Home > Publications > Blog > Archive
WHD Blog


Latta Introduces New Patent Marking Legislation

by Mindi Giftos, posted Tuesday, October 12, 2010

Recently, Congressman Bob Latta (R-Bowling Green) introduced new legislation in response to the wave of patent marking lawsuits that have been filed since the Federal Circuit issued its decision in Forest Group v. Bon Tool, which increased possible damages for violations to potentially $500 per article (as opposed to $500 per violation). The legislation, H.R. 6352, the Patent Lawsuit Reform Act of 2010, would revert back to the standard that courts were applying prior to Bon Tool and violators of Section 292 of the Patent Act would be fined a single $500 fine if found guilty of false patent marking. The legislation will also require the individual bringing the false marking lawsuit to have suffered actual harm to have standing. Currently, any individual may bring a claim on behalf of the United States for false patent marking.
“Because of the Forest Group decision, this legislation is now needed to help companies fend off frivolous lawsuits and strengthen current law. During this time of economic uncertainty, companies should not have to worry about expending additional resources on lawsuits based on one court’s interpretation of current law,” Latta stated after introducing the legislation.
The full text of the legislation is not yet available, but you may track the bill's progress and read the press release here.

Partnership Matters #2: If We Are Deadlocked, is the Business Dead?

by Michael J. Klinker, posted Wednesday, September 29, 2010

Consider this common scenario. The business is owned 50%-50% by the two owners.  Their relationship becomes strained and they cannot agree on how to manage the company.  What happens?  In most governance structures, if there is a deadlock, nothing happens. As a practical matter it may be difficult or impossible for the business to: borrow money; lease space; hire a key employee or otherwise expand. Many business owners believe no growth is synonymous with a slow road to winding up and closing down.
Corporate and limited liability company statutes typically allow for a remedy in these circumstances, but it is drastic. An owner can go to court and ask a judge to order that the business be dissolved. Does this make sense in the case of a profitable business? Most people would find that to be a remedy of last resort.
This does not have to be the case. Agreements among business owners can provide various constructive means to resolve deadlock. The possibilities range from facilitative processes which have as their endgame a solution where the deadlock is solved and the owners remain together, to evaluative processes where the endgame is to have a buyout and the owners go their separate ways. Within these categories, there are numerous alternatives. Deadlock does not have to mean the death of the business.
In your business, what would happen if nothing happens?

Partnership Matters #1: Good Agreements Make Good Partners

by Michael J. Klinker, posted Monday, September 13, 2010

When starting a new closely held business, clients often say, "I need a buy-sell agreement." Or, they may present us with an agreement found somewhere else and ask, "Is this a good agreement?" In either event, they skipped a step in the process. An agreement among owners (business partners) is a good agreement if it meets their expectations about what happens under different circumstances. While much of the attention is often focused on an owner's exit at some point in time, many things can happen along the way. An important first step is to think about the entire life cycle of the relationship and how it should work.
Clients should consider three broad categories of issues: (1) formation; (2) operation and governance; and (3) the exit. 
  1. Formation issues relate to what each partner contributes and what do they get for that contribution. Does everyone contribute cash? Do people contribute other tangible or intangible property? What about a contribution of services? Are owners required to fund future operations through additional capital contributions? What percentage ownership does each partner receive?
  2. Operational issues are about decision making. Who gets to decide things? Do you require a majority or unanimous vote? Is the authority to decide different for smaller issues than it is for bigger issues? How do you resolve deadlocks or tie votes?
  3. Finally, the exit issues should take into account (1) the identification of what events trigger an obligation or an option to exit the business; (2) what is the price or how is price determined; and (3) the payment terms. 
These issues are the same whether the business is formed as a partnership, corporation or limited liability company. Answers can vary widely based on people and circumstances. We find that business partners who take the time to consider these issues have agreements that meet their expectations and enjoy a more stable business relationship. How complete are your agreements with your co-owners?

Partnership Matters: A blog on legal topics concerning business partnerships

by Michael J. Klinker, posted Sunday, September 12, 2010

"Partnership Matters" is a blog for postings and comments about legal topics and recent developments concerning business partnerships. By business partnerships, we mean all closely held businesses where the number of co-owners is small and the practical and legal expectations of the owners are more specific and customized. As a legal matter, these relationships may be established as partnerships, limited liability companies or corporations. 
A successful business relationship is one that meets the expectations of the parties. Business partners often have expectations of each other beyond the initial contribution of money. Successful and effective business partners seek to define and articulate those expectations on an ongoing basis. They also build companies with structures that can accommodate change over time. Ultimately that change may involve ending the partnership. This blog will address the many topics related to these issues from a legal perspective.
All Partnership Matters blogs postings are part of our Corporate Transactions & Business Acquisitions blog.

Federal Circuit Raises the Stakes in Patent Marking Cases

by Mindi Giftos, posted Thursday, September 02, 2010

On August 31, 2010, the United States Court of Appeals for the Federal Circuit issued its decision in Stauffer v. Brooks Brothers. In its opinion, the Federal Circuit held that the plaintiff patent attorney did have standing to sue Brooks Brothers as a qui tam plaintiff. The court also held that the United States had a right to intervene in the patent marking case. This much anticipated decision is likely to embolden would-be patent marking plaintiffs and the number of patent marking lawsuits will undoubtedly continue to grow. If your company has not yet completed product review to ensure markings are correct and up-to-date, now is a very good time to do so.

