e-commerce intellectual property

Intellectual Property and E-commerce Shops

If you’re the owner of an e-commerce shop, you deal with intellectual property everyday. Intellectual property refers to the creations of the human mind. This includes symbols, images, names, inventions, and literary and artistic works. Intellectual property rights refer to the exclusive rights given to the creator for a specific period of time. This right allows creators, or owners, to benefit from their own work or investment in a creation.

It is the creators’ responsibility to defend their intellectual property. Like any other asset, it is important to protect your intellectual property right. Generally, if you are self-employed, you own the intellectual property, even if someone else did the work. However, rights can be granted in the other party if your contract allows it. If the intellectual property was created as part of your employment for someone else, you will likely not own the intellectual property.

What Intellectual Property Should be Protected?

Intellectual property rights afford creators and owners the confidence to collaborate with or invest in others and allow them to maximize the value of their right by licensing or franchising their creation. Intellectual property is typically divided into two categories:

  • Industrial Property – Trademarks, patents, industrial designs, and geographical indications;
    1. Trademark. A trademark is a symbol, design, word, phrase, or a combination thereof that identifies and distinguishes the source of the goods of one company from those of other companies.
    2. Patent. A patent is a property right granted by the United States Patent and Trademark Office (USPTO) relating to an invention in exchange for public disclosure of the invention. This right is granted for a limited time. Patentable materials include any new and useful machine, process, manufacture, or composition of matter.
    3. Industrial Designs. An industrial design is what makes an article attractive and appealing.
    4. Geographical Indications. A geographical indication is a sign used on goods that have a specific place of origin and possesses qualities or a reputation due to that place of origin. These are typically used on agricultural products.
  • Copyright – A copyright protects the original works of authorship including music, literary works, films, artistic works, and architectural designs. Copyright also refers to rights in performing artists in their performances, producers of phonograms in their recordings, and broadcasters in their radio and television programs.  

When to Protect Your Intellectual Property

Let’s say that you have an idea for an invention. Great, but you’re thinking “it’s just an idea” or “I’m not ready to move forward with anything yet”. It’s still not too early. You should protect your idea from the moment you have the idea. For one thing, protecting your intellectual property makes it easier to take legal action against someone who is stealing or copying your work without your permission. Here are some other reasons to protect your intellectual property:

  • It’s easier than you think. Protecting your intellectual property may seem intimidating and unnecessary, but protecting your work, and ultimately your business, is worth it. With copyrights, protection is automatic. Although the copyright does not protect an idea, it does protect the way the idea is represented – by writing it down, for example. Applying for a patent is done through the USPTO, and can be cheaper than you think. It can be done with a patent attorney or on your own.
  • Protect your business growth. Your business is unique – protect it! When you do not protect your business, you risk the chance of competitors using your work for their own benefit. This could result in a loss of revenue for you. Remember, it’s your responsibility to ensure that no one is infringing on your intellectual property right.
  • You’ll save time and money. The laws governing intellectual property are designed to recognize and protect your exclusive ownership. This helps ensure that you will profit from your work.
  • If you don’t, your competitor will. There is legitimate and predatory competition. One person may legitimately be the “first to file“. If this happens, you could lose your ability to profit from your idea or invention. Others are “trolls”. Generally, trolls focus on highly beneficial intellectual property created by small business owners because they know some cannot afford to litigate the issue.

How often should an e-commerce shop copyright its site?

Items on your website, like pictures, videos, artwork, etc. may be protected by copyright. The Internet makes copying these items easy – anyone can search the web “copying & pasting” or saving whatever they like. As a business owner, you want to make sure that your work is protected and that your employees are not using the protected work of others.

As stated earlier, copyright protection is automatic, but registering the copyright makes it easier to take action against someone. To register a copyright, you must submit the following:

  1. A completed and signed application,
  2. A copy of the to material to be copyrighted (different materials require different forms), and
  3. A filing fee.

