Startup

COVID-19 Inventions Get “Fast Track”

Posted by on Jun 15, 2020 in Startup

Have you invented a product or process for preventing or treating the novel coronavirus commonly known as COVID-19? If you have, and you qualify as a small[1] or micro[2] entity, then you may be entitled to a “fast track” examination process recently announced by the U.S. Patent and Trademark Office (USPTO). According to the new Prioritized Examination Pilot Program (the Program), the USPTO will grant requests for prioritized examination to small and micro entity patent applicants without the payment of an additional fee. It is the Office’s intent to reach final disposition of such applications within six months if the applicant promptly responds to USPTO communications. While the Program may provide a “fast track” to patent issuance and possibly investment, it has its limitations and potential pitfalls. For example, the Program is limited to the first 500 applicants. The Program is also limited to inventions that are subject to FDA approval.[3] In addition, the accelerated examination process may result in heightened scrutiny, particularly for inventions that might not be fully developed and ready for patenting. [1] – A small entity is generally defined as one that employs no more than 500 employees and does not license the claimed invention to licensees having, in the aggregate, more than 500 employees. [2] – A micro entity is generally defined as one that has filed no more than four patent applications and has a gross annual income of no more than $189,537. [3] – U.S. FDA approvals may include, but are not limited to, an Investigational New Drug (IND) application, an Investigational Device Exemption (IDE), a New Drug Application (NDA), a Biologics License Application (BLA), a Premarket Approval (PMA), or an Emergency Use Authorization (EUA). Information on these items is available at www.fda.gov. Visit our COVID-19 Insight Center for our latest legislative and legal updates, articles, and resources. Visit Insight Center The material in this publication was created as of the date set forth above and is based on laws, court decisions, administrative rulings, and congressional materials that existed at that time, and should not be construed as legal advice or legal opinions on specific facts. In some cases, the underlying legal information is changing quickly in light of the COVID-19 pandemic. The information in this publication is not intended to create, and the transmission and receipt of it does not constitute, a lawyer-client relationship. Please contact your legal counsel for advice regarding specific...

Read More

The Balance Between Risk Management and Client Relations

Posted by on May 15, 2020 in Startup

As businesses fight through the tough times created by the pandemic and government restrictions that impact their operations, it is imperative to be mindful of the situation your customers face, especially if you extend credit. This extension of credit can be as simple as shipping goods or providing services that are invoiced for payment after that. Offering credit can grow in complexity. All businesses need to be focused on whether they could withstand a default or a series of delayed payments from key customers. If your company identifies customers where such defaults would create serious financial hardship, you must be vigilant and consider whether there are options to better protect your business if you detect financial instability with these clients. If you know or suspect that a customer is in financial trouble, there are several steps you can take to minimize your risk in doing business with them, while trying to also be a good business partner. Here are some examples: You might talk to your customer about obtaining some security for the extension of credit, including a potential purchase money security interest in goods sold. For example, if you are selling machinery or other equipment that will remain identifiable, adding the documentation and proper filings needed to create a security interest will significantly increase your likelihood of obtaining payment or the return of the goods sold. Another option is to seek a letter of credit or a guaranty of a principal or parent corporation. If you are selling services or goods that are not readily recoverable once delivered because they are consumed or converted into other products, an irrevocable letter of credit creates a certainty of payment. Perhaps an owner or parent company has significant assets. If so, a guaranty of your customer’s debt will provide additional avenues for collecting what is owed. Or, you may require that the invoice be prepaid and that the goods are shipped or services rendered – only after payment is received. In short, it’s important to maintain open communication regarding finances with your customers. Your business can be understanding and flexible. However, you need to look out for your financial well-being, too, as there are risks associated with being flexible should your customer’s business fail. There are various options available that may allow your business to decrease risk created by doing business with customers suffering financial difficulties. A proactive business that is monitoring their customers and staying on top of their accounts receivable will be more likely to recognize the troubling signs of a client having difficulties and be able to position itself to be better protected against a bankruptcy filing or default by offering solutions. Visit our COVID-19 Insight Center for our latest legislative and legal updates, articles, and resources. Visit Insight Center The material in this publication was created as of the date set forth above and is based on laws, court decisions, administrative rulings, and congressional materials that existed at that time, and should not be construed as legal advice or legal opinions on specific facts. In some cases, the underlying legal information is changing quickly in light of the COVID-19 pandemic. The information in this publication is not intended to create, and the transmission and receipt of it does not constitute, a lawyer-client relationship. Please contact your legal counsel for advice regarding specific...