Imitation is the Strongest Form of Flattery: Just How Strong is the FACEBOOK Trademark?

by Christian Lavers, posted Wednesday, September 01, 2010

In what will be a test of just how broad the scope of protection of the FACEBOOK trademark is, Facebook, Inc. has filed suit against Teachbook.com LLC for trademark infringement and related causes of action in the Northern District of California.  Teachbook.com LLC operates a social networking site for educators and teachers (http://www.teachbook.com/), which according to Facebook is deliberately and willfully misappropriating the FACEBOOK brand.  Facebook is arguing that if third parties can use any "generic plus BOOK" mark for online networking services, the word "book" will become generic for online community services, thereby diluting the FACEBOOK trademark.  Key to this argument is Facebook's position that the word "book" is highly distinctive as used in the context of online communities and networking sites.  Further supporting Facebook's complaint, Teachbook touts its service as a substitute for Facebook on its website.  However, the USPTO saw no likelihood of confusion when they approved Teachbook's federal trademark application in September of 2009.  (Facebook has opposed this registration as well.)
This should be an interesting case in evaluating the scope of protection of famous marks.

Federal Data Security Law... Take Three!

by Christian D. Lavers, posted Tuesday, July 20, 2010

On July 14, members of Congress introduced a proposed federal data security law for the third consecutive Congressional session, even though the previous two versions of the bill were not acted on. The bill would require businesses to implement, maintain, and enforce reasonable data security policies and procedures, and would apply to all businesses regulated by Gramm-Leach-Bliley, businesses covered by the Fair Credit Reporting Act, and the big catch-all—businesses that maintain or communicate sensitive account or personal information in providing services to covered financial entities. Importantly, the bill would pre-empt the 46 different state laws on data security that already exist—eliminating the conflicting standards that exist today, and closing the gaps where no such law exists.  The bill would only require notification to consumers of breaches of security when harm was reasonably likely—not automatically after any breach. A good idea whose time has come?  We will see...

False Patent Marking: There Must Be an Intent to Deceive

by Melinda S. Giftos, posted Thursday, June 17, 2010

In December 2009, the U.S. Federal Circuit Court of Appeals issued a landmark decision, Forest Group v. Bon Tool Inc., holding that the statutory penalty of up to $500 for false patent marking should be imposed for each article falsely marked, as opposed to each patented product at issue.  As a result of this decision which sanctions potentially huge damage awards, false patent marking lawsuits have begun pouring into the courts.
However, last week in Pequignot v. Solo Cup Company, the Federal Circuit held even though marking products with expired patent numbers does constitute false patent marking, a plaintiff cannot prevail in a false marking case unless the false marking was done with intent to deceive the public. The required intent must be more than mere knowledge that the patent marking is false. A defendant can rebut a presumption of intent to deceive by providing "credible evidence that [the] purpose was not to deceive the public." Such evidence could include relying on the advice of counsel, or reducing business costs when remarking products constantly would be heavily burdensome. This case does provide some good news for patent holders as it will be more difficult for patent mismarking plaintiffs to recover the large amounts of potential damages if there is no evidence of an intent to deceive the public.

D-Day for Nonprofits Starts on May 17

by Douglas A. Pessefall, posted Wednesday, May 12, 2010

Nearly all tax exempt or nonprofit organizations (other than churches) are now required to file an annual information return or notice with the Internal Revenue Service (IRS)—even small organizations (those with annual gross receipts of $25,000 or less) that have not traditionally been required to file Forms 990 or 990-EZ and even non-charitable organizations. If any type of nonprofit organization does not file as required for three consecutive years (beginning with taxable years that began on or after January 1, 2007), then a provision that was tucked away in the Pension Protection Act of 2006 provides that the organization’s exempt status is automatically revoked by operation of law. To view the full article, click here.

Shortcomings of the UDRP and Domain Name Disputes

by Christian D. Lavers, posted Monday, May 03, 2010

The Uniform Domain Name Dispute Resolution Policy (UDRP) was designed to provide a quick, low-cost arbitration-like process for resolving domain name disputes.  Governed by the World Intellectual Property Organization, a UDRP complainant must establish that (i) the domain name at issue is confusingly similar to their trademark, and (ii) that the domain name is used in bad faith. While the UDRP is effective in many situations, the case Volvo Trademark Holding AB v. Volvospares.com illustrates one of its big problems—proving bad faith in "grey areas."
In this case, the domain name www.volvospares.com was used to sell low-priced parts for Volvo cars; the problem was that the registrant had no connection with Volvo. When Volvo filed a complaint under the UDRP, the arbitrator did not find the domain to have been registered in bad faith because the website had a disclaimer that it was not related to Volvo, and there was no other proof of misrepresentation. However, when Volvo filed a federal cyber-squatting complaint, where the discretion of the judge is far broader, Volvo won transfer of the domain name. The court found what should have been clear in the UDRP—there was intent to divert sales using the Volvo mark.
The case illustrates one of the problems with the UDRP. While the UDRP is very efficient and effective in open-shut cases, it is often better to file a cyber squatting complaint where more complex issues of fact will arise.

Provena Covenant Loses Exemption Fight in Illinois

by Douglas A. Pessefall, posted Tuesday, March 23, 2010

In a case that spanned eight years and was closely watched by hospitals and tax practitioners throughout the country, the Illinois Supreme Court ruled on March 18, 2010 in Provena Covenant Medical Center v. Illinois Department of Revenue, No. 107328, that the hospital in Urbana, Illinois was not entitled to an exemption from property taxes. As nonprofit organizations (and nonprofit hospitals in particular) come under greater scrutiny and pressure to justify their tax exemptions, the Provena decision sounds yet another alarm.
To view the full article, click here.

HIRE Act Signed into Law: Summary of Selected Tax Provisions

by Douglas A. Pessefall, posted Tuesday, March 23, 2010

On March 18, 2010, President Obama signed into law H.R. 2847 as the Hiring Incentives to Restore Employment Act (HIRE Act). The HIRE Act contains hiring and business stimulus provisions that are intended to encourage businesses to hire and retain unemployed workers, and anti-abuse provisions that are intended to improve tax compliance by deterring individuals from hiding assets oversees. This article summarizes four of those provisions: (1) payroll tax holiday; (2) tax credit for retained workers; (3) increased Code Section 179 expense limits; and (4) disclosure of specified foreign financial assets.
To view the full article, click here.

