Legal Checklist to Protect Online Entrepreneurs

Labib Ittihadul from Flickr (Public Domain)

I was recently asked to create a list of what legal steps an entrepreneur should take if they operate solely online to protect their business. The person who asked appears to be primarily a YouTuber. Here’s the list I created for him: 

1. Consider having Two LLCs. One is a holding company for the intellectual property and licenses the IP to the other LLC to use it. This way if the holding company is sued for infringement, there are no assets to be collected if the holding company loses the lawsuit. We recommend this tactic for many businesses, not just online entrepreneurs.

2. Create an Operating Agreement if the LLC has more than One Owner.  Yes, this includes if you go into business with relatives, best friend, or romantic partner. This is a master document that lays out how the company will operate, each person’s obligations and responsibilities, and how the owners will address problems when they occur.

3. Move your Website to a Server Outside the U.S. The reason for doing is if there is ever a court order against the website, it will be more difficult to enforce if the website is house by a company outside the U.S. and not bound by U.S. law.

4. Register your Trademarks with the USPTO. So many legal issues could be minimized or avoided if every company properly registered their trademarks. This could include company names, product names, event names, logos, and slogans. When you have a registered trademark, you can stop a competitor from entering the marketplace while using a trademark that is confusingly similar to yours. If you have a strong international presence, it may be wise to register your trademarks in multiple countries.

5. Create a Copyright Strategy. Many professional content creators do guest posts for and collaborations with others and allow guest posts on their sites. It’s best to have contract templates for these situations that include clarification about who owns the copyright, what the other person gets, any limitations regarding the content, and an indemnification clause if appropriate.

Additionally, your copyright strategy should address when and how you can use others’ materials. You should have an understanding about fair use and where to look for materials that come with a license to modify the original as well as a license to use it for commercial purposes.

6. Consider Registering your Copyrights. You do not have to register your copyright to get your copyright rights, and you do not have to register everything you create; however, it’s beneficial to have the discussion about what you might want to register. You are required to register your copyright if you want to sue for infringement. Additionally, I frequently recommend registration to people who want to license or sell their copyrights.

7. Create an Action Plan for Addressing Suspected IP Infringement. Decide how you want to respond to suspected infringement before it occurs, so that you or your lawyer can be prepared to respond based on your desired outcome when it happens. Depending on how you want to respond, there may be things you need to do before the infringement occurs to best protect your rights.

8. Have a Contributor Contract Template. This is the contract you will use with people who contribute content to you, your site, your channel, or a social media account. It will state what rights each party has to use the content – most likely that they own it, and they grant you a license to use for certain purposes. It should also have an indemnification clause to protect you in the event you’re accused of violating another person’s IP rights or other legal wrong by using what the contributor provided to you.

9. Have an Influencer Contract Template. This is the contract to use when brands hire you so that the expectations on both sides are clear, and you state that you comply with FTC regulations. (You should probably have internal documents about FTC compliance as well.) Companies that hire influencers may have their own contracts that they want to use, but having your own template will help you analyze their contract to see how well it addresses your needs and concerns.

10. Create Website Terms and a Privacy Policy. These documents may need to comply with U.S. privacy laws, the Canadian Anti-Spam Legislation (CASL), and the General Data Protection Regulation (GDPR), and manage the expectations of visitors to your website. Many of the new privacy laws interfere with how many companies collect and use others’ personal information. These issues are complicated. Many people copy another content creator’s terms and privacy policy, but that could be a recipe for disaster if what you use is insufficient for your needs.

This may not be a complete or comprehensive list of legal steps to take to protect your business. It’s always best to consult a lawyer who understands the legal implications related to your business, preferably someone to specializes in business, intellectual property, and internet law. Hopefully this list gives you a place to start to evaluate your legal needs as a professional content creator or online entrepreneur.

If you liked this post and want to know more about my work, please subscribe to the Carter Law Firm newsletter where I share behind-the-scenes information and readers get exclusive access to me.

