Naming your Business, Naming your Baby

As a trademark attorney I often try to come up with good ways to explain the intricacies of the law to my clients. Whenever I work with a new trademark client we discuss ideas for naming their business and potential problems they might have in using a trademark and obtaining a registration. There are lots of things to consider when naming your business including the marketing, design, style, and legal aspects.

Read about 10 more reasons to trademark your name

Also, I am currently expecting my first baby. As my husband and I consider different name options for the baby, we have had to look at each possible name from many different angles. Does it flow with our last name? Is there any significant meaning in the name? Do we both like it? How about the middle name? Should we consider family names? How does it sound in Spanish (my husband is from Honduras)? Our considerations go on and on. Everyday it seems like there is another thing to consider.

Picking a business name is a lot like picking a baby name. There are many different perspectives from which you have to evaluate the name. Business owners have to consider the marketing and design elements, their own personal feelings about the name and what they want to portray to consumers. Also, business owners have to consider whether their name is available for use and registration. You wouldn’t use your best friend’s baby name for your baby, you can’t use someone else’s trademark for your business.

Unlike naming your baby, naming your business without first clearing the name through a trademark attorney could result in serious legal, financial and business consequences. US Trademark law protects the rights of those who first use a trademark in commerce and obtain a trademark registration. A trademark lawyer can provide you with a clearance search, advice about trademarks, and help you file an application for trademark registration with the USPTO. We often help clients that have tried registering their mark with an online automated system.

Too often, clients come to us with trademark applications filed through automated services like trademarkengine.com or similar services. The price for such services looks too good to be true because it is. A trademark attorney with years of experience dealing with the Trademark Office can help you identify problems that you did not know existed. In most cases, it is important to identify these issues as soon as possible. Being forced to change your business name after a year in business is often a death sentence to a young company.

Read About The Trademark Registration Process

Unfortunately, we can’t help you name your baby but if you have any questions or want to schedule a consultation with a trademark attorney please Contact Us.

 

Data Breach

The High Cost of Data Breaches: Six Examples From 2017

Whether you are a small startup or a big company with a long and storied history, a data breach can be a legal and financial nightmare. There were over 850 cyberattacks and data breaches in 2017 alone, with the number and severity of data breaches rising every year. The cost of data breaches is rising, too. How much will a data breach cost? A lot. Here is what six companies paid in 2017 as a consequence of data breaches.

1. Hilton Hotels — $700,000 in Fines

Hilton Worldwide was subject to a data hack in 2014 and another one in the summer of 2015. The data breaches affected more than 363,000 customers. The stolen data included names, addresses, credit card numbers, and other personal information. The company was charged by the attorneys general of New York and Vermont for failing to have reasonable data security and for failing to quickly tell consumers about the data breaches. This is because Hilton waited nearly 10 months after learning of the first breach and and then three months after learning of the second before telling customers in November 2015. In 2017, Hilton Worldwide paid $700,000 to settle with state regulators. See here.

2. Nationwide Insurance — $5,500,000 in Fines

In 2012, the computer systems and networks of Nationwide Insurance Co. were breached by hackers. Personal information for nearly 1.3 million consumers was exposed including names, addresses, social security numbers, drivers’ license numbers, credit scores, and other personal and financial information. All the information collected by Nationwide as part of its process of providing insurance quotes to customers seeking insurance coverage. Legal actions were brought by 33 states accusing Nationwide and an affiliate company of failing to apply a critical security patch intended to stop potential hackers. As the news article reports, the New York Attorney General argued that “Nationwide demonstrated true carelessness while collecting and retaining information from prospective customers, needlessly exposing their personal data in the process.” In August 2017, Nationwide agreed to pay $5.5 million in settlement.

3. CardioNet — $2,500,000 for Compromised Data on Stolen Laptop

In 2012, CardioNet, a wireless heart monitoring service provider, had a laptop stolen from a parked vehicle. The theft resulted in the compromise of health and privacy data with respect to 1,391 patients. Government regulatory action came from a subdivision of the Department of Health and Human Services (“HHS”). Aside from security issues with respect to the vehicle, the laptop itself did not have sufficient security to protect the data stored thereon. According to the news report, HHS charged that the company had “insufficient risk analysis and risk management processes in place at the time of the theft” and that the company had not implemented the proper policies and procedures to meet the HIPAA Security Rule. Despite the small number of customers impacted, CardioNet settled the proceedings in May 2017 for $2.5 million.

4. Home Depot — Another $27,250,000 and Then More

In September 2014, Home Depot announced that it has suffered a massive data breach. An estimated 56 million customers’ personal and financial data was stolen including credit card information. This data was sold on the dark web to thieves and resulted in a “massive number” of fraudulent transactions on the customers’ credit and debit cards.

Home Depot was accused of lax cybersecurity and using an outdated malware detection system — seven years out of date according to the allegations — on Home Depot self-checkout kiosks at stores in dozens of locations across the United Stats. Home Depot was also accused of knowing about the problem in July 2014, several months before notifying authorities and customers of the breach. See report here.

Home Depot’s first settlement was in 2016. The company agreed to pay $19.5 million to settle open customer class actions. Then in March 2017, Home Depot agreed to pay another $27.25 million to settle with the banks.

Finally, in August, Home Depot was ordered to pay $15.3 million in legal fees to the banks’ attorneys. See here. The total fines  paid by Home Depot exceeded $85 million without taking into account legal fees and litigation costs.

5. Target Stores — Another $18,500,000 in Fines

In November 2013, Target, one of the nation’s largest retailers, had their computer network breached by hackers that used access codes and credentials stolen from one of Target’s third-party vendors. The hackers accessed a customer-service database and installed malware that captured consumers’ personal data. See report here.

The data breach affected more than 60 million Target customers. The data stolen included names, telephone numbers, email and mailing addresses, credit card numbers with the attendant expiration dates, and encrypted debit card personal identification numbers.

