Posted on

Your Sales Team is Impacted by GDPR. Here’s How –

Your Sales Team is Impacted by GDPR. Here’s How –

It’s still difficult to process all the ways in which the General Data Protection Regulation(GDPR) is affecting the work of businesses. From database creation to maintaining an online presence, companies have had to introduce an array of procedural changes for the purpose of ensuring GDPR compliance.

The work of sales teams isn’t spared from such changes. If you’re managing sales teams or you’re member of this department, you’ll need to acquaint yourself with the important new provisions that will affect your work.

Is There a Data Protection Agreement in Place?

One of the important documents that will be needed by the sales team is a data protection agreement (DPA).

The DPA is a legal document that outlines the procedural and administrative ways in which the organization is going to protect the personal information it processes. Such a document should be readily available for customers that ask for it.

Even if a client doesn’t ask for a DPA, it will still have to be introduced in the sales cycle at a certain point in time. Selecting the right moment is of paramount importance because the ill-timed introduction of DPAs can contribute to significant slowdowns.

Most US companies may not need to have a DPA in place but in the event of such a document being required, it will have to be prepared and available in advance. Otherwise, chaos will ensue.

Evaluation of Data Being Gathered

GDPR has forced many companies to reevaluate their data collection policies. A general rule of thumb is to gather only the information needed to continue providing customers with a high quality, tailored service.

Individuals managing sales teams will need to carry out a personal data collection audit. According to GDPR provisions, there is a limited list of acceptable reasons for the collection of personal information from clients. The fact that such information could potentially be utilized for company growth in the future isn’t a sufficient reason for the collection of personal information.

A new process should be developed by the sales team that will enable the collection of the least possible amount of data for successful interactions with clients. While the audit itself could require time and resources to complete, a new process that’s based on minimum data collection could make the life of sales professionals easier in the future.

Changes in Sales Prospecting

Apart from having to be informed about their personal information being collected, individuals are also entitled to being made aware of what purposes the information is going to be used for. The amount of time during which personal information is going to be stored will also have to be shared with leads and clients. More information about these provisions is available in Article 13 and Article 14 of the EU GDPR.

If consent has not been obtained at the time when information was collected, the sales team will have to revisit the process.

As per GDPR regulations, sales professionals and other company representatives have to inform individuals that their data has been obtained (and why) within 30 days of the process being completed. If such a message is sent and an individual responds by saying they do not want their information to be stored and used for sales purposes, the entry will have to be removed from the database.

For most companies, GDPR will indicate a change in which the sales team is doing its job. To ensure compliance, these professionals will have to stop sending automatically-generated prospecting emails, they will need to get consent for data processing and storage and they will need to get consent for the purpose of sending sales materials to clients. Once these issues are cleared, chances are that the work process will become much more streamlined and effective.

 

Posted on

Addressing the Common Legal Issues of Podcasting

Addressing the Common Legal Issues of Podcasting

As of April 2018, there are 525,000 active podcast shows that have produced more than 18.5 million episodes. Approximately 44 percent of people in the US have listened to a podcast and the loyalty rate is high. These features turn podcasting into a lucrative business activity that can be monetized in a number of ways.

If you’re looking forward to launching a podcast business, however, you may be concerned about the legal issues. There are several legal specifics you’ll need to take care of in the beginning. Let’s get started with the most important ones.

Podcast Copyright

The aim of the copyright is to protect original work from being replicated, utilized and monetized by someone else. Creating a podcast that is original and engaging is a very tough process. This is why you’ll definitely want to make sure your work is protected.

A copyright notice included on all of your work is one of the simplest ways to protect your intellectual property. A written licensing agreement is an even better idea.

On the other hand, you have to make sure that you’re not committing a violation through podcast creation. Can you, for example, use somebody else’s music as a background, an intro or an outro? If you use music and sounds that are non-royalty free, you will be committing copyright infringement. The only exception is fair use and it isn’t going to apply to all musical pieces.

If you plan to start a podcast business, talk to an experienced copyright attorney. This way, you can protect your intellectual property and you can also make sure that you’re not committing a serious violation when putting your podcasts together.

Legal Issues to Address before You Start Monetizing

Even if you’re podcasting as a hobby, you will still need to address a number of legal issues.

Mentioning a sponsor or having affiliate links means that you’re monetizing the podcast, which takes it out of the hobby realm. You will be subjected to taxation and business licensing requirements. Address these before you begin making podcasts, especially if you intend to grow the scope of such activities in the future.

Forming a corporation or a limited liability company (LLC) is a good idea because you’ll get various types of protections this way. This is especially true for individuals who own assets and are worried about liability.

