Published on:

As of March 25, 2015, the Securities and Exchange Commission (“SEC”) adopted new rules to update and expand Regulation A. Regulation A+ will allow companies to gain access to funds through crowdfunding. These new rules are mandated by Title IV of the Jumpstart Our Business Startups (JOBS) Act.

What will the new rules do?

The update and expansion of Regulation A to Regulation A+ will allow smaller companies to sell up to $50 million of securities in a 12-month period.  These exemptions, however, are subject to eligibility, disclosure, and reporting requirements. The new rules have created a more effective way to raise capital while attracting and protecting investors. Non-accredited investors will be allowed to annually invest up to ten percent of their income or net worth, depending on which amount is greater. Before the new rules came out, only accredited investors were able to invest in startups through equity crowdfunding. The final rules are referred to as Regulation A+ and are provided in two tiers of offerings based on amount of security offerings over a 12-month period. Both are subject to the same basic requirements and eligibility limits, but differ in registration and qualification offerings.

What are the main differences between the Tier 1 and Tier 2?

Under Title IV of the JOBS Act, the offerings are as follows: Tier 1 consists of security offerings of up to $20 million over a 12-month period, with no more than $6 million of these offers coming from selling security holders that are affiliates of the issuer. Tier 2 consists of securities up to $50 million in a 12-month period, with no more than $15 million of these offers coming from selling security holders that are affiliates of the issuer. Up until $20 million of offerings, the issuer can choose to proceed under Tier 1 or Tier 2. These include, but are not limited to, review by SEC’s staff, permits, and eligibility limits. The companies that conduct their offerings under Tier 2 are subject to additional requirements. These requirements are to provide audited financial statements, file annual, semi-annual, and current event reports, and the placement of limitations on the amount of securities that non-accredited investors can purchase under this tier. In addition, within 5 years of the adoption of Regulation A+, there must be a report submitted to the SEC regarding impact of both Tiers on capital formation and investor protection.

How does the offering process work?

Issuers are required to file an offering statement on Form 1-A with the SEC using the EDGAR System. Form 1-A consists of Part I—Notification, Part II—Offering Circular, and Part III—Exhibits. Issuers can submit offering statements to be reviewed by the staff of the Division of Corporation Finance before filing any documents. This non-public submission must take place no later than 21 days before the qualification. In addition, both Tier 1 and Tier 2 issuers are required to file balance sheets and other financial statements from recent fiscal years. These statements must be in accordance with the Generally Accepted Accounting Procedures (GAAP).

At our law firm, we assist clients in legal issues related to crowdfunding, Regulation A+, and Tier I and Tier II offerings.  You may contact us in order to setup an initial consultation.

Published on:

The modern day business model is shifting towards cloud computing and Software-as-a-Service (“SaaS”) agreements. This new trend allows customers to treat licensing costs as expenses that can be paid over time. SaaS also provides a solution to bug fixes, glitches, and the updating of licenses simultaneously. With the shift to cloud computing, developers are no longer required to provide a platform on which their own application runs.  However, confusion exists about the differences between software licensing and SaaS agreements.

What is the difference between software licensing and SaaS?

A software-licensing model involves the software company to offer a software program in the form of an electronic download or CD-Rom. This software then must be downloaded, installed, run, and operated on hardware before being used by one or more users. This software may be installed on hardware.  It often offers services like training, maintenance, and technical support. On the contrary, in the SaaS model, the company does not make a physical product. It only makes the product accessible through “the cloud” which acts as a hosting platform. One or more users can still access the product, but it must be done through cloud computing services.  As such, external services are not provided because they are expected to be included as part of the hosting platform’s service and support experience. As a result, SaaS acts as a service subscription model and not a physical product.

What are some of the legal concerns associated with SaaS?

Since there is a different distribution of responsibility between the parties involved in the switch from software licensing to SaaS, precautions should be taken to protect the rights of the interested parties. Licensees in particular need to confirm there are warranties in place that ensure the protection of their confidential data. Warranties should be explicit about data breaches, disaster recovery, and termination services in the case that the licensee wants to switch to a different service provider. The licensee should understand that SaaS does not imply an opportunity for custom content development, as this is dependent on the chosen SaaS product.  Users must ensure that the right to development and integration can be conducted with a third-party application via the licensor’s programming interfaces.

