Business Law

FTC v. Wyndham Worldwide Corporation

Published on: November 23, 2015 | by Law Offices of Salar Atrizadeh

On August 24, 2015, the United States Court of Appeals for the Third Circuit handed down its decision in favor of the Federal Trade Commission (FTC) against Wyndham Worldwide Corporation. This lawsuit was against the defendant and its subsidiaries for their failure to implement proper cybersecurity measures and protect consumers’ personal information against hackers. The FTC alleged that defendants did not use encryption, firewalls, and other commercially reasonable methods for protecting personal information.

What was the basis of the lawsuit?

In general, the FTC has the responsibility to protect consumers against unfair and deceptive business practices. These illegal practices could range from false advertising to antitrust issues. The FTC has started to prosecute companies with inadequate cybersecurity to protect consumer data. The companies that made false statements about their level of security in their terms of service also had lawsuits filed against them. In this case, between 2008 and 2009, hackers breached Wyndham Worldwide Corporation’s network and computer systems three separate times. One incident occurred in 2008 and two occurred in 2009. The hackers were allegedly able to breach the network due to the use of weak and obvious passwords, lack of response to the first incident, and inadequate monitoring systems. In one of the instances, it took approximately two months for Wyndham Worldwide Corporation to discover its systems had been accessed without authorization. The hackers successfully accessed personal information of approximately 619,000 consumers and managed to cause $10.6 million in fraudulent charges. Therefore, on June 26, 2012, the FTC brought the lawsuit against defendants. Their motion to dismiss was denied by the district court and their appeal was heard on two issues in order to determine whether there was a valid claim. The issues that were raised included: (1) whether the FTC had authority to regulate cybersecurity under 15 U.S.C. § 45; and (2) if so, whether defendants received fair notice that their cybersecurity practices were inadequate under the guidelines.

Intellectual Property and Fair Use Principles

Published on: November 16, 2015 | by Law Offices of Salar Atrizadeh

In general, intellectual property, includes, copyright, trademarks, and patents (collectively “IP”). According to the World Intellectual Property Organization, IP refers to creations of the mind, such as inventions, literary and artistic works, designs, and symbols, names and images used in commerce. Now, when it comes to the use of intellectual property, what is considered fair use?

What is fair use and how does it affect intellectual property right?

There are multiple ways to protect or claim your intellectual property. When an individual believes that its intellectual property has been misappropriated (i.e., taken without consent), it has the right to demand that it be removed or notify the hosting organization about the infringement, so that they can remove it. The services of a lawyer should be obtained if any of these steps fail. However, before any of these steps are taken, the Digital Millennium Copyright Act (“DMCA”), which is codified under 17 U.S.C. section 512, recommends that the individual making the claim considers whether the use of their intellectual property is fair use. Fair use is defined under 17 U.S.C. § 107, where it states that copyrighted material may be used so long as it is for “criticism, comment, news reporting, teaching, . . . scholarship, or research” and it will not be considered an infringement of the copyright. The following factors are evaluated to determine fair use: (1) purpose and character of use; (2) nature or type of work used; (3) amount of the work used; and (4) effect using the copyrighted work will have on its use for the author or creator. When deciding whether to demand removal, redaction, or whether to pursue a legal case alleging misappropriation, individuals should be aware of their legal rights and relevant factors.

Data Breach Notification and Applicable Laws

Published on: October 26, 2015 | by Law Offices of Salar Atrizadeh

This year saw the data breaches of Sony Pictures, Ashley Madison, and Experian Credit Bureau. The increasing commonality of data breaches has prompted the federal and state legislatures to review their data breach notification laws.

What is a data breach?

A data breach occurs when an unauthorized user (i.e., hacker) accesses sensitive personal identifiable information. The hacker then copies the confidential information and uses it as he or she sees fit. Often times, the personally identifiable information is used to commit identity theft and fraud. This information can include, names, telephone numbers, email addresses, credit card numbers, or social security numbers. The target of these breaches can be businesses, financial institutions, and health care institutions.

