Startups are but one species in a complex regulatory and public policy ecosystem. This ecosystem is larger and more powerfully dynamic than many founders appreciate, with distinct yet overlapping laws at the federal, state and local/city levels, all set against a vast array of public and private interests. Where startup founders see opportunity for disruption in regulated markets, lawyers counsel prudence: regulations exist to promote certain strongly-held public policy objectives which (unlike your startup’s business model) carry the force of law.

Although the canonical “ask forgiveness and not permission” approach taken by Airbnb and Uber circa 2009 might lead founders to conclude it is strategically acceptable to “move fast and break things” (including the law), don’t lose sight of the resulting lawsuits and enforcement actions. If you look closely at Airbnb and Uber today, each have devoted immense resources to building regulatory and policy teams, lobbying, public relations, defending lawsuits, while increasingly looking to work within the law rather than outside it – not to mention, in the case of Uber, a change in leadership as well.

Indeed, more recently, examples of founders and startups running into serious regulatory issues are commonplace: whether in healthcare, where CEO/Co-founder Conrad Parker was forced to resign from Zenefits and later fined approximately $500K; in the securities registration arena, where cryptocurrency startups Airfox and Paragon have each been fined $250K and further could be required to return to investors the millions raised through their respective ICOs; in the social media and privacy realm, where TikTok was recently fined $5.7 million for violating COPPA, or in the antitrust context, where tech giant Google is facing billions in fines from the EU.

Suffice it to say, regulation is not a low-stakes table game. In 2017 alone, according to Duff and Phelps, US financial regulators levied $24.4 billion in penalties against companies and another $621.3 million against individuals. Particularly in today’s highly competitive business landscape, even if your startup can financially absorb the fines for non-compliance, the additional stress and distraction for your team may still inflict serious injury, if not an outright death-blow.

The best way to avoid regulatory setbacks is to first understand relevant regulations and work to develop compliant policies and business practices from the beginning. This article represents a step in that direction, the fifth and final installment in Extra Crunch’s exclusive “Startup Law A to Z” series, following previous articles on corporate matters, intellectual property (IP), customer contracts and employment law.

Given the breadth of activities subject to regulation, however, and the many corresponding regulations across federal, state, and municipal levels, no analysis of any particular regulatory framework would be sufficiently complete here. Instead, the purpose of this article is to provide founders a 30,000-foot view across several dozen applicable laws in key regulatory areas, providing a “lay of the land” such that with some additional navigation and guidance, an optimal course may be charted.

The regulatory areas highlighted here include: (a) Taxes; (b) Securities; (c) Employment; (d) Privacy; (e) Antitrust; (f) Advertising, Commerce and Telecommunications; (g) Intellectual Property; (h) Financial Services and Insurance; and finally (i) Transportation, Health and Safety.

Of course, some regulations may touch on multiple regulatory areas, for example, the “Fair Credit Reporting Act” is a law ultimately about privacy, but it impacts many financial and employment-related services as well. Certain laws may therefore be cross-listed in more than one regulatory area. Also, since we can’t look at every U.S. state and city, this article will focus primarily on the federal and California state laws.

After you focus on the particular regulatory areas that may implicate your business, next reference the short quotations and links to relevant primary and secondary sources below, then work to identify the specific compliance risks you face. This is where other Extra Crunch resources can help. For example, the Verified Experts of Extra Crunch include some of the most experienced and skilled startup lawyers in practice today. Use these profiles to identify attorneys who are focused on serving companies at your particular stage and then seek out any further guidance you need to address the regulatory matters pertinent to your startup.

With that as context, the Startup Law A to Z – Regulatory Compliance checklist is below:

---

Taxes

• Federal
  • Federal Employer Number
  • Income Tax
  • Estimated Taxes
  • Self-Employment Tax
  • Employment Taxes
  • Excise Tax
  • Internal Revenue Code Rule 409A
  • Internal Revenue Code Section 422 and 423
  • Internal Revenue Code Section 83(b)
• California
  • State Employer Number
  • Foreign Qualification
  • Franchise and Income Tax
  • Sales and Use Taxes
  • Special Taxes and Fees

Securities

• Federal
  • Securities Act of 1933
  • Securities Exchange Act of 1934
  • Jumpstart Our Business Startups Act of 2012
  • Internal Revenue Code Rule 409A
  • Internal Revenue Code Section 422 and 423
  • Internal Revenue Code Section 83(b)
• California
  • Corporate Securities Law of 1968

Employment

• Federal
  • Affordable Care Act
  • Age Discrimination in Employment Act of 1967 (ADEA)
  • Americans with Disabilities Act of 1990 (ADA)
  • Civil Rights Act of 1964
  • COBRA Requirements
  • Employee Retirement Income Security Act of 1974 (ERISA)
  • Equal Pay Act of 1963
  • Federal Fair Labor Standards Act (FLSA)
  • Genetic Information Nondiscrimination Act
  • Immigration Reform and Control Act
  • National Labor Relations Act
  • Pregnancy Discrimination Act
• California
  • Disabled Persons Act
  • Fair Employment and Housing Act
  • Family Rights Act
  • New Parent Leave Act
  • Unruh Civil Rights Act
  • Worker’s Compensation Insurance (Cal. Labor Code Section 3700)

Privacy

• Federal
  • Federal Trade Commission Act
  • Children’s Online Privacy Protection Act (COPPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology Act (HITECH)
  • Fair Credit Reporting Act
  • Gramm-Leach-Bliley Act
• California:
  • Consumer Privacy Act of 2018
  • Online Privacy Protection Act of 2003 (Cal-OPPA)
  • Confidentiality of Medical Information Act
  • Consumer Credit Reporting Agencies Act
  • Electronic Eavesdropping, Invasion of Privacy Act
  • Insurance Information and Privacy Protection Act
  • Privacy Rights for California Minors in the Digital World
  • Shine the Light Law
  • Student Online Personal Information Protection Act
• International:
  • GDPR

Antitrust

• Federal
  • Clayton Act
  • Robinson-Patman Act
  • Sherman Act
• California
  • Cartwright Act

Advertising, Commerce and Telecommunications

• Federal
  • Federal Trade Commission Act
  • Clarifying Lawful Overseas Use of Data Act
  • Communications Decency Act, Section 230
  • Computer Fraud and Abuse Act
  • Controlling Assault of Non-Solicited Pornography & Marketing Act (CAN-SPAM)
  • Electronic Communications Privacy Act
  • Export Administration Regulations
  • Restore Online Shoppers’ Confidence Act
  • Telecommunications Act
• California
  • Consumers Legal Remedies Act
  • Unfair Competition Law
  • Comprehensive Computer Data Access and Fraud Act

Intellectual Property

• Federal
  • Anticybersquatting Consumer Protection Act
  • Copyright Act, Copyright Revision Act of 1976
  • Digital Millennium Copyright Act
  • Defend Trade Secrets Act of 2016
  • Economic Espionage Act of 1996
  • Electronic Communications Privacy Act of 1986 (ECPA)
  • Prioritizing Resources and Organization for Intellectual Property Act of 2008
  • Lanham (Trademark) Act of 1946
  • Leahy-Smith America Invents Act
  • No Electronic Theft Act
  • Patent Act
• California
  • Uniform Trade Secrets Act

Financial Services and Insurance

• Federal
  • Gramm-Leach-Bliley Financial Modernization Act
  • Dodd-Frank Act
  • Fair and Accurate Credit Transactions Act
  • Fair Credit Reporting Act
  • Financial Industry Regulatory Authority
  • Sarbanes-Oxley Act of 2002
  • Unlawful Internet Gambling Enforcement Act of 2006
• California
  • Financial Information Privacy Act
  • Song-Beverly Credit Card Act of 1971

Transportation, Health & Safety

• Federal
  • Department of Transportation Act
  • Federal Food, Drug, and Cosmetic Act
• California
  • Confidentiality of Medical Information Act
  • Public Utilities Act

Before diving into further detail, it may be helpful for some readers to note the distinction between a law and a regulation. Simply put, regulations provide more detailed direction on how certain laws should be followed. So regulations are not technically laws, but they carry the force of law (including penalties for violation), since they are adopted by governmental agencies under authority granted by statute. Beyond that, understanding how laws and regulations are actually enacted is helpful to illustrate the extent to which the process is politically driven.

