GDPR Update – Step 3: Time to Update your Standard Contractual Clauses!

Welcome back to the Carney Law Privacy team’s blog on all things privacy-related. This post follows up on the steps needed to update Standard Contractual Clauses. As you have likely heard, in response to the Schrems II decision invalidating the Privacy Shield and to reflect Europe’s General Data Protection Regulation (GDPR), on June 4, 2021, the European Commission released the updated Standard Contractual Clauses (SCCs). As a reminder, the SCCs (old and new) are the mechanism permitting the transfer of personal data about data subjects located in the EU to entities located in most countries outside the EU.

How are the new SCCs different from the old ones?

The new SCCs are more flexible than the old versions, better reflecting the realities of how companies process data in today’s world. For one, they come in four modular versions:

Controller-to-controller
Controller-to-processor

Processor-to-controller
Processor-to-processor

The idea is that companies assess which of the four scenarios above applies to their transaction and implement the appropriate module into their definitive agreement or addendum, as needed.

Second, the new SCCs are not as rigid as the last versions, which companies were not permitted to adjust in any other ways to reflect the unique arrangement. For example, companies can now include the relevant clauses of the SCCs directly into a definitive agreement, rather than execute them separately, and supplement them with additional terms that do not contradict the requisite clauses or infringe upon data subjects’ rights. They are also deemed to meet the requirements of GDPR so that there is no need for a separate DPA with additional or supplementary terms.

How and when should you update your SCCs?

If you currently have your SCCs cross-referenced in a Data Processing Agreement (DPA), consider updating the reference in the DPA to reflect the new SCCs. This will include specifying who the data exporter and data importer are, and which of the above-referenced modules will apply. You may also choose to specify whether some of the optional clauses in the new SCCs should apply. These include specifying whether third parties can “join” the SCCs via a new docking clause, whether certain types of “onward transfers” are permitted (including to subcontractors), and whether the parties choose to use an independent dispute resolution body, among other things. You will also need to specify what law applies and in what jurisdiction disputes will be resolved. Finally, as was the case with the old SCCs, you are required to include details about the importer and exporter and must describe the processing activity taking place. Unlike the old SCCs, the new versions require the data importer (i.e., the entity in the US) to include in as much detail as possible a description of the technical and organizational measures implemented to ensure an appropriate level of security.

If you do not have a form DPA or are relying on a form of DPA that is now outdated, consider swapping out the DPA in its entirety with the new standard contractual clauses, or, for certain types of transactions, consider folding the SCCs directly into your definitive transaction agreement.

If you are entering into a new contract that involves the type of transfer discussed in this blog, you should be using the new SCCs as of September 27, 2021. If your contract is already in place and relies upon the old SCCs, then you have until December 27, 2022, to replace those with the new SCCs. This leaves you plenty of time to create a plan, review existing contracts and determine what needs to be updated between now then.

Which module should you pick?

Which of the four above modules you pick will depend upon whether you are the exporter (the entity sending data outside the EU) or the importer (the entity receiving the data from the EU). Most importantly, do you control the nature and means of the processing of information? Meaning, do you decide what to do with it, how to access and store it, with whom to share it, and how long you hold on to it? If so, you are likely the controller of the information.

Alternatively, are you acting upon the directions of your contractual partner and only using the information as needed to perform your commitments under the contract? If so, you are likely the processor. This can be a complicated exercise and can also depend heavily on the context of the processing, meaning that your entity might be a controller for certain purposes and a processor for others. It is never a bad idea to consult with legal counsel if you are not sure.

What else should you be thinking about?

Don’t forget the impact the updated SCCs may have on your internal infrastructure. For example, if you currently use subcontractors or other service providers to process personal data, then you will also need to update your agreements with them to ensure you are adequately meeting your obligations in the new SCCs. You may also be required to disclose their names in the new SCCs.

In some cases, the new SCCs may not be the most appropriate or best approach to the transfer at hand. In these cases, an alternative transfer mechanism might be preferable, such as binding corporate rules or reliance on one of the derogations available under article 49 of the GDPR (i.e., explicit consent).

A final word on data transfer impact assessments

One of the issues in the Schrems II case was the conflict between individual privacy and a foreign government’s ability to step in and access the personal data being transferred. The new standard contractual clauses include a risk-based method for assessing the likelihood of a government requesting or demanding access to this kind of data, with the idea being that if the risk of foreign government access is too great, the transfer may not occur. As part of this exercise, companies are documenting their risk analysis in Transfer Impact Assessments (TIAs). In our next post, we will take a closer look at these TIAs and provide you with some key takeaways, including whether you need one and what it should include.

As always, if you have any questions about the new SCCs, how to update your DPA or other agreements, or other privacy-related questions, please reach out to our privacy team! We routinely help clients make sense of these challenges and are happy to help you strategize best practices for your business model.

About Carney Badley Spellman, P.S.