Rescuecom Drops Google Adwords Lawsuit After Six Years of Litigation

by Melinda Giftos, posted Tuesday, March 09, 2010

After six years of battling with Google in the courtroom over Google's sale of Rescuecom's trademarked adwords, Rescuecom has dropped its trademark infringement lawsuit.
As we previously wrote, in April 2009, the Second Circuit Court of Appeals held that Google's sale of trademarked adwords constituted "use in commerce."  This holding was a major victory for Rescuecom as some courts had previously been readily dismissing adwords cases on this issue at the very early stages of litigation.  The case was remanded to district court where Rescuecom next had to prove that the sale of trademarked adwords also constituted "likelihood of confusion," the second prong of a trademark infringement action.  The case has been closely followed by both the business and legal communities since the issue of whether use of trademarked adwords can constitute trademark infringement is largely unsettled.
So why would Rescuecom simply drop its important case after years of litigation?
Apparently Rescuecom found itself on both sides of the adwords action.  Rescuecom purchased the Google adwords "geek squad" to optimize its own search engine ranking.  In October 2009, Best Buy demanded that Rescuecom stop using "geek squad" as an adword.  Rescuecom then quietly brought a declaratory judgment action in the Northern District of New York claiming that its use of the "geek squad" adwords was legitimate.  Best Buy counterclaimed, alleging trademark infringement and substantially the same allegations Rescuecom had asserted in its Google case.  That case is still pending.  It appears, however, that Rescuecom found it difficult to argue both sides of the issue.  Unfortunately, this means the Rescuecom case will not result in the precedent many were waiting for.
Interestingly, however, this issue is still percolating internationally.  In September 2009, the European Court of Justice's Advocate General issued an advisory opinion which held that use of trademarked keywords by Google or third-party users through Google's AdWords program did not constitute trademark infringement.  Instead, the Advocate General found that Google was providing information society services.  The advisory opinion, however, is not binding and several cases are still pending in European courts, including the heated adwords lawsuit between Louis Vuitton and Google.

Does Your Company Have a Social Media Policy? You Should ...

by Christian D. Lavers, posted Thursday, February 11, 2010

The use of social media in the workplace (Facebook, Twitter, Myspace, LinkedIn, etc.) is fraught with legal issues. Questions regarding ownership of information and data, potential copyright infringement risks, and personal privacy issues all intermingle when employees use employer-owned equipment to access and use social media. Concerns about confidentiality and trade secret information are raised when employees discuss company actions, plans, or decisions on social media. Additionally, the decision about how a company should interact with its customers in the social media marketplace is a difficult one. At the end of the day, there may be no one "right" answer—but there certainly are some wrong ones.
It is important that every company have a social media policy to address the risks and rewards of this new communication medium. Even the Florida State Bar is weighing in on the issue, issuing an opinion on November 17, Op. 2009-20 whereby a majority of the Florida Supreme Court judicial ethics committee found "friending" between judges and lawyers to be inappropriate! While there is significant disagreement on whether this position is correct even among legal scholars, it illustrates the increasing importance of social media in all industries. Use of social media is a cutting edge issue that requires some significant thought by businesses of all size.

Another Step Towards Requiring More Security In Online Transactions?

by Christian D. Lavers, posted Friday, February 05, 2010

The case Patco Construction Co. Inc. v. People's United Bank d/b/a Ocean Bank, D. Maine, No. 2:09-CV-00503-DBH, 1/19/10) is one of several recent cases alleging breaches of online security in financial transactions that may provide some guidelines as to what constitutes "reasonable care" in online financial transactions. The case alleges that use of several "challenge questions" added no practical safety beyond a password, and that additional mechanisms such as authentication tokens are required to meet the commercially reasonable standard. (Commercial banks are required to take "commercially reasonable" steps to protect customers against fraud.)
This case could be one more step towards a requirement of multi-factor authentication in financial transactions.

Gifts and Grants to Foreign Organizations

by Douglas A. Pessefall, posted Monday, February 01, 2010

In today's global economy, charitable activities, like business activities, often go international. The recent earthquake in Haiti serves as just one example. However, there are unique issues that arise in the context of international charitable giving and grant making for the donor and the organizations the donors choose to support.
Charitable contributions that are made directly to a foreign organization by a U.S. individual are generally not deductible for U.S. federal income tax purposes. The same rule of non-deductibility applies to charitable contributions that are earmarked (or solicited by a U.S. organization) specifically for the use of a foreign organization. Some exceptions exist for contributions made to certain charities in Canada, Israel and Mexico. However, a U.S. organization may solicit charitable contributions for its own exempt purposes and, in turn, choose to make gifts or grants to foreign organizations (e.g., Haitian relief). The U.S. tax treatment of those gifts and grants will generally turn on whether the U.S. organization has discretion and control over the contributions it received—in other words, in receiving or soliciting the funds, the U.S. organization cannot be legally bound to use the funds abroad if the donor is to be entitled to a charitable deduction; whether the foreign organization has a determination letter from the Internal Revenue Service (recognizing the organization’s tax exempt status); how the foreign organization intends to use the grant; and/or whether the U.S. organization is a public charity or a private foundation.
To view the full article, click here.

