Author name: Edwin Lee

So, you have launched your technology startup. What’s next? Launching a startup is just the beginning of a long and often uncertain journey. Not only you will have to put in extremely long hours and spend a lot of money into developing and fine-tuning your product or service, but you will also have to learn how to manage your startup and run it like any other kind of business. Managing Your Employees No one can build a startup entirely on his own. You will have to start bringing people into your team and working with other people at some point in time. Jason Baptiste in his book, “The Ultralight Startup” says that “people are the most important asset of a startup. They breed perseverance, come up with great ideas, and let you build for the long haul and ultimately succeed. Once you have great people on board with what you are doing, everything will fall into place over time”. When you hire new employees, make sure that you put in place a proper letter of offer or employment agreement which sets out all the relevant terms of employment to prevent uncertainty liability and unnecessary dispute in the future. Clauses such as termination grounds, notice period, salary and other benefits, non-solicitation, confidentiality, limitations on the employee’s ability to compete with your business after the employee leaves employment, protection of intellectual property, etc should always be clearly set out in a letter of offer or employment agreement. You must also make employees provident fund (EPF) and social security fund (Socso) contributions to your employees as well as comply with the prescribed minimum wage and minimum retirement age requirements. The prominent business management guru Peter Drucker once said, “the most valuable asset of a 21st-century institution, whether business or non-business, will be its knowledge workers and their productivity.” In today’s knowledge economy, it is the people who create intangible assets such as intellectual property, patents, brands, designs, etc. If you manage your employees well, they will become your valuable asset, but if you don’t, they can also become your biggest liability. Intellectual Property Rights Protection If people are the most valuable asset in an organisation, then the next most valuable asset must be the intellectual property created by the people. This is particularly true in a technology startup where it is the innovative product or service that forms the core asset which generates profits for the startup. You should have a good understanding of intellectual property rights so that you will appreciate how to realise the full economic value of your intellectual property and incorporate them into your business strategies. Trade secrets are basically confidential information that is not publicly available, such as ideas, designs, methodologies, processes, marketing plans, methods of business operation, pricing policies, etc. One of the ways to protect the value of a trade secret is to enter into a non-disclosure agreement prior to the disclosure of any confidential information. In addition, you will also need to put in place a proper information protection program. If your invention provides a new way of doing something or offers a new technical solution to a problem in the field of technology, your invention can be protected as a patent. You should also register your brand as a trademark. If you are in the business of product design, the three-dimensional features such as the shape and configuration of your product, or two-dimensional features, such as pattern and ornamentation of your product can be protected as an industrial design. Copyright is a form of protection that is granted to authors of literary, dramatic, musical and artistic works. Copyright does not protect the idea, but rather the expression of an idea. Director Duties A company, while it is recognised as a legal person in the eyes of the law, cannot act on its own. Ultimately, the day-to-day affairs of a company will still have to be run and managed by a group of natural person i.e. directors, officers and shareholders. The Companies Act 1965 and the common law set out certain statutory and fiduciary duties of a director: Duty to act in good faith and for proper purpose in the best interest of the company with reasonable skill and care Duty to make independent assessment of the information, professional or expert opinions presented to him Duty to ensure dividends are declared from profit and not capital Duty to seek shareholders’ approval at the general meeting before carrying out any arrangement or transaction of substantial value relating to the company Duty to keep proper accounts and registers and to make the same available for inspection when required Duty of fidelity i.e. being faithful and loyal to the company Duty not to profit secretly from the company, or place himself in a position of conflict of interest between his duties to the company and his personal interests Duty not to fetter his discretion by agreeing, either with one another or with third parties, on how to vote at future board meetings Breach of any of the above duties may result in the director being judged as unfit to remain in the management of a company and lead to his disqualification as a director. He may also face civil and criminal liabilities and in certain cases, personally liable for the loss or damage suffered by the company. Financing the Business The growth in the technology startup ecosystem has attracted investors and fund seekers alike. Startups usually face challenges in raising enough money to fund their working capital, research and development as well as a marketing expenditure. Before you start looking for funding, you should first be sure that your business is ready to raise funding. Investors will look at three key factors when considering a startup for potential investment: people, product and market. Issues such as whether you have a strong management team, whether you have developed a good product or service and whether your product or service has gone through market validation must first be dealt