In the U.S., a bill must first pass both legislative branches of government, then, if signed by the executive branch, it will be codified in statute as law (Schoolhouse Rock anyone?). Once codified, the legislative branch will authorize the relevant executive department or agency to determine whether specific regulations are necessary to give the law effect. If so, those executive departments or agencies will determine what further rules are needed, and in turn, work to enforce them.

At the federal level, for example, proposed regulations are developed first through a “Notice of Proposed Rulemaking,” listed in the Federal Register and filed in the corresponding executive agency’s official docket (available at Regulations.gov). This affords the public an opportunity to comment on the regulations. After receiving comments, the filing agency may revise the proposed regulation before final rules are issued, which again will be published in the Federal Register and then filed in the agency’s official docket at Regulations.gov, before they are codified in the Code of Federal Regulations (CFR).

At nearly every step in this process then, institutions, government, and interest groups are working – sometimes at cross purposes – to shape what the law will be and how it will impact your startup.

The Startup Law A to Z – Regulatory Compliance reference guide is below:

---

A. TAXES

1. Federal:

   Federal Employer Number: From the IRS, “An Employer Identification Number (EIN) is also known as a Federal Tax Identification Number, and is used to identify a business entity. Generally, businesses need an EIN. You may apply for an EIN in various ways, and now you may apply online.”

   Income Tax: From the IRS, “All businesses except partnerships must file an annual income tax return. Partnerships file an information return. The form you use depends on how your business is organized. Refer to Business Structures to find out which returns you must file based on the business entity established. The federal income tax is a pay-as-you-go tax. You must pay the tax as you earn or receive income during the year. An employee usually has income tax withheld from his or her pay. If you do not pay your tax through withholding, or do not pay enough tax that way, you might have to pay estimated tax. If you are not required to make estimated tax payments, you may pay any tax due when you file your return.”

   Estimated Taxes: From the IRS, “Taxes must be paid as you earn or receive income during the year, either through withholding or estimated tax payments. If the amount of income tax withheld from your salary or pension is not enough, or if you receive income such as interest, dividends, alimony, self-employment income, capital gains, prizes and awards, you may have to make estimated tax payments. If you are in business for yourself, you generally need to make estimated tax payments. Estimated tax is used to pay not only income tax, but other taxes such as self-employment tax and alternative minimum tax. If you don’t pay enough tax through withholding and estimated tax payments, you may be charged a penalty. You also may be charged a penalty if your estimated tax payments are late, even if you are due a refund when you file your tax return.”

   Self-Employment Tax: From the IRS, “Self-employment tax (SE tax) is a social security and Medicare tax primarily for individuals who work for themselves. Your payments of SE tax contribute to your coverage under the social security system. Social security coverage provides you with retirement benefits, disability benefits, survivor benefits, and hospital insurance (Medicare) benefits. Generally, you must pay SE tax and file Schedule SE (Form 1040) if your net earnings from self-employment were $400 or more.”

   Employment Taxes: From the IRS, “When you have employees, you as the employer have certain employment tax responsibilities that you must pay and forms you must file. Employment taxes include the following: (1) Social security and Medicare taxes; (2) Federal income tax withholding; (3) Federal unemployment (FUTA) tax.” As noted before in “Startup Law A to Z: Employment Law,” given this complexity, startups should generally hire a payroll provider to help manage the process, such as ADP, Gusto, Paychex, or Quickbooks.

   Excise Tax: From the IRS, “Certain additional excise taxes are levied in the event that you: (1) manufacture or sell certain products; (2) operate certain kinds of businesses; (3) use various kinds of equipment, facilities, or products; (4) receive payment for certain services. Form 720 is used to report: (a) Environmental taxes; (b) communications and air transportation taxes; (c) fuel taxes; (d) tax on the first retail sale of heavy trucks, trailers, and tractors; and (d) manufacturers taxes on the sale or use of a variety of different articles. Form 730 may be applicable if you are in the business of accepting wagers or conducting a wagering pool or lottery; while Form 11-C is used to register for any wagering activity and to pay the federal occupational tax on wagering.”

   Internal Revenue Code Rule 409A: See “Securities – Federal” below.

   Internal Revenue Code Section 422 and 423: See “Securities – Federal” below

   Internal Revenue Code Section 83(b): See “Securities – Federal” below

2. California

   State Employer Number: From the California EDD, “If you operate a business and employ one or more employees, you must register as an employer with the Employment Development Department (EDD) when you pay wages in excess of $100 in a calendar quarter. If you are a household employer of one or more household workers, you must register with the EDD when you pay cash wages of $750 or more in a calendar quarter.”

   Foreign Qualification: From the California Secretary of State, “Before transacting intrastate business in California the business must first qualify/register with the California Secretary of State. Transacting intrastate means: as entering into repeated and successive transactions of its business in this state, other than interstate or foreign commerce.”

   Franchise and Income Tax: From Nolo, “California has a franchise tax, a corporate income tax, and an alternative minimum tax. Your business may be subject to one or more of these taxes depending on both its amount of taxable income and its legal form. Additionally, if income from your business passes through to you personally, that income will be subject to taxation on your personal state tax return.”

   Sales and Use Taxes: From California’s Department of Tax and Fee Administration, “Retailers engaged in business in California must register with the California Department of Tax and Fee Administration (CDTFA) and pay the state’s sales tax, which applies to all retail sales of goods and merchandise except those sales specifically exempted by law. The use tax generally applies to the storage, use, or other consumption in California of goods purchased from retailers in transactions not subject to the sales tax. Use tax may also apply to purchases shipped to a California consumer from another state, including purchases made by mail order, telephone, or Internet. The sales and use tax rate in a specific California location has three parts: the state tax rate, the local tax rate, and any district tax rate that may be in effect. State sales and use taxes provide revenue to the state’s General Fund, to cities and counties through specific state fund allocations, and to other local jurisdictions.”

   Special Taxes and Fees: From California’s Department of Tax and Fee Administration, “The Business Tax and Fee Division administers over 30 special tax and fee programs that encompass a broad range of activities and transactions. Some receipts are allocated to the state’s General Fund. Other special taxes and fees fund specific state services, from highway construction to recycling programs. The Business Tax and Fee Division administers most of the special tax and fee programs in cooperation with other state agencies.”

B. SECURITIES

1. Federal

   Securities Act of 1933: From the SEC, “The Securities Act of 1933 has two basic objectives: (1) require that investors receive financial and other significant information concerning securities being offered for public sale; and (2) prohibit deceit, misrepresentations, and other fraud in the sale of securities. A primary means of accomplishing these goals is the disclosure of important financial information through the registration of securities. Investors who purchase securities and suffer losses have important recovery rights if they can prove that there was incomplete or inaccurate disclosure of important information. Not all offerings of securities must be registered with the Commission. Some exemptions from the registration requirement include: (1) private offerings to a limited number of persons or institutions; (2) offerings of limited size; and (3) intrastate offerings.  For more, see “Startup Law A to Z: Corporate Matters.”