Read More

Insurance Claims for COVID-19 Business Interruption – Make Your Best Case

Posted by on Apr 15, 2020 in Startup

You probably anticipated that your business insurance would provide some relief for the impact of COVID-19, since it likely included coverage for general risk, business interruption, contingent business loss, or civil authority actions. However, when confronted with a novel event like the one we are experiencing now, your insurance providers may be construing these policies to deny coverage to you. You may have already experienced submitting a business interruption claim and having it denied on the grounds that COVID-19 does not constitute “property damage,” or your losses fall under certain policy exclusions. If you haven’t submitted a claim, we encourage you to consider doing so soon. It is important that each business understands its policy, as policy language varies widely, and coverage determinations are generally made on a case-by-case basis. Regardless of your policy, coverage for property damage or economic loss often requires direct physical loss. Many insurers are taking the position that exposure to the virus, or economic loss stemming from the virus, does not constitute “direct physical loss.” However, some courts in analogous situations have found that loss of use and function, as many businesses are experiencing now, may constitute physical damage when viewed in the overall context. In addition, your policy may contain additional coverage, such as decontamination coverage, public relations coverage, event cancellation coverage, or pollution cleanup, which may apply to COVID-19 related expenses and loss. Making your case for coverage requires your understanding all of the various provisions in your policy to allow you to maximize benefits. Do not give up just because the insurance company says there is no coverage. Recognizing the enormous impact of COVID-19 on businesses, the federal government and certain states have attempted to shift the economic burden of the COVID-19 crisis on insurers. In mid-March 2020, a bipartisan group of congressional representatives wrote to leadership at the American Property Casualty Insurance Association, National Association of Mutual Insurance Companies, Independent Insurance Agents and Brokers of America, and Council of Insurance Agents and Brokers, encouraging insurance companies to recognize financial loss due to COVID-19 as part of policyholders’ business interruption coverage. Seven states currently have proposed bills that would require commercial property insurers to retroactively cover losses that insureds have accumulated because of the pandemic. Nevertheless, insurance companies have remained steadfast in their interpretation of certain clauses as excluding the COVID-19 pandemic. We expect that the issue of whether mandatory COVID-19 closures constitute “physical damage” is one that will be litigated extensively in the near future. Visit our COVID-19 Insight Center for our latest legislative and legal updates, articles, and resources. Visit Insight Center The material in this publication was created as of the date set forth above and is based on laws, court decisions, administrative rulings, and congressional materials that existed at that time, and should not be construed as legal advice or legal opinions on specific facts. In some cases, the underlying legal information is changing quickly in light of the COVID-19 pandemic. The information in this publication is not intended to create, and the transmission and receipt of it does not constitute, a lawyer-client relationship. Please contact your legal counsel for advice regarding specific...

