Articles

Professor Chris Reed in his article “What is a Signature?” states that the principal function of a signature is to provide evidence of three matters: (i) the identity of the signatory; (ii) the intention to make a signature to indicate agreement and willingness to be bound by the contents of the document; and (iii) that the signatory adopts the contents. In other words, the signature demonstrates that the signatory had the intention to authenticate the document, which serves as a form of evidence in the event of a dispute. Generally, many people still prefer to sign on a printed form of contract. While this approach is widely adopted, it comes with several risks and challenges. How does the recipient know the signature is not forged? How does the signatory know that his signature is linked with the contract or that the contract that he agreed is the contract he “signed”? It is a recognized fact that physical documents can be easily altered and signatures can be forged. With the advancement of technology and wide availability of online E-Signature services, it is, therefore, a high time for us to examine an alternative form of signing via electronic means, known as “E-Signature”. Since contracts can be prepared electronically, it is only natural that signing should also take place electronically. Types of E-Signature Since a traditional handwritten signature is not possible on an electronic contract, people have used several different methods to indicate their E-Signatures, including: typing the signatory’s name or a placing a unique representation of mark into the signature area; scanning a physical manuscript signature; pasting a scanned version/image file of the signatory’s signature into the signature area; signing with a special pen on a pad which is used to measure and record the actions of the person as he signs; clicking on a website button/ticking off a tick box to this effect (for e.g. “I Agree”, “I Accept”, “Confirm Order”); inserting an E-Signature via an online E-Signature service; attaching a digital signature created by cryptographic means whereby the sender affixes the signature using his private key and the recipient checks the signature using his public key (more commonly known as “digital signature”). I would not recommend the first 3 methods as they provide very little security against forgery and misuse, and they are more vulnerable to identity theft if the communication is intercepted. Legal Status of E-Signature The issue is whether E-Signature is legally recognized under the law. In 1996, the United Nations published the UNCITRAL Model Law on Electronic Commerce which was highly influential in the development of E-Signature around the world. It was the first model law that sets forth the principle of non-discrimination in order to ensure that a document is not denied legal effect, validity or enforceability solely on the grounds that it is in electronic form. Subsequent to this, the UN further published UNCITRAL Model Law on Electronic Signatures (2001) and the United Nations Convention on the Use of Electronic Communications in International Contracts (2005) to affirm the notion that electronic contracts and electronic signatures are as valid and enforceable as their paper-based equivalents. As a result of this, many countries around the world have enacted their own legislation to give effect to the validity and enforceability of electronic contracts and electronic signatures. In Malaysia, the Electronic Commerce Act 2006 (”Act”) recognizes “any letter, character, number, sound or symbol or any combination thereof created in the electronic form adopted by a person as a signature” as an E-Signature. The Act also states that if the document is created electronically, it can now be signed by an E-Signature. This is, of course, subject to the conditions that the E-Signature has to be attached to or is associated with the electronic document, adequately identify the person and adequately indicate the person’s approval of the contents in the electronic document and be reliable. Reliability of an E-Signature is established when the means of creating the E-Signature is linked to and under the control of that person only and as long as any alteration made to the E-Signature or to that document after the time of signing is detectable. Under Malaysian law, a handwritten signature is not necessarily required for a valid contract. Contracts are generally valid if parties have reached an agreement and intend to be bound by the agreement, whether they agree verbally, electronically or in writing. The Act specifically confirms that contracts cannot be denied enforceability merely because they are concluded electronically, although certain documents and deeds may require additional formal requirements such as notarization or attestation (for example, power of attorney, wills and codicils, trust documents, negotiable instruments, real property transfers, statutory declarations, bills of sale, etc). The principles behind the use of signatures have not changed, what the law does is to facilitate paperless signing via electronic means. Why Use E-Signature Service? Using E-Signature service in high value or important transactions can provide the level of assurance needed, build trust in the underlying system as well as improve overall customer satisfaction as the documents are more securely held and the signing process is carried out more efficiently. A good quality E-Signature service can offer the following features: Signature authentication: Anyone who signs a document via an E-Signature service must have log-in information or have received in his email account a request for signature so that you know exactly the identity of the person who signs your document. Signature affixation: Each signature on a contract is imposed and affixed to the contract. There is an audit trail that tracks who has opened, viewed and signed the document and when. The audit trail is appended to all signed documents and forms a court-admissible document log. Signature integrity: The service allows any changes to the contents to be detected more easily, showing whether the contents have been altered/tampered during and after the signing process and ensuring that the contents remain confidential and secure. Court-admissible transactions log: The service creates a comprehensive transaction log that shows the