Eagle v. Morgan: Employer Access to Employee Social Media Accounts

Published on: October 19, 2015 | by Law Offices of Salar Atrizadeh

The case of Eagle v. Morgan is about an employer’s access to employee’s social media account. This case highlights the importance of companies having social media policies to address the ownership of social media accounts during and after employment.

What is the case about and how does it affect your rights?

In Eagle v. Morgan, the plaintiff (i.e., Linda Eagle) had founded the company Edcomm, Inc. (“Edcomm”) and remained an employee when she sold her shares to Sawabeh Information Services Company (“SISCOM”). While employed at the company as CEO, Eagle’s coworker recommended creating a LinkedIn account for marketing purposes. Although, the business would occasionally become involved in the social media account’s content, and Eagle used her company email address, however, she was individually bound by the User Agreement and had made connections through her own efforts. Edcomm did not require its employees to have social media accounts and had only limited guidelines in place regarding employee use of LinkedIn. When Linda Eagle’s employment was terminated, the question of who owned the social media account became an issue. Edcomm changed Linda Eagle’s password by using her former company email address and replaced her name with that of her new replacement, i.e., Sandy Morgan. Linda Eagle sued Edcomm and multiple defendants in the United States District Court for the Eastern District of Pennsylvania. She claimed that this was an infringement of the Computer Fraud and Abuse Act and Lanham Act, as well state laws against invasion of privacy by misappropriation of identity, conversion, civil conspiracy, civil aiding and abetting, tortious interference with contract, unauthorized use of name in violation of Pa. C.S. § 8316, misappropriation of publicity, and identity theft under Pa. C.S. § 8316.

FTC’s Enforcement Action Against LifeLock

Published on: August 27, 2015 | by Law Offices of Salar Atrizadeh

According to its website, the Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. LifeLock has used the massive security breaches of companies like Anthem and Target to increase its membership. On July 21, 2015, the Federal Trade Commission (FTC) claimed that LifeLock—an identity theft protection company—has violated a 2010 Settlement it had made with the agency and thirty-five state attorneys general. This assertion was made due to LifeLock’s alleged misrepresentation of its security capabilities and failing to take steps to protect consumers’ information.

What is the Federal Trade Commission’s responsibility?

The FTC was created to prevent anti-competition business practices and protect consumers against deceptive or unfair business dealings. The Federal Trade Commission Act (which incorporates the U.S. Safe Web Act amendments of 2006) sets the parameters for how the agency can prosecute companies, which it believes are misleading consumers through false or deceptive advertising. In fact, sections 45 and 52 of the statute indicate that, when a company commits an unfair act or deceptive practice, “and if it shall appear to the Commission that a proceeding … would be to the interest of the public, it shall issue and serve … a complaint stating its charges …” In addition, section 52 addresses the illegality of false advertisements, which would be likely to induce consumers to purchase a product. Although, LifeLock was not advertising a product, it was falsely advertising services, so consumers were induced to buying memberships. Therefore, the FTC is utilizing its ability to prosecute companies for violating the law.

Regulation A+ and Tiers I and II

Published on: May 25, 2015 | by Law Offices of Salar Atrizadeh

As of March 25, 2015, the Securities and Exchange Commission (“SEC”) adopted new rules to update and expand Regulation A. Regulation A+ will allow companies to gain access to funds through crowdfunding. These new rules are mandated by Title IV of the Jumpstart Our Business Startups (JOBS) Act.

What will the new rules do?

The update and expansion of Regulation A to Regulation A+ will allow smaller companies to sell up to $50 million of securities in a 12-month period. These exemptions, however, are subject to eligibility, disclosure, and reporting requirements. The new rules have created a more effective way to raise capital while attracting and protecting investors. Non-accredited investors will be allowed to annually invest up to ten percent of their income or net worth, depending on which amount is greater. Before the new rules came out, only accredited investors were able to invest in startups through equity crowdfunding. The final rules are referred to as Regulation A+ and are provided in two tiers of offerings based on amount of security offerings over a 12-month period. Both are subject to the same basic requirements and eligibility limits, but differ in registration and qualification offerings.

