Published on: | by

California entrepreneurs should carefully consider the structure of their new business. There are many ways to organize a business, and their suitability depends on factors like the nature of the business, the number of owners and investors, and even the personalities of the principals. We will examine four business structures and discuss their advantages and the differences: DBA’s (for “doing business as”), C corporations, S corporations, and limited liability companies (LLC). Three major factors come into play in evaluating these business structures: the taxation of income, the liability of the owners for business debts, and the desired level of formality versus flexibility in running the business.

DBA (“Doing Business As”)

A DBA, also known as an assumed business name or a sole proprietorship, is the simplest business organization, because there is no organization. It is simply a business name used by an individual to transact business. The owner pays taxes on business income with a Schedule C attached to a federal income tax return. A major pitfall of a DBA is that it provides no liability protection for the owner whatsoever, since the business is not a separate legal entity. In terms of flexibility, any recordkeeping requirements would depend on the nature of the business. Any requirements imposed on DBA’s in general are minimal.

C Corporation

A C corporation, named for the subchapter in the Internal Revenue Code governing corporate taxation, is a very common business structure, providing a high level of liability protection for its owners. Owners in a corporation are called shareholders, and they are usually not liable for the business’ debts. Income in a C corp is subject to “double taxation,” meaning that the business entity pays income tax on its revenue, and then shareholders pay income tax on dividends distributed to them by the company. The C corp requires a high degree of formality, with regular shareholder and director meetings, minutes, and annual financial reports required by law.

Continue Reading ›

Published on: | by

Copyright law, which protects a person’s rights to his or her own creative works, dates back nearly to the invention of the printing press. It protects a creator’s ownership of a creative work and the rights to use the work publicly. It also gives a creator remedies against anyone who infringes those rights. Where trademark law protects brand names, logos, and other “marks” representing a product or service, copyright law protects creative works like novels, songs, photographs, designs, or software. Computer technology, particularly the internet, has made copyright infringement quite easy and created new challenges for copyright owners.

Nearly any original creative work has copyright protection. Online, this can include graphics and designs, text, photo or video files, music, or code. A website created for a business most likely contains content subject to the protections of U.S. copyright laws. Technically speaking, copyright protection applies the moment a work is created in a physical form, which includes creation as a digital file. While copyright laws apply to a work upon its creation, enforcement is very difficult unless the creator takes additional steps to document the work’s creation and ownership with the government.

The U.S. Copyright Office allows copyright owners to formally register their works in a central location. Registration may deter others from infringing on a work, and it allows a copyright owner to effectively defend a work through the litigation process. Evidence of registration with the Copyright Office serves as prima facie evidence of ownership in a legal dispute. Most importantly, registering a work in a timely manner allows the owner to claim statutory damages in an infringement suit. Courts can award damages of up to $150,000 per act of intentional infringement, but only if the copyright owner follows the registration procedures.

Continue Reading ›

Published on: | by

Advertising that a product is “made in America” or “made in the U.S.A.” is a very effective sales strategy, according to recent polls. An Adweek Media/Harris Poll conducted in July 2010 found substantial support for domestic-made products, with sixty-one percent of nationwide respondents saying they would be more likely to purchase a product labelled “made in the U.S.A.” Only three percent said they would be less likely to buy something. In California and the rest of the West Coast, about fifty-seven percent said they would be more likely to buy “Made in the U.S.A.” products.

Because labelling or claiming a product as “Made in the U.S.A.” makes a statement about the product’s origin or quality, the Federal Trade Commission (FTC) views it as a form of advertising. It is therefore subject to deceptive trade practice regulations. Labelling can be express, meaning an actual label appears on the product, or implied, meaning that the product’s marketing states or strongly implies U.S. origin. The rules apply not only to product labels, but to any marketing activity, such as print, television, or internet advertising.