Read More

Top Cybersecurity FAQs: Startups and Emerging Businesses

Posted by on Dec 2, 2019 in Cybersecurity, Intellectual Property, Startup

Q: Does my business need cybersecurity insurance? Due to the high level of cyber risk in today’s business environment and exclusions for cyberevents in other types of insurance policies, most businesses need cyber liability insurance coverage. However, the terms and exclusions contained within cyber insurance policies vary widely, so businesses should select and review cyber policies carefully. Obtaining legal assistance in assessing policy terms is recommended to ensure the policy adequately addresses risks unique to the business. Furthermore, startups and emerging businesses should pay attention to exclusions, such as coverage exclusions for failure to obtain minimum security standards, to ensure that they do not fail to adopt necessary cybersecurity measures and thereby undermine the coverage they have purchased. Q: How do I put a cybersecurity policy in place? A cybersecurity policy should be specific to your business and may vary depending on your industry and the information your business collects. It is important to first assess your overall compliance and conduct a security audit of your IT assets and practices, as well as develop a thorough understanding of the data your business collects and stores. A cybersecurity policy should inform company employees and contractors of their requirements in protecting the IT assets of the company and identifying the primary threats to those assets. A policy will outline acceptable use of the company’s IT assets, including protocols related to password management, secure file transfers, software updates, malware scans, use of social media and privacy settings, and other security guidelines designed to protect your business from cyberattacks. Q: What are the best methods for protecting my business against ransomware attacks? Ransomware attacks are often delivered through phishing emails that appear as if they were sent from legitimate sources. Such phishing schemes are growing more sophisticated, and it is more important than ever to routinely train your employees and independent contractors on how to spot these and other cybersecurity threats. Businesses should implement mandatory trainings throughout the year (or on an annual basis at minimum) and follow such trainings with phishing simulations to test real-world response. Businesses can protect against the impact of interruption from a ransomware attack by regularly performing backups of their systems and important files. Backups should be stored separately so they cannot be accessed on the main system network. Q: What are some best practices to share with our team? There are several best practices that can be used as preventative measures when it comes to cybersecurity and attacks. The tactics below could make a huge difference. Install internal and external firewalls to protect your network systems, invest in antivirus and malware software, and regularly backup all data. Educate your employees on security protocols and how to recognize phishing emails and suspicious or unknown links. Require strong passwords for network access and mandate that employees change their passwords on a regular basis. Use multi-factor authentication for accessing sensitive networks or systems. Q: What is an incident response plan and tabletop exercise? An incident response plan is a game plan created to guide your organization in detecting, responding to, and recovering from cyber incidents. An incident response plan is necessary to help businesses quickly identify the individuals who need to be involved in incident evaluation and response, the issues they need to consider, and the steps that they need to take. The goal, of course, is to avoid lost time and critical missteps while making an organization’s recovery as smooth as possible. A tabletop exercise is an attempt to test the incident response plan and readiness by walking through a cyberevent hypothetical. An organization’s team will consider the hypothetical...

Read More

Hot Topics for Startup Employers

Posted by on Oct 15, 2019 in Employment, Limiting Liability, Startup

Employers today face constant hurdles in their day-to-day operations, and startups are no different. The liability for employment violations is not limited to large manufacturers or businesses; emerging businesses and companies in their infancy are likewise vulnerable and need to be aware of the laws so they can take appropriate action to ensure that they are protected.  Startups should be aware of two issues in particular: 1) wage and hour requirements and 2) protecting intellectual property and company goodwill.   Wage and Hour Regulations for Startups Employers of all sizes (including startups) need to be aware of the wage and hour requirements contained in the Fair Labor Standards Act (FLSA). The FLSA applies to employers whose annual sales total $500,000 or more, or who are engaged in interstate commerce. Practically speaking, this means that the FLSA applies to almost every employer. The FLSA governs overtime pay and minimum wages, which apply to employees who are “non-exempt.” Generally speaking, an employee is non-exempt (i.e., the employer is required to pay overtime and at least minimum wage) if he is not salaried, or, if the employee is salaried, the job does not have certain administrative or professional requirements (e.g., supervising two or more people, discretion in decision making, etc.). In contrast, employers are not required to pay overtime to exempt employees (those who are paid at least a certain salary and have certain job duties). Paying your non-exempt employees at least the federal minimum wage is easy. You likely already comply with this rule as long as you pay your employees at least $7.25 for each hour worked. But be sure to check your state’s laws as well. The FLSA is the floor, not the ceiling. Many states impose their own minimum wage that is in excess of $7.25 per hour (e.g., $12.00 in Washington). Overtime issues are more complicated. In its simplest terms, the FLSA requires that employers pay their non-exempt employees 1.5 times their regular rate for each hour they work over 40 in a given work week. But what is the “regular rate,” and what is a “work week?” A common misconception is that the regular rate is simply the standard hourly rate (e.g., $15.00 per hour) that an employer pays a given employee. It is not. The regular rate must include other forms of compensation, such as commissions and non-discretionary bonuses. Including this extra compensation will naturally affect the amount of overtime that an employee is entitled to receive. The workweek is likewise different than most assume, as it is not simply Monday through Friday. Rather, the workweek from which you determine an employee’s overtime is a seven-day period (e.g., Sunday at 12:00 a.m. to Saturday at 11:59 p.m.) over which an employee may work. As an employer, you should set out your workweek (whatever it may be) in your policies and, if at any time during the workweek (with some exceptions) a non-exempt employee works more than 40 hours, be aware that the employee is entitled to overtime compensation. Misclassifying an employee as exempt when he is non-exempt (and the subsequent failure to pay appropriate overtime) can result in severe legal problems in the form of back wages and attorneys’ fees, among other things. Classifying an employee as exempt is a fact-based inquiry based on an analysis of that employee’s salary and job duties. For guidance on whether you have properly classified your employees as exempt or non-exempt, contact one of our employment attorneys at Chambliss.   Protecting Your Startup’s Intellectual Property and Company Goodwill The last thing a startup wants is to come up with a great new idea, only to have a disgruntled employee leave and take valuable intellectual property...

