information Rights and Practice Law. Cory was also a member of the legal committee that drafted the Data Protection Act Regulations in the Cayman Islands. Cory is currently pursuing his LLB.


Fatal error: Uncaught Error: Call to undefined function twentythirteen_paging_nav() in /home/clients/d17af2243e6f179e393695ba6e9ce04e/hsmnew/wp-content/themes/hsm/author.php:52 Stack trace: #0 /home/clients/d17af2243e6f179e393695ba6e9ce04e/hsmnew/wp-includes/template-loader.php(86): include() #1 /home/clients/d17af2243e6f179e393695ba6e9ce04e/hsmnew/wp-blog-header.php(19): require_once('/home/clients/d...') #2 /home/clients/d17af2243e6f179e393695ba6e9ce04e/hsmnew/index.php(17): require('/home/clients/d...') #3 {main} thrown in /home/clients/d17af2243e6f179e393695ba6e9ce04e/hsmnew/wp-content/themes/hsm/author.php on line 52