The FTC’s rules can be complex and cumbersome, but every California business that wants to use the label needs to understand their responsibilities. Businesses that make unqualified claims that a product is “made in the U.S.A.” could face legal consequences if their claim is false or unsupportable. The federal Lanham Act allows anyone damaged by a false or misleading claim of a product’s origin, such as a competitor, to sue for damages.

Continue Reading ›

Published on: | by

Companies cannot survive, let alone thrive, in today’s business environment without an Internet presence. Businesses and brands maintain websites and social media profiles in order to advertise and market products and services, but also to interact with customers. Social media in particular has given businesses an unprecedented ability to reach out to customers and to respond to their concerns. With this ability, however, comes the risk that unauthorized third parties will register an Internet domain with a company’s or brand’s name, or a deceptively similar name, and create a misleading or even harmful website. The practice of registering an Internet domain using the name of a trademarked brand is often known as “cyber-squatting.” Businesses and people who are the victim of cyber-squatting have remedies through a process established by several organizations that oversee and regulate Internet domain names.

The Internet Corporation for Assigned Names and Numbers (ICANN) is a private nonprofit corporation based in Los Angeles, California. It represents a collaboration between government agencies and several private organizations. ICANN has final responsibility for assignment of domain names, IP addresses, and other identifying information used by machines on the Internet.

In order to effectively handle disputes or complaints relating to domain name registrations, ICANN enacted the Uniform Domain Name Dispute Resolution Policy (UDRP). Anyone who owns or registers a domain name with a “.com,” “.org,” or “.net” top-level domain has agreed to abide by the terms of the UDRP by virtue of their agreement with their domain name registrar.

Continue Reading ›

Published on: | by

U.S. News recently reported that since mid-2010 over 220,000 individuals have been sued in mass copyright lawsuits regarding the sharing of files over bittorrent. However, with the growth of these types of lawsuits, courts are concerned because of the possibility that subpoenas to obtain internet subscriber information may bring in innocent parties in litigation and improper joinder of parties.

Generally, Bittorrent is a peer-to-peer internet file-sharing protocol that allows a “swarm” of users to download and upload content from each other simultaneously. A user who supplies an entire copy of a file is called a “seeder,” while users in the process of downloading a file who have not yet completed their downloads are called “peers.” Peers download portions of the file at random, and upload those portions to other members of the swarm. Peers do not choose which pieces are downloaded and they do not choose who to share those portions with. Nevertheless, a peer is able to see the IP addresses of the other swarm members. Accordingly, it is possible for a copyright owner to join a swarm and obtain the IP addresses of the users sharing a given file.

It seems that bittorrent litigation will not be slowing down. Thus, courts are now more resistant to mass-joinder cases clogging up their dockets especially when the plaintiffs have no intention of litigation, but rather are merely seeking identifying information and authorization to pursue discovery in the interest of gaining settlement leverage. As more defendants file motions to quash suggesting that that they did not participate in the alleged activity, courts are also becoming sensitive to the idea that IP addresses may not be as likely to identify defendants as previously suspected. Plaintiffs, on the other hand, continue to refine their practices and theories of liability. See Liberty Media Holdings LLC v. Hawaii Members of Swarm…, Case No. 11-CV-00262-DAE-RLP, (Jan. 30, 2012 Order, denying motion to dismiss as to direct and indirect infringement and civil conspiracy, but dismissing allegation that failure to secure WiFi amounts to actionable negligence).

Continue Reading ›

Published on: | by

As some of readers, who have active facebook profiles know, the like button is a way to express your support for a cause or idea. However, a federal judge states that, clicking it doeos not constitute constitutionally protected speech.

For example, the employees of a local police department sued their boss (Sheriff B.J. Roberts) for firing them after they supported his opponent in his 2009 re-election campaign. One of those workers, Daniel Ray Carter, had “liked” the Facebook page of Roberts’ opponent, Jim Adams. Exactly what a “like” means – if anything is the main question. The ex-employees posit that their First Amendment rights were violated.