How to Legally Change Your Gender in Arizona

2016.06.17 Baltimore Pride, Baltimore, MD USA 6761 by Ted Eytan from Flickr (Creative Commons License)

This information applies to individuals who are female-to-male (FTM) and male-to-female (MTF) transgender. It does not apply to people who are non-binary.

Legally changing your gender on your records in Arizona is a straightforward process. Unlike legally changing your name, you are not required to go to court.

Physician’s Letter

To legally change your gender, you need a letter from a physician. It must be of their office letterhead and include that you are “irrevocably committed” to changing your gender and that you have received “appropriate clinical treatment.” A lawyer who assists people with legal gender changes likely has a template letter you can use.

Please note: this letter must come from a licensed physician. Getting a letter from a physician’s assistant, nurse, therapist, or social worker will not work.

Update Your Social Security Records

Once you get the letter from your physician, take it (along with the court order from your name change if you’re doing that too) to your local Social Security Office. You’ll need to complete Form SS-5, which you can get in advance. You’ll also need to bring your current driver’s license or ID card. Mark the gender you’re transitioning to on the form. (Your social security card doesn’t have your gender office, but it’s part of your social security record.)

Update Your Driver’s License

A few days after you change your social security records, go to the MVD to update your driver’s license. (Go a real MVD, not a third-party satellite office.) Bring your physician’s letter and current driver’s license. Tell the clerk you’re there to update your driver’s license, and they’ll give you the appropriate form. Mark the box for the gender you’re transitioning to. You’ll have to take a new photo and pay $12 to get your new license or ID card.

Update or Get a New Passport

Arizona will not change your birth certificate to reflect your correct gender. Since a birth certificate is required to obtain a U.S. Passport, you can generally use your passport in situations where a birth certificate is required. You will have to apply in person and complete Form DS-11. Bring your physician’s letter and your updated license or ID with you.

Keep the original physician’s letter to present at each office and in case you need it to change any additional records with your correct gender.

You can legally change your name and gender at the same time by obtaining a physician’s letter and going through the process to legally change your name through the court prior to updating your social security record, driver’s license, and other documents and records. If you need to legally change your name and gender, contact a lawyer to assist you with this process.

If you liked this post and want to know more about my work, please subscribe to the Carter Law Firm newsletter. I share behind-the-scenes information and readers get exclusive access to me.

How to Legally Change Your Name in Maricopa County

https://www.flickr.com/photos/40281989@N00/5660169258
“Iona Nunnery” by magmaangel from Flickr (Creative Commons License)

Legally changing your name in Arizona is usually a fairly simple process. It takes a petition to the court, a filing fee (currently $333 in Maricopa County), and a court appearance. It’s a situation where you want a lawyer to prepare the documents for you, but you don’t need a lawyer standing at your side in the court room.

Requirements for a Name-Change Application

The application to change your name must be submitted under your current legal name. (I tell clients this is the last time they have to use their old name.) It contains your current legal name, your new legal name, the reason for change, and that you are not changing your name to avoid legal obligations. It’s about a two-page document.

If you are legally married, you need to have your spouse sign a notarized consent to the name change or attend the hearing. If they refuse, you must submit proof of notification to the court, similar to when a parent refuses to consent to a child’s name change. (The court needs to know that you’re not changing your name to skip out on your legal obligations to your spouse.) You lawyer can prepare this document and may even have a notary on staff. Your spouse can also waive the right to receive future notifications about this matter.

Along with the application, you also need to draft the court order you want the judge to sign granting you the name change.

Hearing for a Name Change

Once you have your completed application and filing fee, you must file them with a court that processes name changes. If time is of the essence, call the clerk at each court house and ask how long it will take to get a hearing to find out when you can get the earliest hearing date. You don’t show up and get your hearing the same day.

Bring the original of your application and at least two copies when you submit your application and fee at the court house. You also need the civil court cover sheet. When you submit your documents and payment at the clerk’s office, they will give you your court date for the hearing to change your name.

Show up on time for your court date at the courtroom assigned for your hearing with your application, all necessary consents or affidavits of service, and multiple copies of the court order you want the judge to sign. (Having multiple copies of the order will make it easier for you to get your legal documents updated to your new name.) The judge will likely go through the information on your application: your new name, your desire for the change, etc. As long as you’re not changing your name for nefarious reasons, the judge will likely sign the order granting your name change.