Through the formation of a separate entity, your personal assets will be considered a separate entity. These personal assets will not be exposed to liability in the event of issues arising from your podcasting activities.

Avoiding Publicity Rights Infringement

The final issue we’re going to discuss is publicity rights infringement. Such a violation can occur whenever you have a guest on the podcast.

The right of publicity varies from state to state and it allows individuals to control the commercial use of their name, image or persona. This means that whenever a guest appears on your podcast, you will need to get their permission to broadcast the finalized audio.

Getting potential guests to sign a written release in advance is going to be of paramount importance. Such a document shouldn’t just be downloaded from a random website. Rather, talk to an experienced legal professional and get a document that’s tailored for your needs. This way, the release will contain all of the essential information you need to be legally protected when interacting with and featuring third parties on your podcast.

 

Posted on

4 Tips for Legal Online Consumer Data Collection

4 Tips for Legal Online Consumer Data Collection

People’s attitudes towards the collection of online data has been changing over the past few years. A 2017 survey suggests that 75 percent of individuals will sometimes or always read a privacy policy on a website.

According to 53 percent of people, it’s extremely important to know whether an app or a service is using their personal data. At the same time, several massive online data collection scandals have rocked the world in recent years.

Providing a quality online service or content will often be dependent on consumer data collection. To do so legally, however, you’ll have to learn how to collect data and what documents to feature on your website or online platform.

Determine What Types of Personal Data Collection You’ll Be Doing

To craft the right online data collection procedures, you will first need to determine what types of sensitive information you’re going to be having access to.

Most often, online service providers work with the following:

  • IP address
  • Internet domain
  • Type of browser or OS
  • Location of the website visitor
  • Demographic profiles
  • Number of pages visited, length of stay on website

If you have online opt-in forms, chances are that you will be collecting additional sensitive information. When you know what you’re dealing with, you will get to determine which regulatory framework(s) you’ll have to adhere to.

Understand Personal Information Law and Compliance

Online data collection could be subjected to multiple regulatory frameworks due to the international nature of website visits. The EU GDPR is one of these frameworks. The US has more limited regulatory efforts as far as data privacy goes but a few statutes may apply to the work of different online companies.

If you’re based in the US, EU, and many other Western countries, you will have to comply with at least one type of data collection law. A privacy policy, terms and conditions, and thorough explanations as to why you have to collect sensitive data are the absolute minimum.

Carry Out a Privacy Audit

A website that’s already functional will have to be audited to determine whether it meets all regulatory requirements. It’s best to have an experienced legal professional carrying out such an audit.

Some of the items that will be examined include your privacy policy, whether opt-on forms allow for explicit consent and whether people are given the chance to opt out effortlessly. Based on the audit information, you’ll get to determine how data collection is to be modified in the future to ensure compliance.

Minimize Personal Data Collection and Retention as Much as Possible

Online consumer data collection should occur for the provision of better products and services. It’s possible that you’re currently accessing sensitive information that isn’t adding anything to the experience of people visiting your website or using your app.

There are things you can do to minimize the collection of sensitive information online. Based on the audit you’ve carried out, it’s possible to identify certain positive changes in this field.

Very often, online businesses gather a lot of extra information that could potentially be used in the future. If you’re doing this right now, you’re only making your life and work more challenging. Data breaches and hack attacks do occur. The more information you have, the bigger the problem is going to be in the case of an information leak.

A final thing to do is to ensure the security of data collection efforts. To minimize the risk of hack attacks, invest in quality servers, encryption, and access control. While there are numerous additional things you could be doing, this is the absolute minimum when it comes to meeting laws and giving your customers access to a quality service.

 

Posted on

4 Tips for Legal Online Consumer Data Collection

4 Tips for Legal Online Consumer Data Collection

People’s attitudes towards the collection of online data has been changing over the past few years. A 2017 survey suggests that 75 percent of individuals will sometimes or always read a privacy policy on a website.

According to 53 percent of people, it’s extremely important to know whether an app or a service is using their personal data. At the same time, several massive online data collection scandals have rocked the world in recent years.

Providing a quality online service or content will often be dependent on consumer data collection. To do so legally, however, you’ll have to learn how to collect data and what documents to feature on your website or online platform.

Determine What Types of Personal Data Collection You’ll Be Doing

To craft the right online data collection procedures, you will first need to determine what types of sensitive information you’re going to be having access to.