Contribute Now for Haitian Relief and Claim the Deduction Last Year

by Tax Exempt Organizations Practice Group, posted Sunday, January 31, 2010

Charitable contributions of money made on or after January 12, 2010 and before March 1, 2010, for the relief of victims in areas affected by the earthquake in Haiti, are deductible on taxpayers’ 2009 federal income tax return, thanks to a change in federal law. Contributions of money include contributions made by cash, check, money order, credit card, charge card, debit card or by a cell phone text message (as long as the taxpayer retains a copy of the telephone bill showing the name of the donee organization, and date and amount of the contribution). The contribution must be made to a qualified organization and meet all other requirements for charitable contribution deductions.
For more information, visit the Internal Revenue Service website, at which you may also search for qualified charitable organizations. The state income tax treatment of charitable contributions may differ from the federal income tax treatment. In fact, the Wisconsin Department of Revenue announced that taxpayers are not entitled to claim on their 2009 state income tax returns a deduction for charitable contribution made in 2010, regardless of the change in federal law.

IRS Releases New Check Sheet for Audits of Nonprofit Organizations

by Douglas A. Pessefall, posted Friday, January 15, 2010

The Internal Revenue Service (IRS) recently released a “check sheet” for use by its exempt (or nonprofit) organization auditors to “capture data” about nonprofit organizations’ governance practices and internal controls as part of a long-term study into the relationship between nonprofit governance and tax compliance. A copy of the check sheet may be viewed at http://www.irs.gov/pub/irs-tege/governance_check_sheet.pdf. While the stated goal of the check sheet is to capture data for a study, the check sheet will likely serve as a road map or guide by auditors to probe deeper into an organization’s governance and management in an effort to ensure that the organization is organized and operated exclusively for its exempt purpose, that the organization serves a public purpose, that the organization’s assets are not inuring or benefiting private interests, and that the organization has not engaged in excess benefit transactions during the period(s) under audit. This article identifies the areas covered by the check sheet and concludes with recommendations to help ensure that your organization receives a passing grade.

The check sheet focuses on six areas.  To view the full article click here.

To Scrip, or Not to Scrip, such may be the question. . .

by Dennis J. Purtell, posted Friday, January 15, 2010

In recent years as a part of fund development efforts, many charities, particularly churches and private schools, have taken to participating in Scrip sales programs. Scrip programs involve the sale of certificates by or on behalf of the charity which may be redeemed at various commercial vendors for goods or services. Scrip brokers arrange with commercial vendors for the purchase or issuance of certificates whereby the merchants receive a payment below the face value of the certificates either directly from the charity or the broker. The charity then undertakes to sell the certificates to supporters for the face value. This generates a rebated benefit, often approximately ten percent (10%) of the face value. The programs have come into question in that a series of tax concerns are posed by the process.
To view the full article, click here.

Illinois to Allow the Organization of Low-Profit Limited Liability Companies

by Douglas A. Pessefall, posted Friday, January 15, 2010

Effective January 1, 2010, Illinois will begin allowing the organization of low-profit limited liability companies or L3Cs.  An L3C is a hybrid business structure that offers an alternative to for-profit and nonprofit companies by combining the pass-through tax advantages of a traditional limited liability company with the social advantages of a nonprofit. Michigan, Vermont, Wyoming, Utah and North Dakota have also adopted statutes allowing the organization of L3Cs.
The L3C structure also provides a vehicle for attracting investment in companies founded by social entrepreneurs who may be more interested in promoting social, cultural or environmental changes than making a profit.  Moreover, the L3C structure is intended to facilitate program-related investments (PRIs) by private foundations in for profit companies. 

Technology Transfers Involving Nonprofit Organizations: Special Tax Considerations

by Douglas A. Pessefall, posted Friday, January 15, 2010

Many larger nonprofit research institutions have offices that are devoted to the transfer, development and commercialization of intellectual property, such as patents and copyrights. In today’s regulatory environment, however, the activities of nonprofit organizations (in particular, colleges and universities) are being closely scrutinized by the Internal Revenue Service (IRS) and other state and federal government agencies. For example, in 2008, the IRS mailed compliance questionnaires to more than 400 colleges and universities to identify the types and amount of revenue generated by various activities, management and governance practices, and other areas that may be ripe for future compliance efforts. The survey of colleges and universities serves as one additional example of the growing emphasis on nonprofit governance.
Against this backdrop, nonprofit organizations that are engaged in technology transfer activities (and their commercial partners) should keep in mind some of the special tax considerations that may arise in connection with incoming and outgoing transfers of intellectual property.
To view the full article, click here.

Court Confirms that No Trademark Registration is Required to Pursue an Anticybersquatting Case

by Christian D. Lavers, posted Monday, December 21, 2009

The US District Court for the Central District of California confirmed that the trademark ownership that is necessary to pursue a claim under the Anticybersquatting Consumer Protection Act (ACPA) does not require ownership of a federal trademark registration. (See Monex Deposit Co. v. Gilliam, C.D. Cal., No. CV 09-287, 12/3/09.) In making this decision the court recognized that common law trademark rights and ownership will support an ACPA claim even if the trademark owner has not obtained a federal trademark registration. While this decision is not surprising based on the language of the ACPA statute, (which requires trademark ownership, not specifically registration), it provides case law for common law owners to rely on in asserting these claims.
The court also held that the fact that a third party may own a registration for the same mark at issue but on different and distinctive goods and services, (thus preventing confusion between the marks), will not prevent assertion of an ACPA claim by a common law trademark owner. This decision is also consistent with federal trademark law, but provides further ammunition for common law trademark owners in ACPA suits, and presumably in UDRP actions and other domain name dispute resolution procedures.