Should the switch to SaaS be made?

Despite the security threats that come with the management of sensitive data and modern interface of SaaS, the subscription model is often crafted to make the process easier for the customer. With the use of some traditional licensing language, the users are the ones who ultimately choose to accept the terms of use.  However, before users switch to SaaS, they should consider certain factors.  Research and evaluation should be conducted about training and support options, including, but not limited to, compatibility, security, and liability.  Additionally, inquiries should be made about Service Level Agreement (SLA) negotiations.  Before a business invests in a SaaS system, it must be aware of the return on investment (a/k/a “ROI”) and risk of transferring its information on a third-party’s server. However, with the proper education, maintenance, and security, SaaS can serve as a viable option.

At our law firm, we assist clients with legal issues related to software licensing, cloud computing, and related regulations. You may contact us in order to setup an initial consultation.

Published on:

Since October of 2013, the Internet Corporation for Assigned Names and Numbers (ICANN) has made a transition towards the expansion of top-level names. This action has sparked concern in Internet stakeholders in regards to security concerns. ICANN was previously responsible for managing 22 domain names, including, “.com,” “.gov,” and others. With plans to rapidly rollout more names, government entities, businesses, consumers, and internet users have recognized a number of the associated security concerns. Today, there are 322 new top-level domains (TLDs) that have been granted by ICANN.

What are the resulting security threats?

Phishers and scammers have grown in number since the growth of TLDs, hijacking domains shortly after registration. There have also been instances of malware and phishing pages registered under specific and popular TLDs, transferring risks to users. The lack of preparation and security that exists in the Internet ecosystem is a perfect environment for criminals to display malicious activity. Domain name collisions are occurring due to TLDs colliding with old and unresolved names that have been embedded in the global root. The result of such collisions is server delay, outages, and data theft that leave consumer information exposed. Malware and cybersquatting have also been exhibited in the top 35 most trafficked new TLD sites. TLDs continue to cause confusion and lack of security, with 36 being permitted to have singular and plural versions [e.g., .car(s), .work(s)], and 44 possessing close alternatives, such as .finance/.financial and .engineer(ing).

How are consumers affected by the threats?

The government, businesses, brands, and consumers are all affected by TLDs through various outlets of threats. Since White House’s domain is whitehouse.gov, there is no control over what kind of site is run from whitehouse.com. Unregistered and trademark brands alike also lie outside of the realm of protection by the ICANN Trademark Clearinghouse. With new TLDs, there have been threats via click-through fraud within pay-per-click advertising platforms like Google’s AdWords. On second level domain registrations, consumers have increasingly fallen victim to identity theft. This occurs because ICANN does not fully review their domain name applications, resulting in consumers perceiving closely-related names of banks or credit cards as the real company. Consumer confidence has deteriorated through occurrences of charity fraud during natural disasters, spam emails that appear to be sent from legitimate banks, and product counterfeiting through foreign-registered websites.

Have any resolutions been negotiated to address the security issues?

Today, all registrars of ICANN must follow the Uniform Domain Name Dispute Resolution Policy. Disputes that come from malicious registrations of domain names will be addressed by administrative proceedings in an expedited manner. These proceedings involve filing a complaint with an approved dispute resolution service provider.

However, the volume of new TLDs that ICANN offers without proper administration cannot be overshadowed by a resolution policy that fails to address the totality of issues. The Internet has been left prone to exploitation with initiatives that have not been implemented. The industry must continue to watch over ICANN and hold it accountable. Consumers can only be aware of the emails and links they click on to a limited extent, just as companies can only go so far as to implement a brand monitoring process to defend themselves against new TLDs and the dangers they pose.

At our law firm, we assist clients in legal issues related to internet, technology, and domain name disputes. You may contact us in order to setup an initial consultation.

Published on:

Many startups, entrepreneurs, and business owners will consider registering a corporation instead of remaining a partnership or a limited liability company. To become incorporated, an incorporator must file the company’s articles of incorporation with the state of choice, which provides information including the company’s official name. However, the status of being a corporation under California is not guaranteed to last indefinitely unless all the requirements are met. The lack of compliance may lead to the corporation being suspended or forfeited.

