Startup

Top Cybersecurity FAQs: Startups and Emerging Businesses

Posted by on Dec 2, 2019 in Cybersecurity, Intellectual Property, Startup

Q: Does my business need cybersecurity insurance? Due to the high level of cyber risk in today’s business environment and exclusions for cyberevents in other types of insurance policies, most businesses need cyber liability insurance coverage. However, the terms and exclusions contained within cyber insurance policies vary widely, so businesses should select and review cyber policies carefully. Obtaining legal assistance in assessing policy terms is recommended to ensure the policy adequately addresses risks unique to the business. Furthermore, startups and emerging businesses should pay attention to exclusions, such as coverage exclusions for failure to obtain minimum security standards, to ensure that they do not fail to adopt necessary cybersecurity measures and thereby undermine the coverage they have purchased. Q: How do I put a cybersecurity policy in place? A cybersecurity policy should be specific to your business and may vary depending on your industry and the information your business collects. It is important to first assess your overall compliance and conduct a security audit of your IT assets and practices, as well as develop a thorough understanding of the data your business collects and stores. A cybersecurity policy should inform company employees and contractors of their requirements in protecting the IT assets of the company and identifying the primary threats to those assets. A policy will outline acceptable use of the company’s IT assets, including protocols related to password management, secure file transfers, software updates, malware scans, use of social media and privacy settings, and other security guidelines designed to protect your business from cyberattacks. Q: What are the best methods for protecting my business against ransomware attacks? Ransomware attacks are often delivered through phishing emails that appear as if they were sent from legitimate sources. Such phishing schemes are growing more sophisticated, and it is more important than ever to routinely train your employees and independent contractors on how to spot these and other cybersecurity threats. Businesses should implement mandatory trainings throughout the year (or on an annual basis at minimum) and follow such trainings with phishing simulations to test real-world response. Businesses can protect against the impact of interruption from a ransomware attack by regularly performing backups of their systems and important files. Backups should be stored separately so they cannot be accessed on the main system network. Q: What are some best practices to share with our team? There are several best practices that can be used as preventative measures when it comes to cybersecurity and attacks. The tactics below could make a huge difference. Install internal and external firewalls to protect your network systems, invest in antivirus and malware software, and regularly backup all data. Educate your employees on security protocols and how to recognize phishing emails and suspicious or unknown links. Require strong passwords for network access and mandate that employees change their passwords on a regular basis. Use multi-factor authentication for accessing sensitive networks or systems. Q: What is an incident response plan and tabletop exercise? An incident response plan is a game plan created to guide your organization in detecting, responding to, and recovering from cyber incidents. An incident response plan is necessary to help businesses quickly identify the individuals who need to be involved in incident evaluation and response, the issues they need to consider, and the steps that they need to take. The goal, of course, is to avoid lost time and critical missteps while making an organization’s recovery as smooth as possible. A tabletop exercise is an attempt to test the incident response plan and readiness by walking through a cyberevent hypothetical. An organization’s team will consider the hypothetical...