In May of 2017, Target agreed to pay $18.5 million to settle regulatory actions and claims made by 47 states and the District of Columbia. The $18.5 million was on top of millions paid in 2015 and 2016 to settle class action suits filed by customers and financial institutions.

6. Anthem Inc — $115 Millions to Settle Class Actions

In 2015, Anthem Inc, the largest U.S. health insurance company, was hacked and the personal information with respect to 79 million customers was stolen. The information included names, birthdays, social security numbers, addresses, email addresses, and employment and income information.

In June 2017, Anthem agreed to settle the lawsuits for $115 million which is the largest settlement ever for a data breach. More than 100 lawsuits — many were class actions suits — were filed after the data breach. Anthem claimed that it was not negligent with customer information and that no customers were injured.  In other words, a much different situation than the breaches at Home Depot and Target. According to reports, the $115 million is to be paid out to the customers as either two years’ worth of credit monitoring or a $50.00 cash settlement per class member.

The Cost of Data Breaches: More Than Just Fines and Settlements

In the cases discussed above, note the time lags between the breach and settlement – three to five years. The costs identified are just for the settlements. For the companies involved, the “costs” of these data breached includes three to five years of legal fees, expenses and filing costs in defending against the regulators. As an example, with respect to Target, the New York Times reported that, through March 2017, Target spent more than $202 million on settlements, legal fees, and other costs following the November 2013 breach.

Contact Revision Legal Today

If you need more information on the cost of data breaches and on preventing data breaches, contact Revision Legal. We are experienced data breach attorneys with the skills and dedication to help if you have suffered a data breach or if you need assistance in enhancing your cybersecurity. We can be reached by email or by calling us at 855-473-8474.

You Might Also Like:

10 Data Security Management Tips to Prevent a Data Breach

Your Company Needs A Data Protection Officer

2017 Data Breaches — Severity and Frequency On The Rise

data security management

SEC Guidance on Cybersecurity: Data Breaches Are Likely Material

The Securities and Exchange Commission (“SEC”) just issued, on February 21, 2018, a new Guidance with respect to cybersecurity disclosures for publicly-held corporations. The quick takeaway is that data breaches and data breach risks are likely to be “material” for purposes of disclosure, data security should be deemed a “board level” concern, and knowledge of cybersecurity risks and events are legally relevant to issues with respect to insider trading.

Disclose Data Breaches and Cybersecurity Risks

The SEC issued a cybersecurity Guidance in 2011. This new 2018 Guidance is an update. Of note, the new Guidance was issued at the full Commission level; the 2011 Guidance was a staff-level Guidance. While any Guidance must be taken seriously, the fact that the full five-member SEC Commission reviewed and voted to approve the Guidance suggests a new level of importance to the SEC’s cybersecurity Guidance. The first sentence in the Guidance is: “Cybersecurity risks pose grave threats to investors, our capital markets, and our country.”

Under both the 2011 Guidance and the 2018 Guidance, cybersecurity risks and incidents may need to be disclosed in various annual and quarterly reports required pursuant to various federal Securities Acts. Indeed, the SEC highlighted specific sections of the reports where cyberattacks, breaches and cybersecurity risks might be required, including sections on:

  • Risk factors
  • MD&A
  • Description of business
  • Legal proceedings
  • Financial statement disclosures

The new Guidance is quite specific in places. Thus, with respect to risk factors, the new Guidance references “Item 503(c) of Regulation S-K and Item 3.D of Form 20-F.” Both of these require disclosure of significant factors that make an investment in the company’s securities risky or speculative. Essentially, the 2018 Guidance puts cybersecurity and data breach/hacking events on the level of other information that must be disclosed if the information impacts evaluation of an investor’s risk. Data breaches and cybersecurity issues might have these impacts on investment risk:

  • Cessation or interference with the company operations
  • Direct impacts on company liquidity or financial condition
  • Loss of trade secrets and/or other valuable intellectual property
  • Cost of ongoing cybersecurity efforts — including maintaining state-of-the-art preventative measures
  • Insurance costs
  • Costs with respect to responding to litigation and regulatory investigations
  • Harm to reputation — relevant to profit/loss and to stock price
  • Loss of competitive advantage

The 2018 Guidance does not create or require any compulsory disclosure. Rather, the Guidance highlights that data breaches, hacks and other cybersecurity events and general cybersecurity risks might be “material” for disclosure purposes. As the SEC Guidance states:

” … it is critical that public companies take all required actions to inform investors about material cybersecurity risks and incidents in a timely fashion, including those companies that are subject to material cybersecurity risks but may not yet have been the target of a cyber-attack.”

The 2018 Guidance provides factors that should be considered when considering the issue of “materiality:”

While emphasizing the need for disclosure, the new Guidance also recognize the necessary balance between disclosing information about events and risks without compromising a company’s efforts to prevent and combat cyberattacks.

The new Guidance also highlights the importance of “timely” disclosures, which is also a component of the insider trader portion of the Guidance. With respect to disclosure, the 2018 Guidance makes it clear that the TIMING of disclosure might be as important, for “materiality”, as the disclosure itself. Again, the SEC recognizes the necessary balance between “timely” and “immediate.” Various factors such as cooperation with law enforcement make prevent “immediate” disclosure. Thus, while a “timely” disclosure is needed, what is “timely” will depend on the circumstances.

Board’s Role in Risk Oversight

Another important aspect of the 2018 Guidance is the emphasis on the obligation of the Board of Directors to discuss, review, and approve cybersecurity issues and measures. The SEC highlights the fact that a member of the board has a general obligation to evaluate various risks when making decisions and policies for the company. In other words, “risk oversight” is part of a director’s “business judgment” that a director must exercise. The new Guidance elevates cybersecurity and data breach risks to the “board level.” The new Guidance also discusses the need to create proper reporting channels to move cybersecurity risks and events up the chain of command to upper management and to the board.

In addition, members of the board are directed by the new Guidance to avoid insider trading.