E-commerce shop owners can be victims of copyright infringement. It may be enough to mark your website with “All Rights Reserved” or use the copyright symbol to deter potential offenders. Under the laws governing intellectual property, copyright protection expires seventy years following the death of the person initially responsible for creating and registering the work. If the work was published anonymously, the copyright will expire ninety-five years after the item was published or 120 years after it was created.

Intellectual Property Audits For E-Commerce Shops

One of an e-commerce company’s most valuable business assets is intellectual property (IP) rights. They are integral for protecting the company’s position in the market and can have immense value if they are properly obtained, managed, and enforced. Periodically, e-commerce shops should conduct IP audits to understand what rights they have, the scope of protections that they offer, and thus what value the IP assets have for the company.

What is an IP Audit?

An IP audit is a process by which a company can develop a clear understanding of what intellectual property rights it owns, similar to taking an inventory of any asset the company owns. Additionally, an IP audit clearly assesses the scope and breadth of the rights that each piece of IP confers, and identifies what other protections are needed to secure value in the intellectual property owned by the company.

Managing your e-commerce shop’s intellectual property is just as important as managing your business. Having comprehensive intellectual property protection is desirable and can be highly valuable to a company. Carefully picking and choosing what IP rights are important, and how much scope they have can carve out a section of the market that is exclusively held by your company.

For more information about intellectual property, contact Revision Legal’s team of experienced intellectual property attorneys through the form on this page or call 855-473-8474.

intellectual property theft

Protecting Intellectual Property from Employee Theft

Business owners who, after an employee dispute or after terminating an employee, have been the victims of intellectual property theft often contact us. Often, the solutions to this problem can be incredibly costly. Here are some quick tips to protect your intellectual property from employee theft before it becomes prohibitively expensive.

  1. Employment Agreements. Make sure that your employees have signed an employment agreement. Though the employer owns copyrightable works created within the scope of employment, a well-drafted employment agreement will contain a work made for hire clause that states that any works that cannot be considered a work made for hire will be assigned to the company. A well-drafted employment agreement will also contain a patent assignment provision that states that all inventions, discovery, improvements, innovations, and ideas created within the employee’s employment with the company are owned by, and assigned to the employer, including any resulting patents or rights to royalties. These provisions will also require the employee to execute any documents necessary to obtain registered patents or copyrights.
  2. Non-Compete Agreements. Many employers often wish to protect their legitimate business interests through a non-compete clause. Non-compete clauses, which are not enforceable in all states, protect an employer’s competitive interests and investment in an employee. These clauses must often be limited by type, time, and geographic scope.
  3. Non-Disparagement Agreements. Many employers also wish to protect their interests by prohibiting ex-employees from disparaging or defaming their business. Though these clauses often run into enforceability issues due to the First Amendment, a narrowly tailored non-disparagement clause can be an effective deterrent to post-employment disparagement.
  4. Confidentiality and Trade Secret Agreements. Employers also may want to protect their businesses with confidentiality and trade secret provisions, which may be contained within an employment agreement. These provisions protect against the disclosure of confidential information, such as company strengths and weaknesses, salary information, and marketing plans, which may be of use to competitors. Additionally, these clauses can also protect against the theft of trade secrets, such as recipes or research and development efforts.
  5. Non-Solicitation Agreements. These agreements or clauses protect a business from an ex-employee’s attempts to poach an existing employee, customer, or supplier. Though these clauses can have limitations, they can be effect tools to protect an employer’s interest in retaining its employees and customers.
  6. Access Controls. A simple way to protect against intellectual property theft is to implement access controls through company policies. Security policies, acceptable use policies, email policies, password policies, and computer intrusion policies can help protect against the theft of company assets, such as software, source code, and domain names. Additionally, the implementation of these types of policies may protect against a third party claim of negligence in the event a rogue employee causes harm to a third party vendor, customer, or contractor.

Of course, the most effective way to protect against intellectual property theft is to regularly audit your intellectual property portfolio and your policies to protect it.

If you would like an assessment of your intellectual property portfolio, contact the intellectual property attorneys at Revision Legal for a risk analysis.