Most often, online service providers work with the following:

  • IP address
  • Internet domain
  • Type of browser or OS
  • Location of the website visitor
  • Demographic profiles
  • Number of pages visited, length of stay on the website

If you have online opt-in forms, chances are that you will be collecting additional sensitive information. When you know what you’re dealing with, you will get to determine which regulatory framework(s) you’ll have to adhere to.

Understand Personal Information Law and Compliance

Online data collection could be subjected to multiple regulatory frameworks due to the international nature of website visits. The EU GDPR is one of these frameworks. The US has more limited regulatory efforts as far as data privacy goes but a few statutes may apply to the work of different online companies.

If you’re based in the US, EU, and many other Western countries, you will have to comply with at least one type of data collection law. A privacy policy, terms and conditions and thorough explanations as to why you have to collect sensitive data are the absolute minimum.

Carry Out a Privacy Audit

A website that’s already functional will have to be audited to determine whether it meets all regulatory requirements. It’s best to have an experienced legal professional carrying out such an audit.

Some of the items that will be examined include your privacy policy, whether opt-on forms allow for explicit consent and whether people are given the chance to opt out effortlessly. Based on the audit information, you’ll get to determine how data collection is to be modified in the future to ensure compliance.

Minimize Personal Data Collection and Retention as Much as Possible

Online consumer data collection should occur for the provision of better products and services. It’s possible that you’re currently accessing sensitive information that isn’t adding anything to the experience of people visiting your website or using your app.

There are things you can do to minimize the collection of sensitive information online. Based on the audit you’ve carried out, it’s possible to identify certain positive changes in this field.

Very often, online businesses gather a lot of extra information that could potentially be used in the future. If you’re doing this right now, you’re only making your life and work more challenging. Data breaches and hack attacks do occur. The more information you have, the bigger the problem is going to be in the case of an information leak.

A final thing to do is to ensure the security of data collection efforts. To minimize the risk of hack attacks, invest in quality servers, encryption, and access control. While there are numerous additional things you could be doing, this is the absolute minimum when it comes to meeting laws and giving your customers access to a quality service.

 

Posted on

The Effect GDPR Has on Cookie Policies

The Effect GDPR Has on Cookie Policies

If you have visited any website after the enactment of the GDPR, you have probably seen a message about the fact that the website uses cookies. This message is a part of GDPR compliance and if you have a website, you should also consider the enactment of a new website cookie policy.

To understand the specifics, it’s first important to examine what cookies are and how they could affect the collection of personal data.

What Is a Website Cookie?

A website cookie is a text file put on your computer whenever you visit a website. The aim of the cookie is to store data so that the next time you visit the respective website, some of the information will be loaded immediately. Cookies ensure fast loading time and a degree of service personalization.

In some instances, cookies can be used in a way that makes the website visitor identifiable. When this happens, GDPR compliance is going to be on the table.

Cookies could be used for analytics, the delivery of marketing messages, as well as functional website services. For the collection of information to be lawful, websites will have to ask for the consent of visitors. Otherwise, the use of such cookies will have to be discontinued.

GDPR Compliance and the Website Cookie Policy

When you go through the lengthy GDPR text, you will see cookies being mentioned only once. This happens in Recital 30 of the GDPR.

According to the text, online identifiers like cookies could be associated to natural persons. Thus, whenever cookies are utilized in a way that can potentially get someone identified, they are subjected to GDPR regulations.

To become compliant, websites should either stop collecting information via cookies or they should rely on explicit consent to continue operating in the same way. This means asking for consent to be given as soon as a person enters the website and also outlining the use of cookies in the terms and conditions.

One of the simplest things is to have a note that allows the person to either accept or reject the cookie policy. It’s not ok to feature solely a button for agreement. Under GDPR, this is a violation of an individual’s right to prevent businesses from using their personal data.

It’s also important for the people who have already given their consent to be provided with an option to withdraw it.

To sum it up, here’s how compliance can be ensured as far as cookie policies go:

  • Inform website visitors immediately that cookies may be used to collect their personal information
  • Give them a chance to either accept or decline the collection of such personal data
  • Have terms and conditions that outline what cookies are and how they’re going to be used by the website
  • Give website visitors a chance to withdraw their cookie usage consent, even if they’ve agreed to it beforehand

Things may seem a bit confusing but consent management is one of the most important parts of the GDPR. Cookie usage is just a tiny fraction of it. to run an online business or a content-based website, you should rely on a template or plugins that simplify the process of getting explicit consent/allowing people to opt out. Take it one step at a time. Enhance your terms and conditions and work on the creation of a consent form that could be modified for different purposes – it will come in handy as far as ensuring GDPR compliance goes.