Beware of Trademark Registry Scams

by Melinda Giftos, posted Wednesday, November 18, 2009

Have you recently received an invoice for an international trademark registration fee and wondered in which country the mark was registered? Was the invoice legitimate looking, yet somewhat confusing? Were you wondering why you received the invoice directly rather than through your trademark attorney? Hopefully you thought about all of the above and inquired into the situation a bit more. The sad reality is that there are several overseas organizations, such as http://www.patentonline.org/, which use these types of letters and their hoax websites to extort money from unwitting businesses. You are more likely to become duped if you have a large, international trademark portfolio, so registration and maintenance costs are nothing out of the ordinary; or if you typically handle all such fees directly in house.
A client recently received an invoice for the registration fee of one of its marks for almost $2,500 from the "Register of International Patents and Trademarks." It contained a drawing of the client's trademark with a registration number (which coincidentally corresponded with the client's U.S. Reg. No. for the mark) and a "Published" date (which corresponded to the U.S. Registration Date). The fine print:
"Dear madam, and sir, the publishing of the public registration of your patent is the basis of our offer. We offer the registration of your Patent dates in our private Database. ... Our offer will be accepted, with the payment of the amount, and becomes a binding contract between you and ODM srl, is irrevocably binding for one year. Please notice that this private registration hasn't any connection with the publication of official registrations, but is a solicitation without obligation to pay, unless our offer is accepted...."
Had they paid the fee, they would have received registry in nothing more than an unofficial, private registry. It was a scam. The clear lesson is to always carefully review invoices and correspondence such as this. If you receive any invoices for trademark or patent fees, carefully review the invoice to ensure it matches up with your company's trademark portfolio. Be vary of invoices that do not clearly indicate a known patent and trademark registry, such as the U.S. Patent and Trademark Office. If your attorney has assisted you with the trademark application/registration, you should not be receiving invoices directly. Last but not least, always read the fine print. Of course, if you have any doubt, be sure to consult with your trademark attorney to verify whether it is legitimate. While you would never want to miss an important fee deadline, you certainly do not want to fall prey to this type of scam.

Court Rejects Settlement Proposal for Data Breach Case Stating There is No Benefit to the Victims

by Christian D. Lavers, posted Wednesday, November 04, 2009

The District Court for the Northern District of California rejected a proposed settlement in a class action data breach case against TD Ameritrade Inc., stating that the settlement provided no value to the class. In re TD Ameritrade Accountholder Litig., N.D. Cal., No. 3:07-cv-02852-VRW, 10/23/09.) TD Ameritrade suffered a data breach in 2007 where the personal date of approximately 6 million customers was hacked into. The rejected settlement provided approximately $1.9 million in attorneys' fees but no financial award to the class. The judge stated that requirements in the settlement for TD Ameritrade to conduct data security tests and hire independent experts to analyze the breach were measures any responsible company would take independent of litigation, and that the data security software that would be provided to the victims was available at no charge online already. TD Ameritrade suffered a data breach in 2007 where the personal date of approximately 6 million customers was hacked into. The rejected settlement provided approximately $1.9 million in attorneys' fees but no financial award to the class. The judge stated that requirements in the settlement for TD Ameritrade to conduct data security tests and hire independent experts to analyze the breach were measures any responsible company would take independent of litigation, and that the data security software that would be provided to the victims was available at no charge online already.
In a rapidly evolving area of law, this case indicates that it may be harder than you think to "get out of" a data breach case once it is initiated, providing yet another reason to get the right security in place at the outset.

Red Flag Rules Take Multiple "Hits"

by Christian D. Lavers, posted Wednesday, November 04, 2009

On October 30, 2009, the FTC decided for the second time to extend the enforcement date of the "Red Flag Rules"—this time to June 1, 2010. This decision comes as the ranks of the critics of the rules continues to grow. On the litigation front, on October 29, 2009, the District Court of the District of Columbia granted a permanent injunction preventing the FTC from enforcing the Red Flag Rules against attorneys. On the legislative front, on October 20, the House of Representatives passed a bill that would exclude health care practices, accounting practices, and legal practices with 20 or fewer employees from the Rule, and would also exempt any business: (i) where all the clients or customers were known individually; (ii) that only perform services in or around residences of their customers; or (iii) have not experienced identity theft and are in an industry where identity theft is rare.
The continuing extension of enforcement dates, the pending legislative modifications, and the success of legal challenges mean that the Red Flag Rules, when they are eventually enforced, will likely apply to a smaller number of businesses, and will likely have additional provisions that "water-down" the requirements.

FTC Active in Enforcing Online Security Requirements Regarding Personal Information

by Christian D. Lavers, posted Thursday, October 22, 2009

Choicepoint has agreed to pay $275,000 to the FTC, and to conduct bi-annual assessments of their information security program and provide these assessments to the FTC for 20 years, in a modified settlement order issued by the Northern District of Georgia stemming from charges brought by the FTC related to Choicepoint's violations of a previous court order requiring implementation of a comprehensive information security program. The modified settlement order also imposes additional reporting obligations on Choicepoint regarding changes in corporate structure that may impact compliance, bi-monthly reporting on security incidents and the responses to them for the next two years, and other detailed reporting and record-keeping requirements.
In 2005, Choicepoint suffered a data breach that resulted in at least 800 cases of identity theft, imposition of more than $15 million in fines and damages, and a court order to maintain a comprehensive data security program. In 2008, this security program was significantly weakened when a key electronic security tool was turned off for four months resulting in additional data breaches. Choicepoint self-reported the breach, which resulted in the modified settlement order.
This order illustrates the point that the FTC is becoming more active in enforcing information security requirements—and once they start looking into your business, it may be hard to get them out.