Editors note: this was originally published in October, 2015. It has been updated for clarity and comprehensiveness.

trademark genericide

How to Protect Your Trademark From Genericide

Xerox, aspirin, thermos, and hoover were all once trademarks that lost their protected status because their names became generic. Most recently, Google’s trademark status was challenged unsuccessfully.

The US Court of Appeals ruled this month that Google still retains its trademark even though “google” has become synonymous with searching the internet. While “google” has become a verb for many, Google is a whole lot more. The court also noted that trademark genericide occurs when the name has become an “exclusive descriptor” that makes it difficult for competitors to compete unless they use that name.

What is a Trademark?

A trademark is a name of a product or service that is used in commerce so that customers can identify the source of the good or service. There are several categories of trademarks. The most successful trademarks are often suggestive (e.g., MicroSoft for software for microcomputers), arbitrary or fanciful (e.g., Apple for laptops and computers), as the distinctiveness of the trademark sticks in the memory of the consumer.

Trademarks can also be considered descriptive, or generic, but these marks are often not legally protectable under trademark law.  

Can a Protected Trademark Become Generic?

When a registered trademark owner fails to police and enforce the unauthorized use of their trademark, the trademark owner risks losing the mark through a form of abandonment known as genericide. Genericide is when a protected mark becomes a generic term for the item it is associated with over time. A trademark suffers genericide when the trademark or tradename becomes so commonly used by the general public that the trademark becomes synonymous with the product, and if the entity that owns the trademark does not fight to keep the trademark protected, the trademark or tradename can become a generic term, i.e., it can lose its legally protectable distinctness.

Genericide is when a protected mark becomes a generic term for the item it is associated with over time.

Genericide has happened to many unfortunate trademarks in the past. Some examples of generic terms that are used commonly today that were once trademarks include:

  • Xerox, commonly used to refer to photocopy.
  • Aspirin, generic for acetylsalicylic acid, which is commonly used to treat headaches.
  • Laundromat, for a coin operated laundry store.
  • Thermos, commonly used to refer to a vacuum flask thermal insulator.
  • Videotape, generic term used for the cartridge used in VCRs.

Avoiding Trademark Genericide

There are many things that a trademark owner can do to protect trademark rights from genericide. Some ways to help avoid a trademark from becoming generic include:

  • Monitoring the use of the trademark.
  • Enforcing trademark rights.
  • Educating companies and the public about the proper use of the trademark.
  • Always presenting the trademark in the proper form, i.e., always in the proper font/stylization, or all capital letters, and with the appropriate trademark symbol (e.g., ® or ™).
  • Never using the trademark in a generic manner.
  • Make clear to consumers that the trademark represents the brand and not the product itself.

Registered trademarks can often be the most valuable assets of your business and, unless you enforce your trademark rights consistently and regularly, you may lose those assets. Through internal education and external enforcement, your company and ensure that you protect your company’s assets and ensure that they do not become generic.

Contact a New York Trademark Attorney

Trademark genericide is a tragic way for a mark to lose its protected status. When you need assistance securing, protecting and enforcing trademark rights, you can contact the experienced trademark lawyers at Revision Legal. We can be reached today by using the form on this page or by calling us at 855-473-8474.

Healthcare Ransomware

Are Healthcare Systems Being Held Hostage by Ransomware?

Healthcare ransomware is one of the biggest cybersecurity concerns in existence and it may have particularly serious implications for healthcare systems. Ransomware is a form of malicious software code that is somehow installed on a computer or provided access to vulnerable system network where the data on the computer or in the network is either encrypted or locked by the ransomware so that it cannot be accessed by authorized users. Effectively, a victim’s data is held hostage by the ransomware and cannot gain access to the locked or encrypted data until the victim pays a ransom. Ransoms are generally fairly low, which entices victims to simply pay the ransom to get access to their data again.