 

Posted on

The Use of Electronic Signatures for Digital Contract Signing

The Use of Electronic Signatures for Digital Contract Signing

Electronic signature transactions are becoming increasingly common and popular. The number of such transactions was 89 million in 2012 and it grew to 754 million in 2017. Digital contract signing is just one of the uses. Digital signatures also make it easier to control record-keeping practices, audits, and internal document management.

To understand the use of electronic signatures for digital contract signing, it’s first important to define what is an electronic signature and whether it can be used to create a legally-binding document.

What is an Electronic Signature?

An electronic signature is a digital indicator of a person’s identity and their agreement with the contents of a document or a transaction. It plays the role of a handwritten signature in the digital realm.

The premise is simple – a person goes through an online document like a PDF file and a special annotation is used to place the signature where a handwritten signature will typically appear.

In the early 2000s, there were multiple legal issues surrounding the acceptability of electronically signed documents. This is when the US government approved the Electronic Signatures in Global and National Commerce Act (ESIGN Act).

Through the act, electronic signatures have been given the same legal weight as a handwritten signature placed on a piece of paper.

Digital Contract Signing and Electronic Signatures

An electronic or digital contract is a document that is created and transmitted in an electronic form. It doesn’t have to be printed out, which is in line with the paperless policies that many companies across the US have adopted.

Digital contracts can be signed in several ways and all of these are legally binding.

One of the simplest options is having an I Agree button at the end of the document. By clicking on the button, the user will be agreeing to the terms and conditions. The use of an electronic signature is another viable option. Depending on the variety, the entire name of the signee will appear on the bottom of the document or the electronic signature will consist solely of initials.

Through the ESIGN Act, businesses have been enabled to conduct their business 100 percent online.  Cryptographic digital signatures are becoming a more common way of verifying the signee’s identity and such options are readily available for all entities.

How to Create an Electronic Signature?

If you’re interested in going paperless and doing most of your business online, chances are that you’re wondering about how to create an electronic signature.

In essence, the electronic signature is an image of your signature. It can be created with the mouse or a stylus. Alternatively, you can upload an image file that features your photographed signature. A signature created this way is legally binding – do not forget the fact when placing it at the bottom of a document.

You will also need to understand the difference between electronic and digital signatures. The electronic signature is what has been discussed in the previous paragraph. A digital signature is cryptographically-secure and verified. It is a private signing key that is more complicated and more difficult to use.

To use a digital signature, you will need to possess a security certificate that is a form of identification unique to you. Certification authorities are the only entities that can issue digital signatures and these will also have to be renewed periodically for security purposes.

 

Posted on

WordPress GDPR Compliance Guide

WordPress GDPR Compliance Guide

WordPress provides a simple and affordable opportunity for putting together a corporate website. With the new EU GDPR regulations in place, however, many WordPress website owners wonder whether they’re meeting the compliance criteria.

The primary aim of the GDPR is to protect the privacy and personal information of people interacting with businesses. Whether you’re just creating a WordPress website or you’re thinking about modifying your existing online presence, there are several key steps to undertake to ensure GDPR compliance.

Learn about the Ways in Which Your Website is Collecting Data

GDPR regulates the manner in which websites collect data from their visitors. To ensure compliance, try to pinpoint all of the ways in which your audience could be sharing personal information with you. Some of the possibilities include:

  • User registrations
  • Writing comments
  • Signing up for an email newsletter
  • Sending an inquiry via a contact form
  • Log in requirements for individual tools or plugins
  • The collection of analytical data about the website audience

Once you have this information, you can move on to ensuring the GDPR compliance of WordPress website hosting.

Choose the Right Plugins

Luckily, WordPress and WordPress plugin developers have taken it to heart to help website owners ensure compliance with the new privacy regulations.

An array of plugins and other tools can be used for this purpose. This means you’ll be free from having to hire a web developer to modify the data collection aspects of the website. WordPress has created a page featuring all of the currently available GDPR-related plugins. It will be up to you to decide which ones you’ll have to install and run.

Update Your WordPress Version

Updating the WordPress version regularly is important from a security perspective, hence it plays a role in your GDPR compliance efforts.

WordPress 4.9.6 has a number of the GDPR characteristics already built into the platform. If you’re creating a WordPress website right now, you will have the latest version installed and there will be nothing to worry about.

The update takes place from your WordPress dashboard and only a few minutes are needed to get it done with.

Update Your Privacy Policy

Now that you have handled the software side of things, it’s time to work on the documents that highlight the data policies and security measures your website visitors are entitled to.