In response to the rising tide of cyber security threats in Malaysia, the Parliament has, over the years, passed a slew of cyber legislation to deal with activities in the cyberspace and to tackle cyber attacks. There has yet to be a stand-alone cyber security legislation and there is no news that the Parliament is planning to enact one. In this article, we set out a brief description of the relevant cyber legislation and their relevance to cybersecurity as well as the cybersecurity framework that is currently in place in Malaysia. Existing Laws That Deal with Cyber Security Communications and Multimedia Act 1998 (“CMA”) As the main cyber law in Malaysia, the CMA provides for and regulates the converging areas of communications and multimedia. In particular, the CMA regulates various activities carried out by licensees (i.e. network facilities providers, network service providers, applications service providers and content applications service providers) as well as those utilising the services provided by licensees. One of the objects of the CMA is to ensure information security and network reliability and integrity in Malaysia. Computer Crimes Act 1997 (“CCA”) The CCA criminalizes the act of hacking, spreading of computer viruses and wrongful communication of any means of access to a computer to an unauthorized person. Depending on the type of offence committed, the fines range from RM25,000 to RM150,000 and imprisonment of 3 to 10 years or both. Digital Signatures Act 1997 (“DSA”) The DSA is an enabling law that allows for the development of, among others, electronic transactions, by providing an avenue for secure online transactions through the use of digital signatures. The legal recognition of digital signatures allows electronic communications to be transmitted securely, especially on the Internet. It is an identity verification procedure using encryption techniques to prevent forgery and interception of communication. Electronic Commerce Act 2006 (“ECA”) The object of the ECA is to provide for legal recognition of electronic messages in commercial transactions, the use of the electronic messages to fulfil legal requirements and to enable and facilitate commercial transactions via electronic means. It confers legal recognition to the formation of a contract via electronic means; recognizes electronic messages and electronic signatures; deems certain electronic document to be considered original as well as provides that the retention of documents in electronic format fulfils the requirements of the law, provided certain qualifying criteria are met. Personal Data Protection Act 2010 (“PDPA”) The PDPA regulates the processing of personal data in commercial transactions and for matters connected therewith and incidental thereto. The PDPA applies to anyone who processes and has control over or authorizes the processing of any personal data in respect of commercial transactions. The PDPA sets out 7 personal data protection principles, of which the most relevant one in the context of cybersecurity would be the Security Principle i.e. appropriate technical and organisational security measures shall be taken to prevent unauthorised or unlawful processing of personal data and accidental loss, misuse, modification or unauthorised disclosure of personal data. National Cyber Security Policy (“NCSP”) In addition to legislative measures, the Government has also rolled out the NCSP to strengthen Malaysia’s Critical National Information Infrastructure (“CNII”) and facilitate Malaysia’s drive towards attaining a developed nation status by the year 2020. The NCSP addresses, among other things, risks to the CNII, which concern the networked information systems of ten sectors, namely, Defence and Security; Transportation; Banking and Finance; Health Services; Emergency Services; Energy; Information and Communications; Government; Food and Agricultural; and Water. These CNII sectors have been identified based on the fact that their incapacitation would cause substantial damage to national interests and security and potentially collapse the nation’s economy. The NCSP sets out a number of “policy thrusts” to ensure the effectiveness of cybersecurity controls over vital assets. These “policy thrusts” would require the collaboration of different government agencies in ensuring effective governance and proper regulatory framework. The NCSP also requires the CNII sectors to ensure compliance with information security standards and technology-specific guidelines to a level commensurate with the risks. On top of that, the NCSP also aims to increase the technological capabilities to resolve cyber crimes through improving digital forensic lab facilities. Malaysia has identified the ISO/IEC 27001 as the baseline standard for information security and has proposed for all CNII sectors to be ISO/IEC 27001 Information Security Management Systems (“ISMS”) certified. Government Agencies/Units That Deal with Cyber Security Cyber Security Malaysia Cyber Security Malaysia (formerly known as the National ICT Security and Emergency Response Centre (“NISER”)), is a national cybersecurity specialist agency formed under the Ministry of Science, Technology & Innovation. Cyber Security Malaysia is tasked with the roles of monitoring the National e-Security aspect, providing specialized cybersecurity services and identifying possible areas that may be detrimental to national security and public safety. MyCERT and Cyber999 Malaysia Computer Emergency Response Team (“MyCERT”) addresses the computer security concerns of Malaysia’s Internet users and aims to reduce the probability of cybersecurity attacks. The agency was formed under Cyber Security Malaysia to provide a point of contact for Internet users who are affected by cybersecurity incidents. MyCERT provides assistance for users who are affected by the intrusion, identity theft, malware infection, cyber harassment and other computer security related incidents. MyCERT collaborates with other law enforcement agencies and regulators such as the Royal Malaysian Police, Securities Commission, Central Bank of Malaysia, along with Internet Service Providers and various computer security response teams around the world. Operated by MyCERT, Cyber999 is a computer security incident handling and response help centre relating to detection, interpretation and response to computer security incidents. Aside from that, it also alerts Internet users in Malaysia in the event of a cybersecurity threat or malware outbreak. CyberCSI As Cyber Security Malaysia’s Outreach & Corporate Commitment Department, CyberCSI provides full-fledged digital forensics investigations and examinations in the areas of audio and video forensics. The agency regularly works with law enforcement agencies, government-linked companies and private companies. The agency also has a team of analysts who have been gazetted under the