So you have an innovative idea and you are very confident that your idea is of a revolutionary nature that will change the world and become the next big thing. You think it is about time to turn that idea into reality. So you quit your job and start a company. Launching a startup requires far more than just a good idea. You need to come up with a business model, write a business plan, design your sales and marketing strategies, hire people, make good use of your assets as well as look for funding to finance your startup. All of these require your careful analysis and attention since they all bring along different types of risks, including legal risk. Many entrepreneurs do not realise the importance of having a strong legal foundation for their startup until it is too late. They fail to appreciate that launching a startup is as much about the structure as it is the product or service. Entrepreneurs who seek legal advice at the early stage of their business enjoy the benefit of avoiding any unnecessary legal pitfalls. Duties to Previous Employers Many entrepreneurs were once employees of another company before launching their own startups. It is very important for the entrepreneurs to make sure that they do not breach their duties to their previous employers when starting their own companies. Such post-employment duties are usually found in the form of assignment of intellectual property (IP), confidentiality obligation, non-compete and non-solicitation covenants. Assignment of IP – Many companies (particularly technology-based companies) require employees to sign IP assignment agreements which provide that the employee agrees that any inventions, ideas, work product or other development conceived or developed during the course of the employee’s employment will belong to the employer. Even in the absence of a written agreement, the Copyright Act 1987 and the Patents Act 1983 state that, unless otherwise agreed by the parties, the employer is deemed to be the first owner of the work made in the course of the employee’s employment. In other words, if you had invented an invention or written a source code as part of your job, you cannot bring along with you and use it when you leave the company. Confidentiality Obligation – Under the common law, an employee owes a duty to maintain the secrets and confidential information of an employer, whether or not there is a written agreement to that effect, and such obligation continues even after the employee has left employment. Certain things like trade secrets and customer lists are considered confidential information. The employee must refrain from disclosing or using such information for the purpose of operating a new startup. Non-compete and non-solicitation covenants – Depending on the position of the employee, certain employment agreements also include covenants from the employee not to compete with the business, or to solicit employees, customers or suppliers of the former employer for a period of time after the employee has left employment. Generally, non-solicitation covenants are enforceable if properly drafted. As for non-compete covenants, usually, such covenants are void to the extent of the restraint unless such covenants are drafted in such a way as to include an element of the use of confidential information belonging to the former employer. There is generally no restriction on stopping an ex-employee from making any use of experiences or skills that he had acquired in the course of his employment or starting a business to compete with his former employer’s business. Legal structure, licenses, permits Startups may run their business through different legal structures, such as sole proprietorships, partnerships or companies. Sole proprietorships/conventional partnerships enjoy flexibility in administration as in there is no issuance of shares, no formal requirement to submit financial statements to the Companies Commission of Malaysia (CCM) and no need to hold Annual General Meetings. However, sole proprietorships/conventional partnerships do not enjoy the benefit of limited liability like what a private limited company would enjoy. The owners of a private limited company will only be liable for the company’s debts up to the amount of their shareholder investments, except in cases where they are found to be personally liable by law, such as fraud or breach of directors’ fiduciary duties. In light of this, startups should consider setting up their business through a limited liability partnership (LLP). The LLP is a hybrid between conventional partnership and company whereby the partners enjoy both flexibilities in terms of administration and the limited liability status. However, if you hope to attract investors, a private limited company might be a better structure. Depending on the location and nature of your startup, there may be federal, state and/or local licensing and permit requirements that you must follow before launching your startup. Co-founders agreement, shareholders agreement If you have one or more than one co-founders, it would be good to put a co-founders/shareholders agreement (depending on the legal structure) in place. The agreement should address each party’s role, duties and obligations in the startup, how profit and equity will be divided, the voting process, board composition, how the shares will be broken down and at what price the shares will be sold if a founder leaves, how the startup can be dissolved, etc. Whether you are bringing in an investment or hiring an employee or developer, it is important to have a written agreement in place at the outset to avoid disputes in the future (Remember the movie “The Social Network”)? Some startups issue shares to key personnel under a share option scheme to incentivize them to work towards the success of the business. This should also be properly documented. What’s in a name? Names are always important. The power of words should never be underestimated. The company name must contain the word “Sendirian” or “Sdn.” and “Berhad” or “Bhd.” For LLP, the name must end with the words “Perkongsian Liabiliti Terhad” or “PLT”. The company/partnership name must not be the same as any other company/partnership in Malaysia. The law prohibits or regulates