Insider Trading

Insider trading is a new topic for the 2018 Guidance. As noted above, because there is often a necessary time lag between a cybersecurity event and public disclosure, legal issues with respect to insider trading are implicated. Moreover, there is also a time lag between a cybersecurity event and when an evaluation is made with respect to severity, what data was compromised, and potential cost/profit impacts of the breach or hack.

The 2018 Guideline states that, during those time lags, those within the company with knowledge of a data breach or other attack or the impact of such an event should not buy or sell stock in the company. The Guidance states:

“… directors, officers,and other corporate insiders must not trade a public company’s securities while in possession of material nonpublic information, which may include knowledge regarding a significant cybersecurity incident experienced by the company.”

Note that the Guidance can be used as evidence in shareholder derivative actions and securities fraud cases. The Guidance recommends that, if not already otherwise in place, the following steps should be implemented:

  • Establish/create general policies and procedures to prohibit and otherwise guard against officers, directors, and other company employees from taking advantage of the aforementioned “time lags” with respect to buying and selling the company’s securities
  • Establish policies and procedures for timely disclosure of data breach/hack information
  • Establish policies specifically to prohibit and prevent insider trading in the days before public disclosure
  • Establish policies that prevent the appearance of improper trading — the appearance often being just as damaging to a company’s reputation as the actuality of insider trading

Contact Revision Legal Today

For more information, contact the skilled and experienced data breach attorneys at Revision Legal. We have the dedication to help if you need advice on security, if your business has suffered a data breach, or if you need assistance in enhancing your cybersecurity. Internet law is our main practice focus and we have the skill set to help your business with data breach mitigation and response. Contact us via email or call us at 855-473-8474.

 

You Might Also Like:

Cybersecurity Best Practices

Cyber Attacks Explained

Tips To Avoid Data Breach Litigation

international sale of goods

What is Convention/Contracts for the International Sale of Goods (“CISG”)?

Most businesses are familiar with basic US business contracts and with the Uniform Commercial Code (“UCC”). Unless your business involves a significant component of international transactions, you may not be familiar with the Convention/Contracts for the International Sale of Goods (“CISG”). CISG law and CISG forms govern international sales of commercial goods, but not services, including all transactions between the US, Mexico, and Canada under the North American Free Trade Agreement (“NAFTA”). Here is a quick rundown.

What is the Convention/Contracts for the International Sale of Goods?

The Convention/Contracts for the International Sale of Goods is an international treaty signed in 1980 in Vienna which came into effect in 1988. Currently, 89 nation states are signatories to the CISG including, as noted, the United States, Mexico, and Canada. The significant non-signees are the United Kingdom, India, Hong Kong, Taiwan, many nations in the middle east, South Africa, and many other African nations.

For signatory nations, the CISG governs contracts of the sale of commercial goods between parties whose places of business are in different nations. The CISG can also be specified by contracting parties as the choice of law. Thus, CISG rules can govern international contracts even if one or both parties are from non-signatory nations. Of course, parties can opt out via contractual provisions. As noted, CISG does not apply to services and does not apply to most personal, family or household goods. Thus, CISG provisions generally do not apply to consumer goods bought on the internet and shipped business-to-consumer from overseas (but CIGS protocols might apply if products are shipped in quantity business-to-business). There are various other exclusions including ships and aircraft.

History of the Convention/Contracts for the International Sale of Goods

CISG was developed by the United Nations. See UN Information page here. Like the Uniform Commercial Code (“UCC”), CISG is a set of uniform rules with respect to international commercial transactions. Like the UCC, CISG applies to the sale and purchase of goods and, unless excluded by the express terms of a contract, CISG law is presumed to be incorporated into the contract. Like the UCC, CISG is intended to supplement the domestic commercial codes of the two countries involved providing “default” provisions where the commercial contract is silent as to some circumstance.

Important Differences Between the UCC and CISG

There are significant and important differences with dealing with international trade under CISG versus domestic transactions under the UCC.

First, under the UCC all contracts must be in writing and if a dispute arises, courts will not accept parole evidence unless there is ambiguity in the contract (or some other exception to the admissibility of parol evidence applies). By contrast, under the convention on the international sale of goods, oral contracts allowed and parol evidence is readily allowed for purposes of defining the contract and the intent of the contracting parties.

Second, with respect to the “battle of the forms,” the UCC uses a “knockout” protocol and the CISG uses a “last form sent” protocol. Under the UCC, if buyers and sellers are using their own different forms — maybe per their local business practices in various parts of the US — the UCC favors contract formation even though there are difference between the forms. If performance starts, then the contract is considered “formed.” Where the buyer’s and seller’s forms are different, those parts of the forms are considered “knocked out” and unenforceable.

Likewise, the CISG regime favors contract formation even if the seller and buyer are using different forms (although the differing forms must have substantial similarity). However, under the UCC “knockout” protocol, the CISG honors the “last-form-sent” protocol. A form that is sent in response to a first contract form is considered a counter-offer. If performance commences, then under CISG, the contract being performed in the counter-offer (the “last-form-sent”). This can be extremely important for many reasons. For example, the CISG does not provide a statute of limitations; thus, any limitation period is supplied by the laws of the signatory nations of the contracting parties. Which nation’s laws applies may depend on which form is deemed to be the “contract.”

However, as with most contract drafting, the best practice is to insert clear provisions in the contract itself. Something like this as quoted in Basic Engineering, Inc. v. Commission of Internal Revenue, Docket No. 27691-13 (US Tax Court, 2017):

“This Agreement shall be governed by, and construed in accordance with, the laws of the Republic of Austria including the UN Convention on Contracts for the International Sale of Goods of 1980 (CISG). The Parties’ rights and obligations with respect to title to and security interests in the Equipment shall be governed by the law of the jurisdiction in which such Equipment is located.”

Third, under the UCC, industry standards/usage cannot be used to modify contracts whereas such CAN be used to modify or supply missing terms under the CISG.

