Bob Schrader, Esq.

You are here: Home / Bulletproof Your Online Business™ Blog

Bulletproof Your Online Business™ Blog

By

Easy GDPR privacy policy compliance for US based online entrepreneurs.

GDPR Privacy Policy Compliance
GDPR Privacy Policy
Photo by ev on Unsplash

Your easy solution for GDPR Privacy Policy compliance.

GDPR or Gosh Darn Pain in the Rear!  Here’s a brief outline for small to midsize US based online businesses.  May 25, 2018 passed and online commerce goes on!  After weeks of emails with new GDPR privacy policies are you wondering it it’s too late?  You’re not, and we’ve got something to help you.

What do you need to do now?

There is ample information about GDPR online.  You want straight forward, practical, easy to implement advice.  Here it is.  You have two options.  Block anyone with an EU based IP address from accessing your website or online services, a bit short sighted. Or, rather than eliminate a few hundred million potential customers, simply update to your Privacy Policy and take some simple steps to document how you deal with data.

Your simple steps to GDPR compliance.

1. Conduct a data audit.  Think about all the data you collect and use.  A big picture overview of what you do. You should look at what data you collect, legal reasons for collecting, how you use it, how you store it and for how long.  GDPR doesn’t just relate to digital! It covers paper files such as employment and credit applications, customer intake forms, etc.

2.  Create a flow chart on how data flows through your business from origin to deletion and who has access. This helps you find potential security risks.

3.  Use the flow chart to determine your data security and potential risks.  Look at both digital and physical security risks.

4.  Privacy Notices.  You must alert EU data subjects, such as customers, users, subscribers, employee, etc. about how you use their data.  Your notice can be ‘layered’ – a short notice for online forms, call centers, etc. with link primary policy.  You must provide the Privacy Notice at the time you collect data – before they hit the ‘submit’ button!

5.  Set up your policies for Privacy, Data Protection & Retention and Data Breach Policies.

6.  Train your staff.  Anyone collecting data must know the rules.

7. PIA =  Data Privacy Impact Assessment.  You must complete PIA before any project that involves “high risks to the rights and freedoms”, such as an email campaign relying on monitored use of your services or website. This is basically the first 3 steps above with a risk analysis.

8. Verify that third party vendors protect data – a use for that flood of emails from services you use.  Also review existing contracts with developers, consultants, or anyone with access to your data.

9.Keep good records!  Under GDPR you must ‘demonstrate’ compliance if ever an issue.

Your Simple DIY GDPR Privacy Policy Template and guidance.

Want a bit more guidance and detail.  We’ve created a basic GDPR compliant privacy policy template for small to mid-sized US based online businesses. In less than 10 minutes you can have an updated privacy policy on your website.  It includes additional guidance on the above steps and FAQs.  PS, for readers of this blog, it is on sale, $100 off until Friday.

For more in depth insight about legal issues effecting your business, sign up for our free newsletter.

Until then, Keep it Legit!

Bob

By

Are Smart Contracts Legal?

smart contracts
Photo by Aaron Burden on Unsplash

With all the buzz about Smart Contracts and Distributed Ledger technology, are they legit?

Yes, smart contracts are legal and enforceable!

Two laws paved the way for e-commerce and ensure smart contracts are legal and enforceable:

  • In 1999, 47 states adopted the Uniform Electronic Transactions Act (UETA), while NY, IL and WA enacted separate laws recognizing electronic signatures and agreements.  UETA ensures that electronic transactions and consequently smart contracts are equally enforceable as written contracts.  The law did NOT change existing contract law.  Rather, UETA validates contracts formed by electronic agents – computer programs used to conduct business electronically.  If you use an electronic agent (software, etc.) to form a contract you are legally bound by that contract.  Therefore, smart contracts are enforceable under UETA.
  • The US Electronic Signatures in Global and National Commerce (ESIGN) Act (2000) confirmed that electronic signatures were legally binding.  Again, IL, NY and WA opted out but enacted similar laws.  There are a few exceptions related to family law, court documents, termination of utilities, insurance, and foreclosures and evictions.
Therefore, UETA and ESIGN guarantee the validity of smart contracts. Most noteworthy, existing contract law still applies regarding formation, validity, and enforcement.
Arizona recently enacted laws recognizing smart contract.  Six more states (NY, NE, FL, TN, CA & IL)  introduced legislation to specifically recognize smart contracts.  These laws are redundant and NOT needed.

