IP Advice for Connecticut Start-Ups: Protecting Your Client's Personally Identifiable Information

Posted on May 27, 2012 by N. Kane Bennett

 David Benoit presents his fourth post as a guest blogger on the topic of Intellectual Property for Connecticut Start-Up companies.  In his fourth installment, he focuses on the need for entrepreneurs to protect their client’s most important assets: client personal information.  

In addition to implementing best practices with respect to a company’s own IP, start-ups need to be as mindful in taking adequate safeguards to ensure that any client IP that is being collected, stored, manipulated or distributed is not being used in a manner that will expose the start-up to liability.  Client IP most often includes “NPI” (nonpublic personal information) and includes personally identifiable financial information and any lists, descriptions or other groupings of consumers derived using personally identifiable financial information.  Unauthorized disclosure or access of personally-identifiable customer data typically results in financial liability (i.e., regulatory fines, penalties and legal fees) and reputational liability (i.e., damage to goodwill that the startup has worked hard to build). 

Knowing which IP safeguards to implement and what steps need to be taken if an IP breach occurs requires a thorough understanding of the ever-changing, multi-jurisdictional laws and regulations applicable to the start-up’s business.  This could include federal regulations, state- and industry-specific requirements surrounding the collection, storage, deletion and distribution of sensitive customer or end-user data.  Utilizing the services of a privacy attorney who understands not only your business, but also your client's, is important to implementing best practices.  

Having an understanding of these regulations and standards, such as the Children’s Online Privacy Protection Act (COPPA), the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH Act), Gramm-Leach-Bliley Act (GLBA) the Fair Credit Reporting Act (FCRA), the Fair and Accurate Transactions Act (FACT Act) and the Payment Card Industry Data Security Standards (PCI DSS), is extremely important to minimizing liability exposure.  Furthermore, knowing how to use customer IP without overstepping boundaries requires a well-written privacy policy, terms of service and other applicable data use agreements.

 

 

Tags: , , , , , ,

Connecticut Intellectual Property Series - IP Portfolio Building Increases Chances of Investment

Posted on April 15, 2012 by N. Kane Bennett

 Intellectual Property Series – IP Portfolio Building Increases Chances of Investment

 
Technology Attorney David Benoit presents his third post as a guest blogger on the topic of Intellectual Property for Connecticut Start-Up companies.  In his third installment, he focuses on the ability for entrepreneurs to boost their companies’ valuations through the building of IP portfolios.  
 
No. 3 - Out of Thin Air: Increasing Company Valuation Through IP Portfolio Creation.  
 
Determining an early stage company’s worth can be one of the more difficult components of a fundraising process.   While there are traditional rules of thumb, a company’s valuation is highly subjective and there is no steadfast method of calculation.  
 
The company’s founders typically place a higher valuation on the company due to their optimistic future growth and business potential.  Investors, however, often view an early-stage company as one that carries a higher risk of failure and as such, will often view its worth in a lower valuation light.  
 
That being said, both sides of the fence generally agree that strategically-created intellectual property can have a beneficial and significant impact on a company’s overall valuation.  Keeping this in mind, if a company’s founders anticipate a need to raise investment capital in the future, they should consider implementing a growth strategy that focuses on the development, management and commercialization (i.e., licensing) of Intellectual Property.  
 
As I’ve often reiterated to fledging start-ups, there are very few investors willing to invest capital in a company that only has good ideas.   Perhaps a product prototype exists, but rarely is that sufficient to address the concerns of investors, be they a seed, angel or otherwise.  Furthermore, the ability to take a company to the next level and execute on a sound operating and distribution model is extremely important, but it is only one of the business areas of a start-up that investors will scrutinize.  
 
Memorializing good ideas into semi-tangible property (i.e., patents and applications, trademarks and protectable trade secrets) is absolutely necessary to maximizing the company’s chances of success – and that is what investors want to see.  Savvy investors view a strategic IP portfolio as the necessary foundation to a company’s “Four I’s” – Investment, Improvement, Innovation and Invention  – none of which should be made unless a company is positioned to protect them from its competitors.  
 