Read More

Hot Topics for Startup Employers

Posted by on Oct 15, 2019 in Employment, Limiting Liability, Startup

Employers today face constant hurdles in their day-to-day operations, and startups are no different. The liability for employment violations is not limited to large manufacturers or businesses; emerging businesses and companies in their infancy are likewise vulnerable and need to be aware of the laws so they can take appropriate action to ensure that they are protected.  Startups should be aware of two issues in particular: 1) wage and hour requirements and 2) protecting intellectual property and company goodwill.   Wage and Hour Regulations for Startups Employers of all sizes (including startups) need to be aware of the wage and hour requirements contained in the Fair Labor Standards Act (FLSA). The FLSA applies to employers whose annual sales total $500,000 or more, or who are engaged in interstate commerce. Practically speaking, this means that the FLSA applies to almost every employer. The FLSA governs overtime pay and minimum wages, which apply to employees who are “non-exempt.” Generally speaking, an employee is non-exempt (i.e., the employer is required to pay overtime and at least minimum wage) if he is not salaried, or, if the employee is salaried, the job does not have certain administrative or professional requirements (e.g., supervising two or more people, discretion in decision making, etc.). In contrast, employers are not required to pay overtime to exempt employees (those who are paid at least a certain salary and have certain job duties). Paying your non-exempt employees at least the federal minimum wage is easy. You likely already comply with this rule as long as you pay your employees at least $7.25 for each hour worked. But be sure to check your state’s laws as well. The FLSA is the floor, not the ceiling. Many states impose their own minimum wage that is in excess of $7.25 per hour (e.g., $12.00 in Washington). Overtime issues are more complicated. In its simplest terms, the FLSA requires that employers pay their non-exempt employees 1.5 times their regular rate for each hour they work over 40 in a given work week. But what is the “regular rate,” and what is a “work week?” A common misconception is that the regular rate is simply the standard hourly rate (e.g., $15.00 per hour) that an employer pays a given employee. It is not. The regular rate must include other forms of compensation, such as commissions and non-discretionary bonuses. Including this extra compensation will naturally affect the amount of overtime that an employee is entitled to receive. The workweek is likewise different than most assume, as it is not simply Monday through Friday. Rather, the workweek from which you determine an employee’s overtime is a seven-day period (e.g., Sunday at 12:00 a.m. to Saturday at 11:59 p.m.) over which an employee may work. As an employer, you should set out your workweek (whatever it may be) in your policies and, if at any time during the workweek (with some exceptions) a non-exempt employee works more than 40 hours, be aware that the employee is entitled to overtime compensation. Misclassifying an employee as exempt when he is non-exempt (and the subsequent failure to pay appropriate overtime) can result in severe legal problems in the form of back wages and attorneys’ fees, among other things. Classifying an employee as exempt is a fact-based inquiry based on an analysis of that employee’s salary and job duties. For guidance on whether you have properly classified your employees as exempt or non-exempt, contact one of our employment attorneys at Chambliss.   Protecting Your Startup’s Intellectual Property and Company Goodwill The last thing a startup wants is to come up with a great new idea, only to have a disgruntled employee leave and take valuable intellectual property...

Read More

Major Ambiguities Remain, but Health Care Vendors Should Focus on California Consumer Privacy Act Preparedness

Posted by on Jul 26, 2019 in Limiting Liability, Startup, Update!

Are you a health care vendor that does business in California? If so—and keep in mind that the concept of “doing business” in California may be broader than you expect—there are new, expansive data privacy requirements that might start keeping you awake at night. California created waves in the information privacy space with its enactment of the California Consumer Privacy Act of 2018 (the “Act”) last summer. The Act, which will be operative beginning January 1, 2020, was hurriedly enacted to prevent a proposed ballot initiative from going to voters in November 2018. That process created a number of significant ambiguities, which remain present in the Act. There are significant questions regarding what types of businesses will be subject to the broad-reaching obligations of the statute and forthcoming regulations. Businesses that have, thus far, managed to avoid the application of the similar EU General Data Protection Regulation (the “GDPR”) may nonetheless fall within the scope of the Act and confront new and expanded compliance obligations similar to those imposed by the GDPR. Based on the current wording of the statute, a “business” subject to the Act’s requirements includes a for-profit entity that (i) collects the personal information of California residents, (ii) determines the purposes and means of processing that information, (iii) does business in California and, among other potential triggers, (iv) has annual gross revenues in excess of an inflation-adjusted amount of $25 million. It remains to be seen whether the forthcoming regulations will define the scope of revenue (which, at present, does not appear to be limited to a business’s California revenue), the meaning of information “processing,” and other related concepts.    With respect to applicability, the statute also contains a carve-out for commercial conduct that takes place “wholly outside of California.The present definition of this concept contains somewhat contradictory language, and it is not yet clear what any amended or clarified language will look like.  Businesses potentially subject to the Act should also be wary of the way that the Act ambiguously defines “personal information.” The Act does not apply to medical information governed by HIPAA, which will provide some relief to many health care vendors. However, the Act does apply to other categories of personal information, including IP addresses and other information concerning consumers’ (including patients’) interaction with a business’s website. Even more significantly, the Act appears to apply to (i) employee personal information contained in employment records and (ii) the personal information of client officers and employees that a business gathers in providing services to, and interacting with, its clients (i.e., not traditional “consumer” interactions). Absent some clarification to the contrary in any further statutory amendments or in the forthcoming regulations, health care vendors should prepare to comply with the Act in connection with these particular categories of information.    Due to the current broad scope of the Act, the potential applicability to information collected or disclosed in 2019, and the fact that the Act has significant “teeth” from an enforcement standpoint, health care vendors should not wait for these concepts to be fully refined. Rather, they should prepare now to comply with the Act’s core requirements by taking the following actions, among others: Determine what personal information the business collects, how it collects it, where it stores it, and how it manages, uses, and discloses the information, as well as any service providers that collect or receive information on its behalf (including determining whether any disclosures of information could be deemed the “sale” of information under the Act) Provide appropriate mechanisms through which consumers can make permitted requests of the business Prepare to evaluate,...