Fourth, under the UCC, commercial contracts CAN be modified via conduct and course-of-dealings. However, under CISG, contracts cannot be modified by course-of-dealing. This may sound odd, but remember that CISG rules allow evidence of oral modifications and also use of industry standards/usage. As such, if the parties course of dealings has changed, the parties can rely on direct evidence of such changes based on what the parties said.

A US Case Example

For a case showing a representative example of how US court apply and interpret the Convention/Contracts for the International Sale of Goods, see Chicago Prime Packers, Inc. v. Northam Food Trading Co., 408 F.3d 894 (7th Cir. 2005). In that case, the plaintiff — a Colorado corporation doing business in Chicago — sold 40,500 pounds of pork back ribs to Defendant Northam — an Ontario, Canada corporation. However, such were spoiled, according to Northam, upon arrival. Northam refused to pay for the ribs and Chicago Prime filed suit in the federal district court for the northern district of Illinois. All parties and the court agreed that the provisions of the CISG applied. At trial, the district court ruled in favor of the plaintiff because Northam did not prove that the port ribs were spoiled.

On appeal, Northam argued that the burden should not have been placed on it — the buyer — to prove non-conforming goods. The Seventh Circuit affirmed. The court began from the principle that CISG did not state who — the buyer or the seller — had the burden of proving that the goods delivered were non-conforming. That being the case, the court compared the CISG to the UCC. The court stated:

“The CISG is the international analogue to Article 2 of the Uniform Commercial Code (“UCC”). Many provisions of the UCC and the CISG are the same or similar, and “[c]aselaw interpreting analogous provisions of Article 2 of the [UCC], may … inform a court where the language of the relevant CISG provision tracks that of the UCC.”” (citations omitted)

The court then went on to show that, under the UCC, the buyer bears the burden of proving nonconformity. UCC § 2-314 provides that goods are warranted to be “fit for the ordinary purpose for which such goods are used” unless the contract states otherwise. Article 35(2) of the CISG provides that “goods do not conform with the contract unless they … [a]re fit for the purposes for which goods of the same description would ordinarily be used” unless the contract states otherwise.

The court then reasoned that, since the CISG is similar, a similar result should apply in terms of how one bears the burden on the question of nonconformity. As such, the Seventh Circuit affirmed that the district court was correct to conclude that Northam bears the burden of proving that the ribs were spoiled at the time of transfer.

International Business Law: Contact Revision Legal

Every business engaged in international trade needs experienced business attorneys familiar with international law and business forms. For further information, contact the professionals at Revision Legal. We can be reached by email or by calling us at 855-473-8474. We look forward to helping your international business succeed.

You Might Also Like:

The Importance of Non-Compete Agreements

IP Strategies For Startups

What You Need to Know About Business Contracts

Business Contracts and Material Breach

Businesses Must Prepare For Data Breaches

10 reasons to trademark

10 Reasons Why You Should Register Your Trademark

Most business owners know it is important to register a trademark to uniquely identify their products and services in a crowded marketplace. A protected trademark sets you apart from the competition, helps drive traffic and sales, keeps customers loyal to a brand, and can influence consumer purchasing decisions. But wait – there’s more! (sound familiar?) Those are not the only reasons to trademark. Read on for 10 more reasons.

1. Trademarks are Valuable

Create a trademark and you create immediate value. You already know that physical assets owned by your business such as property, have value, but registered trademarks are quite valuable as well. The process of using a trademark in advertising, on your packaging and product, and in your interactions with customers creates a positive association with your product – good will. The good will your trademark generates will appreciate in value with time; the better your business, the better your efforts at “branding,” the better your reputation, the more valuable your trademark becomes and so on in a self-reinforcing cycle.

2. Trademarks are Forever (as Long as You Use Them)

Second, when you trademark, you create something to withstand the test of time. As such, the time you spend creating a trademark is worthwhile because it is something that is legally permanent. Something to pass down through the generations if you are a small family-run business for example. Like “Mercedes” – which has been a registered trademark for over 100 years.

3. Trademarks can Make You Money

To make money you need to create value, and to make more money that value needs to persist over time. Registering a trademark is the most obvious method of creating a valuable asset that can persist over time. And franchising and trademark licensing agreements are the most obvious methods of monetizing your trademark(s). Then when it comes to sell your asset you will likely find that the sales price of your business is significantly enhanced when a famous trademark or logo is part of the deal. There are even times when the acquiring business will view your trademark as more significant than any physical asset.

4. Trademarks Help Your Business Grow

When you have a legal trademark, you are prepared for the growth and expansion of your business. A federal trademark in one market is easily migrated into an adjacent, upstream or downstream market. “Market,” of course, here means both physical markets — Illinois to Wisconsin — and also service markets — tax preparation to auditing services to legal forms. Entering a new market with an established brand gives you a significant competitive advantage. In this sense, trademarking helps you grow beyond your core market AND beyond your core product and your core service.

5. Trademarks Communicate

With a legal trademark, a business communicates its brand to the marketplace. A successful business though, makes an effort to communicate a brand message and engage in new markets. Because current customers may be loyal now, but someday they won’t need what you are selling.

Therefore, every brand needs a strategy to continuously attract new customers while also being careful that their efforts do not alienate their core supporters.  A well-crafted and honed trademark does this, as long as you stay loyal to it. Take the automobile brand Oldsmobile for example, which tried to rebrand as “younger” at the end of the 20th Century. In an effort to improve sales a new ad-line was introduced: “This is not your father’s Oldsmobile” along with a new “international” redesigned logo. However, in their attempt to break from the past, the new logo that Oldsmobile worked so hard on to modernize was left off their cars. The brand identity they were trying to communicate was missing and after a century in existence Oldsmobile was over as a brand.

6. Trademarks Translate

When you register a trademark, you create a symbol that translates to other nations and languages. In this increasingly small world connected by e-commerce, your trademark communicates an emotional message without speaking a language. A good example is the Nike “Swoosh”. A logo you can probably easily picture in your mind.  The Nike ‘Swoosh” logo is familiar on every continent and in every language. Additionally, this applies to “textual” trademarks like “Coca-Cola” as well. The way the letters are written, connected, and even their color becomes a “symbol”.  And this symbol does not depend on the native language to communicate what the product is and the commercial source.