   Securities Exchange Act of 1934: From the SEC, “Securities Exchange Act of 1934 created the Securities and Exchange Commission [and empowers it] with broad authority over all aspects of the securities industry. This includes the power to register, regulate, and oversee brokerage firms, transfer agents, and clearing agencies as well as the nation’s securities self regulatory organizations, such as the New York Stock Exchange, the NASDAQ Stock Market, and the Chicago Board of Options, [as well as] the Financial Industry Regulatory Authority (FINRA). The Act also identifies and prohibits certain types of conduct in the markets and provides the Commission with disciplinary powers over regulated entities and persons associated with them. The Act also empowers the SEC to require periodic reporting of information by companies with publicly traded securities.

   Jumpstart Our Business Startups Act of 2012: From the SEC, “The JOBS Act aims to help businesses raise funds in public capital markets by minimizing regulatory requirements. The Act required the SEC to write rules and issue studies on capital formation, disclosure, and registration requirements.”

   Internal Revenue Code Rule 409A: From the law firm Fenwick and West, “Section 409A of the Internal Revenue Code requires the holder of an option having an exercise price below FMV at the time of grant to recognize taxable income equal to the spread between the exercise price and the FMV of shares as they vest. Thus, the optionholder will be taxed on income the optionholder does not actually receive, from shares that may not then even be saleable. Further, in addition to regular federal income and employment taxes, an additional 20%+ federal tax will apply. Certain states (for example, California) may have parallel statutes that in addition to their regular income and employment taxes can impose an additional 20%+ state tax. With respect to employees the company is required to withhold these taxes, and if it fails to do so, then it could be liable for these taxes plus penalties and interest. Although options that qualify as Incentive Stock Options (ISOs) under Section 422 of the Code are not technically subject to Section 409A (because by definition the exercise price of an ISO is at least equal to FMV at the time of grant), companies are advised to consider obtaining Section 409A valuations even when granting ISOs.”  For more, see “Startup Law A to Z: Corporate Matters.”

   Internal Revenue Code Section 422 and 423: From the IRS, “If you receive an option to buy stock as payment for your services, you may have income when you receive the option, when you exercise the option, or when you dispose of the option or stock received when you exercise the option. There are two types of stock options: (1) Options granted under an employee stock purchase plan or an incentive stock option (ISO) plan are statutory stock options; (2) Stock options that are granted neither under an employee stock purchase plan nor an ISO plan are nonstatutory stock options. If your employer grants you a statutory stock option, you generally don’t include any amount in your gross income when you receive or exercise the option. If your employer grants you a nonstatutory stock option, the amount of income to include and the time to include it depends on whether the fair market value of the option can be readily determined.” For more, see “Startup Law A to Z: Corporate Matters.”

   Internal Revenue Code Section 83(b): From the law firm Cooley, LLP,  “So what is a Section 83(b) election?  It’s a letter you send to the Internal Revenue Service letting them know you’d like to be taxed on your equity, such as shares of restricted stock, on the date the equity was granted to you rather than on the date the equity vests. It’s important to note here that Section 83(b) elections are applicable only for stock that is subject to vesting, since grants of fully vested stock will be taxed at the time of the grant.” For more, see “Startup Law A to Z: Corporate Matters.”

2. California

   Corporate Securities Law of 1968: From the CA Department of Business Oversight, “The Corporate Securities Law of 1968 regulates all offers and sales of securities in California. All securities offered or sold must be either qualified with the Commissioner of Corporations or exempted from registration by a specific Rule of the Commissioner or specific law. Exemptions from qualification do not limit issuer liability for fraud, either criminally or civilly, but instead merely exempt the offer or sale from the cost and formalities of qualification with the Commissioner. While federally the Securities Act of 1933 and Securities Exchange Act of 1934 are separate laws dealing with the issuance and secondary sales of securities, respectively, the Corporate Securities Law of 1968 regulates offers and sales of securities from both issuers and secondary sellers. Like federal securities laws and the blue sky laws of other states, the Corporate Securities Law of 1968 is intended to protect the public from fraud and deception in transactions involving securities. The Corporate Securities Law of 1968 achieves this regulation in part by providing statutory remedies in addition to common law remedies for those damaged in securities transactions which violate the Corporate Securities Law of 1968.”

C. EMPLOYMENT

1. Federal

   Affordable Care Act: From Gusto, “The ACA [is] meant to help people access more affordable medical coverage. It mandates how carriers, employers, individuals, and other entities can make health insurance more accessible. For small business owners, the employer mandate is where much of that responsibility lies. The mandate requires companies to offer full and affordable health insurance if they have 50 or more full-time equivalents on staff. If you don’t stick to the rules, you’ll have to pay the IRS a fine called the shared responsibility payment.”

   Age Discrimination in Employment Act of 1967: From the US Equal Employment Opportunity Commission, “This law protects people who are 40 or older from discrimination because of age. The law also makes it illegal to retaliate against a person because the person complained about discrimination, filed a charge of discrimination, or participated in an employment discrimination investigation or lawsuit.”

   Americans with Disabilities Act of 1990: From the US Equal Employment Opportunity Commission, “This law makes it illegal to discriminate against a qualified person with a disability in the private sector and in state and local governments. The law also makes it illegal to retaliate against a person because the person complained about discrimination, filed a charge of discrimination, or participated in an employment discrimination investigation or lawsuit. The law also requires that employers reasonably accommodate the known physical or mental limitations of an otherwise qualified individual with a disability who is an applicant or employee, unless doing so would impose an undue hardship on the operation of the employer’s business.”

   Civil Rights Act of 1964: From the US Equal Employment Opportunity Commission, “This law makes it illegal to discriminate against someone on the basis of race, color, religion, national origin, or sex. The law also makes it illegal to retaliate against a person because the person complained about discrimination, filed a charge of discrimination, or participated in an employment discrimination investigation or lawsuit. The law also requires that employers reasonably accommodate applicants’ and employees’ sincerely held religious practices, unless doing so would impose an undue hardship on the operation of the employer’s business.”

   COBRA Requirements: From the US Department of Labor, “The Consolidated Omnibus Budget Reconciliation Act (COBRA) gives workers and their families who lose their health benefits the right to choose to continue group health benefits provided by their group health plan for limited periods of time under certain circumstances such as voluntary or involuntary job loss, reduction in the hours worked, transition between jobs, death, divorce, and other life events. Qualified individuals may be required to pay the entire premium for coverage up to 102 percent of the cost to the plan. COBRA generally requires that group health plans sponsored by employers with 20 or more employees in the prior year offer employees and their families the opportunity for a temporary extension of health coverage (called continuation coverage) in certain instances where coverage under the plan would otherwise end. COBRA outlines how employees and family members may elect continuation coverage. It also requires employers and plans to provide notice.”

   Employee Retirement Income Security Act of 1974: From the US Department of Labor, “ERISA is a federal law that sets minimum standards for most voluntarily established retirement and health plans in private industry to provide protection for individuals in these plans. ERISA requires plans to provide participants with plan information including important information about plan features and funding; sets minimum standards for participation, vesting, benefit accrual and funding; provides fiduciary responsibilities for those who manage and control plan assets; requires plans to establish a grievance and appeals process for participants to get benefits from their plans; gives participants the right to sue for benefits and breaches of fiduciary duty; and, if a defined benefit plan is terminated, guarantees payment of certain benefits through a federally chartered corporation, known as the Pension Benefit Guaranty Corporation (PBGC).”