Read More

The Importance of Getting Your License Before You Start Your Own Construction Business

Posted by on Jul 24, 2019 in Governance, Limiting Liability, Practice Pointers, Startup, Your Entity

Are you thinking about starting your own construction business? If so, whether in the commercial or residential setting, it is imperative to find out if you are required to have a license. Keep in mind each state has its own requirements. If you’re in Tennessee, it’s highly likely you’ll need one. Under Tennessee’s Contractors Licensing Act, it is unlawful for any person or business to represent itself as a licensed contractor, or to act in the capacity of a “contractor” while not licensed. Now, you may be thinking “I am not a contractor. I am a designer, or a supplier, or a subcontractor, etc—so the contractors’ license requirement does not apply to me and my new business, right?” Well, not necessarily. The term “Contractor” is incredibly broad under the Licensing Act. “Contracting” includes, among other things, bidding, offering to engage, supervising, overseeing, scheduling, directing or in any manner assuming charge of construction, alteration, improvement, or negotiating a price for projects of $25,000 or more (including all labor, materials, and equipment). Electrical, mechanical, plumbing, HVAC, and roof contractors must also be licensed when working directly with any contractor to perform projects when the total cost of that portion on the project is over $25,000. Tennessee also regulates licenses for certain types of “home improvement” in most of the larger counties. For example, a home improvement contractor’s license is required for residential projects that range from $3,000 to $24,999 (i.e. projects designed for a residence or dwelling unit with no more than 4 units). Again, the term “home improvement” includes a vast array of construction-related work, all of which requires a license – such as repairs, replacement, remodeling, alterations, and more.  Obtaining the appropriate contractor’s license before you start working is extremely important from a risk management standpoint. In fact, contracting in Tennessee without the appropriate license can expose your new business and possibly you, personally to significant liability. For example, to represent yourself as a licensed contractor without the required license, or to act in the capacity of a contractor without the required license, constitutes an unfair and deceptive act under Tennessee’s consumer protection law. This is significant, particularly to a business in its infancy, as you could end up on the hook for a dissatisfied client’s attorneys’ fees and triple their actual damages.  While there are a variety of other matters that must be tackled before getting a new construction business off the ground, licensing is certainly an important box to check off the list. The guidance of an experienced construction attorney can help alleviate any worries you may have in navigating the laws that may apply to you. In addition, finding a well-versed construction attorney can assist a new business in a multitude of areas spanning from drafting of construction contracts, handling of construction defect claims, payment and lien disputes, and other related matters. If you have questions specifically related to construction or general startup matters, please contact me or a member of Chambliss Startup group. *This blog post is brought to you by Logan...