7. Trademarks are Fast

Of the five senses, the human brain gives the most attention to visual perception. Your trademark is visual communication and it is the fastest way to impart emotions and information to a consumer. And in the smartphone age, images at arms length must quickly deliver a message. This is why you need a trademark – to get straight to the brain’s image processing center. Like how a restaurant’s logo can convey a complex message in four symbols – your trademarked logo, an arrow, the word HERE and a street map. Indeed, you could probably skip the word HERE. Your customers will see and understand the message instantly. Trademarks are speed; speed is distance over time; time is money.

8. Trademarks are Scalable

Scalability is the capacity for a logo to change size without changing appearance and is more important that it sounds. Like your favorite sports team – their logo must be easily recognized from hundreds of feet away on a scoreboard, in person on a jersey, or as an icon on a smartphone. Each scale has purpose and use; massive is imposing, the next engaging and the latter is accessible and informative. Communicating via words and text does not scale in this manner since words/text are only readable within a certain range of size limited by our ability to see small detail and our ability to take in a large format. Logos convey instant meaning whatever the size or scale. It takes much work and a creative artist to design a logo that is scalable, be sure that to protect that investment with a registered trademark.

9. Trademarks Create Community

One of the more underrated reasons for trademarking is to create an identity to belong to for a community of both customers and employees. When your brand creates positive feelings and inspires good will today, your brand can pay forward that good will from existing customers and employees to future members of the group. A logo consolidates that identity.  And the longer your logo maintains this good will in the community then the more likely it will continue according the Lindy Effect (in that the longer a logo has been around the more likely it is to stay around).

You want to create a brand community for the long term, don’t you?

You must have an outstanding product or service and pay and treat your employees well. Do this plus have a community that is willing to purchase items with your logo on them? Then brand prestige, symbolized by a trademarked brand ID, is strong enough that talented workers will actually seek employment in the community they most identify with. All else equal, would you prefer to work at Geek Squad or an Apple Store? Do you want to work at “a store,” or do you want to work at “Apple”?

10. Trademarks are Easy to Register

How to file a trademark?

The act of filing a federal trademark is easy and relatively inexpensive with the United States Patent and Trademark Office. America’s economy thrives partly due to there being no significant barriers to obtaining a legally protected and enforced trademark. However, it is wise to seek the assistance of experienced trademark attorneys to perform background research to ensure your trademark is legally unique and can be registered. Also, when you need legal representation for the challenging task of enforcement, you’ll be glad to have familiar trademark attorneys on your team.

Trademark Lawyers: Contact Revision Legal

For more information on trademarks, contact the lawyers at Revision Legal. Revision Legal has expertise with evaluations, audits, applications, renewals, monitoring, enforcement, warning letters, and all other aspects of protecting your trademarks and your other valuable Intellectual Property. We can be reached by email or by calling us at 855-473-8474.

You Might Also Like:

Kylie vs. Kylie: Trademarking A Name

Why Register Your Trademark?

How to Trademark Your Instagram Name

How Strong Is Your Trademark? — InfoGraphic

employee data leak

Can Your Business be Liable for an Employee’s Intentional Data Leak?

Many businesses are acutely aware of the dangers of a data leak that can result from the breaching of networks, computer hacks, malware, and computer espionage. These cyber threats are external threats, but businesses must also be increasingly wary of INTERNAL threats coming from vengeful and vindictive employees and ex-employees. A well-publicized lesson can be found in the recent news of a large grocery store chain in Great Britain, WM Morrisons Supermarkets, suffering from a data leak from a well-placed employee. See news report from the Guardian here.

Employee Data Leak: What Happened to Morrisons?

In 2013, a senior internal auditor in the IT department for Morrisons ran an after-hours moonlighting business on eBay. He was a well thought-of employee by day and mailed out packages to his eBay customers from the Morrisons mailroom by night. Until one day when a package containing a white powder was discovered by a coworker. With understandable concern, the police were called. The white powder was found to be diet supplement powder that was not illegal nor dangerous, but Morrisons was not pleased. The employee was given a written disciplinary warning for his misconduct.

Angry about his disciplinary warning the employee grew disgruntled and waited for an opportunity for revenge – to teach Morrisons a lesson. This lesson was delivered later in 2013 when the employee downloaded payroll data of 100,000 of his coworkers onto a thumb-drive and sent copies of the data to three newspapers. The thumb-drives included names, addresses, phone numbers, bank account details, and salaries of Morrison employees.

As described more fully here, the leak — as opposed to a hack — was timed to cause maximum embarrassment to Morrisons. Morrisons is a publicly traded company, and in May 2014, Morrisons was having profitability issues and issued a profit warning sending its shares down 12%. To allay concerns about profitability, the CEO of Morrisons touted the company’s new IT systems as key to helping Morrisons return to better performance. Within hours of this announcement the employee data was leaked and Morrisons’ shares continued to lose value.

The employee was eventually sentenced to eight years in prison for violating the 1998 British Data Protection Act.

However, about 5,500 of the employees affected by the data leak filed a class action lawsuit against Morrisons in the British courts for damages in connection with the internal information leak. In December of 2017, the court ruled that the Morrisons was vicariously liable for the employee’s intentional leak of the personal and financial employee data. Morrisons states that it plans to appeal the ruling.

Employee Data Leak: Legal Principles

The case is worrisome for many reasons. Most employee data leaks occur because of some negligence or accident (see US examples below). But here the employer is being held liable for the criminal conduct of an employee. In finding Morrisons liable, the British court specifically acknowledged that Morrisons was not at fault, that Morrisons itself did not violate the law, and that Morrisons was essentially the target of the employee’s criminal behavior. Nonetheless, the court held that Morrisons was liable for the leak on the basis of respondiat superior.

