Monday, December 21, 2009

On the closure of hotel spas


Two spa businesses suffered sudden closures in Singapore recently, leaving their customers stranded with useless packages that have already been expensively paid for. These two businesses, Wellness Village Spa and Simply Spa International, operated outlets in good, well-known hotels, being the Pan Pacific Hotel and the Parkroyal Hotel respectively.

The aggrieved customers are now fighting to get their money back through the aid of the Consumers Association of Singapore and the Small Claims Tribunal, although it is not certain that these spa businesses even have any money left to refund their customers.

What can be done to prevent such incidents from happening again in future?

One suggestion has been made regarding chargeback schemes for credit card users, where consumers can reverse a credit card transaction if they do not receive goods or services that have been purchased from merchants.

But it seems to this author, that hotels should also play an important role in preventing such incidents. After all, any business (including spa businesses) which sets up shop in a good hotel will be relying on the name, goodwill and reputation of the hotel to attract customers. Most customers do not associate shady, fly-by-night businesses with shops that are found in a good hotel. Moreover, hotels have a vested interest in preventing such incidents from happening, because if hotel shops falter and leave customers in the lurch, they will also tarnish the name of the hotel.

There is, in fact, something that the hotels can do. And that is to require the businesses which set up shop in the hotels to maintain a certain minimum capital in their companies. In a way, the capital can serve as an assurance that the company will be able to meet its debts and obligations as and when they fall due. If this had been done in the case of Wellness Village Spa and Simply Spa International, the affected customers may have some assurance that there is money in the companies from which to get their refunds.

Now this is not a new idea, and there are some shopping malls in Singapore that require their shop tenants to maintain adequate capital, so as to protect the mall landlords as well as the customers.

If a business cannot afford to maintain an adequate capital, then the hotel should not bother with allowing such business to run in the hotel. As seen from the case of the two failed spa businesses, there is just too much risk in allowing one dollar companies to operate one day and disappear the next, leaving hundreds of customers stranded.

Wednesday, December 9, 2009

On internet security in Singapore


According to a recent report by computer security expert, McAfee, Singapore has the 10th riskiest internet domains in the world.

This means that if you surf to a Singapore-registered website which ends with “.sg”, the chances of your computer contracting some form of malware is very high. According to McAfee, Singapore’s risky websites rose appreciably from 0.3% last year to 9.1% this year, although, McAfee found that the dangers appear to be of a moderate level rather than severe level. Interestingly, McAfee highlighted Chinese pharmacy spam sites in Singapore as a main cause of risk.

In comparison, Malaysia’s domains (.my) were ranked relatively safe at #80 out of 104 domains with a rating of only 0.3% risk, while Japan’s domains (.jp) were established to be the safest country domains with a rating of only 0.1% risk.

According to McAfee, when scammers and hackers register their malicious websites, they look for registrars with:
  • lack of regulation

  • ease of registration

  • lowest price
Given that Singapore’s domains (.sg) are ranked among the top 10 riskiest internet domains in the world, presumably, scammers and hackers view that there is little regulation involved in registering the .sg domains, and they are easy as well as cheap to register.

Now, why should dangerous internet domains be an important concern for Singapore? Well, a bad reputation for Singapore websites could negatively affect legitimate businesses in Singapore who intend to rely on e-commerce. Internet users may not trust websites ending with .sg for fear of contracting malware or succumbing to scams. In fact, if Singapore’s standing as a reliable and trustworthy place in the internet world is lowered, the potential impact is global.

So, does Singapore have laws against computer crimes such as websites with malware? Yes, in fact, it does. The main legislation is the Computer Misuse Act which was passed in 1993. There are a variety of activities which are considered offences under the Act, such as:
  • unauthorised access to, or modification of, computer material

  • unauthorised use or interception of computer service

  • unauthorised obstruction of use of computer

  • unauthorised disclosure of access code
The penalties for committing these offences are severe, especially if damage is caused, ranging up to fines of S$50,000 and jail terms of 10 years. If the offences involve threats to national security, the penalties can be enhanced up to fines of S$100,000 and jail terms of 20 years.