Let’s talk about electronic evidence (“E-Evidence”) and electronic forensics (“E-Forensics”) in this article. In Malaysia, the Evidence Act 1950 (“EA”) is the main legislation governing the forms of evidence, how evidence is to be proved and tendered to the court, its relevancy as well as its effects. Section 3 of the EA defines evidence as (a) all statements which the court permits or requires to be made before it by witnesses in relation to matters of fact under inquiry (i.e. oral evidence), and (b) all documents produced for the inspection by the court (i.e. documentary evidence). “Document” is defined to mean any matter expressed, described or howsoever represented, upon any substance, material, thing or article. As such, documentary evidence would include all forms of written, printed and electronic evidence. Information technology has caused a paradigm shift in the way individuals and organizations create, collect, share and store data and information. These data and information are stored electronically and may become important “evidence” in the event of a dispute. E-Evidence (which includes digital evidence) is any probative information stored or transmitted in digital form that a party to a court case may use at trial. The question then is whether such E-Evidence is legally recognized under Malaysian laws. The short answer to that is, yes, it is legally recognized Admissibility of E-Evidence A document produced by a computer and a statement contained therein is admissible as documentary evidence under Sections 90A, 90B and 90C of the EA. The court will determine if the evidence is relevant, reliable and authentic. E-Evidence by nature is very fragile and is easily manipulated, altered, forged, damaged or destroyed. It is prone to damage or alteration as well as destruction if it is not properly handled. Therefore, it is technically challenging in establishing the authenticity and reliability of such evidence. Section 90A provides that a document is admissible if it was produced by the computer in the course of its ordinary use. There are 2 methods to satisfy this condition. The first method is by getting the person in charge of the operation of the computer or the conduct of the activities for which that computer was used to give a piece of oral evidence that the document was produced by the computer in the course of its ordinary use. An example is shown in the case of Gnanasegaran a/l Perarajasingam v Public Prosecutor where a bank officer who was in charge of all the operations of the bank branch gave an oral testimony that the bank statements were produced by a computer at his branch. The second method is used in a situation where there is no way to bring a witness to the court to give oral evidence. In this case, the person who wants to bring up such evidence must produce a certificate signed by a person who is in charge of the operation of the computer or the conduct of the activities for which that computer was used to prove that the document was produced by the computer in the course of its ordinary use. Once the certificate is produced, there is a presumption that the computer referred to in the certificate was in good working order and was operating properly in all respects throughout the material part of the period during which the document was produced. The evidential burden of disapproving it would be on the party challenging its credibility. Other Types of E-Evidence E-Evidence includes computer generated/produced documents, computer printouts, computer outputs, computer-based/related evidence, electronic data and electronic documents. This has been recognized since 1993 when the law was amended to accept this type of E-Evidence. However, technology has changed so much that there is now a new emerging sub-category of E-Evidence called digital evidence, which refers to evidence is available in digital form or binary form. Some of the examples include chat-room and web-browsing histories, ISP records, digital photographs, video and audio files, cloud data storage facility, GPS tracks, computer hard-drives as well as local and virtual databases. Some digital evidence cannot be printed out. How would the court treat this type of evidence? In certain countries, their courts recognize the use of certain software to obtain and secure digital evidence and accept testimonials given by digital forensics experts. Authenticity of E-Evidence Once the document is admissible as a piece of evidence, the court will then need to assess the authenticity and relevancy of such evidence. Section 90B says that the court may draw any reasonable inference from circumstances relating to the document or the statement, including the manner and purpose of its creation, or its accuracy, in assessing whether the evidence is authentic and reliable. This would be essentially a question of fact and the parties would need to bring in circumstantial evidence to strengthen such evidence. The court recognizes that although the oral testimony and certificate are two means of authenticating E-Evidence, they are not sufficient to ensure the originality and genuineness of E-Evidence. The court will also examine the collection, preservation and discovery of the E-Evidence to ensure that the contents of the E-Evidence are authentic. E-Forensics Other than calling the maker or witness to the court, another authentication method is by getting an expert opinion from the digital forensics experts (Section 45 of the EA). These experts are trained and skilled in investigating and preserving E-Evidence to ensure that the chain of custody of such evidence is preserved in its original and authentic form up to the time when the evidence is produced in court. While there is no specific provision under the EA that provides for the admissibility of digital forensics evidence, our courts have accepted digital forensics findings as expert opinions provided the experts follow the procedures when giving the evidence. Getting help from the digital forensics experts is important especially in cases where the electronic data is deleted or destroyed. These experts have the necessary tools and expertise in retrieving the lost data. Recognising the need for the development of digital