What makes a contract smart?

The ability to program some or the entire aspect of formation, performance, or enforcement provisions of an agreement, and then it occurs.  It does NOT have to include block chain.  Auto payment for bills and auto renewal of subscriptions are examples of smart contracts not using blockchain.
In simple terms, smart contracts consist of electronic information written in a database.  The blockchain is the electronic record of the transaction allowing all parties access – how you access or share the data.  The underlying distributed ledger is the data base.  When an agreed event in the transaction occurs the smart contract executes a process.  The distributed ledger provides added security because of built in storage redundancy through numerous nodes, encryption, and immutability.  The parties verifying each block in the blockchain immediately see any change to information or a transaction.  In addition, you can designate a blockchain as permission or non-permission (public or private) to accommodate all stakeholders in a transaction.
Furthermore, not all information must be digital.  ‘Hybrid’ smart contracts can incorporate written agreements while some aspects are automated, such as payment, authorization to release goods, etc.

Benefits of smart contracts:

  • Reduced costs by dealing directly with customers
  • Remove need for intermediaries “middlemen”
  • Reduce/eliminate bank fees and charges
  • Distributed ledger ensures no data loss or transaction delays in the event of computer failure, natural or man made disaster.

How can I start using smart contracts?

You probably will start by incorporating a smart contract to automate payments of the written contract. Similar to an escrow agent or Letter of Credit process but without the associated costs and fees.  For example, a smart contract would automate payment once the prerequisite is met.  Of course like any automated system or computer, Garbage In Garbage Out (GIGO) applies, so its important to ensure the data provided is accurate.  Furthermore, automation does not eliminate the risk of fraud by a party.

Transactions most suitable to smart contracts

If the agreement is based on an if – then scenario, then a smart contract is more efficient.

  • Most consumer and commercial transactions
  • Selling shares of stock
  • Paying dividends
  • Insurance contracts (loss payouts)
  • Supply chain and distribution

Smart contracts don’t work (at least for now) for:

  • Transactions where manual signatures or specific written notice legally required
  • Unilateral transactions
  • Wills
  • Trusts
  • Divorce & family law
  • Court documents
  • Termination of utilities, insurance
  • Evictions
  • Foreclosures

A hybrid smart contract may be address some parts of these transactions.

Blockchain, distributed ledgers and smart contracts will significantly change commerce.  This is a big, if not bigger than the internet.  And, it already has cats! (hint: Cyberkitties)

If you want more in depth insight about legal issues effecting your business, sign up for our free newsletter.

Until then, Keep it Legit!

Bob

By

Independent Contractor vs Employee, which are they?

Independent Contractor 1099Independent Contractor (1099) vs. Employee (W-2)

Entrepreneurs prefer to classify workers as independent contractors in the ‘gig economy’ to minimize taxes and liability.  As a result, startups want to know how to make sure someone is an independent contractor and not an employee.  Unfortunately, there is no quick and easy test.  However, if you get it wrong you might owe the IRS. In addition, if you are an independent contractor beware of the self-employment tax trap if using an LLC.

Just labeling someone an independent contractor does nothing.   So, what do you do?  Start by looking at how much you control the worker and job.  Do you provide space, tools, etc. and actively manage their work?  If so, they are likely an employee.  If you tell them what you want done and when but they control how they do it they are more likely independent contractor.  As a result, there are a 50 shades of grey in between.  Therefore, you ALWAYS should have a written independent contractor agreement.

Start with these 3 factors to show a worker is independent contractor.

There are three areas to focus on to see if a worker is independent contractor: Behavioral Control, Financial Control and Relationship.  This is based on how the IRS decides. The government starts with assumption that an employee = more taxes owed.

Behavioral Control looks at whether the business has the right, regardless if exercised, to direct and control the work. More control, more likely an employee.

  • What types of instructions do you give, broad or specific?
  • Who determines how to complete the work and what tools, equipment, office space, etc. to use?
  • How detailed are the instructions provided by business?
  • Does the business decide ‘how’ to do the work and its progress or just the finished work?
  • Does the business train the worker how to do the job or require training in procedures and methods, or does worker use own methods and procedures?

Financial Control: looks at whether the business directs or controls the financial aspects of the job.

  • Who pays for the equipment used?
  • Does the worker incur expenses, deduct as COGS or operating expenses on its financials?
  • Do you pay the worker a set hourly/weekly wage or a flat fee for the job?
  • Does the worker have a profit or risk of loss?
  • Is the worker an LLC, Corporation or Sole Proprietor?
  • Does the worker offer its services to the market?