   Equal Pay Act of 1963: From the US Equal Employment Opportunity Commission, “This law makes it illegal to pay different wages to men and women if they perform equal work in the same workplace. The law also makes it illegal to retaliate against a person because the person complained about discrimination, filed a charge of discrimination, or participated in an employment discrimination investigation or lawsuit.”

   Federal Fair Labor Standards Act (FLSA): From the US Department of Labor, “The FLSA establishes minimum wage, overtime pay, recordkeeping, and youth employment standards affecting employees in the private sector and in Federal, State, and local governments. Covered nonexempt workers are entitled to a minimum wage of not less than $7.25 per hour effective July 24, 2009. Overtime pay at a rate not less than one and one-half times the regular rate of pay is required after 40 hours of work in a workweek.”

   Genetic Information Nondiscrimination Act: From the US Equal Employment Opportunity Commission, “This law makes it illegal to discriminate against employees or applicants because of genetic information. Genetic information includes information about an individual’s genetic tests and the genetic tests of an individual’s family members, as well as information about any disease, disorder or condition of an individual’s family members (i.e. an individual’s family medical history). The law also makes it illegal to retaliate against a person because the person complained about discrimination, filed a charge of discrimination, or participated in an employment discrimination investigation or lawsuit.”

   Immigration Reform and Control Act: From the US Citizenship and Immigration Services, “This law prohibits employers from hiring and employing an individual for employment in the US. knowing that the individual is not authorized with respect to such employment. Employers also are prohibited from continuing to employ an individual knowing that he or she is unauthorized for employment. This law also prohibits employers from hiring any individual, including a US citizen, for employment in the US without verifying his or her identity and employment authorization on Form I-9.”

   National Labor Relations Act of 1935: From the National Labor Relations Board, “[This law was passed to] protect the rights of employees and employers, to encourage collective bargaining, and to curtail certain private sector labor and management practices, which can harm the general welfare of workers, businesses and the U.S. economy.”

   Pregnancy Discrimination Act: From the US Equal Employment Opportunity Commission, “This law amended Title VII to make it illegal to discriminate against a woman because of pregnancy, childbirth, or a medical condition related to pregnancy or childbirth. The law also makes it illegal to retaliate against a person because the person complained about discrimination, filed a charge of discrimination, or participated in an employment discrimination investigation or lawsuit.”

2. California

   Disabled Persons Act: From the CA Department of Fair Employment and Housing, “[Under the Disabled Persons Act], disability discrimination occurs when an employer treats a qualified employee or applicant unfavorably because she has a disability. It is also unlawful to treat a qualified employee or applicant less favorably because of a history of disability, because of the employer’s belief that the individual may have a disability, or because of the individual’s relationship with a person with a disability. The law also requires an employer to provide reasonable accommodation to an employee or job applicant with a disability, unless doing so would cause significant difficulty or expense for the employer.

   Fair Employment and Housing Act: From the CA Department of Fair Employment and Housing, “FEHA applies to public and private employers, labor organizations and employment agencies. It is illegal for employers of five or more employees to discriminate against job applicants and employees because of a protected category, or retaliate against them because they have asserted their rights under the law. The FEHA prohibits harassment based on a protected category against an employee, an applicant, an unpaid intern or volunteer, or a contractor. Harassment is prohibited in all workplaces, even those with fewer than five employees.”

   Family Rights Act: From the CA Department of Fair Employment and Housing, “CFRA requires employers of 50 or more employees to provide job-protected leave for the birth of a child, for placement of a child in the employee’s family for adoption or foster care, for the serious health condition of the employee’s child, parent, or spouse, and for the employee’s own serious health condition.”

   New Parent Leave Act: From the CA Department of Fair Employment and Housing, “NPLA requires employers of 20 or more employees to provide eligible employees job-protected leave for the birth of a child or the placement of a child for adoption or foster care. Employers of five or more employees must provide up to four months disability leave for an employee who is disabled due to pregnancy, childbirth, or a related medical condition. Employers of 50 or more employees are required to provide sexual harassment training to supervisory employees, and DFEH accepts complaints when a person believes that an employer has not complied with these training and education requirements.”

   Unruh Civil Rights Act: From the CA Department of Fair Employment and Housing, “The Unruh Civil Rights Act specifically outlaws discrimination in housing and public accommodations based on sex, race, color, religion, ancestry, national origin, disability, medical condition, genetic information, marital status, or sexual orientation. While the Unruh Civil Rights Act specifically lists “sex, race, color, religion, ancestry, national origin, disability, medical condition, genetic information, marital status, or sexual orientation” as protected classes, the California Supreme Court has held that protections under the Unruh Act are not necessarily restricted to these characteristics. The Act is meant to cover all arbitrary and intentional discrimination by a business establishment on the basis of personal characteristics similar to those listed above.”

   Worker’s Compensation Insurance (Cal. Labor Code Section 3700): From the CA Department of Industrial Relations, “California employers are required by law to have workers’ compensation insurance, even if they have only one employee. And, if your employees get hurt or sick because of work, you are required to pay for workers’ compensation benefits. Workers’ comp insurance provides basic benefits, including medical care, temporary disability benefits, permanent disability benefits, supplemental job displacement benefits and a return-to-work supplement, and death benefits.”

D. PRIVACY

1. Federal

   Federal Trade Commission Act: From the US Federal Trade Commission, “The Federal Trade Commission Act is the primary statute of the Commission. Under this Act, as amended, the Commission is empowered, among other things, to (a) prevent unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce; (b) seek monetary redress and other relief for conduct injurious to consumers; (c) prescribe rules defining with specificity acts or practices that are unfair or deceptive, and establishing requirements designed to prevent such acts or practices; (d) gather and compile information and conduct investigations relating to the organization, business, practices, and management of entities engaged in commerce; and (e) make reports and legislative recommendations to Congress and the public. A number of other statutes listed here are enforced under the FTC Act.”

   Children’s Online Privacy Protection Act: From the US Federal Trade Commission, “COPPA protects children’s privacy by giving parents tools to control what information is collected from their children online. The Act requires the Commission to promulgate regulations requiring operators of commercial websites and online services directed to children under 13 or knowingly collecting personal information from children under 13 to: (a) notify parents of their information practices; (b) obtain verifiable parental consent for the collection, use, or disclosure of children’s personal information; (c) let parents prevent further maintenance or use or future collection of their child’s personal information; (d) provide parents access to their child’s personal information; (e) not require a child to provide more personal information than is reasonably necessary to participate in an activity; and (f) maintain reasonable procedures to protect the confidentiality, security, and integrity of the personal information. In order to encourage active industry self-regulation, the Act also includes a “safe harbor” provision allowing industry groups and others to request Commission approval of self-regulatory guidelines to govern participating websites’ compliance with the Rule.”

   Health Insurance Portability and Accountability Act: From the US Department of Health and Human Services, “HIPAA included Administrative Simplification provisions that required national standards for electronic health care transactions and code sets, unique health identifiers, and security. At the same time, Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information. The Privacy Rule set national standards for the protection of individually identifiable health information by three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct the standard health care transactions electronically.  

   The Security Rule sets national standards for protecting the confidentiality, integrity, and availability of electronic protected health information. The Enforcement Rule provides standards for the enforcement of all the Administrative Simplification Rules.”

   Health Information Technology Act: From the US Federal Trade Commission, “HITECH directs the FTC to issue a rule requiring certain entities that obtain consumers’ personal information but are not subject to the Health Insurance Portability & Accountability Act (“HIPAA”), such as many vendors of personal health records and third party service providers, to notify affected individuals and the FTC (which notifies the Secretary of Health and Human Services) in the event of a data breach or inadvertent disclosure of unsecured identifiable health information in personal health records.

