Published on:

In recent years, much of consumer retail consumption has transitioned to the online marketplace. So, many of us engage in e-commerce, especially when shopping for the upcoming holiday season. While e-commerce is convenient and easy, consumers are becoming more aware of the risks posed by hackers that commit online fraud. Merchants who administer websites for online shopping must take measures to assure that their sites are protected from online hackers and fraud. Online merchants may be held liable for online fraud if the proper steps are not taken to prevent it. Are you an online merchant? Are you worried about protecting the sensitive information of your customers? If so, then you must take certain steps to prevent fraud and unauthorized access (i.e., hacking).

How Does Online Fraud Occur?

Online fraud is fraud that is committed using the Internet. This type of fraud typically comes in two forms: (i) financial fraud; and (ii) identity theft. Financial fraud often occurs when a hacker collects a consumer’s financial information to steal money.  Identity theft usually occurs when a hacker collects a consumer’s information, and then uses it to open bank, mortgage, or credit card accounts. Many times the two types of fraud happen concurrently. Hackers often target e-commerce websites because consumers are constantly offering their credit card and personal information through these websites. Online merchants must take precautions to prevent hacking that leads to this kind of fraud.

What Is An Online Merchant’s Liability If There Is Online Fraud?

An online merchant is a person or business who accepts payment, usually credit cards, in exchange for goods and/or services through an online website. An online merchant may be held liable from a customer’s loss due to online fraud occurring through the merchant’s website. Often a financial institution (e.g., bank issuing credit cards) will bring an action against a merchant for failure to protect customer data from unauthorized access that led to the fraudulent use of that information. If the institution and/or customer can show that the loss was directly caused by the merchant’s lack of protection, then the merchant will be held liable. Therefore, online merchants must take reasonable steps to protect customer data. Merchants can and should take the following measures to protect against hackers committing online fraud. For example, choose a secure e-commerce platform with sophisticated programming language that ensures a secure connection during checkout. Use a system that verifies customer credit card and address information, and do not store this data longer than necessary. Require that customers utilize strong passwords, and track all their orders by number. Set up alerts when suspicious activity occurs. Train your employees in security measures and layer those measures for additional security. Closely monitor your website with regular scans to detect vulnerabilities. Make sure your systems are always updated. Think about using the cloud to reduce the need for hardware and protecting it, and invest in a fraud management service that reduces merchant liability when a customer suffers a data loss. Lastly, back up the data on your website, so that you do not lose important customer information.

These steps will greatly reduce the opportunity for a hacker to access sensitive customer information to commit fraud. If you are an online merchant and want to take steps to reduce your liability from online fraud, you may contact us to speak to an attorney.

Published on:

The best advertising directs a company’s message directly to the customer.  Direct telephone marketing is an effective way to accomplish this kind of advertising.  However, the Telephone Consumer Protect Act (“TCPA”) now restricts how businesses can engage in direct telephone marketing.  But, there are many other ways companies can directly reach consumers—i.e., text messages, emails, and instant messages. These kinds of communications may not violate the law against direct telephone marketing.  Is your company looking for more effective marketing? Are you unsure how you can advertise directly to customers’ devices?  If so, then recent interpretations of the TCPA may allow your business to advertise directly to customer devices.

What Is the TCPA?

The TCPA was enacted in 1991 to restrict telemarketing and the use of automated telephone calls for the purpose of marketing. The law makes it unlawful “to make any call using any automatic telephone dialing system (“ATDS”) . . . to any service for which the party is charged for the call.” An ATDS means equipment, which has the capacity to store or produce telephone numbers to be called, using a random or sequential number generator, and to dial such numbers.  A recent case has helped limit the definition of an ATDS.  In Marks v. Crunch San Diego, LLC, a district court in California held that text message marketing may not be an ATDS, and therefore is in compliance with the TCPA.

What Does the Marks Case Mean for Your Company?