Relationship: looks at how the business and worker view it.  A well drafted contract helps!

  • Does the written contract describe in detail the relationship the parties intend?
  • What is the nature of the worker’s services?  Are they a key to the business?
  • Does the contract address key aspects outlined above?
  • Does the business provide employee-type benefits – insurance, pension, paid vacation/sick time?
  • Is the relationship finite, limited to a project or fixed term or is does the relationship ongoing?

What if you get it wrong?   Claiming a worker is an independent contractor without a reasonable basis creates liability for the business and worker for non-payment of employment taxes (Withholding, FICA,Medicaid, SUTA, FUTA and state taxes) plus penalties and interest.  If you think have gotten it wrong, the IRS has a Voluntary Classification Settlement Program to reduce the taxes and penalties for certain businesses.

Obviously, the best method is to properly classify and document the relationship from the start with a well drafted contract.  Also as an independent contractor, a legal review of your agreement helps ensure you are fully protected and not an employee.

If you want more in depth insight about legal issues effecting your business, sign up for our free newsletter.

Until then, Keep it Legit!

Bob

By

Tax Cuts and Jobs Act highlights for entrepreneurs, owners and founders.

IRS District Director letterA less stressful tax season and lower taxes – welcome to 2018!Contrary to what you read in the press or tax and spend politicians tell you, for most of us the Tax Cuts and Jobs Act effective January 1, 2018, results in keeping more of your money.

Here are some of the key points for entrepreneurs, owners and founders.  Always consult a tax professional!

Corporate tax rate reduced to 21% freeing up more of YOUR money for investment, expansion, hiring, etc.

New deduction for pass-through business income reduces effective maximum tax rate to 29.6% versus new maximum individual rate of 37%.

Pass through individual deduction of  20% is available for certain income earned from a partnership, S corporation, wholly-owned disregarded LLCs or sole proprietorship subject to limitations.  Businesses with multiple owners need to provide additional information on the following for each owner:

  • The net income of your US business (excluding your compensation or guaranteed payments)
  • Dividends from a REIT that are taxable at ordinary income rates.
  • Investment income from dividends, short-term capital gains, long-term capital gains, and interest income not allocable to the business are excluded.
  • Income limitations if earn over $157,500 individually or $315,000 jointly.
  • Limits on service businesses (legal, accounting, and investment management services)
  • Deduction limited to greater of 50% of paid wages OR 25% of paid wages plus 2.5% of unadjusted cost basis of depreciable tangible business property.

Interest deductions limited to 30% percent of adjusted taxable income. Indefinite carry forward of interest in excess of 30%.

Bonus Depreciation extended to used property and may be fully expensed in year the property is placed in service until 2023.  Does not apply to structural improvements or to real property if you elect out of the 30% limitation on interest deductions

Section 179 Expense increased to $1 million.  Types of eligible property now include qualified improvement property and certain improvements to nonresidential real property.

Net Operating Losses deduction limited to 80%.  NOL carrybacks are eliminated but carry forward indefinitely.

Corporations’ Dividends Received Deduction reduced to 65% from more than 20% owned corporations and 50% for less than 20% owned corporations.  The 100% DRD for 80% owned corporations is not affected.

AMT for corporations repealed.

S Corp Conversions.  Easier transition rules for S corp conversion to C corp for next 2 years.  Requires same ownership on date of enactment and conversion.

Cash Method limit increased to average 3 year gross receipts than $25 million.

Long Term Contracts entered after 2017.  Requirement to use Percentage of Completion Method increased to  3 year average gross receipts under $25 million

Deduction for domestic production activities repealed.

No more parties!  No more deduction for entertainment, social club dues, etc. under Meals and Entertainment.

Deduction for employer provided commuting and transportation costs eliminated. 

Sorry, I am no longer deductible! Legal fees to defend violation or investigation of possible violation related to fines and penalties no longer deductible. Fines and penalties were never deductible.

The Hollywood and Politician Provision:  No deduction for settlement payments or attorney fees in connection with sexual harassment or abuse if the payments are subject to a nondisclosure agreement.  Will cost to keep it private!

No deduction for LOCAL lobbying or political expenditures, including Indian tribal governments.

No capital gains treatment for gain/loss from sale of self-created patents, inventions, models, designs, or secret formula or process.