In recent years, the rise of e-commerce and the increasing popularity of mobile devices such as tablets and smartphones have revolutionised the retail payments landscape and enabled new ways of making payments, one of which is by using electronic money (“E-Money”). E-Money ccording to the Guideline on E-Money (“Guideline”) 2008 by Bank Negara Malaysia; E-Money is a payment instrument that contains a monetary value that is paid in advance by the user to the E-Money issuer. For example Touch ‘n Go Sdn Bhd. Now with it, the user can purchase virtual or real goods and services from third-party merchants who accept the E-Money as a form of payment. Like our highway toll operators and retail outlets. When users pay using their E-Money, the amount will be automatically deducted from their E-Money balance. The Financial Services Act 2013 defines E-Money as; A payment instrument, whether tangible or intangible, that stores funds electronically in exchange of funds paid to the issuer and is able to be used as a means of making payment to any person other than the issuer. Therefore, E-Money is legally recognised as a valid and enforceable legal tender in Malaysia. Types of E-Money Application E-Money can be issued in different forms. The primary two forms are; Card-based – multi-purpose prepaid card embedded with microprocessors which can be loaded with a monetary value and can be used in exactly the same way as cash subject only to the amount of monetary value stored on the card and acceptance by merchants. Examples are like  Mondex, Visa Cash, Touch N Go cards Network-based – specialised software that works like an e-wallet that allows the transfer of monetary value on computer networks via the Internet, smartphones or any other devices. Think eCash, PayPal, MOLPay, MOLWallet. Now it’s important to note that E-Money can either have a centralized or a decentralised system. But what does that mean? Well, to put it simply here’s a breakdown Centralised System – there is a central point of control over the money supply. Bank deposits, electronic funds transfer, PayPal, eCash, WebMoney are some examples of this system. Whereas… Decentralized system  – the control over the money supply comes from various sources. Digital currencies such as Bitcoin, Litecoin, Monero are some prime examples. However, in recent years, a new mobile e-payment sub-system has been introduced exclusively for NFC-enabled tablet and smartphone users. This new sub-system includes the likes of Google Wallet, Apple Pay, Android Pay. It allows users to access funds in their deposit or credit accounts in financial institutions or credit card networks to initiate payments. Virtual Currency The rise of social networking sites and online gaming sites has spurred the growth of virtual currency market. The European Central Bank in 2012 defined virtual currency as; “a type of unregulated, digital money, which is issued and usually controlled by its developers, and used and accepted among the members of a specific virtual community.” Virtual games often make use of virtual currencies to enable transactions between the game players. Players can use the virtual money to buy new features in a game, extend their lives or send virtual gifts to other players. But, as virtual currency is not worth anything in the real world, it is not “money or money’s worth”. Therefore, it does NOT have legal tender status in any jurisdiction in the world. So the next time if you were to get scammed online and lose your ‘gaming money’, too bad.   Crypto Currency A cryptocurrency is a payment instrument using cryptography to secure the transactions and to control the creation of new units. Bitcoin became the first cryptocurrency in 2009. No transaction fees and bank accounts are involved and transactions can be made anonymously. Many merchants have started accepting cryptocurrency which enables users to use this virtual currency to buy goods and services in the real world. As cryptocurrency is not backed by any government, many central banks have cautioned against it. It remains largely unregulated but that may possibly change in the near future. In this article, the focus is on the centralized type of electronic money, as this is the only one that is currently regulated by our laws. E-Money Issuer’s Obligations Regulators in many countries have stepped in to regulate E-Money schemes. The objective is to promote the safety and soundness of E-Money schemes. They recognised that only a prudent and safe management of electronic money schemes can encourage wider acceptance and success of E-Money schemes. It’s also to instil users’ confidence in the usage of E-Money as well as encourage new, innovative and more secure E-Money schemes to be designed. In Malaysia, E-Money can be issued by financial and non-financial institutions. E-Money issuer in Malaysia must adopt the principles and minimum standards outlined in the Guideline and obtain approval from the Central Bank before it can operate their electronic money schemes. The principles are: Establish adequate governance arrangements which are effective and transparent; Have appropriate risk management infrastructure and processes for its E-Money operations. This includes having adequate security and internal controls on its systems to ensure the safety and integrity of the E-Money data and records and effective fraud detection and resolution mechanism; Ensure that the rights and responsibilities of its users and merchants are clearly set out in the relevant contractual documents, including issues about consumer protection and privacy; Manage the funds collected from users prudently to ensure timely refund of the E-Money balances to users and payment to merchants as well as to ensure that the funds are kept separately from the issuer’s working capital funds; Provide refunds of E-Money balances should users decide to close their account or were wrongly charged due to technical discrepancies; and Conduct customer due diligence on potential merchants and establish clear record-keeping for transactions to prevent merchants from using the E-Money schemes for money laundering purposes. Challenges: There are major challenges in implementing an effective E-Money scheme. This includes; Acquiring a large base of merchants to accept E-Money, Gaining trust and confidence from