What is a suspended corporation?

A suspended or forfeited corporation does not stop being an association, but it loses all the rights and privileges of a corporation and cannot legally act as a corporation while suspended. The Secretary of State’s office or the Franchise Tax Board, which have the authority to suspend a corporation, use this power to sanction a company. Suspension occurs when the company fails to file its tax return under Revenue & Taxation Code § 23301, fails to pay taxes, or fails to file its “Statement by Domestic Nonprofit Corporation” or “Statement by Common Interest Association.”   The inconveniences of filing these documents or paying taxes are greatly outweighed by the consequences of not filing or paying what is required.

What are the repercussions for becoming a suspended corporation?

The repercussions of a corporation being suspended are significant. When a corporation is suspended, it loses its privileges and status. This includes the company losing its ability to enforce any of its contracts or getting an extension to file tax returns. The most substantial repercussions are that the suspended corporation can no longer file a lawsuit or defend itself against a lawsuit and it cannot be represented by its insurance company in any form of litigation. Additionally, it can lose its name should another company file under the same with the Secretary of State while the corporation is suspended, which means that the company would have to change its name in order to become incorporated again. These repercussions can cause the company to no longer continue business and the directors to become vulnerable because they are no longer protected by the corporation’s limited liability protection.

How do you revive the corporation?

In order for the company to revive its status as a corporation it has to file documents it failed to file and/or pay pending taxes or penalties.  An application then needs to be filed for a Certificate of Revivor with the Franchise Tax Board.  The Secretary of State has to re-approve the corporation’s name in case a new corporation took its name during the suspension. The name approval must happen before the Franchise Tax Board issues the Certificate of Revivor. Only then can the company try to salvage voided contracts and defend itself against pending litigation.

At our law firm, we assist clients in legal issues related to business and corporations. You may contact us in order to setup an initial consultation.

Published on:

In the past few months, more domestic and foreign regulations of digital currencies are being proposed. However, New York is at the forefront of establishing new Bitcoin regulations, and California not far behind. By the end of May, it is likely that the updated BitLicense bill regulatory framework will be released and used as an example for other states.

What are the New York and California Proposed Regulations?

Benjamin Lawsky, New York’s first Superintendent of Financial Services, announced the parameters of the bill this year. The BitLicense bill will stipulate that businesses will need a license if they handle (i.e., store, transfer) Bitcoin for customers, cover or issue digital currency, exchange Bitcoin for other currency, or buy and sell digital currency to or from a customer. Merchants that only accept digital currency for purchases will not need a license. Any licensed company will have to maintain a certain amount of capital, which will be assessed using an assortment of factors. State officials say that feedback is still welcome and that the bill is a work in progress. The goal in the end, however, is that the new regulations would protect consumers who use digital currency by establishing rules and guidelines.

In California, Assemblyman Matt Dababneh, who is chairman of the Banking and Finance Committee, drafted AB-1326 in order to regulate digital currency. This law would require licensing for companies handling digital currency along with similar capital maintenance requirements. Also, included in the bill is the allowance of regular inspections to ensure businesses are being conducted lawfully, and proper accounting mechanisms for the digital currency. The businesses not in compliance will be subject to civil penalties. The bill will not likely affect companies that are already licensed to do business in California, which is better for California companies.

How can these regulations hurt startups?

In general, there is an increase in cost when companies using Bitcoin need licenses. This has caused concern of an overlap between federal and state regulations of digital currency that may lead to the failure of startups. There is also a concern that too much regulation and risk will dissuade new ventures and hurt growth of companies already established in the digital currency industry. The companies that are already established have a method of doing business, but the new regulations may dictate more stringent ways for businesses. If the New York bill is passed, companies will only have 45 days to secure a license, which if delayed can cause business interruptions. However, some see this concern as premature since it is unlikely to be large-scale and immediate implementation of new regulations in all 50 states.

At our law firm, we assist clients in legal issues related to internet, technology, and digital currencies. You may contact us in order to setup an initial consultation.