So, on the face of it, Singapore appears to have adequate laws against computer crimes. But are these laws being enforced? Well, the main agency tasked to tackle computer crimes, is the Technology Crime Division of the Criminal Investigation Department of the Singapore Police Force. This division conducts investigation, forensic examination and prosecution into technology-related offences committed under the Computer Misuse Act, such as hacking and unauthorised access to account.

Is the Technology Crime Division doing enough to counter scammers and hackers in Singapore? At present, this author is unable to find specific statistics on how many scammers and hackers have been successfully prosecuted under the Computer Misuse Act. Admittedly, it is a difficult job to fight computer crime and to bring elusive scammers and hackers before the law. Even with a dedicated unit like the Technology Crime Division, the evidence of Singapore’s poor security ranking for internet domains indicate that many scammers and hackers do thrive in Singapore.

What else can Singapore do? Well, the key may lie in making it difficult for scammers and hackers to register their domains. The .sg domains are registered by SGNIC’s accredited registrars, such as SingNet. Perhaps, for a start, these registrars can require domain applicants (as well as current domain owners) to furnish more detailed information and proof of identity. And whenever news of malicious domains is notified to the registrars, the registrars should act quickly to investigate and disable such domains, as well as report them to the police. In this respect, SGNIC may also consider providing an easy website form for users to report malicious Singapore websites.

Update: Local media picked up on this news on 18 December 2009.

Thursday, December 3, 2009

On restricting employees from competing or soliciting


It seems a fairly common practice in Singapore for employers to contractually impose post-employment restrictions on their employees to prevent them from working for a competitor or taking fellow employees away.

Because of these restrictions in their employment contracts, many employees worry that they cannot work for companies of their choice after leaving their employers. Further concerns which they have include:
  • They cannot earn a living during the period of restraint, especially if their skills are not easily adaptable to other kinds of work.

  • Their skills may be rendered sterile if not actively used.

  • Their work experience will be adversely affected.
Why do employers impose such restrictions? Well, there are legitimate reasons for doing so if an employer wants to protect certain interests, such as:
  • Preventing unauthorised use of its special trade connections.

  • Preventing unauthorised use of its business secrets.

  • Maintaining the stability of its workforce.
There are two competing principles at stake here: an employee’s freedom to work versus an employer’s right to protect its business interests.

Are these restrictions legal in Singapore? The short answer to this appears to be, it depends – on whether the restrictions are reasonable:
  • First, as mentioned, the employer must have genuine legitimate interests to protect.

  • Second, the extent of the restrictions themselves (such as the types of activity being restrained, the geographical area of restraint, the duration of restraint etc.) should be no more than necessary to protect the employer’s business interests.

  • Third, the restrictions also have to be reasonable from a public policy viewpoint.
If the restrictions fail to meet any of these conditions, they will not be legal in Singapore.

But often, employers in Singapore impose such restrictions unfairly, either (i) simply to deter or “scare” their employees from working for a competitor, even if the employer doesn’t have adequate interests to protect, or (ii) having unreasonable restrictions, such as lengthy non-competition periods or restraining a wider scope of work than necessary or applying blanket restrictions to all their employees (even rank-and-file employees and junior executives) without heed as to whether these restrictions are even relevant to the nature of the jobs involved.

Now, many of these employees are generally helpless to negotiate the terms of their employment, and have very little choice in the matter. They are invariably taken advantage of by unscrupulous employers in these situations and are effectively “scared” or tied down. They usually also lack the financial resources to seek legal counsel of their own.

It would be good if the Singapore government could recognise this issue, and set up a small unit (perhaps at the Ministry of Manpower) to investigate and help mediate complaints in this respect, and also provide general advice to companies about not restraining their employees unduly.