The defendant, Crunch, a San Diego gym, utilized a third-party platform to send promotional text messages to gym members and potential clients.  Crunch used three methods to input client phone number information into the third-party platform, all of which involved a person inputting the data.  Crunch could then send mass text messages to everyone in the database when it wanted to publish an advertisement. The court held that this system did not violate the TCPA because the platform was not an ATDS.  The platform did not store or produce numbers to call, it did not use a random number generator, and it did not then dial those random numbers.  The holding in this case means that a company can utilize a database of customer and potential customer information for telephone marketing.  However, the company must ensure that a person, and not a random number generator, collects the data.  Also, the system must not have the ability or potential to randomly generate numbers and send text messages to those numbers.  The holding in this case could potentially be extended to other forms of telephone communication (e.g., instant messaging).  Yet, a system like this could be deemed an ATDS if the platform has the potential capacity to store or produce telephone numbers without human involvement via new software.  In Sherman v. Yahoo! Inc., the same court held Yahoo’s text message system was an ATDS because it had this potential.  These two cases allow businesses to utilize mass-marketing text messages as long as a person manually inputs the recipients’ information into the system.

At the Law Offices of Salar Atrizadeh we assist clients in legal matters involving changes in internet, technology, and telecommunication laws. You may contact us to speak with an attorney regarding your questions or concerns.

Published on:

The purchase of commercial general liability and umbrella insurance policies are ways to protect your business from liability. However, these types of policies have not adapted to protect policyholders from certain types of cyber liability.  This issue was recently exposed in a case against Urban Outfitters, Inc., and its subsidiary, Anthropologie, Inc. (collectively “Urban Outfitters”). Urban Outfitters found itself with no suitable insurance coverage when facing several lawsuits for privacy infringement that resulted from credit card transactions. Many businesses collect customer data and infringements of customer privacy may not be covered by traditional insurance policies. Do you run a business that collects consumer data? Are you unsure how far your insurance coverage extends in protecting against consumer data breaches? If so, then you may contact us to speak to an attorney about whether you should obtain cyber liability insurance.

What Was the Issue in the Urban Outfitters Case?

In OneBeacon America Insurance Company v. Urban Outfitters, et al., Urban Outfitters was sued in three different states for consumer privacy breaches. Urban Outfitters was sued because of its practice of collecting consumer zip code information when processing credit card transactions. This practice violated multiple consumer privacy laws. Urban Outfitters then looked to its insurance company to defend the multiple lawsuits. However, the insurance company claimed that its general liability policy did not cover that kind of privacy breach. The federal court in Pennsylvania agreed, and held that the insurance company was not obligated to defend Urban Outfitters in any of the lawsuits. The general liability policy only covered “oral or written publication of material that violates a person’s right of privacy,” and even though Urban Outfitters violated consumer privacy, it never published that material.

What Lessons Can Businesses Learn From the Urban Outfitters Case?

In general, businesses should take steps to ensure that insurance policies cover all types of privacy violations. This can be accomplished with a tailored cyber liability insurance policy. These policies can cover a range of risks (e.g., data breach, media liability, extortion, and network security breach). However, every company is structured differently and each is exposed to a different set of risks. As such, mainstream insurance companies are now offering pre-packaged cyber liability insurance along with custom policies. In most instances, the language in an insurance policy is filled with complicated legal terms. So, it is recommended that you speak with an attorney to ensure that the insurance policy properly protects your company. You can also take steps to reduce your risk and cost of an insurance policy on your own. Insurance companies rely on the following factors in determining premiums: (1) general risk exposure of the industry; (2) general risk exposure of the size of company; (3) loss history; (4) years in business; (5) financial condition; (6) extent of use of outsourced network security services; (7) dependency on third-party networks; and (8) in-depth analysis of network security pursuant to standards (e.g., ISO 27001).

In sum, businesses cannot control all of these factors, but they can improve their financial condition and network security.  You may contact us to speak to an attorney about your questions regarding cyber liability insurance.

Published on:

Peer-to-peer networks have provided an invaluable service that allows users to share information and data around the world. These networks became popular for media sharing, culminating in the infamous Napster scandal. Many are aware of the copyright issues that arise with the use of peer-to-peer media sharing. However, there are other cyber-crime issues that users may expose themselves to when using these networks. Peer-to-peer networks may be used in a variety of legal ways, but users must protect themselves from cyber crime prevalent over these networks. Are you developing or using a peer-to-peer network? If so, then you should be aware of the cyber crimes that you may be exposed to or unintentionally committing.

What is a Peer-to-Peer Network?

A peer-to-peer network is created when two or more computers connect and share resources without going through a separate server.  Typically, peer-to-peer networks are accessed through free software that allows the user to find and download files on another user’s computer.  The traditional computer network uses a client and server model, in which the client computers store and access data on a dedicated server. Peer-to-peer networks move away from the dedicated server. So, each computer is a client and a server. This empowers each user to access and share information directly instead of through a central hub. These networks also provide users with more control. Users can decide to which computers to connect, what files to share, and how many system resources to devote to the network.  Users have many controls over a peer-to-peer network.  However, the average user may expose himself to committing and being the victim of cyber crimes if he does not know how to control the network settings.