Carney Badley Spellman is about Advocacy, Strategy, Results. Located in Seattle, we are a full-service law firm committed to exceptional client service and professional excellence. Our firm serves individuals and businesses of all types and sizes. Also, our attorneys work with closely-held companies to Fortune 500 corporations in the Pacific Northwest and across the United States. Although Carney Badley Spellman‘s location is in Seattle, Washington, we are proud to be a part of the Washington state community and communities across the nation.

For more articles like this please visit our websites: Privacy Blog, The Startup Law Blog, and Carney Law.

Catching up on Privacy News!

Welcome back to Shhhh…(a Privacy Blog). Lots have happened in the privacy world in the past few months, and we thought we’d catch our readers up on the biggest headlines.

Updated Standard Contractual Clauses

The first part of Step 2 involves taking the country list from Step 1 and determining whether the European Commission has found the privacy protections of those countries adequate under GDPR. Remember: this is for data exports outside of the European Economic Area versions. As a quick reminder, the SCCs continue to be the most common and, for many US-based companies, the most feasible transfer mechanism for transfers of personal data from Europe to the United States and to any other country without an adequacy decision from the European Commission. The updated SCCs are designed to reflect a broader range of data transfer scenarios, including processor-to-subprocessor and processor-to-controller transfers, and scenarios where the data exporter (the entity transferring data outside of the EU) is itself established outside of the EU. However, there is a lot to unpack about how to implement the new SCCs. For example, according to the European Data Protection Board’s recomm e ndations addressing cross-border data transfers, a company seeking to transfer data outside the EU must verify on a case-by-case basis whether the law or practice of the third-country importer might compromise the effectiveness of the SCCs. This verification process is lengthy and will be particularly impactful on smaller companies with limited resources to carry out the risk analysis, documentation, and monitoring it requires. Still, the additional guidance is a step forward. Could it eventually propel the US and Europe to reach a political solution? We will follow up on this topic with a separate post, in which we take a closer look at the transfer tools available for transferring data outside the EU and into the US, in particular the updated SCCs and the supplementary measures that must accompany them.

California Introduces New Privacy Tools

State-side, the California Attorney General’s office recently announced two newsworthy tools that may impact readers. The first is the Global Privacy Control (“GPC”), a universal widget that companies subject to the “Do Not Track” requirements can incorporate on their website to automate the process. This opt-out tool, developed by an independent group of stakeholders, allows users to automatically signal their privacy preferences to participating websites. Companies and businesses that have implemented a California Consumer Privacy Act (“CCPA”) “Do Not Sell My Personal Information” opt-out mechanism may want to consider taking advantage of the GPC. Will big tech companies lead the charge in adopting this tool? We shall see.

California also introduced the Consumer Privacy Tool, an interactive Q&A form on the Attorney General’s (“AG’s”) website designed to help consumers draft notices of non-compliance and send them to businesses directly, rather than relying on the AG’s office to do it. This notice, if properly sent, could in theory start the CCPA’s 30-day cure period during which a business must bring itself into compliance with the CCPA or face fines from the AG’s office. The tool is currently limited to failures to post “Do Not Sell” links on a business website, but could eventually be used to track other types of CCPA violations.

Colorado Joins the Privacy Pack

As you have probably heard by now, Colorado became the third state to pass a comprehensive data privacy law with the Colorado Privacy Act, scheduled to take effect on July 1, 2023. Colorado joins Virginia, where the Virginia Consumer Data Protection Act takes effect on January 1, 2023, and California, where the CCPA became operative on July 1, 2020, and where most provisions of the California Privacy Rights Act will take effect on July 1, 2023. Stay tuned as we unpack the main similarities and differences between each state’s approach to privacy and track movements in other states.

Pressure Mounts for a Uniform Federal Approach to Data Privacy

Finally, we want to share two pieces of news on the push for a uniform federal approach to data privacy. The Uniform Law Commission (the agency responsible for drafting laws that many states implement in all subject areas) has drafted and released an initial draft Uniform Personal Data Protection Act (“UPDPA”). The stated goal of the UPDPA is to provide a reasonable level of consumer protection without incurring the compliance and regulatory costs associated with regimes like California, Virginia and now Colorado. Designed for states to adopt as written or use as a model in creating their own legislation, the law would apply to controllers and processors conducting business in a state and maintaining personal data of more than 50,000 residents during a calendar year or earning more than 50% if gross annual revenue from maintaining personal data. Importantly, while the law would provide individuals with limited rights to access and correct personal data, it would not include a private right of action. We will be watching closely to see what happens next with the UPDPA.

Lastly, just last week U.S. lawmakers introduced a draft federal privacy bill, entitled “Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act.” If approved, the bill would require companies to post privacy notices and appoint a designated privacy officer, would give consumers subject access rights similar to those currently found in California, Virginia, and Colorado, and would require businesses to conduct a privacy impact assessment for risk data processing activities. The bill would also give enhanced powers to the Federal Trade Commission.