While public employees are allowed to speak as citizens on matters of public concern, the United States District Judge, the Honorable Raymond Jackson, ruled that clicking the “like” button does not amount to expressive speech. Express conduct, also referred to as “symbolic speech,” relates to the communication of ideas through one’s conduct. Expressive conduct raises some interesting constitutional questions because it combines expression, which typically receives First Amendment protection, and conduct, which typically does not receive First Amendment protection. This dualistic nature may account for the court’s position of affording expressive conduct some constitutional protection, but substantially less protection than pure speech.

Published on: | by

What is personal jurisdiction? It is the court’s authority to determine a claim affecting a specific person. Generally, providing any type of data or information on the world-wide-web (i.e., Internet) is insufficient to subject a person to personal jurisdiction in each state wherein the date or information is accessed. However, a nonresident’s online activity, must be expressly targeted at, or directed to, the forum state in order to establish minimum contacts necessary to support the exercise of personal jurisdiction. In general, personal jurisdiction may not be exercised against a nonresident whose website was not directed toward any state.

If a non-resident defendant publishes statements that fall under the category of defamatory comments concerning the plaintiff on a website, the effects of which were clearly directed at the forum state, result in sufficient contact with the forum to warrant the assertion of jurisdiction over the nonresident defendant. On the other hand, the publication of defamatory comments concerning the plaintiff on a website is not, by itself enough to support the exercise of jurisdiction over a nonresident defendant (e.g., when an article was not specifically directed to residents in the forum state, or was not primarily directed at the plaintiff in that state).

Our readers must keep in mind that the tort of defamation can be committed in the jurisdiction (i.e., the state), even if the message was not directed there, if it has effects in that state.

Continue Reading ›

Published on: | by

Cyberattacks can hit businesses of any size, causing catastrophic damage to a business’s finances and to the integrity of its information security. Hundreds of breaches occurred at large corporations during 2011, affecting over thirty million sensitive or confidential records. Hackers went after Sony, NASDAQ, and other giant businesses, but small companies are also vulnerable to attack. According to a report in the Business Journals, as many as eighty-five percent of small business owners do not see cyberattacks, which may include hackers or malicious software, as a serious threat. Heightened security at these big companies, though, could lead hackers and other cyber criminals to focus their attacks on smaller businesses who may not be so prepared.

Guarding against cybercrime is simply good business for small companies. A hacker targeting a small business can cripple the business or even force it to shut down with a very simple series of hacks or viruses. If a cyber criminal targets a small business’ banking system, it could empty its cash reserves and leave it unable to operate. A hacker who compromises a business’ confidential client data could expose the business to enough liability to put it out of business.

The “Common Sense Guide to Cyber Security,” published by a coalition of government agencies and organizations, including the Federal Emergency Management Agency and the U.S. Chamber of Commerce, offers a set of security practices small businesses can use to protect themselves from cyberattack. After an initial set-up period, most practices involve simple daily maintenance and monitoring.

Risk Management Planning. Businesses should carefully assess the risks and weaknesses in their computing systems to see where protection is most needed. They should prepare contingency plans in case a breach or loss occurs, including how to continue business operations with alternate computing systems or at an alternate location.

Access Control and Accountability. A business’s network security plan should include access controls that limit who may access critical systems and information. A single department or officer should have responsibility for information security and for approving new hardware and software, thus ensuring accountability for decisions and errors. At the same time, a business should educate all employees and officers as a means of creating a “culture of security.” All employees should sign an agreement committing to the company’s cybersecurity policies.

Firewalls and Other Security Measures. Firewalls can protect businesses from many common attacks, particularly from viruses and malware. Companies should also encourage use of complex passwords that combine upper- and lowercase letters, numbers, and other symbols; avoid common words and phrases; and change at least every three months.

Continue Reading ›

Published on: | by

Computers and computing activities play an increasingly integral role in daily life in America, affecting our financial activity, social interactions, and more. With an increased level of dependence on networked devices comes the risk of theft, or even attacks, on and through our computer networks. While the business community has already recognized the importance of cybersecurity, the government and legal system are finally responding in five key areas.