   Fair Credit Reporting Act: From the US Federal Trade Commission, “FCRA protects information collected by consumer reporting agencies such as credit bureaus, medical information companies and tenant screening services. Information in a consumer report cannot be provided to anyone who does not have a purpose specified in the Act. Companies that provide information to consumer reporting agencies also have specific legal obligations, including the duty to investigate disputed information. In addition, users of the information for credit, insurance, or employment purposes must notify the consumer when an adverse action is taken on the basis of such reports.” NOTE: The Fair and Accurate Credit Transactions Act added many provisions to this Act primarily relating to record accuracy and identity theft. The Dodd-Frank Act transferred to the Consumer Financial Protection Bureau most of the rulemaking responsibilities added to the FCRA by the Fair and Accurate Credit Transactions Act and the Credit CARD Act, but the FTC retains all its enforcement authority.

   Gramm-Leach-Bliley Act: From the Federal Trade Commission, “The Gramm-Leach-Bliley Act requires the FTC, along with the Federal banking agencies and other regulators, to issue regulations ensuring that financial institutions protect the privacy of consumers’ personal financial information. Such institutions must develop and give notice of their privacy policies to their own customers at least annually (except where exempted), and before disclosing any consumer’s personal financial information to an unaffiliated third party, and must give notice and an opportunity for that consumer to “opt out” from such disclosure. The Act also limits the sharing of account number information for marketing purposes and prohibits obtaining customer information of a financial institution by false pretenses. The FTC enforces these provisions with regard to entities not specifically assigned by the provision to the Federal banking agencies or other regulators.”

2. California

   Consumer Privacy Act of 2018: From the CA Department of Justice, “The CPA grants consumers new rights with respect to the collection of their personal information. The regulations aim to establish procedures to facilitate consumers’ rights under the CCPA and provide guidance to businesses for how to comply.” Effective January 1, 2020, some of these rights will include: (a) transparency as to the data collected on users, made available at least twice a year, free of charge; (b) ability to restrict the sale of data to third-parties; and (c) ability to delete data; and (d) ability to sue in the event user data is stolen or disclosed in an unauthorized data breach, if the business was careless or negligent in protecting user data.

   California Online Privacy Protection Act: (Cal-OPPA): From the CA Department of Justice, “[Cal-OPPA] requires operators of commercial web sites or online services that collect personal information on California consumers through a web site to conspicuously post a privacy policy on the site and to comply with its policy. The privacy policy must, among other things, identify the categories of personally identifiable information collected about site visitors and the categories of third parties with whom the operator may share the information. The privacy policy must also provide information on the operator’s online tracking practices. An operator is in violation for failure to post a policy within 30 days of being notified of noncompliance, or if the operator either knowingly and willfully or negligently and materially fails to comply with the provisions of its policy.”

   Confidentiality of Medical Information Act: From the CA Department of Justice, “This law puts limits on the disclosure of patient medical information by medical providers, health plans, pharmaceutical companies, and many businesses organized for the purpose of maintaining medical information. It specifically prohibits many types of marketing uses and disclosures. It requires an electronic health or medical record system to protect the integrity of electronic medical information and to automatically record and preserve any change or deletion.”

   Consumer Credit Reporting Agencies Act: From the CA Department of Justice, “This law, the state counterpart of the federal Fair Credit Reporting Act, regulates consumer credit reporting agencies. It requires them, among other things, 1) to provide free copies of credit reports to consumers who have been denied credit or who are identity theft victims, 2) to block information that appears on a report as the result of identity theft, 3) to place security alerts or freezes on the files of consumers who request them,including freezes on the files of children under the age of 16 upon the request of an authorized representative,and 4) to provide, for a reasonable fee, credit score information to consumers who request it. The law provides consumer credit reporting agencies with specific permission for the disclosure of public record information lawfully obtained from an open public record, to the extent otherwise permitted by law. It also prohibits the use of consumer credit reports for employment purposes, with certain exceptions.”  NOTE: see also, information from California Employment Law Report about the Investigative Consumer Reporting Agencies Act, which “regulates the activities of those who collect and communicate information for investigative reports [e.g., background checks] on consumers for third parties such as employers, insurance companies and landlords.”

   Electronic Eavesdropping, Invasion of Privacy Act:  From the CA Department of Justice, “Among other things, this law prohibits, with exceptions, electronic eavesdropping on or recording of private communications by telephone, radio telephone, cellular radio telephone, cable or any other device or in any other manner. Violation can result in penalties of up to $10,000 and imprisonment in county jail or state prison for up to one year. It prohibits cable TV and satellite TV operators from monitoring or recording conversations in a subscriber’s residence, or from sharing individually identifiable information on subscriber viewing habits or other personal information without written consent.”

   Insurance Information and Privacy Protection Act: From the CA Department of Justice, “This law sets standards for the collection, use and disclosure of personal information gathered in connection with insurance transactions by insurance companies, agents or insurance-support organizations. It generally prohibits disclosure of personal or privileged information collected or received in connection with an insurance transaction unless the disclosure (1) is authorized in writing by the individual or (2) is necessary for conducting business. The individual must be given an opportunity to opt-out of disclosure for marketing purposes.”

   Privacy Rights for California Minors in the Digital World: From the CA Department of Justice, “This Digital Privacy Rights for Minors law prohibits an operator of a website or online service directed to minors (California residents under 18) from marketing to minors products or services that the minors are legally prohibited from buying. The law also prohibits a website or online service from allowing a third party to market prohibited products to minors, or to share with a third-party the personal information of a minor so the third party can market or advertise prohibited products or services to minors. The law also applies these prohibitions to an advertising service that knows an operator’s site or service is directed to a minor. The law allows a minor, who is a registered user of the operator’s site or service, to request and obtain removal of his or her content, with exceptions.” For more, see this article from Cooley LLP.

   Shine the Light Law: From the CA Department of Justice, “This law lets consumers learn how their personal information is shared by companies for marketing purposes and encourages businesses to let their customers opt-out of such information sharing. In response to a customer request, a business must provide either: (1) a list of the categories of personal information disclosed to other companies for their marketing purposes during the preceding calendar year, with the names and addresses of those companies, OR (2) a privacy statement giving the customer a cost-free opportunity to opt-out of such information sharing.”

   Student Online Personal Information Protection Act: From the CA Department of Justice, “SOPIPA restricts the use and disclosure of information about K-12 students. It prohibits operators of websites or online services used primarily and designed and marketed for K-12 school purposes from using information gathered from their sites or services to target advertising to or amass profiles on K-12 students, except in furtherance of a K-12 school purpose, as defined. It also prohibits such operators from selling students’ information or, except in certain special circumstances, disclosing covered information. It requires operators to use reasonable and appropriate security practices to protect the covered information from unauthorized access or use, and to delete a student’s covered information at the controlling school or district’s request.”

3. International

   EU General Data Protection Regulation: From the European Union GDPR website, “The aim of the GDPR is to protect all EU citizens from privacy and data breaches in today’s data-driven world, as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location. The GDPR also applies to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU. Non-EU businesses processing the data of EU citizens also have to appoint a representative in the EU. Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).”