Professor Chris Reed in his article “What is a Signature?” states that the principal function of a signature is to provide evidence of three matters: (i) the identity of the signatory; (ii) the intention to make a signature to indicate agreement and willingness to be bound by the contents of the document; and (iii) that the signatory adopts the contents. In other words, the signature demonstrates that the signatory had the intention to authenticate the document, which serves as a form of evidence in the event of a dispute. Generally, many people still prefer to sign on a printed form of contract. While this approach is widely adopted, it comes with several risks and challenges. How does the recipient know the signature is not forged? How does the signatory know that his signature is linked with the contract or that the contract that he agreed is the contract he “signed”? It is a recognized fact that physical documents can be easily altered and signatures can be forged. With the advancement of technology and wide availability of online E-Signature services, it is, therefore, a high time for us to examine an alternative form of signing via electronic means, known as “E-Signature”. Since contracts can be prepared electronically, it is only natural that signing should also take place electronically. Types of E-Signature Since a traditional handwritten signature is not possible on an electronic contract, people have used several different methods to indicate their E-Signatures, including: typing the signatory’s name or a placing a unique representation of mark into the signature area; scanning a physical manuscript signature; pasting a scanned version/image file of the signatory’s signature into the signature area; signing with a special pen on a pad which is used to measure and record the actions of the person as he signs; clicking on a website button/ticking off a tick box to this effect (for e.g. “I Agree”, “I Accept”, “Confirm Order”); inserting an E-Signature via an online E-Signature service; attaching a digital signature created by cryptographic means whereby the sender affixes the signature using his private key and the recipient checks the signature using his public key (more commonly known as “digital signature”). I would not recommend the first 3 methods as they provide very little security against forgery and misuse, and they are more vulnerable to identity theft if the communication is intercepted. Legal Status of E-Signature The issue is whether E-Signature is legally recognized under the law. In 1996, the United Nations published the UNCITRAL Model Law on Electronic Commerce which was highly influential in the development of E-Signature around the world. It was the first model law that sets forth the principle of non-discrimination in order to ensure that a document is not denied legal effect, validity or enforceability solely on the grounds that it is in electronic form. Subsequent to this, the UN further published UNCITRAL Model Law on Electronic Signatures (2001) and the United Nations Convention on the Use of Electronic Communications in International Contracts (2005) to affirm the notion that electronic contracts and electronic signatures are as valid and enforceable as their paper-based equivalents. As a result of this, many countries around the world have enacted their own legislation to give effect to the validity and enforceability of electronic contracts and electronic signatures. In Malaysia, the Electronic Commerce Act 2006 (”Act”) recognizes “any letter, character, number, sound or symbol or any combination thereof created in the electronic form adopted by a person as a signature” as an E-Signature. The Act also states that if the document is created electronically, it can now be signed by an E-Signature. This is, of course, subject to the conditions that the E-Signature has to be attached to or is associated with the electronic document, adequately identify the person and adequately indicate the person’s approval of the contents in the electronic document and be reliable. Reliability of an E-Signature is established when the means of creating the E-Signature is linked to and under the control of that person only and as long as any alteration made to the E-Signature or to that document after the time of signing is detectable. Under Malaysian law, a handwritten signature is not necessarily required for a valid contract. Contracts are generally valid if parties have reached an agreement and intend to be bound by the agreement, whether they agree verbally, electronically or in writing. The Act specifically confirms that contracts cannot be denied enforceability merely because they are concluded electronically, although certain documents and deeds may require additional formal requirements such as notarization or attestation (for example, power of attorney, wills and codicils, trust documents, negotiable instruments, real property transfers, statutory declarations, bills of sale, etc). The principles behind the use of signatures have not changed, what the law does is to facilitate paperless signing via electronic means. Why Use E-Signature Service? Using E-Signature service in high value or important transactions can provide the level of assurance needed, build trust in the underlying system as well as improve overall customer satisfaction as the documents are more securely held and the signing process is carried out more efficiently. A good quality E-Signature service can offer the following features: Signature authentication: Anyone who signs a document via an E-Signature service must have log-in information or have received in his email account a request for signature so that you know exactly the identity of the person who signs your document. Signature affixation: Each signature on a contract is imposed and affixed to the contract. There is an audit trail that tracks who has opened, viewed and signed the document and when. The audit trail is appended to all signed documents and forms a court-admissible document log. Signature integrity: The service allows any changes to the contents to be detected more easily, showing whether the contents have been altered/tampered during and after the signing process and ensuring that the contents remain confidential and secure. Court-admissible transactions log: The service creates a comprehensive transaction log that shows the