A good privacy policy should provide information about:

  • Who you are and why you need to collect personal data (the only permissible option is for the provision of content and services on the website)
  • What’s the legal basis for personal data collection
  • How information is going to be shared with third parties (in the case, WordPress plugin developers), why and what your commitment to protecting the privacy of website visitors is
  • The timeframe for the storage of collected data
  • The rights of individuals to opt out from data collection efforts and the right to be forgotten
  • A specific clause for filing a personal data-related complaint

Needless to say, there could be certain specific clauses pertaining to the type of website you’re running and the content featured on it. You cannot rely on a generic privacy agreement, which is why consulting an experienced attorney in the field and having the privacy policy drafted professionally is going to make the most sense as far as GDPR compliance efforts go.

 

Posted on

An Introduction to the End User License Agreement (EULA)

End-User-Licensing-Agreement

An Introduction to the End User License Agreement (EULA)

If you have ever downloaded software in your life, you have come across the end user license agreement (EULA). This type of license comes with specific rights and limitations that have to be followed by anyone interested in testing out or using the respective product on a regular basis.

What does end user license agreement mean and how should you draft the perfect one? While the structure is typically pre-determined, it’s not the best of ideas to rely on a template or a generic EULA.

What is End User License Agreement?

End user license agreement is a license that enables a user to rely on a software product in a certain manner. It enforces use limitations and once accepted, it will allow the person to begin running the software.

A typical example of an EULA clause is to install and run the software on a single computer. Other clauses under such an agreement could include:

An inability to use the app or software for revenue generation
A ban on attempting to decrypt an encrypted product
A ban on attempting to derive the source code
Limitations on distributing the product in a network
The terms and conditions under which a termination of the license will occur
A disclaimer of liability

Usually, the EULA appears during the first step of installation, but it could also be featured within the terms and conditions.

How to Draft a Good EULA

While it is still questionable if an EULA is enforceable in court, various courts have upheld their legitimacy. The ProCD Inc. v. Zeidenberg case is just one example of such a legal development. While most people will not take the time to read the end user license agreement, it’s still your responsibility to draft a solid one and protect your product.

The structure of the EULA is typically comprehensive. It consists of:

Licensing of use terms and conditions
Restrictions
Conditions under which termination of use will occur
Limitation of liability clause
A warranty disclaimer
Copyright infringement information
Contact information

It’s in your best interest to feature all of these sections in your end user license agreement. The more comprehensive the document is, the better legal protection you’ll be entitled to against unsolicited or illegal software use.

Keep in mind that the EULA is a legal agreement between the company that has developed an app and the legal user. Because of this characteristic, it may be a good idea to have a legal professional reviewing your EULA. While many standard clauses can be featured in such a document, it would still be a good idea to include specific information that’s relevant to your product and its intended use.

Final Steps

The final step will be to highlight the international, national, and local laws that apply to the licensing agreement and the protective clauses in it. Obviously, you can Google the licensing laws. Alternatively, you should have that consultation with an attorney to make sure you’re familiar with all applicable regulations and the manner in which they can be utilized to protect your software/intellectual property.

A final thing to keep in mind is that you should keep your EULA simple, straightforward, and easy to understand. Avoid ambiguous language that could be interpreted in multiple ways. When the rules are stated plainly and directly, they will be easier to eventually uphold in court.

Posted on

The Seven Most Important Legal Protections For Your Online Business

The Seven Most Important Legal Protections For Your Online Business

As an entrepreneur, you have a particularly big role to play in the success of your online business. You are the sales person, the developer, and the customer representative – all at the same time. While outsourcing some of these roles or hiring others to fill these positions is a good idea, scarce resources may not enable you to work with a consultant or freelancer.

No matter what roles you end up serving, it’s important to remember that being an online business owner does not give you immunity from the law. Your business is very much regulated by the same laws guarding big businesses – sometimes even more – so you have to know how to handle legal issues. While not all of your legal needs may require hiring a lawyer, all of it does require your knowledge of the law. A little bit of preparation will go a long way. This article is a good place to start.

ONE: Your Pre-Business Contracts:

The most common mistake startup founders make during early growth is not establishing a strong legal structure at conception. While it’s tempting to dig into the vision for your company and start making your idea a reality, it’s important that founders pause and cover their legal bases. The core legal documents that founders need to put into place will help avoid costly legal battles in the future. Three are listed below.

Articles of Incorporation.  A common mistake startup founders make is failing to put the proper business structure in place. Setting up only a sole proprietorship can result in huge income tax bills and legal liabilities for which founders are personally responsible. By not filing with the Internal Revenue Service to form a distinct legal entity for their business, founders risk losing their personal savings and, in some extreme cases, their homes.