Electronic contract (“E-Contract”) is a type of contract formed by electronic means rather than exchanging signed written documents. Contracts formed through electronic means are legally recognised as valid and enforceable contracts in Malaysia under the Electronic Commerce Act 2006 (“ECA”). Therefore, an E-Contract is as enforceable and valid as a paper contract. Hence, traditional elements on forming contract, namely, offer, acceptance, consideration and intention to create legal relations apply to the formation of E-Contract. Formation of an E-Contract An E-Contract would be formed once a customer makes an offer and the seller accepts the offer electronically. But, it’s important to note that an advertisement on a website will not generally constitute a formal offer. Therefore, as an online seller, you should ensure that your terms and conditions clearly state that the display of an item for sale on a website is only an invitation to treat. Unless, of course, you can ensure that you have enough stocks to fulfil the orders.  Types of E-Contract The 2 most common types of E-Contract are “Click-Wrap Agreement” and “Browse-Wrap Agreement”. Of course, the simplest way of sending an email to place an order and replying it with a confirmation email is also recognised as a valid form of E-Contract. As the law in this area is still being developed, there are no established legal definitions and rules that dictate how E-Contract should be formed. Thus, traditional legal principles on contract should apply only to the extent where it is practical and possible. Click-Wrap Agreement The name “click-wrap” came from the use of the words “shrink-wrap agreement” in boxed software purchases, which contains a notice that “by tearing open the box, the user accepts the Terms of the software”. In Click-wrap agreements, the terms and conditions (“Terms”) are provided when a purchased software is installed or downloaded, or when a website is accessed or a service is requested on the Internet. It is usually presented on a separate landing page via a hyperlink next to an “I Accept” or “I Agree” button and are presented on a “take it or leave it” basis. There is no bargaining or negotiation between the parties with respect to the Terms. In layman’s terms: A click-wrap agreement requires you – as the buyer or user – to explicitly agree to the terms and condition by clicking the button.  Some of the best practices when having a click-wrap agreement are: Requiring customers to scroll through all the Terms and then take positive action by clicking “I Agree” button or ticking “I Agree” checkbox (left blank by default) before being allowing them to proceed to the next step. If possible, offer an “I Disagree” button as well. Avoid using words like “I have read, understand and accept the Terms” as this can be viewed as encouraging customers to make false undertaking  – they might not actually read and understand the Terms. Instead, put a statement like “it is important to read and understand the Terms” before or next to the “I Agree” button. Ensuring that the Terms are visibly and conspicuously displayed in a prominent position with reasonable font size and in multiple languages. Place the Terms – or a hyperlink to the Terms – on the same screen and near the “I Accept” button. Allow customers to read, download and/or print the Terms. They should not be pressured to rush through the Terms by webpage timeouts. Retain a copy of all E-Contracts, including evidence of signature/authorization/acceptance of the Terms. Copies of E-Contracts must be stored in a form that accurately reflects the information set forth in the agreement agreed by both parties. Ensure that the Terms are always published on the website for future and ease of reference. Consider offering an easy to read and understandable summary of the Terms. Consider highlighting important Terms in a different colour or font size. Avoid unreasonable or unfair Terms as those Terms can be struck out by courts. Provide adequate notice of the revised Terms and if possible, allow customers to terminate the agreement if they do not agree with the revised Terms. Browse-Wrap Agreement Terms in browse-wrap agreements are usually presented on a separate landing page but requiring no positive action by the users to accept the Terms. The concept is that, by continuing to browse the website or use the service, the users are deemed to have accepted the Terms. The browse-wrap agreements are more commonly used in non-commercial websites. This is because these websites merely provide information or news, and no commercial transaction or activity takes place on the website. Some of the best practices when having a browse-wrap agreement are: Ensure that the Terms are visibly and conspicuously displayed in a prominent position. They should be in a reasonable font size and in multiple languages (for International user base). Terms should be written in a simple and less legalistic language. The Terms should state clearly that continued browsing or use of the service would constitute acceptance of the Terms. Allow users an opportunity to read, download and/or print the Terms. Ensure the Terms are always published on the website for future and ease of reference. Consider offering an easy to read and understandable summary of the Terms. Avoid unreasonable or unfair Terms as those Terms can be struck out by courts. Consider highlighting important Terms in a different colour or font size. Provide adequate notice of the revised Terms. And if possible, allow users to terminate the agreement if they do not agree with the revised Terms. Try to only use browse-wrap agreements on non-commercial websites. As these type of agreements do not provide the same degree of reasonable notice to the users and does not require affirmative action to show offer and acceptance of the Terms. Source: FreshBooks Essential Terms of an E-Contract The Terms in your E-Contract MUST be tailored to the needs of your business. There is no “one-size-fits-all” type of Terms and you should refrain from copying and pasting Terms from other websites. Generally, any