In response to the rising tide of cyber security threats in Malaysia, the Parliament has, over the years, passed a slew of cyber legislation to deal with activities in the cyberspace and to tackle cyber attacks. There has yet to be a stand-alone cyber security legislation and there is no news that the Parliament is planning to enact one. In this article, we set out a brief description of the relevant cyber legislation and their relevance to cybersecurity as well as the cybersecurity framework that is currently in place in Malaysia. Existing Laws That Deal with Cyber Security Communications and Multimedia Act 1998 (“CMA”) As the main cyber law in Malaysia, the CMA provides for and regulates the converging areas of communications and multimedia. In particular, the CMA regulates various activities carried out by licensees (i.e. network facilities providers, network service providers, applications service providers and content applications service providers) as well as those utilising the services provided by licensees. One of the objects of the CMA is to ensure information security and network reliability and integrity in Malaysia. Computer Crimes Act 1997 (“CCA”) The CCA criminalizes the act of hacking, spreading of computer viruses and wrongful communication of any means of access to a computer to an unauthorized person. Depending on the type of offence committed, the fines range from RM25,000 to RM150,000 and imprisonment of 3 to 10 years or both. Digital Signatures Act 1997 (“DSA”) The DSA is an enabling law that allows for the development of, among others, electronic transactions, by providing an avenue for secure online transactions through the use of digital signatures. The legal recognition of digital signatures allows electronic communications to be transmitted securely, especially on the Internet. It is an identity verification procedure using encryption techniques to prevent forgery and interception of communication. Electronic Commerce Act 2006 (“ECA”) The object of the ECA is to provide for legal recognition of electronic messages in commercial transactions, the use of the electronic messages to fulfil legal requirements and to enable and facilitate commercial transactions via electronic means. It confers legal recognition to the formation of a contract via electronic means; recognizes electronic messages and electronic signatures; deems certain electronic document to be considered original as well as provides that the retention of documents in electronic format fulfils the requirements of the law, provided certain qualifying criteria are met. Personal Data Protection Act 2010 (“PDPA”) The PDPA regulates the processing of personal data in commercial transactions and for matters connected therewith and incidental thereto. The PDPA applies to anyone who processes and has control over or authorizes the processing of any personal data in respect of commercial transactions. The PDPA sets out 7 personal data protection principles, of which the most relevant one in the context of cybersecurity would be the Security Principle i.e. appropriate technical and organisational security measures shall be taken to prevent unauthorised or unlawful processing of personal data and accidental loss, misuse, modification or unauthorised disclosure of personal data. National Cyber Security Policy (“NCSP”) In addition to legislative measures, the Government has also rolled out the NCSP to strengthen Malaysia’s Critical National Information Infrastructure (“CNII”) and facilitate Malaysia’s drive towards attaining a developed nation status by the year 2020. The NCSP addresses, among other things, risks to the CNII, which concern the networked information systems of ten sectors, namely, Defence and Security; Transportation; Banking and Finance; Health Services; Emergency Services; Energy; Information and Communications; Government; Food and Agricultural; and Water. These CNII sectors have been identified based on the fact that their incapacitation would cause substantial damage to national interests and security and potentially collapse the nation’s economy. The NCSP sets out a number of “policy thrusts” to ensure the effectiveness of cybersecurity controls over vital assets. These “policy thrusts” would require the collaboration of different government agencies in ensuring effective governance and proper regulatory framework. The NCSP also requires the CNII sectors to ensure compliance with information security standards and technology-specific guidelines to a level commensurate with the risks. On top of that, the NCSP also aims to increase the technological capabilities to resolve cyber crimes through improving digital forensic lab facilities. Malaysia has identified the ISO/IEC 27001 as the baseline standard for information security and has proposed for all CNII sectors to be ISO/IEC 27001 Information Security Management Systems (“ISMS”) certified. Government Agencies/Units That Deal with Cyber Security Cyber Security Malaysia Cyber Security Malaysia (formerly known as the National ICT Security and Emergency Response Centre (“NISER”)), is a national cybersecurity specialist agency formed under the Ministry of Science, Technology & Innovation. Cyber Security Malaysia is tasked with the roles of monitoring the National e-Security aspect, providing specialized cybersecurity services and identifying possible areas that may be detrimental to national security and public safety. MyCERT and Cyber999 Malaysia Computer Emergency Response Team (“MyCERT”) addresses the computer security concerns of Malaysia’s Internet users and aims to reduce the probability of cybersecurity attacks. The agency was formed under Cyber Security Malaysia to provide a point of contact for Internet users who are affected by cybersecurity incidents. MyCERT provides assistance for users who are affected by the intrusion, identity theft, malware infection, cyber harassment and other computer security related incidents. MyCERT collaborates with other law enforcement agencies and regulators such as the Royal Malaysian Police, Securities Commission, Central Bank of Malaysia, along with Internet Service Providers and various computer security response teams around the world. Operated by MyCERT, Cyber999 is a computer security incident handling and response help centre relating to detection, interpretation and response to computer security incidents. Aside from that, it also alerts Internet users in Malaysia in the event of a cybersecurity threat or malware outbreak. CyberCSI As Cyber Security Malaysia’s Outreach & Corporate Commitment Department, CyberCSI provides full-fledged digital forensics investigations and examinations in the areas of audio and video forensics. The agency regularly works with law enforcement agencies, government-linked companies and private companies. The agency also has a team of analysts who have been gazetted under the