Published on:

In recent times, the non-consensual publishing of private images online has been a topic of debate among lawmakers. Since our last article discussing revenge porn, there have been new laws passed and proposed that show state governments’ increasing pushback against posters of revenge porn and their facilitators. More and more states are passing laws that address cyberstalking, cyberharassment, and similar offenses leading to a wide array of people prosecuted for revenge porn.

What is the new California law?

On October 1, 2013, Senate Bill 255 (“SB 255”) took effect and was codified in California Penal Code § 647(j)(4). On January 1, 2015, a new amendment to this section went into effect specifying that a defendant is liable if he/she should have known that the subject of the photo did not consent to having his/her picture published online. An amendment to California Civil Code § 1708.85, also came into effect recently in order to allow victims of revenge porn to sue for civil damages. Now, revenge porn posters and hosts may be held liable, both criminally and civilly, in California. In fact, a recent California case caused quite a stir when the operator of a website, who allowed third-party posting of revenge porn, was sentenced to 18 years in prison for identity theft and extortion. So, with the new civil code amendment, this form of prosecution should be more available to victims.

What other states have new laws?

Although, it started with New Jersey and California, sixteen other states now have laws creating criminal liability for revenge porn or similar offenses. These laws, include, charges of stalking, harassment, unlawful distribution of images, disorderly conduct or posting private photographs as a misdemeanor, posting private images for pecuniary gain, violation/invasion of privacy as a misdemeanor, or even a felony, video voyeurism as a felony, non-consensual dissemination of private sexual images as a felony, and unauthorized distribution of sensitive images as a misdemeanor or felony if there are prior convictions. At this time, Wisconsin is the only state besides California that already has civil liability for revenge porn, but other states are not too far behind.

Is there federal legislation?

Under Section 230 of the Communications Decency Act, website carriers are immune from liability for material posted by third parties, so long as the content does not violate copyright or criminal law. This is to prevent such claims as libel or violation of privacy against Internet Service Providers (e.g., Facebook, Google, Yahoo).  Also, 18 U.S.C. § 2261A relates to cyberstalking by using any facility of interstate or foreign commerce.   Moreover, new propositions for a federal bill regarding revenge porn have been drafted, but no immediate legislation change is in sight.

At our law firm, we guide clients in legal matters regarding online privacy, revenge porn, and remedies against cyberstalking or cyberharassment by using our knowledge to create innovative solutions. If you have been a victim of cyberstalking, cyberharassment, or revenge porn, please contact us to speak with an attorney who can help explain the legal remedies.

Published on:

The CAN-SPAM Act is the federal act that preempts state anti-spam laws. In response to this federal statute, California, and many other states have passed similar anti-spam laws. Do you have a new company that needs to market to a broader community? Will your company create an email list to reach out to new users, customers, or clients? Then you should be aware of the federal and state laws and how they can create liability.

What is the CAN-SPAM Act?

The CAN-SPAM Act mostly focuses on unsolicited commercial email. It stands for Controlling the Assault of Non-Solicited Pornography and Marketing. This federal law prohibits any commercial email that is fraudulent or deceptive and requires all email messages to include an opt-out option for the recipients. Although, the law is focused on companies that disguise the source or purpose of the email, the impetus for passing the bill was the growing cost problem for those receiving mass amounts of emails such as non-profit companies, educational facilities, and other businesses with limited server space. However, this law “only provides a private cause of action to internet service providers that have been adversely affected by prohibited commercial e-mails, and does not extend a cause of action to the recipients of such e-mails.” See Hypertouch, Inc. v. ValueClick, Inc., 192 Cal. App. 4th 805, 123 Cal. Rptr. 3d 8 (2011). Therefore, it is up to the states to determine whether individual recipients of spam can bring suit against companies or individuals.

What are California’s Anti-spam laws and what effect do they have on companies?