Updating Your Documents with Your New Name

Once you have the signed court order for your new name – Congrats! Your new name is your official legal name. The next step is to update your legal documents – and the order you do them in matters:

  1. Social Security Card
  2. Birth Certificate
  3. Driver’s License and Passport
  4. Everything Else: Bank accounts, credit cards, utilities, professional licenses, school records, library card, etc. You have no idea how many documents and accounts you have in your old name until you have to change them.

Name Change for a Minor

If you’re under 18 and not emancipated, you need consent from a parent or guardian (collectively “parent” for convenience) to legally change your name. The parent(s) have to petition the court to change your name. You can’t do it yourself. If you are 14 years old or older, you must sign a notarized consent to the name change or attend the hearing. You lawyer can prepare this document and may even have a notary on staff.

The process for changing your name as a minor is the same as an adult except it’s the parent(s) who submit the application on your behalf and attend the hearing. As a minor, you may not be required to attend the hearing.

Last year on Mother’s Day, I worked at a 1-day legal clinic at One n Ten to help people prepare their documents who wanted to legally change their name and/or their gender. I met with people of all ages, including a 12 year-old and a 13 year-old (with their parents). They wanted to change their names before starting high school because the school wouldn’t acknowledge their chosen name otherwise. The 12 year-old was really cute. I asked him what his new name would be, and he told me his new name with the same last name as his birth name.

“You know you can pick any last name you want,” I said.

“Really?” The kid lit up with a smile.

“No,” his mother immediately responded sternly as she whipped her head around and looked down at her child. We all grinned.  

If Both Parents Won’t be at the Hearing

If both parents are not going to be present at the hearing, the non-attending parent must sign a consent to the child’s name change and have it notarized. Again, your lawyer can prepare this document for you. The parent can also waive future notifications about this matter. This consent informs the court that there is no dispute in the family regarding the child’s name.  

If One Parent Opposes the Child’s Name Change

If one parent is opposed to the child changing their legal name or refuses to be part of the process, the parent who consents to the child’s name change is obligated to notify them.

You can hand deliver a stamped copy of your application (this is one reason why you bring multiple copies to the clerk’s office) and the Notice of Hearing Regarding Application for Change of Name that shows the date, time, and place of your hearing and have them sign an “Acceptance of Service.” You can also send the opposed parent a stamped copy of the application and a Notice via certified mail (at least 30 days before the hearing date) and bring the proof of delivery post card and a completed Affidavit of Service by Certified Mail to the hearing.

The parent who opposes the child’s name change has the right to appear at the hearing and be heard before the judge decides whether to grant the name change.  

If the whereabouts of the other parent are unknown, there is a process to notify the other parent by publication.

For most people, legally changing your name and updating your documents and accounts is a straight-forward process. If you are female-to-male or male-to-female transgender and need to change your gender as well as your name, you can take care of that at the same time with a physician’s letter.

Because of the complications like required consents, it’s best to have a lawyer draft the documents for you, inform you of the requirements that apply to your specific situation, and remind you about what you can expect during the process. If you’re interested in having me work on your name change, please send me an email. Otherwise, contact a lawyer in your community for assistance.

If you liked this post and want to know more about my work, please subscribe to the Carter Law Firm newsletter. I share behind-the-scenes information and readers get exclusive access to me.

GDPR: How to Handle a Data Breach

Photo by Christoph Scholz from Flickr (Creative Commons License)

Every company that sends commercial emails to people who reside in the EU or process their data has to comply with the new privacy law, the General Data Protection Regulation (GDPR). This law has specific rules about how companies have to respond when a data breach occurs. It’s so much better than the current rules in the U.S.

Report the Breach to Supervisor within 72 Hours

When a data breach occurs, the employee must report the breach to their supervisory authority without undue delay, and where feasible, within 72 hours of learning of the breach. This notice must include the likely consequences of the breach and the measures the company is taking to mitigate the potential adverse effects.