Let’s talk about electronic evidence (“E-Evidence”) and electronic forensics (“E-Forensics”) in this article. In Malaysia, the Evidence Act 1950 (“EA”) is the main legislation governing the forms of evidence, how evidence is to be proved and tendered to the court, its relevancy as well as its effects. Section 3 of the EA defines evidence as (a) all statements which the court permits or requires to be made before it by witnesses in relation to matters of fact under inquiry (i.e. oral evidence), and (b) all documents produced for the inspection by the court (i.e. documentary evidence). “Document” is defined to mean any matter expressed, described or howsoever represented, upon any substance, material, thing or article. As such, documentary evidence would include all forms of written, printed and electronic evidence. Information technology has caused a paradigm shift in the way individuals and organizations create, collect, share and store data and information. These data and information are stored electronically and may become important “evidence” in the event of a dispute. E-Evidence (which includes digital evidence) is any probative information stored or transmitted in digital form that a party to a court case may use at trial. The question then is whether such E-Evidence is legally recognized under Malaysian laws. The short answer to that is, yes, it is legally recognized Admissibility of E-Evidence A document produced by a computer and a statement contained therein is admissible as documentary evidence under Sections 90A, 90B and 90C of the EA. The court will determine if the evidence is relevant, reliable and authentic. E-Evidence by nature is very fragile and is easily manipulated, altered, forged, damaged or destroyed. It is prone to damage or alteration as well as destruction if it is not properly handled. Therefore, it is technically challenging in establishing the authenticity and reliability of such evidence. Section 90A provides that a document is admissible if it was produced by the computer in the course of its ordinary use. There are 2 methods to satisfy this condition. The first method is by getting the person in charge of the operation of the computer or the conduct of the activities for which that computer was used to give a piece of oral evidence that the document was produced by the computer in the course of its ordinary use. An example is shown in the case of Gnanasegaran a/l Perarajasingam v Public Prosecutor where a bank officer who was in charge of all the operations of the bank branch gave an oral testimony that the bank statements were produced by a computer at his branch. The second method is used in a situation where there is no way to bring a witness to the court to give oral evidence. In this case, the person who wants to bring up such evidence must produce a certificate signed by a person who is in charge of the operation of the computer or the conduct of the activities for which that computer was used to prove that the document was produced by the computer in the course of its ordinary use. Once the certificate is produced, there is a presumption that the computer referred to in the certificate was in good working order and was operating properly in all respects throughout the material part of the period during which the document was produced. The evidential burden of disapproving it would be on the party challenging its credibility. Other Types of E-Evidence E-Evidence includes computer generated/produced documents, computer printouts, computer outputs, computer-based/related evidence, electronic data and electronic documents. This has been recognized since 1993 when the law was amended to accept this type of E-Evidence. However, technology has changed so much that there is now a new emerging sub-category of E-Evidence called digital evidence, which refers to evidence is available in digital form or binary form. Some of the examples include chat-room and web-browsing histories, ISP records, digital photographs, video and audio files, cloud data storage facility, GPS tracks, computer hard-drives as well as local and virtual databases. Some digital evidence cannot be printed out. How would the court treat this type of evidence? In certain countries, their courts recognize the use of certain software to obtain and secure digital evidence and accept testimonials given by digital forensics experts. Authenticity of E-Evidence Once the document is admissible as a piece of evidence, the court will then need to assess the authenticity and relevancy of such evidence. Section 90B says that the court may draw any reasonable inference from circumstances relating to the document or the statement, including the manner and purpose of its creation, or its accuracy, in assessing whether the evidence is authentic and reliable. This would be essentially a question of fact and the parties would need to bring in circumstantial evidence to strengthen such evidence. The court recognizes that although the oral testimony and certificate are two means of authenticating E-Evidence, they are not sufficient to ensure the originality and genuineness of E-Evidence. The court will also examine the collection, preservation and discovery of the E-Evidence to ensure that the contents of the E-Evidence are authentic. E-Forensics Other than calling the maker or witness to the court, another authentication method is by getting an expert opinion from the digital forensics experts (Section 45 of the EA). These experts are trained and skilled in investigating and preserving E-Evidence to ensure that the chain of custody of such evidence is preserved in its original and authentic form up to the time when the evidence is produced in court. While there is no specific provision under the EA that provides for the admissibility of digital forensics evidence, our courts have accepted digital forensics findings as expert opinions provided the experts follow the procedures when giving the evidence. Getting help from the digital forensics experts is important especially in cases where the electronic data is deleted or destroyed. These experts have the necessary tools and expertise in retrieving the lost data. Recognising the need for the development of digital