Stay tuned for more privacy news from the Carney Badley Spellman team of privacy attorneys.

Have questions? Please contact us at privacygroup@carneylaw.com for more assistance! Or visit us at Carneylaw.com

Disclaimer: this post is for informational/educational purposes only. It is not intended to provide any legal advice.

The GDPR Update – Step 2 for Updating Your SCCs

Readers of our first post, GDPR update in this series, have already worked through Step 1: Transfer Mapping. Part of that step was determining what countries you’re exporting data to. Now, we move onto step 2: Transfer Tools. Truth be told, Step 2 is really two parts. So, go grab your country list from your transfer mapping project and get ready to review!

Step 2.a – Determining Whether the Countries You Export Data to Have Adequate Protections in Place

What if I transfer data to countries outside the EEA?

If you transfer data outside the EEA, you’re in good standing if the European Commission has issued an adequacy decision in favor of that country. Careful though, as sometimes the adequacy decisions pertain to only part of a country.

The European Commission maintains its list of adequacy decisions here. As of the writing of this post, the European Commission has stated the following countries have adequate protection: Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, and Uruguay.

If you’ve reviewed your list and have found that all of your countries are either EEA countries or have adequacy decisions in their favor, you’re done! But what about all the other countries? Like (gulp) in the US? If you’ve got one or more of them on the list, keep reading.

Step 2.b – Do Your Transfer Tools Provide Appropriate Safeguards?

Let’s start by answering the obvious question: what is a transfer tool? A transfer tool is a written safeguard (e.g., a contract) that governs how the data is moved from country to country.

If you’re exporting data to a country that’s not in the EEA or hasn’t received a positive adequacy decision, you’ll need to make sure you’ve got these safeguards in place. Per Article 46 of the GDPR, these safeguards include:

A legally binding and enforceable instrument between public authorities or bodies;
Binding corporate rules;
The standard data protection clauses;
An approved code of conduct; or
An approved certification mechanism.

The idea is that these transfer tools will help level the data protection playing field. The data subjects will essentially get the same protection outside the EEA as they will inside the EEA.

Ready to find out if your transfer tools are adequate? Check back in soon for our post on Step 3: Transfer Tool Assessment, and feel free to contact me with any questions.

By: Ashley Long

GDPR Update – The Standard Contractual Clauses Are Getting a Makeover

Last week the European Commission announced that the Standard Contractual Clauses (the “SCCs”) are being updated. These changes primarily apply to entities exporting data out of the European Economic Area. Starting in 2021, whether you’re a controller or a processor (or both!), you’ll need to make certain your SCCs and your data export policies are compliant with the new laws.

The good news is that data exporters will have all of 2021 to align with these new obligations. To ensure data exporters don’t have to start from scratch, the European Commission has provided recommendations to ensure compliance.

Step 1 – Transfer Mapping

Curious about where to start? Step 1 is to create a road map of where the personal data exported by your company goes. Data exporters should review their existing data relationships. Whose data are you exporting? What personal data does that export include? Which countries are receiving the exported data? What are your reasons for exporting that data?

You also need to think about the downstream data use. For example, if you’re a processor, are you transferring personal data to a sub-processor who’s located in a third country? Are THEY transferring that data to another party in a different country? Remember that a “transfer” can be something as routing as cloud storage or support services outside the EEA.

This can be a strenuous task for companies that export a lot of personal data out of the EEA. However, the transfer mapping is an absolutely essential first step in knowing what actions – if any – you’ll need to take with your existing data agreements and internal practices.

Next Steps – Transfer Tools and Assessments

There’s more to do after you’ve completed your transfer mapping project. If you’ve mapped any personal data being exported out of the EEA, you’ll need to move on to steps 2 and 3: verifying your transfer tools and assessing third-country laws. Make sure to check back in for our next posts on these steps, and contact me if you have any questions, especially ones about standard contractual clauses!

By: Ashley Long

For more articles like this, please visit, here.

Where Should I Incorporate My Startup?

You have an idea for a new startup. One of your first google searches will probably be about how/where to incorporate your business. There’s some good advice out there and some bad advice out there. In the interest of cutting through the noise, here’s the advice we typically give our clients.

Welcome to Delaware

If you’re a high growth startup and plan on taking investment from angel investors and VCs, Delaware is the safe choice.

Here’s why Delaware is great:

No one will ever ask, and you will not have to begrudgingly answer, “Why didn’t you incorporate in Delaware?”
A lot of the standard form documents that are available on the web and are widely accepted in startup circles (see, e.g., the Series Seed documents and the NVCA document suite), are prepared for Delaware corporations.
If you’re already in Delaware, you can’t be forced to reincorporate in Delaware by some pushy investor. This is what we in the biz call a 4-dimensional chess move.
If you move your company, Delaware is pretty portable. Every state’s major commerce center has lawyers who know and can work with Delaware corporate law, so you’ll never have to worry about finding a new lawyer.
There are certain provisions of Delaware law that are more favorable to company management than many other state laws.
Delaware has a separate court system dedicated to corporate disputes, and Delaware corporate law is updated more often than the corporate laws of other states.