This creates, in effect, a form a strict liability for an employee data leak (at least in the UK). If the ruling is upheld, Morrisons will face a massive legal liability and, without question, the remaining 94,500 employees will join the class action or file their own lawsuits. Further, it is possible that British regulators will follow the court’s ruling and impose heavy regulatory fines and penalties.

Employee Data Leak: Legal Principles Negligence in US Courts

It is unclear whether US courts would come to the same result as the British court in the Morrisons case.

So far, US courts have only dealt with negligent or accidental leaking of employee data. In one example, a US district court held that, under theories of negligence, an employer can be held liable to employees for loss of data. See Sackin v. TransPERFECT Global, Inc., No. 17 Civ. 1469 (LGS) (US Dist. Court, SD New York October 4, 2017).

In that case, hackers successfully hacked into the company’s computers and networks and stole personal and financial data on 4,000 employees. The employees brought suit based on many claims including common law negligence, violations of various labor laws, and breach of contract. The court held that, under New York law, employers have a duty to take reasonable precautions to protect the personal data that they acquire from employees. The court held that the employees had properly alleged claims under various New York statutes. The only claims dismissed where breach of contract claims.

By contrast, in Enslin v. The Coca-Cola Co., 136 F. Supp. 3d 654 (US Dist. Court, ED Penn. 2015), the court eventually dismissed all claims by employees. In this case, per standard operating procedures, an IT employee was to dispose of obsolete Coca-Cola employee laptops. However, rather than destroy these computers the employee unlawfully sold them. But  unbeknownst to the employee, the hard drives on these laptops still contained employee information, including addresses, phone numbers and SSNs for upwards of 74,000 employees. Identity thieves pounced on this data leak. Once Coca-Cola became aware that the laptops had not been destroyed the employee was fired and criminally charged. Later, several employees whose personal and private information had been stolen filed suit and attempted to have a class action certified against Coca-Cola.

Most of the claims were dismissed early at the 10(b)(6) stage in 2015. The employees asserted various state law claims that required “knowing violations” of the relevant statutes. The federal court found that Coca-Cola did not have any knowledge that data had been stolen/leaked. In addition, Coca-Cola acted very quickly to recover as many of the laptops as they could locate. As such, all claims based on “knowing violations” were dismissed.

The federal court also dismissed claims based on the Pennsylvania economic loss doctrine, which provides that no cause of action exists for negligence that results solely in economic damages unaccompanied by physical injury or property damage. The court also found that there was no “special relationship” between Coca-Cola and its employees that would be an exception to the economic loss doctrine. Negligence claims were also dismissed by the court on the grounds that various employee and company policies failed to create a duty on the part of Coca-Cola to protect employee data. The court also rejected claims based on civil conspiracy and bailments.

In the 2015 decision, the only claims NOT dismissed were ones based on breach of contract or, in the alternative, claims based on unjust enrichment. However, those were eventually dismissed on summary judgment in March 2017. See here.

Employee Data Leak: Legal Principles Intentional Conduct in US Courts

With respect to an employer being responsible for the criminal conduct of its employees, the law is complicated and depends very much on state statutes and common law. But, in general, an employer has no duty to prevent criminal activity or intentional harm to a third party victim unless a “special relationship” exists with the victim or the harm/crime is foreseeable and the victim is among the class of foreseeable victims. See e.g., Niece v. Elmview Group Home, 929 P.2d 420 (Wash. Supreme Court 1996) (nursing home liable for employee rape of nursing home resident).

A special relationship imposes a duty upon the employer to control the conduct of its employees and otherwise protect against the criminal conduct. Foreseeability depends almost entirely on the facts of the case. Liability has been found, for example, against innkeepers and owners of apartments when guests and residents have been the victim of various crimes if such crimes were foreseeable but protective steps were not undertaken. Prosser and Keeton on Torts § 56.

How these principles play out with respect to intentional data leaks is yet to be determined.

Data Breach Attorneys: Contact Revision Legal Today

For more information, contact the data breach attorneys at Revision Legal. Contact us via email or call us at 855-473-8474.

 

You Might Also Like:

Why You Need A Data Breach Attorney

Cybersecurity Best Practices

Cyber Attacks Explained

Tips To Avoid Data Breach Litigation

chicago internet lawyer

Chicago Internet Lawyer

Revision Legal is Chicago’s Internet law firm. Our attorneys, admitted to practice law in the State of Illinois and located just outside of Chicago in Michigan, have experience in handling Internet law matters in the Northern District of Illinois, which includes Chicago and the surrounding suburbs. Our Chicago Internet lawyers have handled the following Internet law cases in federal and state court:

  • Copyright infringement lawsuit against electronic software distributor;
  • Cybersquatting lawsuit against former business partner;
  • Trademark infringement lawsuit against Internet software distributor;
  • Domain name theft lawsuit against former employee;
  • Trade secret theft of customer list;
  • Unauthorized access to a computer system; and
  • Typosquatting of numerous domain names containing Plaintiff’s trademark.

Our Chicago Internet lawyers are also experts in transactional Internet law matters. Our attorneys can help you with:

  • Defensive domain name registrations;
  • Trademark registrations;
  • Keyword advertising infringement;
  • Internet minimum advertising policies;
  • End user license agreements;
  • Terms of use agreements and privacy policies;
  • State-law privacy compliance;
  • User-generated content and Section 230 of the Communications Decency Act;
  • E-commerce transactions; and
  • Website purchase and sale agreements.

If you seek a Chicago Internet lawyer, contact Revision Legal’s attorneys today at 855-473-8474.

telemedicine terms of service

Telemedicine Terms of Service Agreements

The internet has forever changed the way health and medical services are provided. The last 10 years have seen a rapid expansion in telemedicine and telehealth services. In response many states have developed statutes to define and regulate telemedicine. For example, Vermont developed a statute (8 V.S.A. § 4100k ) requiring health insurance companies to cover and pay for telehealth services in the same manner as more traditional face-to-face provisions of health care.