In recent years, the rise of e-commerce and the increasing popularity of mobile devices such as tablets and smartphones have revolutionised the retail payments landscape and enabled new ways of making payments, one of which is by using electronic money (“E-Money”). E-Money ccording to the Guideline on E-Money (“Guideline”) 2008 by Bank Negara Malaysia; E-Money is a payment instrument that contains a monetary value that is paid in advance by the user to the E-Money issuer. For example Touch ‘n Go Sdn Bhd. Now with it, the user can purchase virtual or real goods and services from third-party merchants who accept the E-Money as a form of payment. Like our highway toll operators and retail outlets. When users pay using their E-Money, the amount will be automatically deducted from their E-Money balance. The Financial Services Act 2013 defines E-Money as; A payment instrument, whether tangible or intangible, that stores funds electronically in exchange of funds paid to the issuer and is able to be used as a means of making payment to any person other than the issuer. Therefore, E-Money is legally recognised as a valid and enforceable legal tender in Malaysia. Types of E-Money Application E-Money can be issued in different forms. The primary two forms are; Card-based – multi-purpose prepaid card embedded with microprocessors which can be loaded with a monetary value and can be used in exactly the same way as cash subject only to the amount of monetary value stored on the card and acceptance by merchants. Examples are like  Mondex, Visa Cash, Touch N Go cards Network-based – specialised software that works like an e-wallet that allows the transfer of monetary value on computer networks via the Internet, smartphones or any other devices. Think eCash, PayPal, MOLPay, MOLWallet. Now it’s important to note that E-Money can either have a centralized or a decentralised system. But what does that mean? Well, to put it simply here’s a breakdown Centralised System – there is a central point of control over the money supply. Bank deposits, electronic funds transfer, PayPal, eCash, WebMoney are some examples of this system. Whereas… Decentralized system  – the control over the money supply comes from various sources. Digital currencies such as Bitcoin, Litecoin, Monero are some prime examples. However, in recent years, a new mobile e-payment sub-system has been introduced exclusively for NFC-enabled tablet and smartphone users. This new sub-system includes the likes of Google Wallet, Apple Pay, Android Pay. It allows users to access funds in their deposit or credit accounts in financial institutions or credit card networks to initiate payments. Virtual Currency The rise of social networking sites and online gaming sites has spurred the growth of virtual currency market. The European Central Bank in 2012 defined virtual currency as; “a type of unregulated, digital money, which is issued and usually controlled by its developers, and used and accepted among the members of a specific virtual community.” Virtual games often make use of virtual currencies to enable transactions between the game players. Players can use the virtual money to buy new features in a game, extend their lives or send virtual gifts to other players. But, as virtual currency is not worth anything in the real world, it is not “money or money’s worth”. Therefore, it does NOT have legal tender status in any jurisdiction in the world. So the next time if you were to get scammed online and lose your ‘gaming money’, too bad.   Crypto Currency A cryptocurrency is a payment instrument using cryptography to secure the transactions and to control the creation of new units. Bitcoin became the first cryptocurrency in 2009. No transaction fees and bank accounts are involved and transactions can be made anonymously. Many merchants have started accepting cryptocurrency which enables users to use this virtual currency to buy goods and services in the real world. As cryptocurrency is not backed by any government, many central banks have cautioned against it. It remains largely unregulated but that may possibly change in the near future. In this article, the focus is on the centralized type of electronic money, as this is the only one that is currently regulated by our laws. E-Money Issuer’s Obligations Regulators in many countries have stepped in to regulate E-Money schemes. The objective is to promote the safety and soundness of E-Money schemes. They recognised that only a prudent and safe management of electronic money schemes can encourage wider acceptance and success of E-Money schemes. It’s also to instil users’ confidence in the usage of E-Money as well as encourage new, innovative and more secure E-Money schemes to be designed. In Malaysia, E-Money can be issued by financial and non-financial institutions. E-Money issuer in Malaysia must adopt the principles and minimum standards outlined in the Guideline and obtain approval from the Central Bank before it can operate their electronic money schemes. The principles are: Establish adequate governance arrangements which are effective and transparent; Have appropriate risk management infrastructure and processes for its E-Money operations. This includes having adequate security and internal controls on its systems to ensure the safety and integrity of the E-Money data and records and effective fraud detection and resolution mechanism; Ensure that the rights and responsibilities of its users and merchants are clearly set out in the relevant contractual documents, including issues about consumer protection and privacy; Manage the funds collected from users prudently to ensure timely refund of the E-Money balances to users and payment to merchants as well as to ensure that the funds are kept separately from the issuer’s working capital funds; Provide refunds of E-Money balances should users decide to close their account or were wrongly charged due to technical discrepancies; and Conduct customer due diligence on potential merchants and establish clear record-keeping for transactions to prevent merchants from using the E-Money schemes for money laundering purposes. Challenges: There are major challenges in implementing an effective E-Money scheme. This includes; Acquiring a large base of merchants to accept E-Money, Gaining trust and confidence from