Security Breaches and Healthcare Ransomware

One industry that is particularly vulnerable to ransomware cyberattacks is the healthcare industry. Healthcare systems rely significantly on patient data that they collect, transmit, and process. If a hacker seizes a healthcare system’s data, it can be debilitating for its operations. Most healthcare centers are highly dependent on their automated and computer systems, and rendering these systems inaccessible through the use of ransomware effectively leaves the healthcare system in the stone age. Operations at the healthcare system must go on despite the attack, meaning that staff must rely on handwritten notes and reading and reviewing paper patient files as opposed to digital ones.

Cybersecurity Statistics: Instances of Ransomware Attacks

According to a 2015 Industry Drill-Down Report by Raytheon/Websense, there are two pieces of randsomware that are ravaging the healthcare industry’s cybersecurity: Cryptowall and Dyre.

Healthcare systems are four and a half times more likely to be impacted by a Cryptowall ransomware than businesses in any other industry. Cryptowall is ransomware that encrypts certain file types using RSA public-key cryptography. The private key for decryption is stored on the attacker’s servers. Nearly 625,000 systems were infected with Cryptowall ransomware in 2015.  

Dyre is a Trojan malware that collects banking information for malicious purposes. The healthcare industry is 300 times more likely to be affected by the Dyre ransomware than any other industry.

14 Healthcare Systems Held Hostage by Ransomware in 2016

As of October of this year, 14 hospitals and healthcare systems had been held hostage by ransomware attacks, according to HealthcareITNews. Healthcare systems all across the country were affected, including:

  • Hollywood Presbyterian Medical Center
  • New Jersey Spine Center in Chatham, New Jersey
  • Kansas Heart Hospital
  • MedStar Health in Washington, D.C.

Many of these healthcare organizations ultimately paid the ransom to gain access to their data. However, a few were fortunate enough be spared having to pay the ransom. In those cases, the infected computer or server was quickly identified and isolated before the problem could spread.

UK Health Systems Locked Down by Ransomware

A recent, and pretty scary, healthcare system hacking involved computer systems at 16 hospitals in the United Kingdom that were simultaneously taken hostage by hackers. A ransomware attack rendered the computer systems useless, and because the hospitals could not access patient records, test results, or medical scans, patients were turned away from the affected hospitals in droves. While similar cyberattacks have happened in the United States, for example the 2016 attack on Hollywood Presbyterian Medical Center, the ransomware attack on the 16 UK health institutes is the most recent occurrence of healthcare systems being taken hostage by hackers.

Recent Healthcare Data Breaches

Healthcare computer systems and servers are highly attractive targets for hackers because healthcare computer systems harbor the most useful three pieces of personal identifying information that can be used for fraud and identity theft – names, Social Security numbers, and dates of birth. With these three pieces of important and essential personal identifying data, hackers, fraudsters and impersonators can do virtually anything they would like.

There has been a significant increase in the number of cyberattacks that have occurred in just 2017 alone. The number of cyberattacks reported in March surpassed the number of cyber attacks that were reported in January and February combined, according to Healthcare ITNews. The March, attacks alone affected more than 1.5 million patients. This is a persistent problem for which it is difficult to manage. Being prepared for a data breach is sometimes the best that healthcare systems can do. Below are a few examples of recent healthcare data breaches.

IVF Clinic’s Server Hacked in New Jersey Discovered

In late February, the New Jersey Diamond Institute for Fertility and Menopause discovered a serious breach of patients’ electronic health records. The health data of more than 14,500 patients was exposed in the incident, and officials are unclear when the breach was initiated. While some of the data that was contained on the breached server was encrypted, a multitude of other supporting medical documentation was stored in an unencrypted fashion on the affected server. Personal identifying information that was exposed in the breach includes:

  • Names
  • Addresses
  • Date of birth information
  • Social Security numbers for patients
  • Sonograms
  • Lab results

New Jersey Diamond Institute for Fertility and Menopause immediately reset all passwords for the system upon discover of the data breach, and updated its firewall protection software. Affected patients are currently being notified about the breach, and are being offered free credit monitoring services.