Nondisclosure Agreements.  Having a non-disclosure agreement (NDA) readily available, is imperative before any business conversations take place between you and an outside party. From the moment a prospective employee or investor initiates contact with you, you need to have an NDA agreement waiting for them to sign. NDAs protect your online business by safeguarding your founder and employees’ ideas, and your intellectual property. An NDA should specify the following:

  • What constitutes confidential information
  • How confidential information should be handled
  • Who owns that information (the company)
  • The time period that the information will be disclosed
  • The time period confidentiality will be maintained

Independent Contractor Agreements. For many small or online businesses, outsourcing to independent contractors is a great way to get some added help, fill a specific needs, or bring in specific expertise. It’s a flexible arrangement, and you don’t have to pay workers’ compensation, payroll taxes or employee benefits for contractors and freelancers. However, be aware that the IRS is now on the lookout for employers who misclassify their workers as independent contractors to avoid paying payroll taxes.

For this reason, it’s smart to make a contract. Consider an independent contractor agreement that explicitly defines the relationship between you and the worker. Make it clear that you intend the worker to be an independent contractor who is responsible for his or her own taxes. In addition, the agreement should not exert much control over how work will get done. Be careful not to set specific hours for when they need to work or where.

TWO: Your Business Structure:

While less exciting than building a website and marketing your product, careful evaluation of which business structure is right for you is crucial because it will have implications for how the IRS taxes your profits. It’ll also determine whether your personal property is protected when others demand money from your business. Other considerations, including the management of the new business and your long-term plans for it, come into play as well.  

Business structures are largely creations of state law, and there are minor variations on the details from state to state. But here are five common models:

  • Sole Proprietorship.  An unincorporated business that is owned by one person who reports business profits on his or her individual tax return. A sole proprietorship is the simplest business structure and is straightforward to start.
  • Partnership. An unincorporated business is owned by multiple owners, and these can be either people or other businesses. Profits are divided among its owners and reported on their tax returns. Common partnership types include General Partnerships, Limited Partnerships, Limited Liability Partnerships (LLPs) and Limited Liability Limited Partnerships (LLLPs).
  • A Limited Liability Company. An LLC is a hybrid business structure that limits the personal liability of its owners — called members — like a corporation but allows the profits to be taxed on either a member level or the corporate level.
  • An S Corporation. An S corporation has one class of stock and no more than 100 shareholders, none of whom can be another for-profit business, or a person without a green card who doesn’t meet IRS residency requirements. Profits are taxed on shareholders’ tax returns, and shareholders have limited liability.
  • A C Corporation. A corporation whose profit is taxed once on the business level, and a second time on an individual basis when earnings are distributed to shareholders who have limited liability for the business’s debts. C Corporations can have multiple classes of stock and an unlimited number of shareholders.

THREE: Intellectual Property

Intellectual property (IP) is the bread and butter of most online businesses. Be prepared to invest in the time and talents of an IP attorney early on because there’s sometimes a very thin line between creativity and theft. Intellectual property owners need to put in efforts to ensure their rights are protected. As an online business, securing a trademark for your IP is the only way to guarantee no one will steal your idea from you.

Trademark and Copyright Protection:

There tends to be some common misconceptions about what these words actually mean, with must-know legalities and laws around each one. The United States Patent and Trademark Office defines them as the following:

  • Trademark: A word, phrase, symbol, and/or design that identifies and distinguishes the source of the goods of one party from those of others.
  • Patent: A limited duration property right relating to an invention, granted by the United States Patent and Trademark Office in exchange for public disclosure of the invention.
  • Copyright: Protects works of authorship, such as writings, music, and works of art that have been tangibly expressed.

FOUR: Terms of Use Agreement:

Essential to your website is the Terms of Use Agreement, which is intended to be a contract between the Web site owner and the users of the site, and any purchasers of goods or services from the site. A well-drafted agreement includes: limitations on how the site can be used, copyright protection warnings, disclaimers, liability limitations, disclosure on the site’s privacy policy in dealing with customer information, jurisdiction where any disputes must be brought (ideally, the hometown of the site owner), and much more.

FIVE: Privacy Policies:

This is one of the most important areas of launching your online business, and you should plan on devoting time to getting this right.  Remember that regulations around privacy policies don’t just end at your website: any tool that collects information from your site — such as website analytics, online forms, or chat widgets — will require a policy too. Google Analytics, the most popular web analytics tool out there, even has a privacy policy requirement in its terms of use.  Equally important, if you’re planning on running any online ad campaigns, both Google and Facebook require privacy policies in place if you’re collecting any user information. This is especially important for Facebook Lead Ads, which requires a privacy policy URL link within each ad you create.