Electronic contract (“E-Contract”) is a type of contract formed by electronic means rather than exchanging signed written documents. Contracts formed through electronic means are legally recognised as valid and enforceable contracts in Malaysia under the Electronic Commerce Act 2006 (“ECA”). Therefore, an E-Contract is as enforceable and valid as a paper contract. Hence, traditional elements on forming contract, namely, offer, acceptance, consideration and intention to create legal relations apply to the formation of E-Contract. Formation of an E-Contract An E-Contract would be formed once a customer makes an offer and the seller accepts the offer electronically. But, it’s important to note that an advertisement on a website will not generally constitute a formal offer. Therefore, as an online seller, you should ensure that your terms and conditions clearly state that the display of an item for sale on a website is only an invitation to treat. Unless, of course, you can ensure that you have enough stocks to fulfil the orders.  Types of E-Contract The 2 most common types of E-Contract are “Click-Wrap Agreement” and “Browse-Wrap Agreement”. Of course, the simplest way of sending an email to place an order and replying it with a confirmation email is also recognised as a valid form of E-Contract. As the law in this area is still being developed, there are no established legal definitions and rules that dictate how E-Contract should be formed. Thus, traditional legal principles on contract should apply only to the extent where it is practical and possible. Click-Wrap Agreement The name “click-wrap” came from the use of the words “shrink-wrap agreement” in boxed software purchases, which contains a notice that “by tearing open the box, the user accepts the Terms of the software”. In Click-wrap agreements, the terms and conditions (“Terms”) are provided when a purchased software is installed or downloaded, or when a website is accessed or a service is requested on the Internet. It is usually presented on a separate landing page via a hyperlink next to an “I Accept” or “I Agree” button and are presented on a “take it or leave it” basis. There is no bargaining or negotiation between the parties with respect to the Terms. In layman’s terms: A click-wrap agreement requires you – as the buyer or user – to explicitly agree to the terms and condition by clicking the button.  Some of the best practices when having a click-wrap agreement are: Requiring customers to scroll through all the Terms and then take positive action by clicking “I Agree” button or ticking “I Agree” checkbox (left blank by default) before being allowing them to proceed to the next step. If possible, offer an “I Disagree” button as well. Avoid using words like “I have read, understand and accept the Terms” as this can be viewed as encouraging customers to make false undertaking  – they might not actually read and understand the Terms. Instead, put a statement like “it is important to read and understand the Terms” before or next to the “I Agree” button. Ensuring that the Terms are visibly and conspicuously displayed in a prominent position with reasonable font size and in multiple languages. Place the Terms – or a hyperlink to the Terms – on the same screen and near the “I Accept” button. Allow customers to read, download and/or print the Terms. They should not be pressured to rush through the Terms by webpage timeouts. Retain a copy of all E-Contracts, including evidence of signature/authorization/acceptance of the Terms. Copies of E-Contracts must be stored in a form that accurately reflects the information set forth in the agreement agreed by both parties. Ensure that the Terms are always published on the website for future and ease of reference. Consider offering an easy to read and understandable summary of the Terms. Consider highlighting important Terms in a different colour or font size. Avoid unreasonable or unfair Terms as those Terms can be struck out by courts. Provide adequate notice of the revised Terms and if possible, allow customers to terminate the agreement if they do not agree with the revised Terms. Browse-Wrap Agreement Terms in browse-wrap agreements are usually presented on a separate landing page but requiring no positive action by the users to accept the Terms. The concept is that, by continuing to browse the website or use the service, the users are deemed to have accepted the Terms. The browse-wrap agreements are more commonly used in non-commercial websites. This is because these websites merely provide information or news, and no commercial transaction or activity takes place on the website. Some of the best practices when having a browse-wrap agreement are: Ensure that the Terms are visibly and conspicuously displayed in a prominent position. They should be in a reasonable font size and in multiple languages (for International user base). Terms should be written in a simple and less legalistic language. The Terms should state clearly that continued browsing or use of the service would constitute acceptance of the Terms. Allow users an opportunity to read, download and/or print the Terms. Ensure the Terms are always published on the website for future and ease of reference. Consider offering an easy to read and understandable summary of the Terms. Avoid unreasonable or unfair Terms as those Terms can be struck out by courts. Consider highlighting important Terms in a different colour or font size. Provide adequate notice of the revised Terms. And if possible, allow users to terminate the agreement if they do not agree with the revised Terms. Try to only use browse-wrap agreements on non-commercial websites. As these type of agreements do not provide the same degree of reasonable notice to the users and does not require affirmative action to show offer and acceptance of the Terms. Source: FreshBooks Essential Terms of an E-Contract The Terms in your E-Contract MUST be tailored to the needs of your business. There is no “one-size-fits-all” type of Terms and you should refrain from copying and pasting Terms from other websites. Generally, any