What Cyber Crimes are Associated with Peer-to-Peer Networks?

There are several cyber crimes to which peer-to-peer network users expose themselves.  The FBI has highlighted three common crimes.  The most well-known issue in the use of peer-to-peer networks is copyright infringement.  Sharing copyrighted music, movies, and software is a violation of copyright laws. Sharing these copyrighted materials can expose the user to both civil and criminal penalties. Yet, many peer-to-peer users do not violate copyright laws.  Even with lawful use, users may expose themselves to become victims of cyber crime. Computer hackers often take advantage of the openness of peer-to-peer networks to access other computers. Many hackers specifically create worms and viruses that are spread through these networks.  Further, without configuring peer-to-peer software correctly, hackers may be able to access the computer, allowing hackers to see and download information directly from the hard drive. The most disturbing cyber crime that occurs through peer-to-peer networks is child exploitation and obscenity.  Those involved in child exploitation innocuously label files, so that users think they are downloading something legal when accessing files through peer-to-peer networks.  Parents may know their children are using peer-to-peer networks to download media, but they may be unaware that their children are accessing obscene material.  Files are freely accessed and shared on peer-to-peer networks, and there are no built-in parental protections.

In sum, using a peer-to-peer network can help users effectively share and store information.  Nevertheless, users must be aware of their exposure to cyber crime when using these kinds of networks.  You may contact us to speak to an attorney about your exposure to cyber crimes when using peer-to-peer networks.

Published on:

The writing is on the wall.  The future of television and media consumption is moving away from network channels and physical sales to an “On-Demand Internet” streaming model.  This trend has already begun with millennials.  Millennials, as a group, do not subscribe to cable television or purchase music. Instead, services like Netflix, Hulu, and SoundCloud provide Millennials with On-Demand access to television shows, movies, and music. Television networks and traditional media companies must adjust to this new trend. This issue recently came to a head in the Supreme Court’s decision in ABC v. Aereo. The Court’s decision, while resolving the immediate issue in the case, has caused a problem in the larger scheme of things. The decision has put a new spin on how the Court applies the Transmit Clause of the Copyright Act of 1976. If you provide digital media content through Internet streaming or access content through the cloud, then the Aereo decision could affect you.

What Was the Issue In ABC v. Aereo?

Aereo is a company that provides a small device that a user can connect to a computer for a monthly fee. The device allows the user to pick up network television broadcast signals and stream them directly to the user’s computer.  ABC and other network broadcasters sued Aereo for copyright infringement. The issue in the case was whether Aereo’s device fits under the definitions of performance and public transmission within the Transmit Clause of the Copyright Act of 1976.  The Transmit Clause describes the exclusive right to “transmit or otherwise communicate a performance . . . of the [copyrighted] work . . . to the public by means of a device or process . . .”  The Court held that Aereo did transmit ABC’s performance and that the transmission was to the public.  Therefore, Aereo infringed upon ABC’s copyrights.

How Did the Supreme Court’s Decision Affect the Transmit Clause?

The problem that has arisen out of the case is not the ultimate decision, but instead, the rationale the Court utilized to get to that decision. The Court looked at the issue in an antiquated perspective. The Court asked whether the Aereo device is an antenna or a cable system.  The Court decided that Aereo was not a cable system, but that it was like a cable system. The problem is that Aereo does not act like a cable system.  A cable system grabs a channel’s feed and then transmits that feed to its customers simultaneously. Aereo, on the other hand, utilizes a system in which each subscriber decides to what feed the Aereo device will tune. Each user tunes the Aereo device to the desired channel instead of Aereo broadcasting constantly to all of its subscribers. This model is inherently unlike a cable system. In fact, the Aereo device represents the new kinds of media consumption that do not fit neatly into current copyright laws. If Aereo’s device is transmitting a performance to the public, then is the average user doing the same when streaming media from the Internet or accessing media from the cloud? The Aereo decision has changed the way companies and average users must understand the Transmit Clause. What we once considered private transmissions could now be considered public and an infringement of copyright law.

You may contact us to speak to an attorney about how your streaming practices and/or media consumption are affected by this decision.