Here’s the short list of cons for Delaware:

It’s generally more expensive in terms of fees and taxes.
You’ll invariably get a franchise tax bill for some absurd amount of money payable to Delaware in your first year. While heart attack inducing, this usually isn’t a big deal, and there’s an alternate calculation method (on the back of the notice that you just threw across the room) that you can use to get the tax way down to a couple hundred/thousand bucks.

Visit Washington

Hey, isn’t that where they filmed Frazier?

While we work with and form a ton of Delaware companies, we are located in Seattle, Washington. Washington is actually a pretty solid place to form a company. Here’s why:

It is less expensive to form and maintain a Washington corporation (the annual fee to keep your corporation alive in Washington is just a little over $100 a year; Delaware starts higher, and the costs of Delaware go up over time relative to the costs of being incorporated in Washington. It costs less in third party fees to dissolve a Washington corporation.
Washington corporate law is substantially similar to Delaware law, and in the event of any litigation, Washington courts would likely look to Delaware court opinions as persuasive authority.
If you run into a complex question of corporate law and you are incorporated in Delaware, you may have to retain a law firm in Delaware to assist you. This will probably wind up being more expensive than continuing to work with a Washington corporate lawyer.
Investors are generally pretty okay with Washington – we haven’t had much issue with investors insisting a Washington company converts to Delaware (though with one exception being accelerators like Techstars and Y Combinator). Microsoft is a Washington corporation, and it never held it back.

Other States

Here’s where some of the bad online advice comes in. A number of people will float states like Montana, Nevada, or Wyoming. There are some benefits to incorporating in states like this depending on where you ultimately go, like not seeing who the owners of a corporation are, lower taxes, wide-open spaces, etc. That said, there’s a litany of issues with these states (see “why not Delaware” and “what do you mean there’s no attorneys that know how to interface with Wyoming corporations in San Francisco?”). Incorporating in states like these should only be done if you have some sort of special requirement, and after talking with a lawyer and an accountant that agree that there’s some benefit with going to a more “exotic” state.

There are other states out there, like New York, that are “review states.” This means that every time you need to do a charter filing or other state filing, you have to barter with some attorney on staff at the state (whereas in Washington and Delaware, there is no process like this – you file, and your filing is accepted immediately). Because of this, incorporating in review states typically results in hair loss and melancholy, especially if you’re trying to close a transaction or financing which requires a charter amendment.

Conclusion

I just want to say that I’m not trying to bag on the corporate jurisprudence of other states. If you’re planning on creating a bootstrapped company that’s going to throw off cash on day one and will never leave your state of incorporation, you can probably do whatever you want. If for whatever reason, you grow out of a state, most of the time, it’s not too painful to convert elsewhere (unless you incorporate in a review state… ick, or someplace without a conversion statute).

In any event, I hope this was helpful. If you’re looking to set up your startup in Delaware, or if you want to walk on the wild side and give the beautiful state of Washington a try, we’re happy to help, and always feel free to contact me.

By: Bryant Smick

For more articles like this, please visit, here.

How To Avoid Millions of Dollars In Capital Gains Tax By Using The Qualified Small Business Stock Exclusion

Most entrepreneurs don’t know of a simple way to avoid millions of dollars in capital gains tax. Section 1202 of the Internal Revenue Code grants non-corporate taxpayers a tax break of up to $10,000,000 in capital gains on “qualified small business stock” that the taxpayer holds for more than five years. This is a huge exclusion. I believe all entrepreneurs should have a basic grasp of Section 1202’s high-level requirements so that they can take full advantage of its tax breaks. So, here they are.

What Are The Requirements?

C-Corporation

To qualify, the issuer of the stock must be a C-corporation. S-Corporations or LLCs taxed as partnerships do not qualify. Founders should consider this in particular when choosing an entity.

Less Than $50,000,000 in assets

The issuer must have less than $50,000,000 in aggregate gross assets before and immediately after you receive your shares.

80% of Assets Used

The issuer must use at least 80% of its assets in the active conduct of its Qualified Trade or Business (more on that below).

Issued After August 10, 1993

The company must have issued the stock after August 10, 1993.

Original Issuance

Generally, you must acquire the stock directly from the company. This becomes more complicated if you receive equity compensation, like options or restricted stock, or if you hold convertible debt or a warrant.

Domestic Corporation

The company must be organized in the United States.

I have nothing insightful to add about this windmill, which probably means I’m past my prime and definitely means it’s almost the end of the year.

Qualified Trade or Business

The issuer’s business must not be any of the following. I generalized the descriptions below for simplicity’s sake. For details, see the statute.