One good exercise for company management to implement is to hold semi-annual “IP Identification” whiteboard sessions with an IP attorney and incorporate similar exercises in annual strategy planning meetings.  Being able to identify company assets as worthy of patent, trademark, copyright or trade secret protection, and strategically segregating them into categories of IP will help to formalize the company’s growth strategy.  Additionally, it will help the company and its attorney to identify areas of vulnerability, room for improvement and possible business avenues to avoid.  Most importantly, however, it will increase the overall value of the company and position it in a light that is favorable for investment. 
 
 

 

 

Tags: , , , , ,

Intellectual Property Series - Protecting Your Company's IP Assets

Posted on April 3, 2012 by N. Kane Bennett

In this post, Attorney David Benoit continues with his guest blogging on Intellectual Property.  Here is the second installment in the Top 5 IP Issues for Connecticut Start-Up Companies.   

It is important for technology attorneys to counsel start-up companies to preserve IP that is being developed on an on-going basis.  Utilizing contract best practices to ensure that that valuable intellectual assets are not contracted away will help maximize the overall value of the start-up and enable it to maximize commercialization opportunities.

No. 2 - Don’t Be So Quick to Open the Kimono: Protecting and Retaining IP Going Forward

Once a tech start-up has taken sufficient measures to preserve its IP vis-à-vis its development team, it is equally important to employ contract best practices to enable the company to retain full control of future IP and to protect the company’s opportunities for future exploitation and commercialization.  IP in this context especially includes, for example, source code for new application customizations, modules, functionality or interfaces.  

This is especially true for software companies and web-based service providers that offer application development or software customization services to its customers.  Most improvements to existing products and services are developed by these technology companies during the course of customer engagements.  Industry knowledge, technical know-how and new business processes are learned during their interactions with their customers.  It is precisely these interactions that spawn evolutionary upgrades and/or new products and generate substantial value in the company’s future growth.

Preserving the ability to use these valuable assets and integrate them fully into a company’s products and services, without restriction, should therefore be a top priority for the company and its lawyer during any contracting and negotiating process with a customer.  All too often software start-ups, in the context of professional service or application development engagements, are overly eager to please their clients and avoid contract negotiation or confrontation.  In some instances, start-ups make a decision to contract for new business without a lawyer to negotiate or draft agreements.  As a result, they may inadvertently cede ownership rights to “work product,” know-how and/or “residuals” to their clients.  Doing so may severely restrict their ability to offer similar services to future customers for fear of infringing on their former client’s IP rights or breaching former client contracts. 

For this reason, start-ups should consider consulting an attorney experienced in technology and business before signing a contract. Having a technology lawyer carefully craft client agreements (and knowing how to effectively negotiate ownership rights and license provisions) will allow a tech start-up to fully incorporate valuable improvements into future product and services releases. 

Next up, Out of Thin Air: Increasing Company Valuation Through Portfolio Creation

 

Tags: , , ,

Intellectual Property Series - Top 5 IP Issues for Connecticut Start-Up Companies

Posted on March 28, 2012 by N. Kane Bennett

David Benoit, the co-founder of Aeton Law Partners, is going to guest blog and will post on a series of intellectual property issues that a Connecticut technology business may face in the start-up phase.  Here is the first installment:  

Over the next few weeks, I am going to share with you my thoughts on what a tech start-up should be thinking about with respect to intellectual property.  As a technology attorney that routinely provides counsel to a range of businesses, I see patterns of issues that consistently come up in conversation with entrepreneurs, founders, senior management and their investors.   Along those lines, I’ve come up with a Top 5 IP Issue List and will post on each issue over the coming weeks. 

Top 5 IP List for A Connecticut Technology Company

Number One:

Locking Down the Development Team: Preserving IP Ownership From the “Get Go” 

 

All tech start-ups are confronted with risks that need to be addressed and weighed against the company’s business goals.  When counseling early-stage technology clients, I stress the importance of creating “IP awareness” as a best practice that should be followed sooner rather than later.  Having to “undo” prior IP missteps drains resources, causes the company to lose focus of its business objectives, and can result in costly litigation.  