A privacy policy usually lets your customers know what type of data you’re collecting, and what you’re doing with that data. It also generally provides information about how you’re collecting data, whether it’s through a form or cookies on your website.

Privacy policies may also include information on who has access to the customer’s data. This can mean giving customers the right to request data if they want, and a process to do so. And it usually involves providing contact info if they have a question about the privacy policy. You may also want to provide an opt-out notice for users that don’t agree with the policy.

Speaking of privacy policies, have you heard about the GDPR (aka the new General Data Protection Regulation put into place by the EU?). If you’re unsure of what you need to know for this new privacy law and how to get yourself compliant, click here to watch my free masterclass on the GDPR, OR click here to download a totally free GDPR compliant plug-and-play privacy policy.

SIX: Client Contracts

Drafting up contracts for your clients doesn’t need to be complicated, nor does there need to be a lot of legalese. The goal is to clearly define all expectations of a project from both you and your client. On a very basic level, a contract should clearly spell out who’s doing what and for how much. Clumsy legal language often confuses people and should be kept out of agreements if possible. Generally, if you don’t understand it yourself, then you should leave it out of your contract.

Service agreements for your clients. A client service agreement focuses on your relationship with your clients or customers. If you are a consultant, coach, or other service professional, then it’s imperative that your clients know what to expect when working with you and what their responsibilities are in the transaction.

A well-drafted client service agreement memorializes the basic terms of your relationship with your client. It also provides the next steps in the event something unexpected happens. It can prevent disagreements and confusion with your customers, which in turn can prevent any need for litigation.

Your client service agreement should include the client’s name and contact information, a place for them to sign, the amount the client will pay you, and what exactly you will provide in exchange for that payment.

Other important items you should include:

  • What happens when a client fails to show up for their appointment?
  • How many calls/emails/meetings with you can the client expect?
  • How and when will the client pay you?
  • What happens if payment is late?
  • How can you, or the client, terminate the coaching relationship?

Coaching agreements/freelancer agreements. When you’re mentoring others online or offline on how to improve their businesses or personal lives, you will want to put into place a written coaching agreement that clearly states what you have agreed to do, when you will perform such coaching services, and your coaching fee(s).

Equally important, your coaching contract should specifically exclude key areas that your services do not cover.

When having an experienced business lawyer prepare the coaching agreement you will use with clients, here are some key factors to consider:

  • What is the term of your coaching agreement?
  • What deliverables are you promising and, equally significant, what are you excluding from the scope of your professional coaching services?
  • What media will be used to deliver your coaching services?
  • How and when will you get compensated for your professional coaching advice?

SEVEN: Liability Protection

Clear communications will solve many customer complaint problems for your online communications, but may also protect you from claims of false advertising and investigation by the U.S. Federal Trade Commission. Disclosing basic information is required by law, but must be done accurately. Therefore, you should monitor the information you are placing on your website to make sure it accurately depicts your business practices, prices, products, or whatever else you are describing to potential customers to entice them to buy your products or services.

Clear communication also includes “adequate” communication. Leaving out key details about what you are describing on your website can be considered misleading. The FTC provides guidelines on its website regarding advertising and marketing on the Internet and gives good examples of what types of statements might be misleading to customers. 

Cyberattacks.  Protecting against cyber-attacks isn’t that difficult. Hackers are intelligent and ambitious, but statistics show that entrepreneurs and business owners generally do not employ the best defense mechanisms against cybercrime either. Most victims are “targets of opportunity.” In other words, they had extremely poor security, if any. Here are a few things you should do to protect your business against cyber-attacks:

  • Purchase malware and anti-virus software. Malware is used in most data breaches. It can be planted onto a computer through spammy websites, suspicious emails, or unsecure Wi-Fi connections. If the infiltration is successful, malware can capture login information and keystrokes. Other threats include email phishing, pop-ups requesting personal information, or social media account access. The good news is that it’s surprisingly easy to protect your business against malware and viruses. Simply install appropriate protection software. You should also update it regularly because worms and other viruses thrive on out-of-date software.
  • Encrypt important data. Sensitive data such as bank accounts or client information should be encrypted because this is exactly the kind of information that hackers are looking for. Full-disk encryption tools, which are standard features for most operating systems, should be utilized at all times. Data encryption can also be used for cloud-based services or email platforms.
  • Educate Employees. Most cyber-attacks occur through compromised Wi-Fi networks If you use wireless networks, you should make sure that they have strong passwords. You should also disable the SSID broadcasting function on your router in order to hide your network. Avoid using WEP networks. At the moment, WPA2 is the standard because it offers better protection.