Cyberattacks made on healthcare systems are occurring more frequently than anyone would like and healthcare systems are trying to keep up with their computer system safeguards. Ransomware is a cybersecurity threat that is more and more commonly being used against healthcare systems. Despite best efforts, cyberattacks keep successfully happening, and when they do, patients are the ones who suffer the most.

Revision Legal works with companies and healthcare systems to help manage cybersecurity issues and the aftermath of a cybersecurity breach. Contact the experienced healthcare data breach lawyers at Revision Legal. Please feel free to reach out to us today. Contact us using the form on this page or call us at 855-473-8474.

Editor’s note: this post was originally published in December, 2016. It has been updated for clarity and comprehensiveness.

 

third-party data breaches

Third-Party Data Breaches: Weakest Link in Cybersecurity

One problem that many companies discover as they develop cybersecurity measures is that third-party data breaches is the weakest link in its data management chain. Many companies find it a business necessity to outsource some, if not all, data management, storage, and processing activities to third-party vendors. These vendors may include cloud hosting companies and other software as a service providers. Putting your company’s valuable data into the hands of a third party carries some risk, especially concerning the security of that data. Your company could have the most sophisticated cybersecurity protections in place to protect data, but if your third-party vendor has a lax attitude about cybersecurity, then your data could be at risk of being exposed in a data breach.

Third-Party Data Breaches are Serious Threat to Business Cybersecurity

It is not uncommon for hackers to gain access to businesses through third-party vendors and to compromise data. A business might have its own cyber security protections in place, but must grant access to third parties. When network access spans outward from the business to third parties, it creates a potential weakness in the security of a network. Third party vendors make for good entry access points to company computer networks because for every link in the chain of access to the company’s computer network there is an increased likelihood of a vulnerability in the cybersecurity measures that protect the network, which can be exploited.

According to Soha Systems Survey on Third Party Risk Management, 63% of all data breaches are linked in some way to third parties such as contractors, suppliers, or vendors that have access to a business’ system. Businesses are responsible for the data that they collect, transmit, use, and process, even if it is entrusted to a third-party vendor.

How Can Businesses Make Cybersecurity a Top Priority for Third-Party Vendors?

One way that a business can make cybersecurity a top priority for third-party vendors is through the use of a business agreement with the vendor. When hiring a third-party vendor, businesses can benefit from negotiating a contract with the vendor that specifically details the types of security measures and safeguards that the third-party vendor must use when handling data for the business. For instance, business can:

  • Utilizes a service-level agreement. This can be helpful in providing specific measures of security performance that the vendor must produce or provide.
  • Request that the vendor perform periodic security assessments on its systems.
  • Require an audit clause to be included in the agreement. This could enable the business to verify the third party vendor’s compliance with specific security protocols by way of an independent security audit.
  • Limit the third party vendor’s access to the business’s network. Only grant access to what the vendor needs to do its job and no more.

Having a business contract with the third-party vendor makes cybersecurity a priority for that company. The business can help mitigate risk associated with working with a third party. Third-party vendors need to know that their clients take cybersecurity seriously, so that they will take it seriously as well.   

Businesses are constantly facing new challenges concerning cybersecurity and third-party data breaches. Taking steps to protect your business by making security a priority for your vendors is a great first step to mitigating some of your business’s cybersecurity risk.

Our data breach attorneys can assess your current risk profile, or in the case of a data breach, help with notification compliance. Contact us using the form on this page or call us at 855-473-8474.

Image credit to Flickr user Blue Coat Photos.

Editor’s note: this post was originally published in December, 2016. It has been updated for content and clarity.

 

zero-day vulnerability

What is a Zero-Day Vulnerability?

In the realm of cyber security there are many types of attacks and vulnerability exploits that can be used by hackers to gain unauthorized access to computer systems: viruses, Trojans, malware, ransomware, phishing, and a number of different software vulnerabilities. So, what exactly is a zero-day vulnerability and what makes this type of vulnerability so attractive to hackers? A zero-day vulnerability in software code or a browser means that a software vendor has prepared a piece of programming that has a vulnerability in it that the vendor is unaware of. To say this another way, the software contains a vulnerability and is flawed from the start.