National security. The federal government has made cybersecurity a central feature of its national security strategy. Recognizing the risk of an attack on the nation’s computer networks by a foreign power or sub-national group, the Department of Defense created a comprehensive strategy for cybersecurity (PDF file) in 2011. The strategy treats “cyberspace” as its own “operational domain,” requiring specialized training and organization. The government has also taken steps to combat online theft, which can include not only monetary theft but theft of intellectual property and identity theft. The latter has become more and more sophisticated as thieves find ways to exploit personally identifiable information (PII) stored online.

Federal legislation. The Obama administration proposed legislation outlining ten points for cybersecurity protection. These generally included protection of the American people, the nation’s infrastructure, and the federal government’s networks and computer systems. Several bills pending in Congress address aspects of cybersecurity. The controversial Cyber Intelligence Sharing and Protection Act (CISPA), for example, allows sharing of data between companies and the National Security Agency in order to investigate and combat cybersecurity threats.

State legislation. Protection of government data, PII, and personal privacy have informed numerous state statutes enacted in the past ten years. California passed a law requiring notification of cybersecurity breaches in 2003, and forty-six other states and the District of Columbia followed suit. Laws requiring “reasonable” levels of security for protected information exist in at least ten states, and numerous states are enacting statutes protecting people from wiretapping and other monitoring of electronic activity.

Regulatory initiatives. Multiple regulatory agencies have addressed cybersecurity concerns through additional regulations, guidelines, and enforcement actions. The U.S. Security and Exchange Commission (SEC), for example, recently issued a new set of guidelines for publicly-traded companies. The guidelines address disclosure of cybersecurity breaches as a means of making information available to investors. The FBI, meanwhile, established a joint task force to investigate cyber threats.

Continue Reading ›

Published on: | by

When hackers breached the e-commerce firm Zappos in January, they may have compromised the personal information of as many as 24 million users. Legislatures in several states, including California, have responded to attacks such as this one by passing laws enhancing cybersecurity investigation and enforcement, and increasing requirements for disclosure of cyberattacks. The U.S. Securities and Exchange Commission (SEC) has also issued new guidelines for businesses and individuals under attack. The key issue to consider, in light of these new laws and regulations, is how much disclosure is not enough, and how much is too much.

The SEC is recommending disclosure of cyberattacks to an unprecedented degree. A new set of guidelines issued in October 2011 advises publicly-traded companies to disclose details of cybersecurity breaches as part of the quarterly 10-K report. Companies should disclose any and all cyberattacks, regardless of whether they caused a loss. The SEC even encourages companies to disclose “cyberrisks,” even in the absence of a breach. This potentially benefits investors, the SEC says, by providing comprehensive information about both actual and potential losses due to hacking and other cyberattacks. At the same time, extensive disclosure could put companies at greater risk by exposing weaknesses to hackers. Companies must carefully consider how much, or how little, to disclose. Too much disclosure could make them vulnerable to attack. Too little disclosure could make them vulnerable to lawsuits by investors.

State laws regarding cybersecurity disclosures are typically not as stringent as the SEC’s guidelines. California passed the first such law a decade ago. That law applies to any person or business that owns or licenses computer data containing a California resident’s “personal information,” such as social security number, home address, driver’s license number, and so forth. In the event of a breach that would reasonably lead to an unauthorized person obtaining the personal information, an owner or licensor of personal data must notify the person whose personal information may have been breached.

Forty-six states have followed California’s lead and passed similar laws. California has actually fallen behind some states that have passed laws with stricter disclosure requirements. A new law that took effect on January 1, 2012, requires an individual or business to notify the state attorney general of a cybersecurity breach if the breach affects more than five hundred California residents. The notice must include specific details of the type and size of the breach, and a toll-free number to allow users to contact credit agencies.

Continue Reading ›