The only exception to this rule is if the breach is unlikely to result in a risk to the rights and freedoms of natural persons. The company doesn’t have to report the breach if it’s will not likely cause harm to those impacted.

Report the Breach to Consumers

In addition to reporting the breach up the chain of command, the company, without undue delay, must notify the people’s whose data was compromised if the breach is likely to result in a high risk to their rights and freedoms. The law doesn’t specify a number of days or a rubric to determine what is notification “without undue delay.”

Companies should notify the effected persons unless it would require a disproportionate effort. In that case, notification may be made by public communication.

There is an exception to this requirement. The company does not have to disclose that the data breach occurred if the personal data would be unintelligible (e.g. encrypted) to whomever stole it or if the risks have been sufficiently mitigated that adverse results are unlikely to occur.

These new requirements are fantastic. These will hopefully eliminate the problem of companies waiting weeks or months to disclose to impacted consumers that their personal data was hacked.

You can learn more about this aspect of the GDPR here:

Remember, if you are subject to the GDPR, you must comply with this law by May 25, 2018 when it goes into effect.

If you want more information about GDPR, please watch this site and my YouTube channel because I’m creating a substantial amount of content on this topic. You can also send me an email (Note: I can’t give advice to non-clients). I use my mailing list to I share my thoughts about being a lawyer/entrepreneur, updates about projects I’m working on, upcoming speaking engagements, and I may provide information about products, services, and discounts. Please add yourself if you’re interested.

You can also connect with me on TwitterFacebookYouTube, or LinkedIn.

GDPR: Protecting Personal Data

Image by Descrier from Flickr (Creative Commons License)

The General Data Protection Regulation (GDPR) is the new privacy law that goes into effect on May 25, 2018. Every company that sends commercial email to the European Union must comply with it, even if you’re not located in the EU. The purpose of this law is to obtain consent before using a person’s personal data and to adequately protect it.

Protection by Design and Default

The GDPR requires that you take adequate precautions to protect the personal information entrusted to you. The law does not specify exactly what you must do protect this data beyond the requirement that you take the appropriate technical and organizational measures considering the cost, available technology, and why you are processing individuals’ data. The level of security should correlate to the level of risk related to the nature of the data and what you’re doing with it. Additionally, you should only process the necessary data to fulfill your purpose for doing so.

Another requirement of GDPR is that the people who have access to the data subjects’ information are only permitted to process it per the data controller’s instructions. This is a rule that every organization should have: only those who need access to the data subject’s information should have it, and it should be limited to only for the tasks for which they need it.

You can learn more about these requirements here:

Maintain a Records of Processing Activities

The GDPR requires certain companies to maintain a record of all their processing activities. These companies fall into one of two categories:

  1. Companies that employ 250 or more persons.
  2. Companies whose work with data subjects’ information presents a high risk to the data subjects’ rights, or the companies process data that falls into one of the following special categories:
  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade-union membership
  • Genetic data
  • Biometric data for the purpose of uniquely identifying a natural person
  • Data concerning health
  • Data concerning a natural person’s sex life or sexual orientation

As a company with no employees (just me running this show) and the only information people give me are their email address and name, I don’t have to maintain this record. If I did, it would only be a list of newsletters I sent and the service I use keeps my list protected behind a password.

If you want more information about GDPR, please watch this site and my YouTube channel because I’m creating a substantial amount of content on this topic. You can also send me an email (Note: I can’t give advice to non-clients). I use my mailing list to I share my thoughts about being a lawyer/entrepreneur, updates about projects I’m working on, upcoming speaking engagements, and I may provide information about products, services, and discounts. Please add yourself if you’re interested.

You can also connect with me on TwitterFacebookYouTube, or LinkedIn.

GDPR: Full Disclosure Required

«Via sicura» by Falk Lademann from Flickr (Creative Commons License)

If you’ve been following this blog, you know I’m all about preparing for the General Data Protection Regulation (GDPR) as it applies to content marketing. This rule applies to every company that sends commercial emails to anyone in the European Union. (If you don’t know where everyone on your list is located, assume at least one of them lives in the EU.) We’ve already talked about how, under this law, when you want to add a person to your email list, you must get their specific informed consent and you must be able to prove that you obtained their consent to be on your list.