Hackers identify and exploit these vulnerabilities before the software developer can identify them and correct them with a software patch. As such, these vulnerabilities are known in the cyber security world as zero-day vulnerabilities. Since the hacker makes the first move by creating code that can exploit the vulnerability in the software, the attack is called a zero-day attack.

Hackers love to exploit zero-day vulnerabilities because they get the benefit of the first-mover advantage. That is, the greatest ability to gain from the vulnerability before a patch can be developed to fix the flaw in the software. The hacker can exploit the vulnerability for as long as it takes for the software developer to identify the vulnerability, create a patch to fix the vulnerability, and deploy the patch to vulnerable systems. It can take a long time for zero-day vulnerabilities to be identified. This leaves the hacker free to profit from the holes in the software code until it is fixed.

Zero-Day Vulnerability Statistics

According to Symantec, in 2015 there were 54 zero-day vulnerabilities that were identified, which is an increase of 125% over the previous year. Effectively, there was one new zero-day vulnerability identified every week in 2015. Nearly 20% of zero-day vulnerabilities were identified as being Flash Player related. This has prompted many companies to have their information technology specialists phase-out the use of Flash Player from their systems. It usually takes about a week from when the software developer or the public identifies a zero-day vulnerability for a patch to be developed, distributed, and deployed.

What Businesses Can Do to Help Avoid Zero-Day Attacks

Since zero-day vulnerabilities are flaws in software, there is little that businesses can do to prevent them from existing in the first place. However, businesses can help reduce their risk and exposure by monitoring for system updates. Taking immediate action to install these patches when they are distributed can help close vulnerabilities in software systems. Installing patches should be a regular component of cyber security best practices.

If you have been hacked due to a zero-day vulnerability, you should speak with an experienced data breach lawyer to determine your legal options and obligations under the law after a system hack. If you have concerns about what you need to do in the event of a breach, you can contact the experienced attorneys at Revision Legal. Contact us using the form on this page or call us at 855-473-8474.

Image credit to Flickr user George Postoronca.

Editor’s note: this post was originally published in January 2017. It has been updated for clarity and comprehensiveness.

New Mexico data breach notification

New Mexico Enacts New Data Breach Notification Laws

New Mexico recently became the 48th state in the US to adopt data breach notification laws. The new laws take effect June 16, 2017 and will apply in all situations in which a data breach occurs, i.e., an unauthorized attempt to access unencrypted or encrypted computerized data. In addition to providing governance on how personal identifying information owned or licensed by businesses and other entities must be stored and disposed of, the New Mexico Data Breach Notification Act also provides details of how affected individuals must be notified about any data breach affecting their personal identifying information.

What is Personal Identifying Information Under New Mexico’s New Bill?

The Data Breach Notification Act recognizes personal identifying information as:

  • Social Security numbers.
  • Driver’s license numbers.
  • Government issued identification numbers.
  • Account numbers.
  • Credit card numbers or debit card numbers in conjunction with any associated codes, such as a personal identification number (PIN) or security code.
  • Biometric data, such as fingerprints, voiceprint, iris or retina scan, facial characteristics or hand geometry.

Notification Under the Data Breach Notification Act

Whenever a data breach occurs involving the exposure of the personal identifying information of a New Mexico resident, and there is a reasonable risk of identity theft of fraud as a result of the breach, the resident will be notified as soon as possible upon the discovery of the data breach, but no later than 45 calendar days after the discovery of the data breach. Notification must be made either by US postal mail, email, or another form of substitute notification (substitute notification can be made under special circumstances only).

The notification is required to contain certain information about the data breach in accordance with the Data Breach Notification Act. Specifically, notifications must include information concerning:

  • The name and contact information for the notifying individual.
  • What types of personal identifying information was impermissibly accessed in the breach (if known).
  • The date or date range of the breach (if known).
  • A description of the data breach incident.
  • Contact information for the major credit reporting agencies and advice about contacting these agencies.
  • The recipient’s rights the federal Fair Credit Reporting Act.