E. ANTITRUST

1. Federal

   Clayton Act: From the Federal Trade Commission, “The Clayton Act addresses specific practices that the Sherman Act does not clearly prohibit, such as mergers and interlocking directorates (that is, the same person making business decisions for competing companies). The Clayton Act prohibits mergers and acquisitions where the effect “may be substantially to lessen competition, or to tend to create a monopoly.” As amended by the Robinson-Patman Act of 1936, the Clayton Act also bans certain discriminatory prices, services, and allowances in dealings between merchants. The Clayton Act was amended again in 1976 by the Hart-Scott-Rodino Antitrust Improvements Act to require companies planning large mergers or acquisitions to notify the government of their plans in advance. The Clayton Act also authorizes private parties to sue for triple damages when they have been harmed by conduct that violates either the Sherman or Clayton Act and to obtain a court order prohibiting the anticompetitive practice in the future.”

   Robinson–Patman Act: From the Federal Trade Commission, “The Robinson Patman Act prohibits seller charging competing buyers different prices for the same “commodity” or discriminating in the provision of “allowances” — compensation for advertising and other services. This kind of price discrimination may give favored customers an edge in the market that has nothing to do with their superior efficiency. Price discriminations are generally lawful, particularly if they reflect the different costs of dealing with different buyers or are the result of a seller’s attempts to meet a competitor’s offering.”

   Sherman Act: From the Federal Trade Commission, “The Sherman Act outlaws “every contract, combination, or conspiracy in restraint of trade,” and any “monopolization, attempted monopolization, or conspiracy or combination to monopolize.” Long ago, the Supreme Court decided that the Sherman Act does not prohibit every restraint of trade, only those that are unreasonable. For instance, in some sense, an agreement between two individuals to form a partnership restrains trade, but may not do so unreasonably, and thus may be lawful under the antitrust laws. On the other hand, certain acts are considered so harmful to competition that they are almost always illegal. These include plain arrangements among competing individuals or businesses to fix prices, divide markets, or rig bids. These acts are “per se” violations of the Sherman Act; in other words, no defense or justification is allowed.”

2. California

   Cartwright Act: From Upcounsel, “The Cartwright Act in many respects parallels… Section 1 of the Sherman Act… However, the Cartwright Act has no direct analog to the antimonopoly provisions of Section 2 of the Sherman Act, although many monopolistic practices may be challenged by other antitrust statutes or more general tort claims, such as causes of action for interference with prospective business advantage (and of course the ever popular RICO). Further, California’s competition statutes go far beyond the limited competition strictures of the Sherman and Clayton Acts, prescribing (for example) the use of loss leaders and locality discrimination in ways that federal antitrust laws do not address.”

F. ADVERTISING, COMMERCE, AND TELECOMMUNICATIONS

1. Federal

   Federal Trade Commission Act: See “Privacy – Federal” above.

   Clarifying Lawful Overseas Use of Data Act: From the Law Firm DLA Piper, “The CLOUD Act amends the Stored Communications Act to confirm that the US government may obtain data stored abroad. The CLOUD Act also allows foreign governments under some circumstances to obtain data stored within the United States. Finally, the CLOUD Act provides a limited procedure for challenging US data warrants based on foreign conflicts of laws; however, the contours of that remedy are untested and not clearly delineated.”

   Communication Decency Act, Section 230: From Bloomberg BNA, “The Communication Decency Act of 1996 (CDA), 47 USC Section 230, provides a safe harbor to internet service providers and platforms, exempting them from liability based on the speech and content of their users. The intent of the safe harbor was to protect service providers who assumed an editorial role with regard to customer speech or content, and who would have otherwise become publishers, and legally responsible for libel and other torts committed by customers. Under Section 230, courts are precluded from “entertaining claims that would place a computer service provider in a publisher’s role.” Zeran v. America Online, Inc., 129 F.3d 327, 330 (4th Cir. 1997) The CDA protects interactive computer service providers from liability arising out of such speech or content, even if it is defamatory or otherwise tortious. Section 230 defines interactive computer service providers as “any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server.” This covers a wide variety of online services, including online platforms, internet service providers and social media sites.”

   Computer Fraud and Abuse Act: From JD Supra, “The CFAA is primarily a criminal statute intended to deter computer hackers, though it permits civil actions by private parties damaged as a result of a violations (assuming they incur sufficient injury).  It generally prohibits intentionally or knowingly accessing a computer without authorization or exceeding authorized access in a variety of contexts, including those involving government computers, attempts to defraud to obtain something of value, and/or causing damage or loss to the computer or its data.”

   Controlling Assault of Non-Solicited Pornography & Marketing Act: From the Federal Trade Commission,  “CAN-SPAM Act establishes requirements for those who send unsolicited commercial email. The Act bans false or misleading header information and prohibits deceptive subject lines. It also requires that unsolicited commercial email be identified as advertising and provide recipients with a method for opting out of receiving any such email in the future.  In addition, the Act directs the FTC to issue rules requiring the labeling of sexually explicit commercial email as such and establishing the criteria for determining the primary purpose of a commercial email.”

   Electronic Communications Privacy Act of 1986: From the US Department of Justice, “The Electronic Communications Privacy Act and the Stored Wire Electronic Communications Act are commonly referred together as the Electronic Communications Privacy Act (ECPA) of 1986. The ECPA updated the Federal Wiretap Act of 1968, which addressed interception of conversations using “hard” telephone lines, but did not apply to interception of computer and other digital and electronic communications.  Several subsequent pieces of legislation, including The USA PATRIOT Act, clarify and update the ECPA to keep pace with the evolution of new communications technologies and methods, including easing restrictions on law enforcement access to stored communications in some cases. The ECPA, as amended, protects wire, oral, and electronic communications while those communications are being made, are in transit, and when they are stored on computers. The Act applies to email, telephone conversations, and data stored electronically.”

   Export Administration Regulations: From the US Department of Commerce, “Export regulations apply to organizations of all sizes, including one-person operations and private individuals exporting items to family and friends. The Bureau of Industry and Security (BIS) regulates exports of most commercial items and some defense items through the Export Administration Regulations (EAR).”

   Restore Online Shoppers’ Confidence Act: From the Federal Trade Commission, “This Act prohibits any post-transaction third party seller (a seller who markets goods or services online through an initial merchant after a consumer has initiated a transaction with that merchant) from charging any financial account in an Internet transaction unless it has disclosed clearly all material terms of the transaction and obtained the consumer’s express informed consent to the charge. The seller must obtain the number of the account to be charged directly from the consumer.”

   Telecommunications Act of 1996: From the Federal Communication Commission, “The goal of this new law is to let anyone enter any communications business – to let any communications business compete in any market against any other. It will affect telephone service – local and long distance, cable programming and other video services, broadcast services and services provided to schools.” 

2. California

   Consumers Legal Remedies Act: From the Vachon Law Firm, “The CLRA is one of the most power and useful weapons at the disposal of consumers and consumer-law attorneys… the CLRA contains powerful provisions intended both to outlaw unethical business practices and to make it economical for consumers to pursue legal redress for violations of the Act. The CLRA outlaws virtually every possible type of misrepresentation, and forces defendant companies that are found guilty of violating the CLRA to pay all of the attorney’s fees and costs of consumers in enforcing their legal rights. As a result, the CLRA is particularly useful in car dealer fraud cases.”

   Unfair Competition Law: From the law firm of Kramer Holcomb Sheik, “The UCL is codified Business and Professions Code Section 17200 et seq., [which] prohibits unfair competition, including unlawful, unfair, and fraudulent business acts. One of the most basic actionable unfair business practices is false and misleading representations made to consumers.  Section 17200 is designed to protect consumers against fraud and deceit as well as to protect competitors. It is broadly interpreted to bar all ongoing wrongful business activities in any context in which they appear. Really, any type of business practice that is unfair and anticompetitive is potentially actionable under the UCL. It is a case by case analysis, but common types of actions involve untruthful statements made to the public or competitors, unlawful wage practices, unlawful advertising…and competition that is simply unfair to consumers.”