The GDPR requires, when you obtain this consent, to provide the person (aka data subject) with the following information:

  • The identity and contact information of the controller of the data subject’s information or their representative;
  • The contact information for the data protection officer (if applicable);
  • Your purpose for processing the data subject’s information and legal basis for doing so;
  • The period of time the data will be stored;
  • The data subject’s right to request erasure or corrections of their data or to restrict the processing of their data;
  • The data subject’s right to withdraw their consent;
  • The data subject’s right to lodge a complaint with the supervisory authority; and
  • Whether the data subject giving their information fulfills a statutory or contractual obligation.

If you want to process the subject’s data for another purpose, you must tell the person in advance, and when a person’s data is processed for direct marketing purposes, the data subject has the right to object at any time.

At the first reading of these requirements, my first thought was that the signage at conferences where vendors collect business cards would have to become much more complicated to comply with GDPR. I thought about how this firm will comply with these requirements. People voluntarily add themselves to my email, so I don’t know where they live. I will be adding double opt-in consent for my email list, and I believe the most effective way to comply with these requirements is to include this information in the confirmatory email.

You can hear more about these requirements here:

We have to comply with these rules by May 25, 2018 when this new rule goes into effect.

If you want more information about GDPR, please watch this site and my YouTube channel because I’m creating a substantial amount of content on this topic. You can also send me an email (Note: I can’t give advice to non-clients). I use my mailing list to I share my thoughts about being a lawyer/entrepreneur, updates about projects I’m working on, upcoming speaking engagements, and I may provide information about products, services, and discounts. Please add yourself if you’re interested.

You can also connect with me on TwitterFacebookYouTube, or LinkedIn.

Proving Consent Under the GDPR

“Consent Is Sexy” by Charlotte Cooper from Flickr (Creative Commons License)

The General Data Protection Regulation (GDPR) goes into effect on May 25, 2018. According to this new law aimed at protecting individuals’ privacy and their personal data, all companies that send commercial emails to any person living in the European Union must obtain a person’s consent to collect and process their data – and be able to prove it. This applies to anyone who collects and processes data from persons living in the EU, including non-EU companies.

The key to compliance is specific explicit consent.

Double Opt-In Required for Email Lists

If you have an email list, the GDPR essentially requires you to use double opt-in when adding someone to your list. This will help resolve the problem of companies adding people to their mailing list without consent.

So many times, when I’ve sent a question, bought a product, or dropped my card in a company’s drawing for an iPad at a conference, my inbox has been bombarded with the company’s newsletter and “special offers.” We all agree this is poor form, right? If I want to be on your list, I promise I’ll add myself.

It happened just this week. A new connection on LinkedIn sent me an email to invite me to coffee. While we were exchanging emails to arrange a meeting time, he added me to his list! When his newsletter hit my inbox, I let him know that adding me to his list violated Wheaton’s Law and he blew his opportunity to have coffee with me.

Under the GDPR, you have to verify you’ve obtained consent to send someone commercial emails. This also avoids problems like someone adding you to a list without consent as a joke or to annoy you.

Written Declarations of Consent

If the data subject gives their consent in writing – perhaps at an expo at a conference or by filling out a form on your website, you must explicitly tell them what they’re signing up for. Their consent must be obtained:

  • On an easily accessible form,
  • Using clear and plain language, and
  • Distinguishable from other matters.

This means consent cannot be buried in your terms of service or some other process or fine print.

Right to Withdraw Consent

One of the requirements of the GDPR is it must be as easy to withdraw consent as it is to give consent. Companies that comply with the U.S.’s CAN-SPAM Act know that every email  they send “must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future.” Email services, like Mail Chimp, already have this feature by automatically including an “Unsubscribe” link in every newsletter its users send.

Here’s more on the consent requirements for the GDPR:

If you want more information about GDPR, please watch this site and my YouTube channel because I’m creating a substantial amount of content on this topic. You can also send me an email (Note: I can’t give advice to non-clients). I use my mailing list to I share my thoughts about being a lawyer/entrepreneur, updates about projects I’m working on, upcoming speaking engagements, and I may provide information about products, services, and discounts. Please add yourself if you’re interested.