Professional services
Financial services
Farming
Mining
Hospitality

Five Year Holding Period

You must hold the stock for more than five years before you sell it. This also becomes more complicated if you receive equity compensation, like options or restricted stock, or hold convertible debt or a warrant. This will also become more complicated if a company began as an LLC and is converted into a C-corporation.

In Exchange for Money or Other Services

The company must issue the stock in exchange for money or other services. If the company issues the stock in exchange for other stock, it won’t count.

Conclusion

We have written about Section 1202 before here, here, and here. This post is just a summary, and Section 1202 can get complex quickly depending on the situation. If you have any questions about 1202 or any of its complexities, feel free to contact me.

By: James Graves

This blog does not constitute legal or tax advice. In all instances you should visit your legal or tax advisor with regards to your personal tax situation.

How To Read Your Founder Documents

Starting your company is an exciting time. The temptation will be to sign all your legal documents as fast as possible so that you can get up and running. We highly suggest you avoid that temptation and take the time to thoroughly review and, if appropriate, negotiate your documents. With that in mind, in this post, we will cover how to read your founder documents and what to look for.

The Document Set

The documents you will likely be asked to sign are (1) a Proprietary Information and Invention Assignment Agreement (“PIIAA”) and (2) a Stock Purchase Agreement (“SPA”). Don’t be afraid of these documents. They are standard, and the company attorneys aren’t trying to pull anything on you. That being said, there are parts to be aware of and negotiate.

Proprietary Information and Invention Assignment Agreement

Why It’s Important

The PIIAA is the document in which you assign all intellectual property to the company you will develop or have developed relating to the company’s business. 99.9% of the time, this is non-negotiable. Intellectual property is uniformly the most valuable asset of an early startup. Investors abhor–and will frequently refuse to invest in–companies with muddled intellectual property ownership. An intellectual property lawsuit is a nightmare for everyone involved, and most startups simply don’t have the funds to finance one through trial.

What’s more, there’s usually no early resolution (settlement) of an IP lawsuit since the startup will need a judgment stating that it actually owns the IP. This means the startup will have to finance the lawsuit through trial, which is really expensive. The negative repercussions of this range from being unfundable (because you have to disclose to potential investors that you are in court over your most valuable asset) to expending all your bootstrapped capital on attorneys’ fees (because you can’t secure funding), with the net effect of not having any capital leftover to actually advance your company.

This is all a long way of saying that the PIIAA is very important, so expect to sign one.

What to Look Out for in a PIIAA

Now that you know why you have to sign it, here are a few things to note or look out for:

You will have the opportunity to disclose and carve out any preexisting intellectual property that should not be assigned to the company. If that exists, be sure to fill out the form correctly.
Are there negative covenants, e.g., a Non-Competition or Non-Solicitation clause? If so, were those part of the deal?
Sometimes, Non-Competition clauses are unenforceable under state law. For example, Washington state has a law making Non-Competition clauses for employees unenforceable unless the employee makes $100,000 or more in annual cash compensation or the employee receives equity in the company connected with entering into the non-compete.
If you are forced to accept a Non-Competition provision, make sure that it terminates if you are terminated without “Cause” or you leave with “Good Reason,” or if the company is sold (more on “Cause” and “Good Reason” below). You could also shorten the time period and narrowly define the “industry” you are prohibited from working in.

Stock Purchase Agreement

A stock purchase agreement typically lays out the following terms and conditions: (a) the price per share of the common stock that you will pay; (b) whether the shares are subject to vesting and the company’s rights to repurchase unvested shares; (c) restrictions on transfer, representations, and warranties, and market standoff provision; (d) whether the company can repurchase vested shares at fair market value, and (e) other possible provisions, such as as a non-competition and non-solicitation (if they aren’t contained in the PIIAA). Your agreement may be called a Restricted Stock Purchase Agreement or a Stock Purchase Agreement. “Restricted stock” refers to shares subject to vesting and the company’s right to repurchase unvested shares. Still, the title of the agreement is immaterial–, and companies (and law firms, for that matter) frequently mislabel them–so make sure you carefully read it to see if your shares are subject to vesting.

What To Look Out For In Your SPA

Here are a few things to note or look out for in your SPA.

Price Per Share

The first issue is the price per share. A company must issue its shares for no less than fair market value under Internal Revenue Service rules. If your founder shares are issued at the time of incorporation, they will likely be issued for a nominal price per share. This is typically the par value of $0.0001 per share, which you will need to pay to the company. This makes sense because the company’s valuation is justifiably close to zero when it is created. But if you are a co-founder that joins after the company has raised outside investment or created any significant value, then the company likely would not be justified in issuing your shares for only a nominal price per share. Be careful if you are faced with this situation because you may have a significant tax bill unless you pay cash for the shares upfront.

Vesting and Repurchase Rights

The second issue we will cover is vesting and repurchase rights.

The shares of common stock issued to founders are typically subject to vesting and the company’s right to repurchase unvested shares. A typical vesting schedule is 4 years with a 1-year cliff. This means 25% of the shares vest on the 1st anniversary of the founder’s service start date, and the remaining shares vest in smaller monthly installments over the next 3 years.