Telemedicine Defined

The general definition of telemedicine is receiving/providing medical care remotely via the internet or telephone. The Vermont statute above defines telemedicine as:

“Telemedicine” means the delivery of health care services such as diagnosis, consultation, or treatment through the use of live interactive audio and video over a secure connection that complies with the requirements of the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191. Telemedicine does not include the use of audio-only telephone, e-mail, or facsimile.”

This is a very different definition than the one proposed in 1996 by the Federation of State Medical Boards (“FSMB”) under the Model Telemedicine Act (“Model Act”). The Model Act defined telemedicine as “the practice of medicine across state lines.” The Model Act did not gain many adherents. But, interestingly enough, practicing medicine “across state lines” is the key legal issue with telemedicine.

In practice, telemedicine has existed for as long as the telephone has existed. Patients with a long-term relationship with a family doctor have likely experienced a “phone consultation.” You have a bad cough or something non-life-threatening; you call your doctor; he or she talks to you over the phone and prescribes a medication. Your doctor says something like: “Make an appointment and SEE me if your symptoms do not improve.” That is a form of telemedicine.

With the advent of the internet and internet-based video services like Skype, telemedicine has became even easier. Now with the omnipresence of mobile devices, each with a camera and video recorder, providing remote medical services is almost expected.

Telemedicine: Legal Practice Issues

Conceptually, telemedicine presents almost no legal issues other than potential malpractice issues for the healthcare provider. That is, telemedicine is basically a doctor meeting with a patient via electronic interface rather than face-to-face.

In practice however, telemedicine is being promoted via websites advertising a quick and easy method to obtain medical services and prescriptions. A good example is getRoman.com, a website dedicated to providing medicine for erectile dysfunction. See here. There are a maze of legal issues that have to be navigated for websites like this including:

  • State laws with respect to who may provide medical services within the state
  • State and federal laws with respect to prescribing medications — stricter standards
  • Which state medical law is applicable? The medical laws of the doctor’s state or the patient’s state?
  • Which state law and what body of law applies to the website?
  • Licensure for the medical providers — related to the first issue
  • Medical malpractice and standard of care issues — what is the standard of care for a virtual examination?
  • Is the website providing “medical services” — legal difference between offering diagnosis and prescribing medications as opposed to simply providing conduit services, education and information
  • Federal and state privacy, confidentiality and security — HIPAA, etc.
  • FDA regulation of medical apps and medical devices — if healthcare is now delivered via mobile device, is that a “medical device” subject to FDA Class I regulation; what about programming in the app?
  • Medicine ethics with respect to corporate structures, fee-splitting, and advertising

As can be seen, as a practical matter, the legal issues are numerous. If you are providing telemedicine services, you should consult with proven internet law attorneys who are on the cutting edge of technology and legal knowledge.

Using a Website Terms of Service Agreement to Solve Some of the Legal Issues

As telemedicine websites proliferate, some are attempting to use the website Terms of Service (“TOS”) Agreements to help solve some of the problems. One particularly bad problem is being criminally prosecuted for prescribing medications across state lines. For example, back in 2007, in the case of US v. Valdivieso Rodriguez, 532 F. Supp. 2d 316 (US Dist. Puerto Rico 2007), seven doctors were charged with 41 counts of having participated in a scheme to distribute drugs through the internet in violation of federal laws and the laws of Puerto Rico. The federal charges were brought pursuant to the Controlled Substance Act (“CSA”).

Under the laws of Puerto Rico, a doctor can only prescribe medications to residents of Puerto Rico. As such, when the doctors remotely prescribed medications — via the internet — to persons outside of Puerto Rico, according to the prosecutors, they were practicing medicine “outside the scope of professional practice … with whom they lacked a doctor-patient relationship” in violation of the CSA. The District Court upheld the charges as against various motions to dismiss.

The getRoman.com website attempts to avoid the Valdivieso issue via its TOS Agreement. See here. Its TOS Agreement specifically limits the availability of the internet service to California, Florida, Georgia, Kentucky, Illinois, New York, Nebraska, Michigan, Montana, Ohio, Pennsylvania, Virginia, Washington and Texas. The getRoman.com TOS then goes on to say that “[h]ealth care providers providing Services through the Site are licensed to practice in the states in which they treat patients.”

Whether that gets the doctors beyond the Valdivieso situation is fact-dependent. Can the medication be delivered to addresses outside of the covered state? Are Texas doctors interacting with Texas web-users? Will authorities really care since these are ED medications?

It will be interesting to see how the court deal with telemedicine websites and their various TOS Agreements. These websites are relatively new and our research did not uncover any cases yet reported dealing with TOS Agreements for websites like getRoman.com.

Telemedicine and TOS Agreements: Contact Revision Legal

If you would like more information about TOS Agreements or have other questions about business law, internet law, data breaches and other legal issues related to IP, contact the lawyers at Revision Legal. We can be reached by email or by calling us at 855-473-8474.4

You Might Also Like:

 

Browsewrap and Clickwrap Agreements

FTC Brings Charge for Misleading Consumers

Updated Guidelines for Online Endorsements

Import Businesses: Beware of FCC Regulations

data security update

7 Reasons to Read FTC’s 2017 Privacy & Data Security Update

The Federal Trade Commission (“FTC”) recently released its 2017 Annual Privacy and Data Security Update (click here; for the direct link to the Update, click here and then click on the PDF link provided). We see seven compelling reasons to read the 2017 FTC Update and to take data breaches seriously:

1. The Number of Data Breaches Increases Every Year

There were over 850 computer security attacks in 2017. The number of breaches has been increasing every year. The data breaches involve billions of people around the world. Billions with a ‘B’ – this is not an exaggeration. For example, the recent Equifax data breach involved 145 million customers; a data breach from India mobile phone carrier involved 120 million consumers; data breaches from a number of popular Chinese websites resulted in the theft of personal and financial information on 1.85 billion customers.