Read More

Major Ambiguities Remain, but Health Care Vendors Should Focus on California Consumer Privacy Act Preparedness

Posted by on Jul 26, 2019 in Limiting Liability, Startup, Update!

Are you a health care vendor that does business in California? If so—and keep in mind that the concept of “doing business” in California may be broader than you expect—there are new, expansive data privacy requirements that might start keeping you awake at night. California created waves in the information privacy space with its enactment of the California Consumer Privacy Act of 2018 (the “Act”) last summer. The Act, which will be operative beginning January 1, 2020, was hurriedly enacted to prevent a proposed ballot initiative from going to voters in November 2018. That process created a number of significant ambiguities, which remain present in the Act. There are significant questions regarding what types of businesses will be subject to the broad-reaching obligations of the statute and forthcoming regulations. Businesses that have, thus far, managed to avoid the application of the similar EU General Data Protection Regulation (the “GDPR”) may nonetheless fall within the scope of the Act and confront new and expanded compliance obligations similar to those imposed by the GDPR. Based on the current wording of the statute, a “business” subject to the Act’s requirements includes a for-profit entity that (i) collects the personal information of California residents, (ii) determines the purposes and means of processing that information, (iii) does business in California and, among other potential triggers, (iv) has annual gross revenues in excess of an inflation-adjusted amount of $25 million. It remains to be seen whether the forthcoming regulations will define the scope of revenue (which, at present, does not appear to be limited to a business’s California revenue), the meaning of information “processing,” and other related concepts.    With respect to applicability, the statute also contains a carve-out for commercial conduct that takes place “wholly outside of California. The present definition of this concept contains somewhat contradictory language, and it is not yet clear what any amended or clarified language will look like.  Businesses potentially subject to the Act should also be wary of the way that the Act ambiguously defines “personal information.” The Act does not apply to medical information governed by HIPAA, which will provide some relief to many health care vendors. However, the Act does apply to other categories of personal information, including IP addresses and other information concerning consumers’ (including patients’) interaction with a business’s website. Even more significantly, the Act appears to apply to (i) employee personal information contained in employment records and (ii) the personal information of client officers and employees that a business gathers in providing services to, and interacting with, its clients (i.e., not traditional “consumer” interactions). Absent some clarification to the contrary in any further statutory amendments or in the forthcoming regulations, health care vendors should prepare to comply with the Act in connection with these particular categories of information.    Due to the current broad scope of the Act, the potential applicability to information collected or disclosed in 2019, and the fact that the Act has significant “teeth” from an enforcement standpoint, health care vendors should not wait for these concepts to be fully refined. Rather, they should prepare now to comply with the Act’s core requirements by taking the following actions, among others: Determine what personal information the business collects, how it collects it, where it stores it, and how it manages, uses, and discloses the information, as well as any service providers that collect or receive information on its behalf (including determining whether any disclosures of information could be deemed the “sale” of information under the Act) Provide appropriate mechanisms through which consumers can make permitted requests of the business Prepare to...

Read More