If the founder stops working for the company, then the company may repurchase the unvested shares for, typically, the lower of (i) the price per share paid by the founder or (ii) the fair market value on the date of repurchase. This is a strong incentive mechanism for a co-founder to continue pulling his or her weight to grow the company. A co-founder should not view vesting negatively, though, because he or she will want other co-founders to be bound by the same terms. This way, all founders are bound together to grow the company.

Generally, this right to repurchase is deemed automatically exercised by the company within a certain time period after you leave. If you would like, you can try to negotiate to reverse this presumption and/or shorten the time period.

The alternative is the company granting all co-founders’ shares upfront and not subject to any vesting. In this case, anyone co-founder could leave and keep all of his or her shares, which is very unfair for the remaining co-founders who will be working hard to grow the company. This also gives the remaining co-founders no mechanism to recapture the departing co-founder’s shares. This is informally known as “walking off the job” and leaves the company with what is known as “dead equity.” If there is a significant chunk of this dead equity, the company could become unfundable. Investors will pay close attention to this.

Vested Share Repurchase Right

Additionally, some stock purchase agreements contain a “vested share repurchase right.” A vested share repurchase right gives the company the right to repurchase not only unvested but also vested shares, too, in certain circumstances. These circumstances include a founder leaving the company or materially breaching an agreement with the company. In this case, the shares must be purchased for fair market value when the company repurchases them–not the low initial purchase price.

This provision should also not be looked at negatively. It is a way for the company to avoid the “dead equity” mentioned above. You should be aware of it and prepared for the company to exercise it in the event you leave the company, even if all your shares have vested.

Non-Competition and Non-Solicitation Provisions

Next, be sure to review your SPA, whether it be a restricted SPA or just a SPA, for Non-Solicitation and Non-Competition clauses like in the PIIAA, using the same analysis as above.

Single and Double Trigger Acceleration, “Cause”, and “Good Reason”

Double and Single Trigger Acceleration

Next, be sure to review the document to see if there is a “Single Trigger” or “Double Trigger” acceleration. Most documents nowadays come standard with double trigger acceleration. What this means is your shares will immediately vest in full if the company is acquired AND you are terminated without “Cause,” or you leave for “Good Reason” within twelve months of the acquisition.

Instead, you could negotiate a “single trigger” acceleration. This could mean your shares will vest in full if the company is acquired OR you are terminated without “Cause,” or you leave for “Good Reason.”

“Cause” and “Good Reason”

In any event, either of these accelerations is critical to your compensation and will ensure you are properly compensated in the event of acquisition and/or there is a dispute with the company over your departure

The definitions of “Cause” and “Good Reason” are critical to whether your single or double trigger acceleration benefits will trigger. In your review and negotiations, try to negotiate a narrow definition of “Cause.” You don’t want the company to terminate for some vague, unsubstantiated reason and have your shares not vest in full.

On the other hand, try to negotiate a broad definition of “Good Reason,” so you have more latitude to leave and still have your shares vest in full.

File Your 83(b) Election with the IRS

Section 83(b) of The Internal Revenue Code gives taxpayers receiving equity compensation the option to pay taxes before they vest. If your shares are subject to vesting, this is your most important deadline, and you only have 30 days to file this election from the date you execute your SPA. It should be attached to the back of your SPA.

If you miss the 83(b) election filing deadline, you will have put yourself in a grave tax situation. Not making the election timely results in the following:

1) When your shares vest, you will owe taxes on the difference between the value of the shares at the time of vesting and what you paid for them.

2) This is a disaster because you probably paid virtually nothing for your shares, and they will go up in value. Plus, this tax hit occurs every vesting period. So as your shares go up in value, you will owe more and more taxes as the shares vest.

For this reason, you have to own your 83(b) filing. File it yourself. Do not expect the company or company counsel to do it for you. Neither generally will for liability reasons.

Conclusion

Don’t be afraid to negotiate these documents. They’re going to live on forever, and a little upfront effort and negotiation have the potential to spare you a lot of headaches and make you a lot of money in the future. Always consult with an attorney, and if you have any questions, please contact James Graves or Danny Neuman.

By: James Graves and Danny Neuman

Disclaimer: this post is for informational and educational purposes only. It is not intended to provide any legal advice.

How to Obtain a 409a Valuation For Your Company And When To Do It

This post will cover the best way for your company to obtain a 409a valuation, the reason why, and when your company needs to obtain one.

If you’ve ever started a company, you know and are probably sick of dealing with the terms “fair market value” (FMV) and “409a”. There is already tons of educational content from the legal community on what Section 409a is, why it is important, and its minutiae. I am sure you are sick of reading about the rules by now. Rather than conceptually rehash Section 409a, what I will try to do in this post specifically is set forth the best way to obtain a 409a valuation, why, and when your company needs to obtain one.