Published on:

In recent times, a significant amount of business is conducted online.  The Internet connects a business to customers anywhere in the world. What happens when a dispute arises between a business in one state and a customer in another? If the customer wants to bring legal action against the business because of a transaction that occurred online, where does the customer file the action? The answer may depend on the type of website. The courts have created the distinction between active and passive websites. When a transaction occurs through an interactive website, the business may be subject to the jurisdiction of the state where the customer accessed it. Is your business developing a website? Did you know that an interactive website may subject you to the jurisdiction of any state? If so, then you must understand the difference between active and passive websites, and how they may affect your legal rights.

What Is the Active and Passive Distinction?

An interactive or active website is one where business transactions can occur through the website or information can be exchanged to solicit business. On the other hand, a passive website is one that is used to post information for potential customers, but it does not allow for interaction. A passive website is similar to an advertisement. The distinction is crucial because courts will confer personal jurisdiction over companies that maintain active websites in the state where the consumer is located. Active websites include sites that foster online sales, sites that take measures to solicit business in a particular forum, and the use of a third-party site to sell an item. Not every website fits neatly into these two categories, and issues arise when the website falls between the two.

How Do Courts Decide Whether A Website Is Active Or Passive?

In general, the courts look to a number of factors when deciding whether a website is active or passive. A federal court in Virginia held that an active website did not confer personal jurisdiction in Virginia because the website was not directed toward Virginia and no Virginia residents visited the site. On the other hand, another federal court in Connecticut held that a site that seemed passive did confer personal jurisdiction on the company because of a toll-free number posted on the website. The court held that the number was enough to be a solicitation. While many courts apply the “active/passive” test, not all rely on it exclusively. The Second Circuit has stated, “a website’s interactivity may be useful for analyzing personal jurisdiction,” but “traditional statutory and constitutional principles remain the touchstone of the inquiry.” The general test for personal jurisdiction is whether the defendant has minimum contacts with the state in question. Courts apply the minimum contacts test on a case-by-case basis. To apply this test to a website, a court would look to the “quality and nature” of the site’s activity and whether that activity is such that it would be fair to hale the defendant into that jurisdiction.

If you plan on doing business online, then you must be aware of whether your website is active or passive. The distinction could be the difference of you being summoned into court on the other side of the country. If you are concerned about the interactivity of your website, you may contact us to speak to attorney.

Published on:

Since the 1930s, the act of publicly raising money for a startup business has been outlawed. Now, with the implementation of the Jumpstart Our Business Startups Act (“JOBS Act”), in 2012, public crowdfunding is legal and encouraged. Startup companies are no longer confined in the resources and opportunities available to raise capital. Private companies can now publicly advertise that they are raising capital and collect investment funds through online crowdfunding services. The JOBS Act allows for two different ways in which a company can utilize this new crowdfunding opportunity. Is your startup looking for an infusion of capital? Are you considering crowdfunding as an option? If so, then you must understand how Title II and Title III of the JOBS Act apply to your startup.

What is Title II?

Title II of the JOBS Act now allows a private company to solicit and advertise investment opportunities to the general public. But, Congress left it up to the Securities and Exchange Commission (“SEC”) to regulate the rules. The SEC has changed Rule 506 of the Securities Act of 1933 to allow for this new public advertising provided that, “the issuer takes reasonable steps to verify that the investors are accredited investors.” Rule 501 defines accredited investor in three different ways: (1) an individual whose net worth or joint net worth with a spouse exceeds $1 million; (2) an individual with an annual income more than $200,000; or (3) a joint annual income with a spouse over $300,000. In addition, issuers must previously file with the SEC that they are claiming this new public solicitation exemption. The penalty for not following these requirements is being banned from fundraising for a year.

What is Title III?

Title III of the JOBS Act will remove the accredited investor requirement under Title II, but will add new red tape. Non-accredited investors with an income below $100,000 can invest a maximum of $2,000 or 5% of their income or net worth. Non-accredited investors with an income above $100,000 can invest a maximum of 10% of their income or net worth. Further, investments made under Title III cannot be resold for at least one year. Issuers must use the services of a broker or a “funding portal” registered with the SEC. A funding portal is a neutral third-party service (e.g., Kickstarter, Indiegogo). There are also limitations on companies raising funds under Title III. Companies are limited to $1 million a year in fundraising when using the Title III exemption. There are also many required disclosures to the SEC. You must disclose financial statements and tax returns, or be audited by an independent public accountant or auditor. Companies must disclose information about executives and any individuals who own more than 20% of the organization. Further, companies must disclose the use of all proceeds, price of the securities offered to the public, target offering amount, timetable for reaching the target amount, and any excess acquired above the target amount. Finally, companies raising money under Title III must file an annual report with the SEC. While Title III allows for a larger pool of investors, the disclosure requirements may be so cumbersome that the costs outweigh the benefits if you are not aware of all the requirements.