US is more competitive with territorial system of international taxation. NO US federal income tax on foreign corporate subsidiaries, even if repatriate profits as dividends.  Think already seeing benefits of this!

These are just some of the key provision highlighted for entrepreneurs, owners and founders and those contemplating expansion in 2018.  Consult with your tax professional for specifics!

If you are starting a new business, be sure to carefully compare S corp election (or LLC) versus an C corporation.  Some considerations:

  • Estimates are that combined effective corporate (C) rate net to shareholder is roughly 38% based on 21% corporate rate and 20% tax on qualifying dividends.
  • The highest individual rate is now 37%, which applies to individual shareholders of S corps and individual members of LLCs making Subchapter S election.
  • So roughly a wash if you are in highest rate, except if you are at a lower individual rate.
  • Consider differences in allowed expenses, benefits and retirement options for C corp vs. S corp or LLC.
  • Consider deferring dividends for C corp and reinvest earnings to reduce current rate to 21% – great time to for expansion or asset acquisition. Plus lower long-term capital gains rate would further lower tax burden.
  • The new Section 199A pass-through business deduction could lower the effective rate for individuals from maximum 37%.
  • If you live an a state with high individual tax rates, the analysis changes.

Again, consult with your  CPA or accountant for on your specific tax situation.

If you are starting a business consult with an attorney that can help you maximize liability protection and minimize taxes.  Want more detailed explanations of legal issues effecting your business, sign up for our free newsletter to get more in depth analysis and insight.

Until then, Keep it Legit!

Bob

By

Mobile App or DApp legal checklist – Do this BEFORE you start selling!

Congratulations!  You finished your mobile App or DApp (Distributed App based on blockchain) and are ready to launch!

Before you begin selling your App or Dapp directly or through Google Play and Apple App Store, here is a short checklist of important legal considerations.

  • Do you have the proper entity set up for your company?  Read our post on S corp vs. LLC for active business.
  • Have you consulted with an accountant or CPA to minimize taxes in the event you have a windfall from sale of your App.
  • If you have partners in the company, do you have a founders, shareholders or operating agreement (LLC) in place?
  • Is the name of your App legally available and not infringing?  Have you done name/trademark search and due diligence?
  • Have you trademarked the name of your App and any logo?
  • Do you have Terms of Service/Use/End User Licensing Agreement (EULA)?  These should address user rights and obligations, limit your liability, protect your intellectual property, acceptable user conduct and banning users, as well as legal provisions addressing liability disclaimers, dispute resolution, applicable law, class action limitations, etc.
  • Do you have an adequate Privacy Policy?  This notifies users about the type of information you may collect, how you will use it, if you will share with any 3rd parties, and allow you to transfer on sale of the app or business.
  • Do you have an Infringement Policy (either as part of Terms of Service or separate)?  Under DMCA’s Safe Harbor provisions this protects you from copyright infringement claims based on user generated content.  Make sure you designate a registered agent with the US Copyright Office before December 31, 2017, if you have not.
  • Have you ensured compliance integrating with third party services?
  • Have you read and do you understand your rights and obligations listing your App with Google Play or the App Store?
  • Do you have Independent Contractor agreements with any developers or contributors that legally transfers all rights in intellectual property to your company?
  • Have you provided proper attribution/credit/source code for any open source software or code used?
  • Have you established bill users via PayPal, Stripe, or other payment provider?

Please sign up for my free newsletter if you want more detailed explanations of these and other legal issues effecting your business.   Just drop me an email me if you have any questions or topics you would like me to address in future posts.

Until then, Keep it Legit!

Bob

By

What are your risks using images from Google, Flickr, Instagram, Facebook, YouTube for your website, blog and marketing?

There are several risks associated with using what you think are ‘public domain’ images.  Just because you can download an image does not mean you can use it in your business.

So, where can you find images  without the risk of copyright infringement?

Five places to find legal images for your website, blog or marketing:

1. Public Domain images.

Entrepreneurs often wrongly assume any image they can download or copy is “Public Domain.”   Public Domain has specific legal meaning under US Copyright laws.  First, you can use Public Domain material, but you can never own it.  An interesting exception is you may create copyrights in a collection of public domain images on a website or in a book.  The protection for the collection as a whole is based on the creative aspect of choosing images and how arranged in the collection.  The images in the collection are still public domain and free for anyone to use.