The Best Way to Undergo a 409a Valuation

The Independent Appraisal Method

The best way to undergo a 409a valuation is via an independent, professional appraisal of the company’s FMV done by companies like Carta or Scalar, called the “Independent Appraisal” method.* Why? Because the law gives the professional appraisal of the FMV of a company’s stock a rebuttable presumption of reasonableness. This means that if the IRS ever audited the company, the burden of proof would be on the IRS, not the company, to show that the methodology used was not a “reasonable valuation methodology.” This dramatically reduces the likelihood of a successful IRS challenge of FMV.

May the value of your common stock rise as high as this giraffe’s neck.

Be Careful Doing It By Yourself

Compare this to if the company used a different method of appraisal, such as doing it by itself. In this case, the burden of proof would be on the company to demonstrate it used a reasonable valuation methodology. This is expensive, time-consuming, and highly burdensome to prove. Even if the company was 100% correct, it would take time and money the company could otherwise invest elsewhere to meet its burden of proof.

Further, the company runs the steep risk that it simply did not use a reasonable valuation methodology. You are in the business of running your company, not valuing shares of stock. You are therefore by definition probably not qualified to do so. Why run the risk, when the adverse consequences are so dire?

My one caveat here is this. If you are a brand new company, say, less than a year old, you probably can rely on a good-faith valuation of your shares that you do yourself since the shares’ value would be so nominal. However, as you grow, start considering an Independent Appraisal sooner rather than later.

Your Employees May Be Penalized By The IRS The Most For Your Non-Compliance

What’s more, the tax penalties for violating Section 409a are not imposed on the company. They are imposed on the company’s service providers (e.g., employees or independent contractors) unless the company fails to report or withhold any amount that becomes taxable because of a failure to comply with Section 409a. These penalties include:

All vested deferred compensation (e.g., options or restricted stock) becomes taxable immediately.
An additional 20% penalty tax levied on the service provider on top of regular income tax.
Possible imposition of interest on previous years’ vested equity compensation.

Drawing parallels between these stock images and the content of blog posts is honestly more difficult than my law practice.

When Your Company Needs to Obtain a 409a Valuation

First, an Independent Appraisal valuation only lasts twelve months. So, your company should plan on obtaining one at least annually if it wants to have the ability to consistently issue deferred equity compensation in compliance with Section 409a.

Second, the valuation via Independent Appraisal only lasts twelve months if an event that “materially affects the value of the corporation” has not occurred in the interim. Here are some examples of material events that could re-trigger the company’s obligation to undergo another 409a valuation:

The resolution of material litigation (explicitly mentioned in the regulations)
The issuance of a patent (explicitly mentioned in the regulations)
A debt or equity financing
Undergoing any sort of merger or acquisition
Launching a central product or service of the company.

Note that this is a non-exhaustive list, but should give you a good idea of what would be considered a material event.

Finally, the entire 409a valuation process typically takes around two weeks to complete if you are organized and have all your documents ready to go. However, most startups aren’t, which can extend the process to a month, or even longer. Waiting for a 409a can hold up equity grants, which can have a negative ripple effect on your organization. So, be sure you are organized and current and ready for the valuation process.

Conclusion

In sum, Section 409a is a very complex statute and this post is just the tip of the iceberg. Always consult with an attorney if you have any questions and always feel free to contact me.

By: James Graves

Disclaimer: this post is for informational and educational purposes only. It is not intended to provide any legal advice.

* Note that there are two more “safe harbor” methods set forth in Section 409a called the “Formula Valuation” and “Start-up Company Valuation” methods. While valid, these are more difficult to comply with and I do not praise them as highly as the Independent Appraisal method.

How Should You Pick a Trademark?

How should you pick a trademark? You’re at the beginning of the trademark selection process. You want a trademark that grabs your customers’ attention while being legally enforceable. Your graphic designer is busily cranking out possible brand names for you, but you’re not sure which of these options will survive legal scrutiny. So, how should you do it?

Some trademarks, by their very nature, are legally stronger than others. Here’s a guide to help you determine where your trademark finalists fall on this spectrum.

Arbitrary/Fanciful Trademarks

Arbitrary or fanciful trademarks are the strongest trademarks. Arbitrary trademarks take real words and pair them with goods/services with which they’re not usually used. One of the best examples of this is an APPLE for computers.

Fanciful trademarks are things like gibberish or made-up words. Examples of fanciful trademarks include POLAROID, KODAK, and EXXON.

The advantage of arbitrary and fanciful marks is that they are unlikely to (1) have been picked as trademarks by others because they are so random, and (2) be industry terms that others need to use to describe their own goods/services (and therefore, generally unavailable as trademarks).

The disadvantage of arbitrary and fanciful trademarks is that your customers won’t know by looking at the trademark what the underlying goods/services are. This means more promotional and marketing efforts on your part to get customers to associate the trademark with your offerings.