The California Anti-SPAM laws are contained in the Business and Professions Code sections 17529-17529.9. This code is also focused on prohibiting fraudulent and misleading emails and faxes that can cost companies and individuals unnecessary time and money.  According to Business & Professions Code § 17529.2, a person or entity may not initiate or advertise, or assist in initiating and advertising, in an unsolicited commercial e-mail advertisement from California, send one from a California email address, or send one to a California email address. In fact, Business and Professions Code section 17529.5, permits both recipients of spam and the Attorney General to bring suit against companies and individuals sending spam within the prohibited definitions. It only takes one email delivered to one person to create liability. Those bringing suit can claim actual damages, liquidated damages of $1,000 to $1,000,000 per prohibited email, and attorney’s fees and costs. The damages a company may have to pay are drastically reduced if it can be shown that it used due diligence to prevent its emails from falling under the prohibited emails defined in the code.  In general, email service providers are not liable if they are only involved in the transmission of the email and may bring a separate claim against violators of their anti-spam policies.   You may click here for more information on state anti-spam statutory guidelines.

At our law firm, we are knowledgeable regarding anti-spam laws.  We guide our clients on how to avoid falling afoul of anti-spam laws. You may contact us to setup a free consultation.

Published on:

There has been a surge of new laws and regulations passed by governments to implement security and privacy measures for companies storing information in the cloud. This surge is due to recent security breaches and the realization of how much information can be compromised. Information stored in the cloud ranges from personal information to confidential government intelligence. Although, the most publicized breaches may be of celebrity’s compromising photographs, many other breaches of medical insurance companies and credit card accounts have affected the public. It is only natural that a set of new privacy and security laws are drafted both internationally and domestically as the use of cloud computing technology expands.

What are some of the international laws?

In general, each country has been forming its own laws governing privacy and security of information. For example, Australia, Canada, Japan, and Korea have comprehensive privacy regimes without onerous registration requirements. Also, organizations, such as the Cloud Security Alliance (CSA) and Information Technology & Innovation Foundation (ITIF) are trying to assist in finding a clear set of widely-accepted security procedures that will lead to a more consistent set of policies for companies to follow when storing information. Until this is accomplished, companies have to assess the laws and regulations of countries that may affect them. Companies then have to decide the best security and privacy measures to protect them from liability.

What are some of the domestic laws?

The domestic laws governing the security and privacy of the cloud technologies are on state and federal levels. For example, there is a federal law that clarifies how to build security for cloud-based applications that specifically contain private student records. This statute is entitled the Family Educational Rights and Privacy Act (FERPA) and protects student grades and educational records.

Two additional acts are the Gramm-Leach-Bliley Act (GLBA) and Health Insurance Portability and Accountability Act (HIPAA). GLBA requires companies that provide financial products or services to protect all of the private financial information they acquire. This law has two rules: (i) Financial Privacy Rule; and (b) Safeguards Rule, which requires institutions to communicate with the consumer when the relationship is established and every year after to review the personal information collected, location stored, sharing/usage, and most importantly, consumers are told how that private information is protected.  Each company is required to create a plan to protect its client’s private financial information.

HIPAA was implemented to protect the private health information collected by health insurance companies. It also contains security regulations, which according to the Department of Health & Human Services “sets national standards for the security of electronic protected health information.”

An example of non-governmental regulations is the Payment Card Industry Data Security Standard (PCI DSS). In 2004, MasterCard and Visa worked together to create this standard, which assists companies in establishing security systems for information stored in the cloud.

At our law firm, we are well versed and up-to-date in laws governing cloud computing technologies. You may contact us to setup a free consultation.

Published on:

In 2011, Congress proposed two relatively similar bills—House of Representatives’ Stop Online Piracy Act (SOPA) and Senate’s Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PIPA)—that legislators and lobbyists hailed as providing important protections against piracy and counterfeiting online. Yet, this apparently strong support was quickly withdrawn when a massive online protest in January 2012 sparked intense and ultimately fatal opposition to the bills.

Despite the strong public disapproval and lack of Congressional support, in July 2014 the Intellectual Property Law (IPL) Section of the ABA issued a white paper proposing that Congress enact legislation allowing essentially the same private copyright infringement suits against allegedly infringing foreign websites as those provided for in SOPA and PIPA, and suggesting that those protections be extended to trademarks as well.

How Does the ABA’s Proposal Differ From Previously Rejected Legislation?