   Comprehensive Computer Data Access and Fraud Act: From the Nossaman LLP law firm, “The CDAFA is similar to the federal Computer Fraud And Abuse Act.  Indeed, courts have identified the California statute as a state law corollary to the federal statute. The CDAFA is similar to the CFAA, but prohibits a wider range of conduct.  Furthermore, it contains no minimal loss requirement in order to support a private right of action. In addition to criminal sanctions, the CDAFA provides a civil remedy for an owner of a “computer, computer system, computer network, computer program or data who suffers damage or loss by reason of a violation of any of the provisions of Section 502(c) of the California Penal Code…”

G. INTELLECTUAL PROPERTY

1. Federal

   Anticybersquatting Consumer Protection Act: From Nolo, “The ACPA authorizes a trademark owner to sue an alleged cybersquatter in federal court and obtain a court order transferring the domain name back to the trademark owner. In some cases, the cybersquatter must pay money damages. Cybersquatting is registering, selling or using a domain name with the intent of profiting from the goodwill of someone else’s trademark. It generally refers to the practice of buying up domain names that use the names of existing businesses with the intent to sell the names for a profit to those businesses. In order to stop a cybersquatter, the trademark owner must prove all of the following: (1) the domain name registrant had a bad-faith intent to profit from the trademark; (2) the trademark was distinctive at the time the domain name was first registered; (3) the domain name is identical or confusingly similar to the trademark; and (4) the trademark qualifies for protection under federal trademark laws — that is, the trademark is distinctive and its owner was the first to use the trademark in commerce.”

   Copyright Act, Copyright Revision Act of 1976: From Nolo, “Copyright protects published and unpublished creative works. Protection begins the moment an original work is fixed in tangible form. Authors of the work typically own copyright unless it is a work for hire or the rights are sold or transferred. Registration and copyright notice are unnecessary but both do provide advantages in copyright infringement lawsuits. Copyright holders have the right to do the following: distribute the work, make reproductions, create derivatives, and display and perform the work publicly. Because technology has changed, so has the scope of protected works. Copyrightable works not only include literature, but music, movies, plays, videos, sound recordings, software, choreography, architectural designs, sculptures, and paintings are protected. Copyright, however, does not protect ideas, facts, names, pen names, titles, slogans, extemporaneous speeches, standardized material, and government works.” For more on copyright, see “Startup Law A to Z: Intellectual Property.”

   Digital Millennium Copyright Act: From Upcounsel, “The DMCA protects creative works on the internet and contains the legal foundation for rights management in digital works. It covers things such as articles, videos, and photographs. The DMCA protects both copyright owners and internet service providers (ISP), otherwise known as online service providers (OSP). ISPs, including search engines, email providers, etc., located in the United States also benefit. If they obey DMCA notices and take other reasonable measures to stop copyright infringement, they won’t face charges or other negative consequences for hosting the offending content. These types of protection are known as a “safe harbor” provisions. There are two types of safe harbor provisions. One protects ISPs and web hosts against infringing content that users post. The other protects against material that links to infringing content.”

   Defend Trade Secrets Act of  2016: From the American Bar Association, “DTSA provided a federal cause of action for trade secret misappropriation. In addition, it provided for a specialized seizure remedy, as well as an immunity provision designed to protect employees who might disclose trade secrets when allegedly reporting violations of the law.”

   Economic Espionage Act of 1996: From the law firm Jones Day, “Under the EEA, the United States, for the first time, expressly criminalized the misappropriation of trade secrets or the knowing use of misappropriated trade secrets… Consequently, there now exists the real risk of incarceration, substantial fines, and the forfeiture of business assets for conduct that was previously considered by many to be merely aggressive business practices… which include the misappropriation by virtually any means of trade secrets, as well as the receipt, purchase, or possession of trade secrets, knowing that they were misappropriated. The Statute further prohibits attempts or conspiracies to obtain trade secrets improperly. Under U.S. conspiracy law, an individual can be convicted for agreeing to a plan with an illegal objective, although the individual did not himself participate in any illegal acts.”

   Prioritizing Resources and Organization for Intellectual Property Act of 2008: From the US Copyright Office, “The PRO-IP Act strengthens the intellectual property laws of the United States in several respects. For example, it amends Section 410 of the Copyright Act to codify the doctrine of fraud on the Copyright Office in the registration process. The law also clarifies that registration is not a prerequisite for a criminal copyright prosecution and makes it unlawful (civilly or criminally) to export unauthorized copies of protected works, including copies of phonorecords, from the United States. In addition, the law amends Section 506 of the Copyright Act to provide for the forfeiture of any property used to commit or facilitate the commission of a criminal offense involving copyrighted works. The Act creates a new enforcement paradigm for the federal government’s efforts to combat counterfeiting and piracy. The Act also provides for improved investigative and forensic resources for enforcement of laws related to intellectual property crimes and allocates additional funding for resources to investigate and prosecute intellectual property crimes and other criminal activity involving computers.”

   Lanham (Trademark) Act of 1946: From Nolo, “The Lanham Act governs trademarks, service marks, and unfair competition. The Lanham Act sets out procedures for federally registering trademarks, states when owners of trademarks may be entitled to federal judicial protection against infringement, and establishes other guidelines and remedies for trademark owners.” For more on trademarks, see “Startup Law A to Z: Intellectual Property.”

   Leahy-Smith America Invents Act: From Upcounsel, “The AIA adopts a First to File approach to the United States patent statute for patents such as a utility patent. This patent reform legislation prioritizes patent filing date over invention date. A corporate assignee can now apply for a patent. In the past, only individuals could apply for patent protection. A patent application has to explain the best mode of using or carrying out an invention. Inventors can now apply with a micro entity status. This includes a 75 percent reduction in standard patent fees. Inventors have to meet the status requirements and submit a certification form before filing the patent application. ”

   No Electronic Theft Act: From Indiana University, “The NET Act  facilitates prosecution of copyright violation on the internet. The NET Act makes it a federal crime to reproduce, distribute, or share copies of electronic copyrighted works such as songs, movies, games, or software programs, even if the person copying or distributing the material acts without commercial purpose and/or receives no private financial gain. Before this law took effect, people who intentionally distributed copied software over the internet did not face criminal penalties if they did not profit from their actions. Electronic copyright infringement carries a maximum penalty of three years in prison and a $250,000 fine. The NET Act is applicable in situations such as running a file sharing application with outgoing transfers enabled, hosting files on a web account, transferring files through IRC, and other methods of making copyrighted material available over networks.”

   Patent Act: From the US Patent and Trademark Office, “Pursuant to the provision of the Constitution, Congress has over the years passed a number of statutes under which the U.S. Patent and Trademark Office (USPTO) is organized and our patent system is established. The provisions of the statutes can in no way be changed or waived by the USPTO. Prior to January 1, 1953, the law relating to patents consisted of various sections of the Revised Statutes of 1874, derived from the Patent Act of 1870 and numerous amendatory and additional acts.” For more on patents, see “Startup Law A to Z: Intellectual Property.” 

2. California

   Uniform Trade Secrets Act: From Nolo, “California is one of the many states that have adopted the Uniform Trade Secrets Act. California’s trade secret law can be found at Cal. Civil Code § § 3426-3426.11. California’s version of the Uniform Trade Secrets Act refers to the theft of trade secrets as misappropriation. Under California law, “misappropriation ” refers to the acquisition of a trade secret by someone who knows or has reason to know that the trade secret was acquired by improper means — theft, bribery, misrepresentation, breach or inducement of a breach of duty to maintain secrecy. It also includes the disclosure or use of a trade secret without consent by someone who used improper means to acquire knowledge of the trade secret – for example, an ex-employee who spills company secrets to a rival.”