Read More

You May Need Some Legal Advice—7 Reasons Why Seeking Legal Advice Now Will Benefit Your Startup in the Future

Posted by on Jun 6, 2019 in Entity Formation, Governance, Intellectual Property, Startup, Your Entity

So, you’ve decided to start a business. You may be wondering, is it really necessary to consult with an attorney right now? The answer—it all depends on the nature of your business and how much risk you are willing to take. Small legal mistakes when establishing your startup have the potential to affect your business’ success and cost you and your startup financially in the future. We understand that hiring an attorney is daunting for a new business operating on a limited budget. However, there are a few business areas for which you should consider seeking legal advice early on in the life of your startup. 7 Reasons Startups Should Seek Legal Advice Now for Future Benefit: Entity Formation: There are many different legal entity forms a startup may take—a sole proprietorship, general partnership, joint venture, limited partnership, corporation, or limited liability company. Each has pros and cons and different tax implications. Picking the right form for your startup has liability, legal, tax, and financial implications. While information on entity formation is available through the U.S. Small Business Administration and other resources, an attorney can advise you on which business structure is best based on your business plan and goals, as well as your personal liability and tax expectations. Structuring Ownership, Control, and Responsibilities: If your startup has more than one owner, it is recommended that your startup have certain agreements prepared that outline the relationship between the owners—such as who has what responsibilities, who has the power to make certain decisions, each owners’ financial interest in the startup, and how to handle ownership termination. These agreements often take the form of operating agreements and buy-sell agreements for LLCs, or bylaws, restricted stock purchase agreements, and shareholder agreements for corporations. Ultimately, formal owner agreements help prevent future disputes and the need to hire a lawyer to resolve such disputes. Although such agreements may not seem like a priority in the early stages of your startup, they can be key to the future stability and security of your business. Additionally, these agreements are often easier to negotiate and prepare during the honeymoon phase of your startup, rather than down the road when money and emotions are involved. Conducting Business Through a Website: If your startup conducts any business online, it is going to need a Privacy Policy and a Terms of Use Agreement. A Privacy Policy is a legal statement on a website that describes how personal data collected from users and customers of the website will be used. A Terms of Use Agreement is a policy on a website that describes the terms and conditions of users’ use of the website. Beware of blindly copying policies from other websites that offer similar services to your startup—often, policies are tailored to a specific business and will not provide you with adequate protection. An attorney can produce a custom Privacy Policy and Terms of Use Agreement for your website that provides you with the specific liability protection your startup needs. Regulatory Compliance: Depending on the character of your startup’s business, you may be subject to state and federal regulations. An attorney can advise you on which regulations your startup is subject to and the steps your startup must take for compliance. Protecting Your Startup’s Brand: Whether you plan to grow your company on a local, national, or international scale, you will want to ensure that your startup’s brand is protected. By acquiring a trademark in your startup’s name and logo, you can prevent other companies from using your name or branding (or a confusingly similar name or branding) for similar products and services within a...

Read More

Terminating Your Contract: Things to Remember Part 1

Posted by on Jan 16, 2014 in Startup

Contracts often have various provisions concerning when and how a party may terminate the contract. Typical termination provisions can cover situations in which the party terminates for cause or without cause. The distinction between the two types of termination clauses can be crucial to your contract rights and remedies. A provision governing termination without cause essentially gives one or both parties the right to terminate the contract for any reason, whether or not there has been a breach. Often called a “termination for convenience” clause, these provisions can have various effects on the practical terms of your deal, which you may want to consider when you’re drafting or negotiating your contract. For example, 1) If a termination without cause provision is going to be a part of your contract, consider how much notice you would like to have or give if you or the other party wants to terminate the contract without a breach. Things to consider would be how long it will take you to find another seller or service provider to fill in the void. 2) It is common for a service provider or seller to raise the price or quote a little bit in order to account for the fact that the other party may suddenly terminate the contract. Be aware of how the pricing structure works in your deal, and try to substantiate where the costs are attributed. 3) Consider your capital investment. Many times a termination without cause provision can expose you or the other party to losses resulting from a shorter contract period. If the contractual relationship is cut short early, the party may not have recovered their costs yet. Therefore, it is common to see some sort of cost recovery provision or penalty provision in the event a party terminates without cause. Stay tuned for more on termination for cause provisions. While there are many other issues to consider when you’re drafting termination provisions, these are just a few that you may want to keep in mind. You should always consult an attorney when you’re in the process of drafting and negotiating a...

Read More