2. Costs can be Massive

The cost of a data breach to your company can be massively burdensome. Vast amounts of employee time will be needed to:

  • Fix the security breaches
  • Deal with governmental investigators
  • Notify customers and clients
  • Handle the public and media relations
  • Respond to the lawsuits

Aside from loss-of-productivity costs, your business will be paying for outside legal counsel, experts, auditors, settlements, and fines. See our post on the high cost of data breaches.

When Target stores had a significant data breach in November 2013, filings with the Securities and Exchange Commission show that in the following four years Target spent an average of $50 million a year dealing with the after-effects of the breach.

In another example, Anthem, a health care provider, recently agreed to pay $115 million to settle 100 lawsuits filed against it for a 2015 hack of customer information. Anthem was hacked and the private data of 79 million customers was stolen. Anthem agreed to either pay each customer $50 or purchase for them two years worth of credit monitoring.

Pause to consider this for a moment – the per-customer settlement is minor, but due to the immense number of customers impacted, the $115 million settlement became the largest data-hack settlement at the time.

3. Cyber-Threats are Constantly Evolving

Threats to your computer systems are constantly emerging. Every software update and each hardware improvement is a potential target for exploitation by hackers and criminals. These activities are being directed at your company ON PURPOSE and with bad intent. Such threats demand your immediate and full attention.

4. Cyber-Threats are Now Internal

Most people focus on the external threats, but internal threats are becoming the new normal. We recently wrote about a rogue administrator in United States v. Thomas, No. 16-41264 (5th Cir. 2017). Mr. Thomas was the Company’s IT Operations Manager.  Unhappy that a co-worker had been fired, Mr. Thomas spent a weekend sabotaging his employer’s computer systems and network and then quit without warning. Mr. Thomas was convicted, but his employer’s business suffered significant disruption.

As another example, in a widely reported case from the United Kingdom, an IT auditor for WM Morrisons Supermarkets, a large grocery store chain in the UK, received a disciplinary warning for employee misconduct. Not happy about being disciplined, he retaliated by deliberately publishing personal and financial data on nearly 100,000 of his coworkers including names, addresses, phone numbers, bank data, etc. The employee was charged and convicted of various crimes. However, Morrisons was recently held liable in a class action lawsuit brought by several thousand of the affected employees. Recently, a UK court held that Morrisons was legally responsible for the data leak. See report here. These examples show that you cannot be too careful with respect to securing your computer and network systems from both external and internal threats.

5. Non-Monetary Costs can be Massive

Lax cybersecurity is not just a threat to consumer data, but also to your company’s trade secrets and property.

Dun & Bradstreet, for example, had a valuable asset stolen by hackers in 2017. It was an exclusive database for marketing and email campaigns. This database gave Dun & Bradstreet a significant competitive advantage that was lost when the database was stolen. Adding insult to injury, Dun & Bradstreet had acquired the database in 2015 as part of a $125 million purchase of a smaller company called NetProspex. Very likely, the largest asset owned by NetProspex was just this database. As another example, HBO lost confidential data which led to the unauthorized release of HBO programming, including a script of a then-upcoming episode of Game of Thrones.

6. Your Business can be at the Mercy of Hackers

Further, lax cybersecurity is a direct threat to your business and your ability to function. Ransom can be demanded and your business can be vulnerable to malware like WannaCrypt/Cry. WannaCrypt infected millions of computers in May 2017 across 74 countries. The malware encrypted as many files as it could on a given computer system and then demanded $300 or $600 in Bitcoin to restore the files. This malware also installed a backdoor to the computers and servers which allowed remote control and access. For those infected, business operations came to a standstill.

Your company can also be vulnerable to ransom demands to avoid bad publicity and legal liability. Uber had a data breach in October 2016 which the company tried to hide and then paid the same hackers $100,000 to help in the concealment.

7. Hackers can Damage Your Business Reputation

Nearly three-fourths of cyberattacks seek money, stealing money directly from financial accounts or credit card numbers, demanding a ransom, or something similar. But between 10% and 15% of security breaches are hacktivism — criminal behavior designed to punish or embarrass your company for political or social reasons. We’ve recently written on these types of breaches here.

Data Breach Attorneys: Contact Revision Legal Today

Contact us via email or call us at 855-473-8474.

 

You Might Also Like:

Cybersecurity Best Practices

Chipped Credit Cards and Internet Fraud

Cyber Attacks Explained

Tips To Avoid Data Breach Litigation

How Grumpy is Your Cat?

Stone sculptures of jewelry-adorned cats dating back to at least 500 BC have been discovered in Egypt. Feline goddesses were recorded in texts dated thousands of years earlier. In 1888, a farmer in Egypt stumbled upon a tomb containing eighty-thousand mummified cats. While it is estimated that the first domesticated cats appeared ten thousand years ago in the Fertile Crescent, savvy persons have long recognized that an international cat-cabal has quietly controlled human development for at least as long. It is no accident that cats dominate the internet.

On January 23, 2018, a jury in the Central District of California awarded more than $700,000 to Grumpy Cat Limited after it sued several parties for copyright infringement and trademark infringement. The jury awarded $230,000 for the copyright infringement claim and $480,000 for the trademark infringement claim.

The complaint stated that “Grumpy Cat (a/k/a Tardar Sauce) is one of the most famous and recognizable felines in the world due to her perpetually grumpy expression.” The complaint asserted four federal copyright registrations and three federally registered trademarks concerning Tardar Sauce. Without its federal registrations, the plaintiff would have had a much more difficult time obtaining the judgment described above.

Humans should take a lesson from cats and think about long term survival. Obtaining copyright registrations and federal trademark registrations may not seem like an immediate need, but it is much better to have a registration for both and never need to litigate than to find yourself in litigation wishing you had a copyright or trademark registration.

The cost of registration is minimal while the benefits are invaluable. Tardar Sauce gets it. Do you? If you are on the fence about seeking copyright and/or trademark protection, find a cat and talk it over.

Call Revision Legal. We know a lot of cats.