 

When a technology company is in its infancy, its founders are often faced with having to work with many different parties in its effort to get the company “off the ground.” Whether the business relates to software applications, web-based services or hardware devices, a company typically has to engage consultants, suppliers, employees and other third parties to contribute to  the initial “build-out.” The technology work that is performed by these individuals often creates the platform for the company’s future products and services. 

It is during this initial stage that the inclusion of nondisclosure agreements and protective IP provisions in contracts with these individuals and third parties is most critical.  Without the appropriate agreements and contracts in place, including provisions that cover ownership and assignment of work product, residuals, patentable inventions and “know-how,” a company may find itself vulnerable to claims that it does not exclusively own certain portions or components of its successful products and services.  As a result, the company could find itself exposed to intellectual property litigation, a breach of contract lawsuit, or demands for ongoing royalty or license payments. 

Additionally, implementing appropriate company policies and procedures regarding electronic monitoring, social media usage and electronic access are necessary to prevent the company’s IP assets from walking out the door via disgruntled employees and contractors. For those employees that have higher levels of access to company IP assets or are critical to the success of the company, strong consideration must be given to the use of non-compete agreements and restrictive provisions in their employment agreements.

Up next....Don’t Be Quick to Open the Kimono: Protecting and Retaining IP Going Forward

Tags: , , ,

Software Liability Act in Connecticut - Good Idea or Too Much Regulation?

Posted on March 7, 2012 by N. Kane Bennett

Do software publishers need more regulation to encourage creation of safe and reliable software?That was the general question posed for a debate at the RSA Conference USA on February 29, 2012. Sean Doherty of Law Technology News wrote an interesting article summarizing the two different positions.  One side of the debate favors creating a regime of "civil liability for software manufacturers whose code causes harm to consumers."  Opponents view a regime of civil liability for damages caused by software as another unnecessary regulation.  In addition, opponents maintain that our existing laws already provide remedies for software liability.  

In Connecticut, there is no software liability statute or act.  However, there are various existing legal theories that might apply to the sale of defective software, including:

  • breach of contract;
  • breach of express warranty;
  • breach of implied warranty; and
  • misrepresentation.

Of course, there are also defenses to breach of warranty claims regarding software.  In many instances, a software attorney writing a contract or license agreement will include a disclaimer of all warranties and a cap on damages.  

Some consumers and purchasers do not have the ability to hire an attorney to negotiate a purchase of software.  Will a software liability act prohibit such disclaimers?  Conversely, not all software vendors or manufacturers hire a software lawyer to protect their interests by drafting appropriate disclaimers in license agreements and contracts.  Will a software liability act also protect software publishers from frivolous claims? 

As noted by the debaters at the RSA conference, everyone wants better, more reliable software. However, I doubt that creating a new software liability regime, and thus more regulation, is the right answer.  I tend to favor the market solution.  Let the better software win.  

Tags:

New Connecticut Business and Technology Law Firm

Posted on February 1, 2012 by N. Kane Bennett

I am pleased to announce that I have started a new law firm, Aeton Law Partners LLP.  At my new firm, I will continue my litigation practice involving a wide array of business and technology matters.  In this new venture,  I have partnered with Attorney David Benoit.  Dave brings a wide range of experience in transactions related to business, technology, and intellectual property. Together, we provide a broad base of experience and general counsel legal services for our existing and expanding client base.  For more information on Aeton Law Partners, please contact me at 860 724 2163.

 

Tags: , , ,

Will A Crack In Data Breach Litigation Open Floodgates

Posted on November 1, 2011 by N. Kane Bennett

Data loss and security breach incidents have become common. However, lawsuits related to these incidents are not so common or successful. The problems plaintiffs have encountered include not only figuring out the proper cause of action to seek recovery (many states lack laws permitting private lawsuits for damages related to data loss) but also how to establish provable damages. For example, if a large retail store suffers a security breach of 2 hours leaving your personal identifying information exposed to thieves or hackers, have you really suffered any damages if the information is never used or compromised? What about so called "mitigation" damages or out of pocket expenses for future protection such as credit card insurance, fraud protection, or getting a new credit card and incurring an annual fee?