Software Licensing and SaaS Agreements

Published on: May 18, 2015 | by Law Offices of Salar Atrizadeh

The modern day business model is shifting towards cloud computing and Software-as-a-Service (“SaaS”) agreements. This new trend allows customers to treat licensing costs as expenses that can be paid over time. SaaS also provides a solution to bug fixes, glitches, and the updating of licenses simultaneously. With the shift to cloud computing, developers are no longer required to provide a platform on which their own application runs. However, confusion exists about the differences between software licensing and SaaS agreements.

What is the difference between software licensing and SaaS?

A software-licensing model involves the software company to offer a software program in the form of an electronic download or CD-Rom. This software then must be downloaded, installed, run, and operated on hardware before being used by one or more users. This software may be installed on hardware. It often offers services like training, maintenance, and technical support. On the contrary, in the SaaS model, the company does not make a physical product. It only makes the product accessible through “the cloud” which acts as a hosting platform. One or more users can still access the product, but it must be done through cloud computing services. As such, external services are not provided because they are expected to be included as part of the hosting platform’s service and support experience. As a result, SaaS acts as a service subscription model and not a physical product.

Suspended or Forfeited Corporations

Published on: May 4, 2015 | by Law Offices of Salar Atrizadeh

Many startups, entrepreneurs, and business owners will consider registering a corporation instead of remaining a partnership or a limited liability company. To become incorporated, an incorporator must file the company’s articles of incorporation with the state of choice, which provides information including the company’s official name. However, the status of being a corporation under California is not guaranteed to last indefinitely unless all the requirements are met. The lack of compliance may lead to the corporation being suspended or forfeited.

What is a suspended corporation?

A suspended or forfeited corporation does not stop being an association, but it loses all the rights and privileges of a corporation and cannot legally act as a corporation while suspended. The Secretary of State’s office or the Franchise Tax Board, which have the authority to suspend a corporation, use this power to sanction a company. Suspension occurs when the company fails to file its tax return under Revenue & Taxation Code § 23301, fails to pay taxes, or fails to file its “Statement by Domestic Nonprofit Corporation” or “Statement by Common Interest Association.” The inconveniences of filing these documents or paying taxes are greatly outweighed by the consequences of not filing or paying what is required.

Crowdfunding: Protecting Intellectual Property

Published on: March 16, 2015 | by Law Offices of Salar Atrizadeh

Crowdfunding involves a large number of people contributing small amounts of money to finance a business venture, typically an early-stage startup company. Over the past several years, online crowdfunding platforms have become a popular tool for new businesses and entrepreneurs to market inventions, generate revenue, and increase customer base. While improving accessibility to funding offers a significant economic advantage, crowdfunders should be careful not to release too much information before legally protecting an original idea.

What Are the Legal Risks in Crowdfunding?

The major legal risks in crowdfunding stem from crowdfunders launching campaigns before adequately identifying and protecting intellectual property (IP). This inadequate IP protection may allow ideas and inventions to be copied or stolen without legal repercussions. The risk of unprotected IP is magnified by various public disclosure requirements mandated by online crowdfunding platforms. Specifically, popular crowdfunding websites like Kickstarter require detailed disclosures of how a particular invention or product works—beyond a simple prototype—before a campaign is posted. Moreover, sophisticated predators are constantly searching crowdfunding websites for unprotected ideas.

Online Advertising and Pay-Per-Click Fraud

Published on: December 15, 2014 | by Law Offices of Salar Atrizadeh

Pay-per-click (“PPC”) advertising is a profitable online service that search engines, such as Google, Yahoo, or Microsoft, provide their customers. Now recently, PPC fraud has developed and caused loss of revenues for businesses and advertisers. PPC fraud occurs when someone or a program clicks on a company’s advertisement without intending to view the website or buy anything.

Many companies have filed lawsuits against search engines, claiming that they have breached the terms and conditions of their contracts. These companies have alleged that the search engines, acting as the intermediaries, that published their online advertisements improperly charged them for fraudulent clicks. Two questions can be raised by these implications. First, how should a chargeable click be defined within the advertising contract? Second, does a search engine have any duty to protect advertisers from fraudulent clicks?

What is PPC Advertising?