As such, the JOBS Act seems to provide new opportunities for private startups to gain capital, but they must pass through certain bureaucracies. You may contact us to discuss how you can utilize the provisions of the JOBS Act to raise capital for your startup.

Published on:

In recent years, social media has allowed users to instantly communicate with each other. Social media also provides a low cost and high-yield forum for communications. Because of these effects, social media is becoming the preferred way for advertisers to reach customers. A marketing campaign that includes social media can greatly enhance a company’s brand exposure.  However, there are several legal and regulatory issues that arise when using social media for advertising. When using social media tools like hashtags and facebook pages, advertisers should monitor their copyrights and trademarks and comply with state and federal regulations.  Is your company beginning a new social media advertising campaign? Are you trying to brand your company with hashtags and handles?  If so, then you should contact us to discuss the legal issues.

What is a Hashtag and How Is It Used in Advertising?

A hashtag is a form of metadata made up of a word or phrase that is prefixed with the symbol “#” used by a social media site to create a searchable keyword. Hashtags are commonly used to direct potential customers to others discussing the same hashtag. Any user could create a hashtag with your company’s name or one that infringes on your intellectual property. Most social networks have policies that prohibit trademark and copyright infringement. Be sure to check these policies and the procedures for reporting abuses. Yet, not every third-party use of a trademark is necessarily an infringement if done under the fair-use standard. If a third-party is using a hashtag or handle that refers to your trademark, it may not be an infringement if used only to join a conversation, and that user is not claiming to be the owner of the trademark. Further, you can actually trademark a hashtag with the United States Patent and Trademark Office for additional protection. A mark including the “#” symbol can be registered as a trademark if it functions as an identifier of a good or service.

What Are the Regulatory Issues for Social Media Advertising?

The Federal Trade Commission (“FTC”) enforces consumer protection laws to ensure that companies advertise their goods and services truthfully.  General rules of advertising law apply to social media advertising.  The FTC has provided several points to ensure that your advertisement is in compliance.  First, make sure that the advertisement is not unfair or deceptive.  In other words, all facts and practices used to advertise your good or service must be straightforward.  Second, advertisers should include qualifying information rather than a separate disclosure. For example, if you are posting on your Facebook page, any qualifying information about the promotion or offer should be included in that post.  Third, all required disclosures must be clear and conspicuous.  If you cannot include the disclosure in your post, then make sure to provide a clearly posted link to the required disclosure.  Lastly, if the forum does not provide the opportunity for a required disclosure, then do not advertise within that forum.  Social media is usually just one part of an advertising campaign, so advertisements that do not conform should be placed elsewhere.

Social media is a great tool in your advertising toolbox. If you need assistance in understanding the legal and regulatory issues involved, you may contact us to speak with an attorney.

Published on:

It seems that entrepreneurs do not simply want to capitalize on local markets anymore.  An international impact is achievable with the connections available through internet and technology (e.g., e-commerce).  A startup company can now achieve that international presence by utilizing cryptocurrencies and crypto-crowdfunding.  Using cryptocurrencies allows a company to do business in any country without worrying about foreign exchange fees or limitations.  Crypto-crowdfunding can help a new company raise capital by creating its own currency in exchange for real money or other cryptocurrency. Are you starting an online business and want an international presence? Do you want to raise money fast for your new company? If so, then cryptocurrencies and crypto-crowdfunding may be helpful.

What is Cryptocurrency?

Cryptocurrency is digital or virtual currency that uses cryptography as its security. These currencies are not issued by central banks, and therefore, immune from government intervention and manipulation. Because there is no government intervention into these crypto-markets, many national cyrptocurrencies are beginning to emerge. European countries with struggling central banks and economies are experiencing the emergence of national cryptcurrencies, such as Spaincoin in Spain and Aphroditecoin in Cyprus. These currencies are easily traded and provide entrepreneurs with the ability to circumvent foreign exchange controls. Whether these currencies are privately started or nationally motivated, they can connect people anywhere in the world while keeping governments out of the picture.