The First Circuit Court of Appeals in Anderson v. Hannaford Bros. Co recently shed some light on the potential for recovery of mitigation damages in data breach litigation. In the Hannaford case, hackers stole up to 4.2 million credit and debit numbers, expiration dates, and security codes, but they did not steal customer names. Hannaford also had received notice that there were 1,800 cases of alleged misuse or fraud from the theft. In response, many financial institutions cancelled consumers' cards and fees were incurred to reinstate new cards.  Additionally, several consumers purchased identity theft protection for fear of future misuse. 26 separate lawsuits followed that were consolidated into one action in Maine.
 

At the trial court level, nearly all of the plaintiffs' claims (20 out of 21) were dismissed based on problems with the alleged theories of recovery or the damages claims. The court found that the damages were not recognized under Maine law for claims for lost time and effort or too speculative to prove for claims involving lost points on cards, fees for replacement cards, and insurance.

On appeal, the First Circuit upheld implied contract and negligence as proper theories of recovery. In regards to damages, the First Circuit reversed the trial court and found that "a plaintiff may recover for costs and harms incurred during a reasonable effort to mitigate." To recover, however, the plaintiffs needed to establish an actual injury such as money lost as opposed to only time and effort.
 

In finding that the plaintiffs stated a proper claim for damages in a data breach case, the First Circuit noted that the Hannaford breach was not inadvertent loss or simple breach with no misuse. Rather, the court emphasized that there was actual misuse of the information that may have been global in reach running up thousands of charges. This type of breach presented a "real risk of misuse." Thus, it was foreseeable that a customer might replace a card or purchase insurance to avoid or mitigate future misuse. The court specifically noted the many other cases finding no action for damages, but distinguished those cases based on the real threat and misuse that occurred with the Hannaford breach.


Although the Hannaford case appears to show a possible breach in the dam regarding damage claims in data breach cases, a closer look reveals that it may be more limited in scope. The Hannaford case involved actual misuse of the information with sophisticated thieves intent on doing harm for financial gain. It is unlikely that Hannaford will provide support for other mitigation cases unless those claims involve actual or legitimate threats of misuse.
 

Tags: , , , ,

Small Business Insurance For Data Loss and Security Breach

Posted on September 25, 2011 by N. Kane Bennett

The Hartford has recently announced a new insurance product specially tailored to fit small business for data loss and security breach. It has been touted as more affordable for the smaller business owner.  More and more small businesses are experiencing the devastating effects of a security breach incident or data loss.  The statistics and stories are well reported from various sources.  Experts agree that costs can exceed $200 per lost page of data.  This can cripple a small business and leave it exposed to lawsuits and litigation.

The front line defense to data loss and security breach risks should always be a good security and privacy plan. A technology attorney working in conjunction with your IT support can develop and help implement an effective security and privacy plan. The process of developing and implementing such plans often reveal the problem areas for any business.  Nevertheless, at the end of the day, there is no 100% fail safe plan to secure data, whether the data is on the cloud or in a server in the office.  There are also unavoidable risks associated with paper documents.  Likewise, there is no plan to provide 100% protection to paper documents.  That is why insurance is a good choice to cover the unavoidable risks.

In addition to providing valuable financial protection in the event of a covered incident, the underwriting and application process for data loss insurance will often require best practices.  This process alone will substantially reduce the likelihood of a significant data loss incident. Accordingly, small businesses should consider a three step process for data loss and security breach:

1. Develop and implement a security and privacy plan

2. Implement best practices as part of insurance application process

3.  Purchase and maintain data loss insurance

Tags: , , , , , ,

Connecticut State Court Judges Adopt Electronic Discovery Rules

Posted on July 20, 2011 by N. Kane Bennett

Connecticut state court judges recently adopted new electronic discovery rules.  The rules will become part of the Connecticut Practice Book for civil discovery and take effect on January 2, 2012.  

The judges present at the annual meeting unanimously adopted the new electronic discovery rules. You can read the new e-discovery rules here.  I removed the sections not relevant to civil cases.  The new rules or modifications are indicated by the underlined portions of the rule. 