In recent years, the electronic cigarette (“E-Cigarette”) has enjoyed a boom in popularity and has become a trend among urbanites. But What Are E-Cigarette? An e-cigarette is a battery-operated smoking device designed to deliver nicotine or related substances to users in the form of an aerosol. It typically consists of a heating element, a cartridge that contains liquid nicotine or other substances and an atomizer that, when heated, convert the contents of the cartridge into an aerosol that the user inhales. As the liquid solution is converted into vapour, E-Cigarette is sometimes referred to as “vaping”, rather than smoking. There are two main categories of E-Cigarette! One is a closed system, in which pre-filled cartridges are used; the other one is an open system, where users are allowed to manually add solutions to a refillable cartridge. When E-Cigarettes were first introduced, they were shaped like cigarettes, cigars or pipes. Over the years, the designs and ingredients have evolved. Today, E-Cigarettes come in hundreds of brands with a variety of shapes and flavours, with some even mimicking common household products such as pens, lipsticks and power banks. Sales of E-Cigarettes have risen exponentially over the years. It is speculated that sales of E-Cigarettes might even overtake conventional cigarettes within the next 5-10 years. Safety and Public Health Impact Many public health organizations and policymakers are concerned about the safety and public health impact of E-Cigarettes. This is due to the lack of manufacturing standards and ingredient disclosure requirements. They agree that further scientific study needs to be undertaken to assess the safety claims about E-Cigarettes and to determine the public health impact of E-Cigarettes. The nicotine in E-Cigarettes, like any other tobacco products, is highly addictive and can be toxic if taken in high doses. For example, E-Cigarette cartridge typically contains between 6 and 24 mg of nicotine per millilitre, but in some brands, the nicotine level has been found to be much higher. It is also still unknown about the health impacts of E-Cigarette aerosol on both the users and those in close proximity who are exposed to the second-hand aerosol. One study conducted by the U.S. Food and Drug Administration (“FDA”) has found that E-Cigarettes contain a number of dangerous substances. The World Health Organization has strongly advised consumers against the use of E-Cigarettes until they are “deemed safe and effective and of acceptable quality by a competent national regulatory body.” As a result of this, governments around the world have stepped in to regulate the sale, price, and use of E-Cigarettes. The regulation varies across countries. Some countries have come up with regulations while some have completely banned E-Cigarettes altogether. Legal Status of E-Cigarette around the World In the US, at the Federal level, the FDA has regulated cigarettes, smokeless, and roll-your-own tobacco since 2009. On 8th August 2016, the FDA finalised a rule that extends its regulatory authority to all tobacco products, including E-Cigarettes, cigars and hookah and pipe tobacco, as part of its goal to improve public health. “Before this final rule, these products could be sold without any review of their ingredients, how they were made, and their potential dangers,” explains Mitch Zeller, J.D., director of the FDA’s Center for Tobacco Products. “Under this new rule, we’re taking steps to protect Americans from the dangers of tobacco products, ensure these tobacco products have health warnings and restrict sales to minors.” The New Rule The new rule does numerous things. As mentioned, the new rule extends the FDA’s regulatory authority to all tobacco products, including E-Cigarettes (also called electronic cigarettes or electronic nicotine delivery systems (ENDS)), all cigars, hookah (also called waterpipe tobacco), pipe tobacco, nicotine gels and dissolvables that did not previously fall under the FDA’s authority. It requires health warnings on roll-your-own tobacco, cigarette tobacco, and certain newly regulated tobacco products and also bans free samples. In addition, manufacturers of newly regulated tobacco products that were not on the market as of 15th February 2007 will have to show that their products meet the applicable public health standard set by the law. Most importantly, these manufacturers will have to receive marketing authorisation from the FDA. Furthermore, the new rule also restricts youth access to newly regulated tobacco products by not allowing such products to be sold to those younger than 18 and not allowing tobacco products to be sold in vending machines (unless in an adult-only facility). Finally, it gives a foundation for future FDA actions related to tobacco. At the state level, local governments can pass their own state laws to regulate the use of E-Cigarettes. In California, it is illegal to sell or otherwise furnish an E-Cigarette to a person under 18 years of age. Some states have imposed a tax on E-Cigarettes as they are treated as tobacco products while some states have extended their indoor smoking bans to include E-Cigarettes. The U.S. Department of Transportation has stated that it interprets the federal regulations that prohibit smoking on aeroplanes to apply to E-Cigarettes. In some parts of Europe, E-Cigarettes are currently banned while some other EU member states allow the sale and use of E-Cigarettes, albeit with some restrictions. The EU has passed a revised Tobacco Products Directive (“Directive”) which aims to improve the functioning of the internal market for tobacco and related products while ensuring a high level of health protection for European citizens. The Directive, which is based on the proposal of the European Commission, entered into force on 19th May 2014 and became applicable in the EU Member States on 20th May 2016. The Directive includes E-Cigarettes as tobacco-related products and introduces certain new rules on how E-Cigarettes can be sold and manufactured, as well as how they can be displayed in shops. The Directive also requires health warnings, instructions for use, information on addictiveness and toxicity to be displayed on packages on E-Cigarettes and it controls the maximum sizes of the liquid bottles (2ml for cartridges and 10ml for refill containers) and the maximum nicotine level they can