What is Crypto-Crowdfunding?

Crypto-crowdfunding combines the benefits of cryptocurrencies and the quick capital infusion from crowdfunding. One of the first entities to foster this idea is Swarm.  The process works by a startup company creating its own cryptocurrency. The new company then trades this currency for real money or other cryptocurrencies. If the company is popular or successful, then its newly created currency is more valuable and can be traded to a third-party for a profit. The company benefits because it receives fast capital in many forms, and those who purchase the new cryptocurrency also have a share in the success of the company because they own its currency.

What Are the Legal Issues of Crypto-Markets?

In general, governmental agencies participate in the regulation of these markets—e.g., Financial Crimes Enforcement Network (“FinCEN”), Securities and Exchange Commission (“SEC”), and Internal Revenue Service (“IRS”).  Cryptocurrencies provide an opportunity for money laundering, and FinCEN has announced that anti-money laundering regulations apply to virtual currencies. Under FinCEN guidelines, an exchange service that allows a user to buy a cryptocurrency with real currency and sell cryptocurrency for real currency must register with FinCEN. A federal court held in SEC v. Shavers that cryptocurrency is a type of security covered by the Securities Act of 1933. Therefore, fraudulent trades in the crypto-markets come under the regulatory control of the SEC. On March 26, 2014, the IRS issued the IRS Virtual Currency Guidance to explain the tax obligations of cryptocurrency. The IRS has stated that “virtual currency is not treated as currency that could generate foreign currency gain or loss for U.S. federal tax purposes.” So, using cryptocurrency may help a new company avoid capital gains tax obligations.

As such, these markets are still in development, and the regulatory agencies and laws are not always up-to-date. You may contact us to discuss the applicable laws and regulations.

Published on:

In the past, to start a business you had to find a location, rent space, and open your doors to the public. Today, many entrepreneurs can do it all online by advertising, communicating with customers, and managing transactions using the web. Many entrepreneurs are interested in starting a new business with a strong online presence. There are several steps that one must take to start a business, plus additional considerations to comply with online business laws. Are you ready to create an online business? Are you unsure which laws you need to be aware of for your e-commerce website?  If so, then you need to know the process to start a business and the additional issues that apply to e-commerce.

How Do I Start An Online Business?

The Small Business Administration recommends a ten-step process to start a new business.  First, write a business plan.  This is your general outline as to the identity of your new company and the structure you are going to build to execute your plan.  Second, get the proper assistance and training. No one knows everything and connecting with mentors and experts can help you get off on the right foot.  Third, choose your location. If your company is 100% online, you still need to determine the types of customers you plan on attracting and to what areas you plan on making deliveries.  Fourth, finance your business. Whether you choose traditional financing from a commercial bank or more creative methods (e.g., crowdfunding), make sure to do your research and figure out what works for your company.  Fifth, determine the legal structure of your business. There are many types of entities you can create (e.g., LLC or Corporation). Each entity creates different levels of liability and tax obligations.  Sixth, register your business name with the proper state agency (e.g., Secretary of State).  Seventh, get a tax identification number (a/k/a EIN) by registering with the Internal Revenue Service.  Eighth, register with state and local tax agencies (e.g., Franchise Tax Board, a/k/a FTB). In general, each state has its own tax laws, so make sure you know the obligations within your state.  Ninth, obtain business licenses and permits.  You should keep in mind that state and federal agencies may require different licenses and permits. Finally, you may need to hire employees or independent contractors.

What Are Other Concerns For An Online Business?

Doing business online may relieve you of the worries of a physical location, but there are additional considerations. The privacy of your customers should be a major concern. The Electronic Communications Privacy Act (“ECPA”) and the Stored Communications Act (“SCA”) protect privacy of electronic communications and electronically stored information.  For example, your website may access a customer’s computer to complete a transaction, but there could be criminal and/or civil penalties under the ECPA or SCA if your company accesses protected information.  In addition, some information (e.g., personally identifiable information) you receive from your customers must be protected and securely stored on the network.  In fact, new businesses should focus on cybersecurity.  Furthermore, no security system is full proof. Therefore, cybersecurity insurance is another protective measure businesses may want to consider in order to minimize liability.  If you need assistance in starting your new business and complying with applicable state or federal laws, you may contact us to speak with an attorney.