Here is a quick hit list, and my brief commentary, of the new e-discovery rules in Connecticut state courts:

  • Definitions of electronic and electronically stored information (ESI) added to the list of definitions.  The new definitions are intentionally broad to adapt to new technology changes.
  • Grounds to move for a protective order in discovery include the terms and conditions of discovery of ESI and the allocation of costs between the parties.  This rule permits the court to take into account a series of factors in fashioning a protective order and cost shifting for discovery of ESI.
  • Litigants should be disclosing ESI that is readily accessible and likely to lead to the discovery of admissible evidence.  This basically clarifies that reasonably accessible ESI is no different than other types of discovery. 
  • Whether a litigant needs to disclose ESI that is not reasonably accessible will depend on a variety of factors that the court may consider. 
  • Court can shift the costs of production for ESI.
  • ESI added to the list of information a party can demand to inspect.
  • Safe harbor from sanctions for not only ESI, but all information, that is lost if the information is lost as the result of routine, good faith operation of a system or process in the absence of showing of intentional actions designed to avoid known discovery obligations.  This rule is based on the federal rule 37(f) safe harbor and the commentary indicates that good faith may require a party to stop or intervene a routine destruction policy.
  • Claw back provisions permit a party to notify an opponent of inadvertently disclosed privileged information.  There is a procedure the party must follow upon receipt of the notice.  The rule does not address issues of waiver of privilege by the inadvertent disclosure. 

Until Connecticut courts interpret these provisions, a good resource for attorneys may be found in the commentary to the rules.  Additionally, the new rules are based on  the Uniform Rules Relating to the Discovery of ESI adopted by the National Conference of Commissioners on Uniform State Laws in 2007.  There are various courts in other states that have interpreted these rules. 

Tags: , , , , ,

Social Media Continues To Impact Litigation and Trial

Posted on July 12, 2011 by N. Kane Bennett

The impact of social media  (Facebook, Twitter, LinkedIn, etc) continues to grow in legal matters including litigation and trial.  The court decisions cut across numerous areas from employment law and personal injury to privacy rights and defamation.  Social media use has involved all the key players in lawsuits inclding judges, jurors, consultants, attorneys, reporters, and witnesses.  Lawyers are using Facebook to screen jurors; jurors are using Facebook to post about the case they are sitting on; judges are checking Facebook to make sure jurors are not using it; jury consultants are following Twitter to give advice on trial strategy to attorneys during the trial; and reporters are giving first hand accounts of trials 140 characters at a time. Bottom line: Social media is everywhere and lawyers and litigants should pay attention.

In keeping up to date on the topic, here are some new resources and  articles on social media and litigation and trial:

Vianei Lopez Robinson published an article for Texas Lawyer featured on Law Technology News that covers some recent decisions involving Facebook and the discovery of public and non-public information.  The article also discusses some of the ethical implications for attorney's "friending" litigation opponents. 

Dan Schwartz's Connecticut employment law blog continues to cover social media for employers. He recently posted a new update for employers on the newest social network site, Google +. 

Corey Dennis, who previously submitted to this blog a great summary on the basics of Connecticut civil procedure, has just published a comprehensive law review article on social media and the various laws implicated by its use. Here is a link to his article for the Massachusetts Law Review. 

 Leita Walker and Joel Schroeder published a thorough review of social media "crashing into the courtroom" in an article posted by Law.com.  The article describes several recent cases, juror misconduct with social media, attorney use of social media in discovery and cases ranging from employment to trademark matters.

A year or two ago it used to be relatively easy to track social media and the impacts on lawsuits and litigation. There were very few cases, and I posted about most of them.   Now, there are new reports and articles,  cases, and legal issues involving social media almost daily.   Just today,  a Google search of social media and trial brings up articles about the Roger Clemens perjury trial and the Casey Anthony murder trial. 

The bottom line is social media is here to stay and has clearly "crashed into the courtroom."  Attorneys, and especially trial lawyers and litigators, have to become familiar with all the legal implications as social media just might crash into one your cases.   

Tags: , , , ,