When more than one thousand New Mexico residents are affected by a data breach, there is also an obligation to report the incident to the New Mexico Attorney General and the major consumer reporting agencies.

Notification can be Delayed in Limited Circumstances

The only justifiable reasons why notification could be delayed are:

  • That there is a pending criminal investigation that could be impeded by timely notification, and
  • Situations in which notification would interfere with efforts to determine the scope of the breach or to restore the integrity, security and confidentiality of the data system.

Consult With a Data Breach Lawyer

There is no time to lose once a data security breach has been identified. A majority of states and the European Union have data breach notification laws that set forth specific timeframes in which notifications need to be made. There are costly consequences for those entities who do not take notification of data breach situations seriously.

Contact us using the form on this page or call us at 855-473-8474.

Image credit to ruimc77.

Startups: Patent Filing Is Cheaper Than You Think

Filing a patent application as a startup can seem daunting and infeasible because the cost associated with obtaining a patent is so high. For most startups money is tight, and spending money on something as intangible as patent protection seems like a low priority. However, the benefits of having patent protection on an innovative device or method that the startup has created can be immense. For instance, patent protection can be absolutely critical for securing your startup’s competitive advantage in the market. Not only that, but having a patent application on file at the United States Patent and Trademark Office (USPTO) can make the startup attractive to potential investors.

The best advice for startups that have a novel invention to bring to the market is for the startup to figure out how to obtain the patent you need for your startup’s technology. There are ways to reduce the cost associated with filing for a patent application, and an experienced New York patent lawyer will be able to help you and your startup make the most of your startup’s intellectual property budget.

Filing for a Patent Might Not be as Expensive as You Think

A lot of startups have the misconception that filing a patent application is prohibitively expensive. But this is incorrect. Startups may qualify for special status with the USPTO that can get them a reduced rate for patent application filing fees. Startups that are eligible could be classified as having:

  • Small entity status. To get small entity status, the startup must have fewer than 500 employees or be a 501(c)(3) nonprofit organization Small entity status companies get reduced rates of 50% off regular filing fees.
  • Micro entity status. In order to get micro entity status, the startup must qualify as a small entity, but then also not be named on more than four issued patents, and cannot make more than three times the the median household income as reported by the Census Bureau. Micro entity status companies get reduced rates of 75% off regular filing fees. Micro entity status is also available to startups that have an obligation to assign patent rights to an institute of higher learning.

If you think that your startup is eligible for either small or micro entity status, you should work with an experienced attorney to complete your patent filing. There are certain filing requirements that need to be met in order to obtain the status designation. Additionally, it is important to know that the US patent system is a first to file system, which means that the first inventor to file a patent application will get the patent if one is issued. So time is of the essence and your startup needs to get moving on filing your patent application in order to protect and preserve your IP rights.

Help Filing a Patent Application

While there is no legal requirement that you have to have a lawyer in order to file a patent application with the federal government, but there are a lot of specific legal requirements that must be satisfied in order to file a patent application. Many startups would rather have a patent lawyer file their patent application in order to focus more time and energy on building up the startup.  The professionals at Revision Legal can help you seek the patent protection your startup needs. Contact us today using the form on this page or call us at 855-473-8474.

avoid data breach litigation

Tips to Help a Business Avoid Data Breach Litigation

Little else is as stressful for a company than handling the aftermath of a data breach. Not only does the company have the obligation of making notifications to clients about the data breach, but it may also be confronted by data breach lawyers with at least one lawsuit, or even a class action. There are steps that can be taken to help a company avoid data breach litigation.

Preparation for a Data Breach is Key to Mitigating Problems Down the Road

Every company large and small should be prepared for a data breach because it is only a matter of time until they are victimized by cyber criminals. Companies can prepare themselves for data breach situations by having a plan on how they will handle a data breach situation. Running practice drills of a data breach scenario can also be helpful for the company to identify potential pitfalls and shortcomings, which can be addressed in advance of the real thing.