Mattel and Fisher Price Agree to Landmark Settlement of Consumer Product Lawsuits

by Melinda Giftos, posted Tuesday, October 20, 2009

In 2007, Mattel and Fisher-Price introduced over 2 million defective toys into the consumer marketplace which were manufactured in China and contained illegal levels of lead. Because lead can cause irreversible brain damage, the toy companies ended up recalling  more than 21 million toys. This week, Mattel and Fisher-Price have agreed to settle the 22 resulting class action lawsuits filed against them, which would compensate millions of families who purchased the defective toys. If approved by the court, this landmark settlement could exceed $50 million. This comes on the heels of Mattel paying $12 million to 39 states to end investigations into lead content in toys and a $2.3 million civil penalty imposed by the federal government for exceeding legal lead paint limits.
It was the influx and subsequent recall of these defective toys that prompted significant governmental and consumer demands for higher safety standards. In fact, this recall prompted the U.S.'s implementation of the Consumer Product Safety Improvement Act of 2008, a dramatic piece of legislation which has awakened the Consumer Product Safety Commission and has required many businesses to implement dramatic new safety standards, which include lower limits of lead and phthalates, third party testing, warning labels and packaging standards which improve the efficiency of recalls. Ironically, the government has recently exempted Mattel from the third party testing requirement and allowed Mattel to conduct its own internal testing.
The Consumer Product Safety Act is still under development and affects a significant number of consumer products, particularly children's products.

Simply Complying with PCI May Not Be Enough To Prevent Data Breach Claims

by Christian D. Lavers, posted Wednesday, October 14, 2009

Heartland Payment Systems, the fifth largest payment processor in the United States, is the defendant in a class action lawsuit brought by nine banks and credit unions claiming that Heartland did not do enough to safeguard against security breaches. (See In re: Heartland Payment Systems Inc. Data Security Breach Litigation, S.D. Texas, No. 4-09-md-02046, 9/23/09.) Heartland's system was breached by hackers beginning in late 2007, resulting in the theft of personal financial information associated with millions of credit and debit cards, resulting in large expenses by the associated banks and credit unions that issued the cards—costs associated with destroying comprised cards, issuing new accounts, reimbursing consumers for fraudulent transactions, etc. Heartland's system was breached by hackers beginning in late 2007, resulting in the theft of personal financial information associated with millions of credit and debit cards, resulting in large expenses by the associated banks and credit unions that issued the cards—costs associated with destroying comprised cards, issuing new accounts, reimbursing consumers for fraudulent transactions, etc.
Interestingly, Heartland was compliant with the Payment Card Industry Data Security Standards (PCI-DSS) at the time of the hack. The PCI-DSS are standards issued by the major credit card companies requiring certain security standards and data management protocols by vendors using or accessing credit card information. (The standards are available at www.pcisecuritystandards.org. The complaint alleges that Heartland knew before the hack that the "bare minimum PSI-DSS standards were insufficient to protect it from attack by sophisticated hackers." In fact, according to the complaint, a statement made by Heartland in a 2008 Earnings Call acknowledged the need for greater data security beyond the PSI-DSS.
The case goes to show the continued need for online vigilance in the financial industry. It also raises a warning: don't simply rely on standards developed by others for your own security; be pro-active and go beyond what the baseline requirements may be.

Novel Applications of Trademark Law: "Reflashing" Cell Phones Could Constitute Trademark Infringement

by Christian D. Lavers, posted Tuesday, October 06, 2009

The Northern District of Texas has held that the question of whether modifying a cell phone so that it could work on a third party's mobile phone network (or "reflashing" the phone) constitutes trademark infringement must be determined at trial—and not by summary judgment. The key question: does reflashing constitute "use in commerce" as required under the Lanham Act?
In the case, MetroPCS Inc. v. Virgin Mobile USA LP, MetroPCS took branded Virgin Mobile phones and "reflashed" them so that they could work on the MetroPCS cell network. The Virgin Mobile phones were originally locked so that they could only function on a Virgin Mobile cell network—and obviously the phones bear the Virgin Mobile trademark. Virgin Mobile is arguing that reflashing the phones to operate on a different network in effect creates new phones—thus satisfying the "use in commerce" requirement—and therefore the fact that the phones still bear the Virgin Mobile trademarks constitutes trademark infringement.
The case illustrates a novel application of trademark law, and while its ultimate success is still undetermined, it may open the door to new application of trademark law in the information technology arena.

Inadequate Security for Online Banking Customers Could Lead to Liability for Negligence

by Christian D. Lavers, posted Thursday, October 01, 2009

In Shames-Yeakel v. Citizens Financial Bank the Northern District of Illinois refused to grant summary judgment for a negligence claim brought by a banking customer using online banking services provided by Citizens who had $26,500 stolen when an unauthorized person logged into the account using the customer's username and password and transferred funds out of it. The plaintiffs alleged that Citizens breached its duty to sufficiently secure its online banking system by using only "single-factor authentication" for security. As opposed to "multi-factor authentication," single-factor authentication uses only one means of verifying identity—a username and password. The plaintiffs allege that Citizens should have also provided them with a "token" as another means of verifying identity—thereby using multi-factor authentication. (A "token" is a digital object either carried by the user or saved to the user's computer that verifies identity, for example by generating ever-changing pass-codes or by verifying that the computer being used is the computer linked to the user.)
To establish the "reasonable care" that should be provided in these transactions, the plaintiffs relied on a 2005 document created by the Federal Financial Institutions Examination Council entitled "Authentication in an Internet Banking Environment," which found "single-factor authentication, as the only control mechanism, to be inadequate for high risk transactions involving access to customer information or the movement of funds to other parties." (See the document at www.ffiec.gov/pdf/authentication_guidance.pdf.) The document went on to state that "[a]ccount fraud and identity theft are frequently the result of single-factor (e.g., ID / password) authentication exploitation." This was enough for the plaintiff's claim to survive summary judgment.
Interestingly, the bank was in the process of issuing tokens to its users at the time of the theft—but had not issued one to the plaintiffs yet. This case should raise alarm bells for any financial institution that offers online banking but relies on basic (e.g. outdated) security protocols. The court explicitly held that "[i]n light of Citizens' apparent delay in complying with FFIEC security standards, a reasonable finder of facts could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access."
This could be another case of "an ounce of prevention is worth a pound of cure." At the same time, keeping up with the latest in security threats can be a never ending job.