To be sure, the ABA noted and attempted to avoid the more controversial provisions of the previously rejected legislation. For instance, the white paper proposes that intellectual property owners, as opposed to Internet service providers, should bear the burden of policing against infringement. In addition, unlike SOPA and PIPA, the white paper suggests notifying foreign websites of alleged infringement and offering them a chance to defend themselves. Furthermore, the proposed remedies are less harsh than those suggested by SOPA, as they do not include blocking allegedly infringing websites.

Why Might This Newly Proposed Regulation Be Rejected?

Although, the ABA’s white paper addresses a few key concerns of those who opposed SOPA and PIPA, critics caution that it suffers from some of the same fundamental pitfalls as the failed legislation; specifically, the proposal fails to address issues relating to: (i) due process, (ii) injunctive relief against third parties, and (iii) freedom of speech. For instance, a foreign website owner’s due process rights may be violated if that company is required to defend itself in a court of the plaintiff’s choice in the United States. In addition, the white paper’s permission of injunctions against innocent third parties directly conflicts with U.S. civil procedure law. Moreover, the white paper raises free speech censorship concerns as it fails to establish how, and by whom, the dispositive determination of whether a foreign website is to be considered “predatory” will be made.

In sum, considering the undeniable similarities between the white paper and the strongly opposed SOPA/PIPA legislation, Congress is understandably reluctant to follow the IPL Section’s advice. However, online piracy and counterfeiting remains a significant problem that legislators will inevitably be forced to address. The ABA acknowledged this need for anti-infringement legislation by making some necessary changes to the previously rejected Congressional bills. Thus, if nothing else, Congress may be able to use the white paper as a starting point when it decides to revisit the challenge of enacting acceptable protections against online copyright and trademark infringements.

At our law firm, we assist clients in legal issues relating to intellectual property, online piracy and counterfeiting. You may contact us to setup a free consultation.

Published on:

Since the goal of brand management is to optimize the market’s perception of a brand, it follows that effective brand management requires establishing and maintaining a relationship with the target market. Recently, much of relationship development has been accomplished through social media. Although, brand awareness can expand with social media, but companies should be skeptical towards third-party statements regarding their brand.  In fact, legal recourse is available against third parties who engage in trade libel, defamation, and trademark or copyright infringements.

How Can Trademark Misuse Occur on Social Media?

Considering the risk that a negative criticism of a brand on social media will quickly harm the brand’s reputation, it is important for a company to be aware of the types of trademark misuse or infringement. The line between constitutionally-protected free speech and violations can be blurry. For instance, a social media username may be confused with an official brand account, either coincidentally or by imposters (i.e., posing as an employee or someone sponsored by the brand). Further, user statements may improperly dilute a trademark under the Federal Trademark Dilution Act through blurring (i.e., associating a mark with other goods/services) or tarnishment (i.e., associating a mark with substandard goods/services).

Yet, because a company risks liability under 17 U.S.C. § 512(f) for bringing false infringement claims, and more generally because monitoring all social media platforms can be expensive, it is best to become familiar with the distinctions between actionable misuse and legitimate fair use.  By doing so, a company can determine when it is appropriate to address negative publicity.

What Should a Company Facing Trademark Infringement Do?

As a first step, a company should simply take a screenshot or otherwise preserve questionable third-party trademark infringement to serve as evidence in legal proceedings. Then, the company should investigate to determine whether further action is necessary or even appropriate under the circumstances. The factors that a company should consider, include, the nature of use, significance of trademark, source of potential misuse, and length of time the use existed online.

For example, a humorous use (i.e., parody) is less likely to be considered harmful than an intentional deception. In addition, it may be wise for a company to overlook use of insignificant trademarks and focus on its more reputable brands. Further, a company should mainly be concerned with statements found on relatively important websites or made by relatively important people. Lastly, the longer the misuse has existed without detection, the less likely it will be actionable.

Moreover, because it would be impractical, if not impossible, to successfully monitor every statement made on social media about a company’s brand, an internal policy should be implemented to report suspected misuse. Additionally, a plan of legal action should be established to mitigate damages.

At our law firm, we assist in clients in legal issues related to preventing and addressing trade libel, defamation and trademark infringement. You may contact us to setup a free consultation.