You can also connect with me on TwitterFacebookYouTube, or LinkedIn.

GDPR Compliance: Informed Consent Required

“Content Marketing” by Luis Osorio from Flickr (Creative Commons License)

The General Data Protection Regulation (GDPR) is the new law aimed at protecting individuals’ privacy and their personal data. All companies that send commercial emails to any person living in the EU must comply with this law when it goes into effect on May 25, 2018 – including non-EU companies.

If you collect or process personal data from any natural person residing in the EU, the GDPR requires you obtain the person’s specific, informed consent that unambiguously indicates the person’s wishes or it must be given by a clear affirmative action.

When you collect a natural person’s (aka data subject’s) personal data, the GDPR requires you to do the following:

  • It must be done lawfully, fairly, and with transparency.
  • Data must be collected for a specific, explicit, and legitimate purpose.
  • The data collected must be limited to the data necessary for the purposes for which it will be processed.
  • You must erase or rectify inaccurate data without delay.
  • You must keep the data for a period that is no longer than necessary for the purpose for which it will be used.
  • You must protect the data subjects’ personal data with appropriate security measures.

Requiring specific informed consent, means you can’t hide the consent information in your terms of service. The data subject has to know what they’re signing up for and give their explicit consent to use their data. If you give people who visit your website the option to add themselves to your mailing list, that, since you won’t know where they live (especially if all they’re providing you is a name and email address), the sign-up form should comply with the GDPR requirements.

I suspect it also means that dropping your card in the bowl to try to win an iPad at a booth and a conference won’t be sufficient to establish explicit consent to add a person to your email list unless there’s verbiage adjacent to the bowl that doing so is a clear affirmative action of consent. Hmm . . . perhaps event organizers who have EU attendees should provide their expo vendors information about obtaining consent under GDPR.

If you want more information about GDPR, please watch this site and my YouTube channel because I’m creating a substantial amount of content on this topic. You can also send me an email (Note: I can’t give advice to non-clients). I use my mailing list to I share my thoughts about being a lawyer/entrepreneur, updates about projects I’m working on, upcoming speaking engagements, and I may provide information about products, services, and discounts. Please add yourself if you’re interested.

You can also connect with me on TwitterFacebookYouTube, or LinkedIn.

Preparing for GDPR: Are You Ready?

Europe Privacy Law GDPR from Smeders Internet

This year, I’m putting considerable energy into understanding and complying with the GDPR.

What is the GDPR?

The General Data Protection Regulation (GDPR) is a European law that goes into effect on May 25, 2018.

It impacts any professional commercial activities regarding natural persons residing in the EU, so that includes process personal information about natural person who lives in the EU, or sending commercial emails to any natural person who lives in the EU. Commercial emails include the offer of goods or services, even if you’re not doing it in exchange for money.

The purpose of this new law is to protect natural persons’ personal data, and it includes provisions about obtaining data subjects’ consent and using adequate security to protect their information. Failure to comply could result in millions of dollars in fines.

Who is Exempt from GDPR?

The GDPR does not apply to anyone who stores or uses person’s data for personal use – like if you maintain a personal database of contacts, and some of them happen to be people who live in the EU.

It also doesn’t apply to anonymous persons or dead people.

Complying with the GDPR

I have read the GDPR from cover to cover (260 pages). A significant amount of my work in early 2018 will be related to GDPR compliance – starting with my own company

My rule for my email list is people add themselves. It’s disrespectful when companies add you to their email list without consent, so I don’t do it. As a result, I have no idea where most of my subscribers are located. I have assume at least one of them is a person who resides in the EU, therefore the GDPR applies.

For the next few weeks, I’m going to be breaking down this law into it’s requirements and applying them to my business so I can, in turn, educate and help other companies modify their policies and practices before the law goes into effect on May 25, 2018.

This is not a law that companies can easily comply by adding a new paragraph to their terms of service. It will change their tactics and approach to content marketing.