Disclaimer You should avoid making announcements, slanderous statements, or engaging in any business that might be considered suspicious. Partnering up with companies that end up being sued might also harm you in the fallout. In addition to this, you should also limit any possible conflicts of interest. To that end, you should definitely think of obtaining liability insurance to protect yourself against unfortunate events. Errors and omissions coverage should also be considered, especially if you’re working with people. Another option besides purchasing insurance is to build protection through your contracts.

Here are a couple of things that a website legal disclaimer can do:

  • Inform people you may change your content at any time with or without notice
  • Disclaim responsibility for the content provided on any websites that you link to your website.
  • Advise people, under no uncertain terms, if they take any action based on the information provided on your website that they do so “at their own risk.”

Data Protection. There is probably no quicker way to lose customers than to allow their personal information to be unsecured. Laws and customers are placing more and more emphasis on personal security, and protection of their financial information is required. Accurate and adequate disclosure of security practices to consumers is a vital aspect of good online business practices. State and federal laws require protection of financial information and social security numbers. Also, several state laws require notification to consumers if there is a security breach that puts their personal information at risk for identity theft or other fraud. Constant monitoring of your security practices is essential.

 

Conclusion: Relationship with a good attorney!

 

Finally, and perhaps most importantly, securing a good attorney at the beginning of your business will save you time and trouble in the future. If you’re unsure which corporate structure is right for you, talk to an attorney. If you’re not clear on the terms of a new contract you’re about to enter into, have a lawyer read and interpret the document to you. While you might be very eager to append your signature to the agreement, taking a little caution will keep you from entering a long and painful business relationship. An investment in a good counsel now, will pay big dividends in the future.

 

Posted on

How is Personal Data Defined Under the New GDPR Provisions?

Personal Data

How is Personal Data Defined Under the New GDPR Provisions?

The General Data Protection Regulation (GDPR) is already here and hopefully, you’ve managed to implement all of the required changes. To ensure consistent compliance, however, you need to have a thorough understanding of the term personal data and its specific definition under GDPR.

The general definition of personal data is easy to understand – this is data pertaining to a certain person (financial, medical, personal, etc.) that should be protected. Does GDPR change the definition of the term, however?

The Definition of Personal Data

More information about the definition of personal data is available in GDPR Article 4.

The document states that personal data is any information that relates to an identifiable individual. An identifiable individual is someone who can be identified by their name, ID number, an online identifier (like IP address, for example) or any other source of information that can be utilized for either direct or indirect identification.

As you can see, the GDPR definition is quite vague and it could relate to just about anything. The scope of information expands in an attempt to give people more control over the privacy of their data.

New Categories of Sensitive Data

Personal data has an important sub-category under GDPR and this sub-category is sensitive data. Sensitive data is more specific and it should be handled more carefully by website administrators and web service providers.

A few common types of sensitive data under GDPR include:

  • Information about a person’s race or their ethnicity
  • Political opinion
  • Health details
  • Sexual orientation
  • Religious affiliation

In order to process sensitive data, online service and content providers have to get explicit consent under the GDPR.

There are two more types of data that fall under the same category and necessitate similar processing – biometric and genetic data. Genetic data is specifically used for medical research purposes. Biometric data includes fingerprints, retinal scans, etc.

Processing Terms and Conditions for Personal Data Handling

Now that you have a better idea of what personal data is, it’s time to understand how such information should be processed and handled under GDPR.

The conditions for personal data processing under GDPR are somewhat similar to those under the Data Protection Act of 1998. Processing is going to be lawful whenever:

  • Consent is obtained from the individual that the data pertains to
  • The processing of such data is absolutely necessary for the performance of a contract, for legal compliance, the performance of a task or to meet a legal obligation
  • Explicit consent is obtained for sensitive personal data

To meet these requirements, website owners have to review existing data collection policies, as well as the terms and conditions presented on the website itself. If a consent mechanism is already in place, it should be reviewed to make sure it meets the much more stringent GDPR requirements (especially for sensitive data).

Whenever personal and biometric data is being processed, both GDPR and local national regulations will have to be taken into consideration. Individual EU member countries could impose additional restrictions that will come on top of the standard GDPR provisions.

Ensuring GDPR compliance has been a lengthy process for many businesses and for some, the process has not been finalized yet. If you’re one of these businesses and you’re still struggling, you should seek legal assistance right now. Having an experienced professional reviewing your personal data collection and processing policies will make it easier to identify gaps, shortcomings and potential GDPR violations.