In recent years, the electronic cigarette (“E-Cigarette”) has enjoyed a boom in popularity and has become a trend among urbanites. But What Are E-Cigarette? An e-cigarette is a battery-operated smoking device designed to deliver nicotine or related substances to users in the form of an aerosol. It typically consists of a heating element, a cartridge that contains liquid nicotine or other substances and an atomizer that, when heated, convert the contents of the cartridge into an aerosol that the user inhales. As the liquid solution is converted into vapour, E-Cigarette is sometimes referred to as “vaping”, rather than smoking. There are two main categories of E-Cigarette! One is a closed system, in which pre-filled cartridges are used; the other one is an open system, where users are allowed to manually add solutions to a refillable cartridge. When E-Cigarettes were first introduced, they were shaped like cigarettes, cigars or pipes. Over the years, the designs and ingredients have evolved. Today, E-Cigarettes come in hundreds of brands with a variety of shapes and flavours, with some even mimicking common household products such as pens, lipsticks and power banks. Sales of E-Cigarettes have risen exponentially over the years. It is speculated that sales of E-Cigarettes might even overtake conventional cigarettes within the next 5-10 years. Safety and Public Health Impact Many public health organizations and policymakers are concerned about the safety and public health impact of E-Cigarettes. This is due to the lack of manufacturing standards and ingredient disclosure requirements. They agree that further scientific study needs to be undertaken to assess the safety claims about E-Cigarettes and to determine the public health impact of E-Cigarettes. The nicotine in E-Cigarettes, like any other tobacco products, is highly addictive and can be toxic if taken in high doses. For example, E-Cigarette cartridge typically contains between 6 and 24 mg of nicotine per millilitre, but in some brands, the nicotine level has been found to be much higher. It is also still unknown about the health impacts of E-Cigarette aerosol on both the users and those in close proximity who are exposed to the second-hand aerosol. One study conducted by the U.S. Food and Drug Administration (“FDA”) has found that E-Cigarettes contain a number of dangerous substances. The World Health Organization has strongly advised consumers against the use of E-Cigarettes until they are “deemed safe and effective and of acceptable quality by a competent national regulatory body.” As a result of this, governments around the world have stepped in to regulate the sale, price, and use of E-Cigarettes. The regulation varies across countries. Some countries have come up with regulations while some have completely banned E-Cigarettes altogether. Legal Status of E-Cigarette around the World In the US, at the Federal level, the FDA has regulated cigarettes, smokeless, and roll-your-own tobacco since 2009. On 8th August 2016, the FDA finalised a rule that extends its regulatory authority to all tobacco products, including E-Cigarettes, cigars and hookah and pipe tobacco, as part of its goal to improve public health. “Before this final rule, these products could be sold without any review of their ingredients, how they were made, and their potential dangers,” explains Mitch Zeller, J.D., director of the FDA’s Center for Tobacco Products. “Under this new rule, we’re taking steps to protect Americans from the dangers of tobacco products, ensure these tobacco products have health warnings and restrict sales to minors.” The New Rule The new rule does numerous things. As mentioned, the new rule extends the FDA’s regulatory authority to all tobacco products, including E-Cigarettes (also called electronic cigarettes or electronic nicotine delivery systems (ENDS)), all cigars, hookah (also called waterpipe tobacco), pipe tobacco, nicotine gels and dissolvables that did not previously fall under the FDA’s authority. It requires health warnings on roll-your-own tobacco, cigarette tobacco, and certain newly regulated tobacco products and also bans free samples. In addition, manufacturers of newly regulated tobacco products that were not on the market as of 15th February 2007 will have to show that their products meet the applicable public health standard set by the law. Most importantly, these manufacturers will have to receive marketing authorisation from the FDA. Furthermore, the new rule also restricts youth access to newly regulated tobacco products by not allowing such products to be sold to those younger than 18 and not allowing tobacco products to be sold in vending machines (unless in an adult-only facility). Finally, it gives a foundation for future FDA actions related to tobacco. At the state level, local governments can pass their own state laws to regulate the use of E-Cigarettes. In California, it is illegal to sell or otherwise furnish an E-Cigarette to a person under 18 years of age. Some states have imposed a tax on E-Cigarettes as they are treated as tobacco products while some states have extended their indoor smoking bans to include E-Cigarettes. The U.S. Department of Transportation has stated that it interprets the federal regulations that prohibit smoking on aeroplanes to apply to E-Cigarettes. In some parts of Europe, E-Cigarettes are currently banned while some other EU member states allow the sale and use of E-Cigarettes, albeit with some restrictions. The EU has passed a revised Tobacco Products Directive (“Directive”) which aims to improve the functioning of the internal market for tobacco and related products while ensuring a high level of health protection for European citizens. The Directive, which is based on the proposal of the European Commission, entered into force on 19th May 2014 and became applicable in the EU Member States on 20th May 2016. The Directive includes E-Cigarettes as tobacco-related products and introduces certain new rules on how E-Cigarettes can be sold and manufactured, as well as how they can be displayed in shops. The Directive also requires health warnings, instructions for use, information on addictiveness and toxicity to be displayed on packages on E-Cigarettes and it controls the maximum sizes of the liquid bottles (2ml for cartridges and 10ml for refill containers) and the maximum nicotine level they can