If you want more information about GDPR, please watch this site and my YouTube channel because I’m creating a substantial amount of content on this topic. You can also send me an email (Note: I can’t give advice to non-clients). I use my mailing list to I share my thoughts about being a lawyer/entrepreneur, updates about projects I’m working on, upcoming speaking engagements, and I may provide information about products, services, and discounts. Please add yourself if you’re interested.

You can also connect with me on TwitterFacebookYouTube, or LinkedIn.

If You’re Going to “Wing It” as an Entrepreneur

“Yay!!” by Subharnab Majumdar from Flickr (Creative Commons License)

Plenty of entrepreneurs start out as a person or two, a business idea, and a shoestring budget. They know their craft but have limited or not experience starting or running a business. They don’t know what they don’t know – and that’s what gets them into trouble.

Many entrepreneurs employ the “we’ll learn as we go” approach to operating a business. Often times these are smart people, but if they get too focused on doing their business that they don’t take care of business within their operation, it can lead to costly mistakes: thousands of dollars in legal expenses and painful heartache to try to fix a problem that was completely avoidable.

Real-Life Facepalm Moments
I’ve had countless times where a business owner comes to me for help and I cringe and think, “We could have helped you avoid this if you had come to us sooner.” This is just a sample of my facepalm moments as a lawyer:

KAWS “At This Time” Sculpture by Guilhem Vellut from Flickr (Creative Commons License)

  • Owners who don’t create a business entity: put their personal assets at risk if the business gets sued;
  • LLC with multiple owners and no operating agreement: painful business “divorce” when things didn’t work out between owners;
  • Filing a trademark application with the USPTO that wasn’t trademarkable: the application might have had a chance if the description of the products and services was written more effectively;
  • Not filing a trademark and your competition files a trademark application that’s confusingly similar to or the same as yours: costly to make a claim against them and it may not be successful, which could force you to rebrand even though you were using it first;
  • Flawed customer contracts: doesn’t fully protect the company’s interests or address all likely contingencies;
  • Hiring a third-party contractor without a contract: if the person is hired to create an original work for the company, the company won’t own the copyright in what they hired the person to create and may have to pay to acquire it;
  • Working without a contract: so many problems. Whenever I get a call about a business deal gone bad, my first question is usually, “What does your contract say?” (Ideally, you want to be in a situation where, if the other side doesn’t perform as you agreed you can essentially respond with, “F*ck you, pay me.”)

If You’re Going to “Wing It”
If you are starting a business, my unsolicited advice is “Do your homework.” Invest the time to learn what goes into running your business and figure out what you don’t know. Reach out to established entrepreneurs to ask for their advice and avail yourself to resources in your community. In Arizona, we have dozens of these organizations like Arizona Small Business Association, Local First Arizona, and SCORE.

Even if you don’t think you can afford it, look into hiring a business and intellectual property lawyer for an hour. Bring them your ideas of what you want to do, and ask for their recommendations on how to make it happen. A good lawyer will respect your budget and tell you what you can do yourself and what you should hire a lawyer do for you. They can also recommendations resources to help you based on their experiences helping others.

If I’ve learned one thing as a lawyer it is that it’s easier and cheaper to prevent problems than to fix them.

True Story
Years ago, I worked with a new company where the owners hired me to create their operating agreement. I asked a lot of questions about things like intellectual property rights, compensation, and worst-case scenarios (e.g. disability of an owner) to create custom provisions for this document.

A few years later, the owners realized it wasn’t working out between then and decided to part ways. Their operating agreement dictated how they would address this situation, and they hired us again to revise the agreement to account for the exit of one of the owners. The process was professional, respectful, and cost-effective. I’m sure there were hurt feelings on both sides, but having this operating agreement helped the owners mange them and made for a smooth transition.

If you want more information about the legal dos and don’ts of starting and running a business, you can send me an email (Note: I can’t give advice to non-clients), and I maintain a mailing list where I share my thoughts about being a lawyer/entrepreneur, updates about projects I’m working on, upcoming speaking engagements, and I may provide information about products, services, and discounts. You can also connect with me on TwitterFacebookYouTube, or LinkedIn.