The action plan should cover both how to technically contain a data breach and a public relations campaign that details what will and will not be said to the press about the data breach situation as well as what will be communicated to the consumers who may have been exposed in the data breach. What words are used in the media are critically important since the lawyers will likely try to use what is said to their advantage later in court. Know how the data breach situation will be handled by your company before it happens.   

Understand the Company’s Rights and Obligations Under the Law

Companies need to know what their rights and obligations are under the law before a data breach occurs. Knowing the law on these matters will give the company better footing on how to handle the aftermath of the situation. Companies that do not know or understand data breach law often fail to notify consumers whose data may have been exposed in a breach in a timely manner, which can result in significant penalties for the company.

Data breach law requires companies to take action quickly upon discovery of a data breach. The company is responsible for quickly shutting down the breach, and then is responsible for notifying victims within a reasonable time after the breach is discovered. It is better to own up to the data breach and let those who are affected by the breach know as soon as possible that their personal identifying information or credit card information has possibly been exposed.

Get Prepared With the Help of an Experienced Data Breach Attorney

One of the best strategies for a company to have concerning data breaches is to be prepared. Knowing in advance what you will have to do, what you will need to say, and how you can manage the aftermath of a data breach can go a long way towards helping your company avoid data breach litigation. Reach out to the data breach lawyers at Revision Legal today to help prepare your data breach prevention and response plan. Contact us using the form on this page or call us at 855-473-8474.

Image credit to Abdul Wajid.

Discover Data Security Breaches

Employees Most Likely to Discover Data Security Breaches

One thing that all data security breaches have in common is that someone must first uncover the breach and then reveal the breach to the appropriate parties (i.e., employers, law enforcement, other appropriate state and federal agencies, etc.). In the case of a business that is attacked and breached, an undetected data breach can wind up being costly for a business as the business must immediately address the lost data, implement security updates, and issue notifications once the breach is identified. Due to the ever-evolving state of cybersecurity and data protection, it can be difficult for companies to stay up to date with the current best practices for protecting data, which can leave them vulnerable to attacks. In today’s current state, it is less a question of if a data breach will occur at a company and is rather a question of when a data breach will occur at a company.

Who is Most Likely to Discover Data Security Breaches?

According to a survey conducted by AT&T, employees are the most likely to discover data security breaches. This makes sense since it is often employees who are using the company’s computer system. But generally speaking, employees are also likely to be those responsible for causing or enabling a data breach to happen in the first place. Employees who implement weak password protection techniques, or employees who open phishing-type emails containing malware or ransomware are some of the main reasons why a data breach happens in the first place.

It is also becoming more common that law enforcement is the source of the identification of a data breach affecting a company. Nearly 25% of data breaches affecting companies are identified by law enforcement agents who have come into possession of certain files or data that they may  not otherwise have unless a data breach had occurred.

The Impacts of a Data Breach

Security breaches can be a real problem for an affected company. Often times systems must be taken offline in order to address existing security vulnerabilities and problems, which translates to lost work time and production. Furthermore, once customers learn that there has been a data security breach at the company, the company is likely to suffer reputation damage or a loss of customers due to damaged perceptions of trust. It is important that companies that are affected by a data breach act quickly to address the problem and to notify those customers, partners, vendors, suppliers and other third parties that may have been affected by the data security breach.  

Work With a Data Breach Lawyer

It does not matter if your run a large business or a small one, data security breaches happen. When a breach happens to your business you need to be ready to act. Most companies prepare in advance of a data breach a response plan that lays out how the company will address the major events that happen after a data breach is identified. Closing the system vulnerability, raising awareness about data security amongst employees and notifying affected parties are all critical early steps that need to be taken after a data breach. Data breach notification laws vary from state to state, but the data breach notification lawyers at Revision Legal are ready and available to help you. Contact us using the form on this page or call us at 855-473-8474.

Editor’s note: this post was originally published in February, 2017. It has been updated for content and clarity.

Image Credit: Techtw twyahoo.