H. FINANCIAL SERVICES & INSURANCE

1. Federal

   Gramm-Leach-Bliley Financial Modernization Act: See “Financial Services & Insurance – Federal” above.

   Dodd-Frank Act: From FindLaw, “The Dodd-Frank Act initiated a broad range of reforms affecting nearly every aspect of the financial system with the goal of preventing a repeat of the 2008 crisis and the need for future government bailouts. The Act also sought to establish additional protections for consumers. The Dodd-Frank Act contains 16 major areas of reform, ranging from insurance reform to corporate governance reform. The Act created the Financial Stability Oversight Council to oversee banks and financial firms like hedge funds whose failure could impact the entire financial system. The Act also strengthened the Volcker Rule which generally prohibits banks from engaging in risky short-term trading of securities, derivatives, and commodity futures for their own benefit and also prohibits banks from investing in hedge or private equity funds. The Dodd-Frank Act restricted the emergency lending (or bailout) authority of the Federal Reserve by: (1) Prohibiting lending to an individual entity; (2) Prohibiting lending to insolvent firms; (3) Requiring approval of lending by the Secretary of the Treasury; and (4) Requiring sufficient collateral for any loans to protect taxpayers from losses. The Dodd-Frank Act provided specific relief for consumers victimized by the risky lending practices leading up to the financial crisis. In addition, the Act implemented a series of mortgage reforms to protect consumers.”

   Fair and Accurate Credit Transactions Act: From the Federal Trade Commission, “FACTA adds provisions designed to improve the accuracy of consumers’ credit-related records. It gives consumers the right to one free credit report a year from the credit reporting agencies, and consumers may also purchase, for a reasonable fee, a credit score along with information about how the credit score is calculated. The Act also requires the provision of “risk-based-pricing” notices and credit scores to consumers in connection with denials or less favorable offers of credit. The Act also adds provisions designed to prevent and mitigate identity theft, including a section that enables consumers to place fraud alerts in their credit files, as well as other enhancements to the Fair Credit Reporting Act.”

   Fair Credit Reporting Act: See “Privacy – Federal” above.

   Financial Industry Regulatory Authority:  From the FINRA website, “FINRA is a a not-for-profit organization authorized by Congress to protect America’s investors by making sure the broker-dealer industry operates fairly and honestly by: (1) writing and enforcing rules governing the activities of all registered broker-dealer firms and registered brokers in the U.S.; (2) examining firms for compliance with those rules; (3) fostering market transparency; (4) and educating investors. FINRA provides the first line of oversight for broker-dealers and the first line of defense for investors by virtue of its comprehensive oversight program. FINRA regulates both the firms and professionals selling securities in the United States and the U.S. securities markets. In this capacity, FINRA writes and enforces its own rules, as well as enforcing federal securities rules and laws.”

   Sarbanes-Oxley Act: From FindLaw, “Sarbanes-Oxley (SOX) made numerous reforms to corporate financial reporting and the accounting profession. SOX requires corporate executives to certify the accuracy of their company’s financial statements; maintain and assess internal controls to prevent wrong, misleading, or fraudulent financial data; and imposes criminal penalties for misleading shareholders and altering documents to impede an investigation. SOX also established an oversight board for the accounting profession, regulates the relationship between corporations and accounting firms, and shields corporate whistleblowers from retaliation. SOX also took steps to protect employees who report corporate fraud, also known as whistleblowers. The act prohibits retaliation against whistleblowers who lawfully report corporate misdeeds.”

   Unlawful Internet Gambling Enforcement Act: From the Federal Trade Commission, “The UIGEA prohibits any person engaged in the business of betting, as defined, from knowingly accepting credit, electronic fund transfers, checks, or any other payment involving a financial institution to settle unlawful internet gambling debts. The Treasury Department and the Federal Reserve Board must develop jointly and prescribe regulations requiring payment systems to identify and block or otherwise prevent or prohibit the acceptance of payment for internet gambling transactions.” 

2. California

   Financial Information Privacy Act: From the CA Department of Business Oversight, “This Act provides that a financial institution may not share or sell a consumer’s nonpublic personal information without obtaining a consumer’s consent. Nonpublic personal information in this context may include information: (1)  that a consumer provides to a financial institution to obtain a product or service from the financial institution, (2) about a consumer resulting from any transaction involving a product or service between the financial institution and a consumer, or (3) that the financial institution otherwise obtains about a consumer in connection with providing a product or service to that consumer.”

   Song-Beverly Credit Card Act: From the law firm Lincoln, Gustafson & Cercos, “The Song-Beverly Credit Card Act was enacted in 1971 to regulate credit card transactions in California. Even unintentional violations of these provisions can put merchants at risk of incurring significant statutory penalties. The Act also prohibits businesses from requesting that customers provide personal identification information, such as email addresses, during credit card transactions. However, it does not forbid merchants from obtaining such information voluntarily if the customer understands the information need not be disclosed in order to use a credit card.  The rule depends heavily on when the merchant asks the customer for his or her email address.”

I. TRANSPORTATION, HEALTH AND SAFETY

1. Federal

   Department of Transportation Act: From the US Department of Transportation, “Leadership of the Department of Transportation is provided by the Secretary of Transportation, who is the principal adviser to the President in all matters relating to federal transportation programs. The Secretary is assisted by the Deputy Secretary in this role. The Office of the Secretary (OST) oversees the formulation of national transportation policy and promotes intermodal transportation. Other responsibilities range from negotiation and implementation of international transportation agreements, assuring the fitness of US airlines, enforcing airline consumer protection regulations, issuance of regulations to prevent alcohol and illegal drug misuse in transportation systems and preparing transportation legislation.”

   Federal Food, Drug, and Cosmetic Act: From the US Food and Drug Administration, “The scope of FDA’s regulatory authority is very broad. The following is a list of traditionally-recognized product categories that fall under FDA’s regulatory jurisdiction; however, this is not an exhaustive list. In general, FDA regulates: (1) Foods; (2) Drugs; (3) Biologics; (4) Medical Devices; (5) Electronic Products that give off radiation; (6) Cosmetics; (7) Veterinary Products; (8) Tobacco Products.” 

2. California

   Public Utilities Act: From the CA Public Utilities Commission, “The CPUC regulates privately owned electric, natural gas, telecommunications, water, and transportation companies. The CPUC also regulates the safety of both publicly and privately owned railroad and rail transit companies/agencies, and rail crossings. The CPUC serves the public interest by protecting consumers and ensuring the provision of safe, reliable utility service and infrastructure at reasonable rates, with a commitment to environmental enhancement and a healthy California economy.”

 

Daniel T. McKenzie, Esq., manages the Law Office of Daniel McKenzie, specializing in the representation of startups and startup founders. Prior to establishing his law office, Daniel McKenzie co-founded and served as lead in-house counsel for Reelio, Inc., backed by eVentures, and acquired in 2018 by Fullscreen (a subsidiary of Otter Media and AT&T).

DISCLAIMER: This post discusses general legal issues, but it does not constitute legal advice in any respect. No reader should act or refrain from acting on the basis of any information presented herein without seeking the advice of counsel in the relevant jurisdiction. TechCrunch and the author expressly disclaim all liability in respect of any actions taken or not taken based on any contents of this post.