McDonalds Loses Trademark Infringement Suit Against McCurry's

by Christian D. Lavers, posted Tuesday, September 08, 2009

An 8-year legal battle ended last week between McDonald's Corp. and the restaurant McCurry over use of the prefix "Mc." McCurry is a restaurant in Kuala Lumpur that serves traditional Indian and Malaysian food, but with a "fast-food ambiance" (see mccurryrecipe.com/). McCurry describes itself as the "first Indian Fast Food Outlet" in Kuala Lumpur.
McDonald's sued McCurry in 2001 for trademark infringement for use of the prefix "Mc"—but the Malaysian Federal Court affirmed a lower court ruling last Tuesday that there was a distinguishable difference between hamburgers and curry ("McCurry" is short for Malaysian Chicken Curry according to the owners of McCurry).
Interestingly, the McCurry restaurant also uses a red and white color scheme, and also uses a smaller tagline under the name—which looks very similar to the "millions and millions served" tagline under the well-known McDonald's signs. Taken together—a stated intent to create "Western style fast-food ambiance", a similar color scheme, similar signage, and a similar name with the same dominant prefix—it seems a good argument that there was a clear intent to evoke the image associated with McDonald's. Perhaps a trade dress lawsuit would have been more appropriate than a straight trademark infringement suit based only on the word mark itself. In fact, if you look at the McCurry home page there is a video showing the interior of the restaurant—which looks almost identical to any McDonald's restaurant.

ABA Fights Implementation of the FTC's "Red Flag" Rules

by Christian D. Lavers, posted Monday, August 31, 2009

On Thursday, August 27, the American Bar Association filed suit against the Federal Trade Commission to prevent application of the FTC's new proposed "Red Flag" rules to lawyers and law firms (See the complaint at www.abanet.org/media/nosearch/1). The "Red Flag" Rules require that any business or entity that acts as a "creditor" create a policy and procedure to help prevent identity theft—even if the business is only acting as a creditor by billing for goods and services after the services are rendered or the goods are provided.
The FTC has had numerous problems in its attempted implementation of the rule, and recently postponed enforcement of the rule to November 1—its third such postponement. The problems have related to the incredible breadth of the rule, and its application to virtually every business and industry in existence.  The American Medical Association has also been a vocal critic of the rule as applied to doctors, (see www.ama-assn.org/ama/no-index/physician-resources/red-flags-rule.shtml), though they have not gone so far as to file a lawsuit.
While identity theft is a growing problem and needs to be addressed, the current version of the "Red Flag" Rules creates almost as many problems as it attempts to fix. Stay tuned for updates...

The Federal Circuit Overturns the TTAB's Standard for Fraud

by Melinda Giftos, posted Monday, August 31, 2009

Today, the Federal Circuit reversed the Trademark Trial and Appeal Board's ("TTAB") finding of fraud in Bose Corp. v. Hexawave, Inc., 88 USPQ2d 1332 (TTAB 2007).  In Bose Corp. v. Hexawave, Inc., the Bose Corporation was no longer manufacturing and selling audio tape recorders and players when it renewed its WAVE trademark for use with several goods, including the tape recorders and players.  However, Bose was still repairing its tape players and believed that such services constituted use in commerce of the mark.  The TTAB held it was not, and that by signing its renewal declaration of use, Bose had committed fraud on the Patent and Trademark Office ("PTO").  The TTAB then cancelled Bose's WAVE trademark registration.  Bose appealed the decision to the Federal Circuit, claiming that it had not engaged in fraud on the PTO.
The Federal Circuit held that even though Bose was incorrect in its belief that repairing tape players and recorders was appropriate use in commerce of the mark, it had not committed fraud.  The Federal Circuit reiterated the standard for fraud and held that subjective intent to deceive is required for fraud claims to invalidate a trademark registration.  Mere negligence is not sufficient.  By equating a "should have known" standard with subjective intent to deceive, the TTAB erroneously lowered the fraud standard to a simple negligence standard.  However, a trademark is obtained fraudulently under the Lanham Act only if the applicant or registrant knowingly makes a false, material representation with the intent to deceive the PTO.
This has been a long awaited decision and will certainly have an impact on the TTAB's increasing willingness to cancel trademark registrations for errors - whether intentional or not.  You may review the full opinion at: http://www.cafc.uscourts.gov/opinions/08-1448.pdf .

The Adword Wars Continue

by Melinda S. Giftos, posted Tuesday, August 18, 2009

In April 2009, the Second Circuit Court of Appeals issued a favorable ruling to Rescuecom, finding that Google's sale of adwords - which often include third party trademarks - constituted "use in commerce" of trademarks under the Lanham Act. The Rescuecom ruling has since prompted a flurry of lawsuits against Google, with claims that its sale of adwords to third parties and competitors constitutes trademark infringement.
These cases face a variety of challenges, however. One of the most difficult hurdles for plaintiffs will be proving a likelihood of consumer confusion - something none of them have yet done.  Another substantial obstacle is Google's aggressive defense of its Trademark Adwords Policy. Indeed, Google has taken a very proactive approach in the adword litigation arena.  In May 2009, a class action lawsuit was filed against Google in the Eastern District of Texas. After failing to serve Google for two months, Google turned the tables on its would-be opponent and filed a complaint in late July 2009 against the individual named in the class action seeking a declaratory judgment and a breach of contract claim.
That has not stopped the action, however. The newest trademark owner to join the adwords wars against Google is Flowbee International, Inc., who filed a complaint in the Southern District of Texas on August 13, 2009.
Stay tuned for more developments.