If you weren’t aware, the Malaysian online community has been in a tizzy commenting about one man’s actions, which may be considered as cyber-bullying. Just this week, a man named Eddy Rajang drew widespread public condemnation after he posted a video of him berating a Carlsberg promoter. Even though he quickly took down the post, the damage was done. Within hours, Malaysian netizen took it upon themselves to expose his and his family members’ personal information and publicly shamed him. Going to the extent of revealing where he worked, the faces of his family members and even locating where his young daughter went to school! Some even claimed that they wanted to go to the daughter’s school to track her down. Following the uproar, Eddy lost his job. This was despite issuing a public apology in the following video. This was what he said in the video: Salam Sejahtera. Saya yang dikenali sebagai Eddy Rejang ingin membuat permohonan maaf secara terbuka kepada semua rakyat Malaysia dan terutama kepada perempuan tersebut…Akui kesalahan saya dan amat menyesal tindakan saya terhadap perempuan tersebut. Saya berharap isu ini tidak lagi dipanjangkan oleh mana – mana pihak memandangkan saya telah bertemu dengan YB Lim Lip Eng dan telah membuat permohonan maaf kepada pihak YB Lim. YB Lim juga mengatakan akan membuat perjumpaan dengan promoter perempuan tersebut secepat mungkin. Sekian , terima kasih . – Eddy Rejang However, despite not condoning Eddy’s actions towards the poor promoter; we do not think Eddy’s action deserved such a reaction either because it is considered cyber-bullying. Why? Because not only has he issued a public apology; harassing him online can be considered as CYBER-BULLYING! Moreover, photos and the identity of the Carlsberg promoter are also making their round on social media. The Carlsberg promoter – which we must praise her for high EQ and calmness in responding to Eddy’s remarks – has issued a press release through Carlsberg saying that while she appreciated the encouraging words and support from all parties, she preferred everybody to also respect her privacy. In the statement, Managing Director of Carlsberg Malaysia Lars Lehmann commented; We respect the promoter’s decision not to further pursue the matter. She appreciates the encouraging words and support received from all parties…Nonetheless, she urged all parties to respect her privacy by not circulating any images, videos and personal information of her But before we go into the nitty-gritty behind the law, there was another case that took place in 2014 which relates to cyber bullying. Kiki’s road rage incident: cyber-bullying? Kiki became an overnight sensation because she over-reacted and retaliated by repeatedly hitting the car of an elderly man who had accidentally bumped into her new Peugeot car. The incident became viral within hours after it was video-recorded and uploaded onto YouTube by an onlooker. Like Eddy, angry netizens took it upon themselves by scouring through social media and public domain databases to look for Kiki’s personal data and then exposing her personal data to the public. Such a practice is known as “doxing” or document tracing. It means tracing someone or gathering information about an individual using publicly available sources on the Internet. Some have posted distasteful remarks on her Facebook page, while others have publicly cursed and shamed her – acts considered as cyber-bullying, with some even threatening to harm her physically. In fact, her company’s website came under attack and her social media account was hacked! Similarly, while we do not condone what Kiki had done to the elderly man, we do believe that “two wrongs do not make a right”. The extent to which the netizens have done is tantamount to cyber-bullying and harassing. Imagine what would happen if someone harmed her using the personal data that they got online?! Just because the information is available online, that does not mean we all should also behave like a bully by mining and exposing her personal data online. While many would have agreed that Kiki should not have taken the law into her own hands, or that Eddy had himself to be blamed for doing such a thing on that poor girl, likewise, we also should not behave like a judge, jury and executioner. In the online world, that is considered cyber-bullying. That is precisely why we have the Parliament, police and courts. In both cases, the authorities have taken the appropriate – and most importantly, LEGAL – method of handling the matter. Kiki had since pleaded guilty and the court had fined her RM5,000 and ordered her to do 240 hours of community service. As for Eddy, we understand that the police have opened an investigation file and therefore, we should just let the law to take its own course. The Law Unfortunately, there is NO law that regulates the disclosing of private information online. The Personal Data Protection Act 2010 only applies to the processing of personal data in commercial transactions. If there is evidence that shows that the personal data was pulled out from private databases, then arguably that may constitute hacking under the Computer Crimes Act 1997. Otherwise, if the personal data was merely extracted from the public domain, then there is no case. That being said, there is also a potential cause of action under the common law right to privacy. The victim will have to sue and prove that his privacy has been invaded.  In addition, he must show that the action has caused severe intrusion into his personal life. But, there 2 other laws that might get you in trouble. Eddy Rejang got tonnes of hate comments online. However, those hateful comments can land you or anyone else in the hot water with the law. S.509 of the Penal Code A word or gesture intended to insult the modesty of a person is a crime. In this case, modesty includes attacks to a person’s sexuality and also manhood. It states that; Whoever, intending to insult the modesty of any person, utters any word, makes any sound or gesture, or exhibits