How do images becomes ‘Public Domain’:

  • The copyright owner dedicates it to the public allowing anyone to use.
  • Copyright expired.  Anything pre-1923 is in public domain all copyrights expired.  For works between 1923 and 1977, it is complicated and requires research to determine if copyright active.  Since 1997, copyrights last 70 years after death they are still valid, unless,
  • Failure to follow copyright registration or renewal rules causes the image to become public domain.

Basically, unless you want to use a very old image, don’t assume it is public domain and do your homework on anything created after 1923!

2. Creative Commons licensed images.

This is the most commonly used and most commonly misunderstood!  Be careful when using a creative commons image or licensed work whether from FlickrFreeFoto, FreeImages, PhotoGen, Google Images, or other photo sites.  Your greatest risk is using an image uploaded by someone who does not own rights to the image but applies a Creative Commons license!  The typical scenario is you download an image, apply the Creative Commons license, then receive a notorious Getty Images demand letter.  But Bob, I used the Creative Commons license, how can this happen?

There is no independent verification by these sites that the person uploading the image owns it.  Although the terms of service normally prohibit uploading images you do not own, until the website receives a DCMA take down notice they are blissfully unaware.  This happens, a lot and you have no way of knowing until you received a Cease & Desist or demand letter from the true owner.    Creative Commons licenses do NOT protect you from copyright infringement claims.  The Creative Commons license agreements state they provide no warranties regarding licenses, they disclaim all liability for damages for use of Creative Commons licensed material, and they are not a party to their public licenses.

The Creative Commons licenses most used by businesses:

  • Attribution license:  Only requires attribution to the owner. You can use images with this license in new commercial works.
  • No Derivatives: Does NOT allow you create a derivative work from the licensed image, but you can use the image as is in new commercial works.

Use with Caution:

  • Share Alike:  You can use the image in a new commercial work, but you must apply the same Creative Commons license to your new work – so anyone is free to use as well – you are giving up your rights to your work.

Avoid:

  • No Derivatives Non-Commercial: You can not use the image in new commercial works.
  • Share Alike Non-Commercial:  You can not use the image in new commercial works.

Finally, Be careful of images promoted as “copyright-free.”  This term refers to royalty-free artwork, meaning you do not need to pay a royalty to the photographer, but it still is copyrighted and requires a license or attribution under Creative Commons to legally use.  Be sure to comply with the license requirement such as attribution or link back.

 3. Purchase license to use an image.

This is generally done through purchase from a stock photo company like Fotalia, ShutterStock, iStock, which have subscription or per photo charges.   Purchase the license that best suits your intended use.  Yes you are paying to use the image, but the cost is significantly less than defending an copyright infringement lawsuit! These also fall in the ‘Royalty-free” image description.  There are a few sites that have ‘free’ images if a link back is provided, if don’t want to purchase, such as: FreeFoto, FreeImages, PhotoGen and Flickr.  Always be sure you understand what is required before using!

4. Hire a professional photographer to create the images you need.

Be sure to review the contract or have an attorney draft a license agreement for you.  The law is can be confusing regarding ‘works for hire’ and which rights pass to you and the photographer retains.  A simple contract or edit to their contract  will ensure you own all the rights to images you commissioned.

5. Why don’t you take a picture!

You can simply take and use your own photos and video. The quality of smartphone cameras rivals many professional cameras, so use it for more than food porn! Like I did here.  I’m no Ansel Adams but I have no worries about copyright infringement.  Plus it’s more personal though not always easy to come up with photo ideas for legal subjects!

Recommendations:

  • NEVER simply copy and paste or download an image.
  • NEVER use an image unless you are certain you have an appropriate license or permission.
  • DON’T EVEN THINK ABOUT using an image someone posts on Instagram, Facebook, YouTube, Pinterest without confirming they took the photo and obtaining permission.
  • BEFORE you apply a Creative Commons license to something you created consult with an attorney!  Once you grant the Creative Commons license it is irrevocable, so understand what you are giving up!

A parting note.  Copyright does not protect short phrases or titles to books or movies.  Wait! Before you use “Star Wars” since it is just a “movie title”, remember it is protected by trademark!  I’ll explain the difference between trademarks and copyrights in an upcoming post.

My next newsletter is where you get the details and tips to keep your business legal.   The next one gives more detail about the Getty Images Demand letters and best practices for using online images, so sign up today if you want more tips on avoiding copyright infringement claims.  Feel free to email me if you have any questions or topics you would like me to address in future posts.

Until then, Keep it Legit!

Bob