More Libel Claims Arising From Tweeting

by Christian D. Lavers, posted Thursday, August 13, 2009

A libel complaint was filed on July 29, 2009 in New York by administrators of a New York condominium building against residents and former employees that had "tweeted" that the administrators were involved in the death of the building's property manager, among other crimes. (See Neiditch v. Acar, N.Y. Sup. Ct., No. 09110783.) The plaintiffs have asserted 15 libel claims, and demanded $12,000,000 per claim. Interestingly, the plaintiffs have also named Twitter, Inc., as well as the registrar (GoDaddy), and a company that hosted blogs posting the communications (WordPress) as defendants.
This case, along with the recently filed Horizon Group Management LLC v. Bonnen will significantly impact the use and risks of social networking by companies and individuals. As communications technology develops, the intersection of new communication mediums and "old" legal concepts will inevitably create interesting case law... stay tuned for updates. In the meantime, keep your tweeting, blogging, and LinkedIn commentary positive...

Kappos confirmed as New USPTO Director

by Ted J. Barthel, posted Tuesday, August 11, 2009

With no notice to the public, and after the Senate was reported to have adjourned for their August recess, on Friday, August 7, 2009, David Kappos was confirmed as Undersecretary of Commerce for Intellectual Property and Director of the United States Patent and Trademark Office.  Prior to his confirmation, Mr. Kappos spent his entire career with IBM – both as an electrical engineer and later as a patent attorney. His most recent position at IBM was Vice President and Assistant General Counsel, Intellectual Property Law.
The intellectual property community is generally pleased with the Kappos nomination.  Mr. Kappos is seen as a patent office director who has a global perspective on intellectual property in view of 20 years of private sector experience at IBM.  Mr. Kappos appears ready to balance (i) innovative approaches to catch the  intellectual property system up to the twenty first century while (ii) maintaining the value of intellectual property.
Mr. Kappos received his Bachelor of Science Degree in Electrical and Computer engineering from the Universityof California Davisin 1983, and his law degree from the University of California Berkeley in 1990.  He joined IBM in 1983 as a Development Engineer and has served as an Intellectual Property Law attorney in IBM’s Storage Division and Litigation group, as IP Law Counsel in IBM Software Group, as Assistant General Counsel in IBM Asia/Pacific, and IBM Corporate Counsel and as Assistant General Counsel.

More Data Breach Laws Enacted

by Christian D. Lavers, posted Wednesday, July 29, 2009

Legal requirements surrounding data breaches continue to increase, with multiple states recently proposing new laws.
The North Carolina legislature has approved a revision to its breach notice statute that would require notification to the State Attorney General of any data breach compromising personal information, no matter how small (North Carolina State Bill 1017). (The previous version required notification to the State Attorney General only if the breach affected more than 1000 North Carolina residents.) The bill is expected to be approved by the Governor, and is available at www.ncga.state.nc.us/.
Missouri recently passed a data breach notification law for the first time which will become effective on August 28, 2009. The new law requires businesses and government agencies in Missouri to notify state residents if their unencrypted or unredacted computerized personal information is breached, provided there is a "risk of harm." If more than 1000 residents are impacted, the notification must also be provided to the State Attorney General. (Missouri House Bill 62 is available at www.house.mo.gov/).
Only five states remain without data breach notification laws: Alabama, Kentucky, Mississippi, New Mexico, and South Dakota. That may soon be a moot point, however, as Congress continues to consider enacting a variety of data security or breach notification laws that could pre-empt state law. Stay tuned for updates...

The Emerging Role of Technology Counsel

by Andy Schlidt, posted Wednesday, July 22, 2009

If you enjoy the intersection of technology, law, and commerce, this job is for you. Increasingly, companies are engaging Technology Counsel to manage legal issues arising out of the use or commercialization of new technologies. Daniel L. Pelc, Assistant General Counsel at Fios, Inc., called this one: my.advisor.com/doc/18750. Here’s what the job entails:
Job Description: Commercial lawyer with expertise in negotiating and drafting complex technology transactions; forming joint development arrangements; establishing joint ventures, distribution networks, and supply channels; managing IP portfolio; assisting in M&A due diligence; overseeing technology risk management and dispute resolution; managing regulatory compliance.
Increasingly, companies will bring this expertise in-house or they will look to outside firms to fill the gap. WHD developed a practice area to meet this need. See our service description at www.nationaltechnologycounsel.com/.

Texas Court Invalidates Arbitration Provision in Website Terms of Use Based on Unilateral Right to Modify

by Christian D. Lavers, posted Friday, April 24, 2009

The Northern District of Texas has held that arbitration provisions in website terms of use that also provide the owner of the site with the right to unilaterally change the terms are illusory and not enforceable. (See Harris v. Blockbuster, Inc., No. 3:09-cv-217-M, N. Tx. 4/15/2009). A key factor in the decision was the lack of any language to suggest that an amendment would be inapplicable to disputes arising before the amendment, or to disputes arising out of events occurring before the amendment. However, the court also noted that this reasoning does not only apply to attempts to apply modification to earlier actions, but instead is more generally applicable to the "ability to unilaterally change the rules of the game." This ability to change the rules at any time makes the contract illusory.
This case raises significant questions with respect to the enforceability of most website terms of use—which almost all provide the website owner with the ability to unilaterally modify terms effective upon posting the change.

TTAB Clarifies Open Issue Regarding Fraud

by Melinda S. Giftos, posted Thursday, February 05, 2009

The Trademark Trial and Appeal Board recently issued a precidential opinion clarifying the role of fraud in multi-class trademark applications. In G&W Laboratories, Inc. v. G W Pharma Limited, the Board held that multi-class trademark registrations can be viewed as a series of separate registrations with regard to each class of goods and services. In using that view, if one class is invalid due to fraud, only that class is affected, not the entire application.
G&W Laboratories represents a positive step by the Board in clarifying how the evolving "fraud" standard should be applied. While trademark registration owners need to continue exercising proper diligence in ensuring all information in trademark registrations are correct, they no longer have to fear the harsh penalty of losing trademark rights in an entire multi-class registration based on errors in single class.
To view the full G&W Laboratories decision, please click here.