I was recently invited to give a talk on “business contracts” to a group of entrepreneurs and SME business owners. I realized that many business owners lack a basic understanding of certain important legal concepts, one of which is about the contract. As such, I have decided to cover this simple but yet important legal topic in this and the next article. What is a contract? Many entrepreneurs jump into building a company without considering important issues like contracts and agreements. Contracts play a crucial role in managing the relationship between companies and business partners. Dealing with contracts is part of running a business. You may be a purchaser of goods or services; a supplier of goods or services or a business partner of a venture you recently set up. In each of this situation, you will be entering into a contract, and that little document will specify terms which set out the agreement reached between the parties to prevent disputes and misunderstandings. A contract also provides legal remedies if one party does not uphold his end of the contract. So, what is a contract? It can be anything from a formal written document to a purely oral promise. A contract is an oral or written agreement to do work in exchange for some benefits, usually in the form of payment. Although an oral contract is still legally binding (except for specific situations where the contract must be in writing), most contracts nowadays are in writing. For a contract to be legally binding, it must contain four essential elements, namely: offer – what you offer to the other party to buy acceptance – when the other party agrees to buy your offer intention to create a legal relationship – a serious commitment to enter into a binding contract consideration – something of value to be exchanged between the parties However, if a contract has any of the following elements, it will not be considered as a binding and valid contract: illegal – if a contract is for an illegal purpose (for e.g. selling drugs, prostitution, illegal gambling) lack of capacity – if the other party is a minor (below 18 years of age); a bankrupt; a mentally-ill person; a person under influence of drug or alcohol when entering into the contract unconscionable conduct – if a party is forced, coerced, deceived or misled into signing a contract Written or oral contract? Depending on the value or seriousness of the subject matter, as a general rule, I always encourage parties to sign a written contract. It is because a written contract provides more certainty, sets out clearly the details of what was agreed from the outset as well as minimizes risks as it is much safer to have something in writing than to rely on someone’s word or your own memory. If you do not have a written contract, parties are likely to have disputes over what was actually agreed because both are relying on own memory (a typical “your words against my words” kind of situation). The court will not enforce the contract if you are unable to prove the existence of the contract or its terms. When a written contract is essential? These are some of the tips to help you in deciding whether you should enter into a written contract: when the contract price is large enough to make or break your business i.e. high-risk transaction; where there are quality requirements, specifications or specific materials that must be used; where there is some doubt as to whether the other party has enough money to pay you; when you need to have certain types of insurance for the type of work you do; where the contract contains essential terms, such as a critical date for the completion of the work before payment can be made; where parties need to keep certain information confidential; when it is required by your insurance company for professional indemnity insurance. Other types of contracts recognised by law. Oral contract An oral contract or some call it a handshake agreement is nonetheless a valid contract provided it fulfills the 4 elements stated above. However, the challenge lies in proving the existence of such a contract. You may want to keep any paperwork/conversations that are associated with the contract so that in the event there is a dispute, you can still use them as evidence. These would include emails, WhatsApp chats, minutes of the meeting, purchase orders or fee quotes with relevant details, list of specifications and materials, etc. Implied contract This is an unwritten contract that can be inferred from parties’ conduct, actions and the circumstances. For example, if a vendor sends goods to a customer, and the customer takes the goods without paying and uses those goods to make products or re-sell for a profit, a contract to buy and sell those goods might be inferred. The customer must pay for the goods because an implied contract has been created. Standard contract This is a pre-prepared contract where most of the terms are set in advance. And it leaves little or no room for negotiation. The most common example would be the terms and conditions that you usually have to agree to before you subscribe to a service. This type of contract tends to be one-sided (“take it or leave it”) that benefits the party who prepared the contract. So, please read the fine print because if you don’t, you cannot later argue that you didn’t understand or read it before you sign. This type of contract will need to be drafted in a fair manner too, in light of the new unfair term provisions under the Consumer Protection Act 1999. Tips for signing a contract Now that you know how important it is to sign a contract, below are some tips for signing a contract. Before you sign read every word, including the fine print; ensure that it reflects the terms and conditions that were negotiated; seek legal advice, if necessary; allow