Suggestive Trademarks

Suggestive trademarks are those who don’t directly describe your goods/services but instead convey the quality or attribute of those goods/services. The classic example of a suggestive trademark is the GREYHOUND mark for bus transportation services. A greyhound is a fast animal, and the quality of speed is a virtue Greyhound Lines wanted to convey to its customers. Another example is VENUS for hair salons, where Venus is known to be the goddess of beauty, and customers want to feel beautiful after they go to a salon.

Suggestive trademarks are the best of both worlds. They are unique enough that they are less likely to be used by others in your industry but descriptive enough that your customers have some idea of what they’re getting with your trademark. It’s the “Aha!” moment you’re looking for!

Descriptive Trademarks

Descriptive marks are trademarks that directly describe some aspect of the feature of your trademark. These trademarks are regularly refused by the Trademark Office for registration. Here are some trademarks that were deemed descriptive and what they were describing:

COASTAL WINERY (wine made on a coast)
E-FASHION (Internet service of providing information about fashions)
OPENING DAY (baseball-related merchandise)
SCOOP (ice cream)

But, with consistent marketing and promotional activities, you may eventually be able to convince the Trademark Office you’re entitled to full registration rights for your descriptive mark. This concept is known as “secondary meaning” or “acquired distinctiveness” (blog post on this particular topic forthcoming).

Descriptive marks can come in a variety of flavors, including geographically descriptive. If you want to include the name of your hometown or region in your trademark, just know that you may be in for an uphill battle!

Surname refusals are another kind of descriptiveness refusal. Personal names get inconsistent treatment before the United States Patent and Trademark Office (USPTO). You can register a trademark including the first name without much ado. You can register a first + last name combo, so long as the appropriate consent of the named individual is provided. However, if you try to register the last name, be prepared for a refusal.

Our favorite example of genericide: escalator.

Generic Trademarks

A generic trademark is a misnomer. If a word or phrase is generic when used in connection with certain goods and services, it can never achieve trademark status. For example, you couldn’t register E-MAIL as a trademark for e-mail services or expect to have any trademark rights in the same.

Here’s another trick. Trademarks can actually commit genericide. This happens when the trademark itself becomes entirely synonymous with the goods/services it’s used in connection with. Some marks that have committed genericide include trampoline, yo-yo, aspirin, and – wait for it – heroin.

Pro-tip for those of you getting ready to introduce something to the market that no-one’s ever seen before: make sure to come up with a generic name AND a trademark to pair with your novel thing. That way, your trademark doesn’t become generic straight out of the gates.

In Closing…

Trademark selection can be both fun and exasperating process. If you’ve got some trademarks in mind but unsure where they fall on the arbitrary–>generic spectrum, you can always reach out to a member of our trademark group at trademarkteam@carneylaw.com for more help. Think you’re ready to move forward with your chosen mark? Read up on our post on clearance searches before you set sail with your new brand!

By: Ashley Long

Is Your Trademark YOUR Trademark?

Your product is ready to launch. You’ve selected the perfect name for it. At least, you think you have, until the cease and desist letter hits your inbox, at which you start to wonder whether your Trademark is actually YOUR Trademark.

This is a common enough story and one we never want to have happened to our clients! That’s why it’s important to check the trademark you want to use before you adopt it for your product. We call this process, “clearing the trademark.”

What do we mean by “clearing”? Clearing refers to conducting a search for physically similar trademarks that are offering similar goods/services to you. If two marks are physically similar to each other, and they offer similar goods/services to similar customers, that’s essentially trademark infringement. If we find marks that could be infringing, we’ll counsel you to figure out a different option.

Throw this little guy a bone and clear your trademark.

Here are some FAQs we get about clearing trademarks.

Can I do the search myself?

Yes, of course, you can. It’s always good to look online first to check if someone else has beaten you to the trademark. You can also check the Trademark Office’s database for current trademarks: http://tmsearch.uspto.gov/. (Make sure to note the serial/registration number – the results time out fast!) Keep in mind our legal expertise allows us to anticipate what the courts and Trademark Office will consider infringing. You can contact us at the email below for clearance search options.

What if the results I find are from different countries?

Trademark rights are governed on a country-by-country basis. If a brand owner doesn’t have use of a trademark in the United States, it’s unlikely it has any rights to that mark here.

I searched the Trademark Office database and didn’t find anything. Am I safe?

Nope! US trademark rights are a bit of a different bird. In the US, you can have trademark rights without registering a trademark. This is called “common law” trademark use. You’ll always want to check for unregistered trademarks before adopting your trademark.

What if I spell my mark differently than another trademark I found?

It depends on how differently. Slight misspellings, additions/deletions of punctuation, and other nominal differences are generally not enough to distinguish between trademarks. However, if the differences change the meanings between two trademarks, this could be enough (e.g., NOWHERE versus NO WEAR).

What if I find a similar mark, but they’re doing something different than me?

Again, it depends on how different. For example, if you’re providing a mobile app for organizing events, and the trademark you found is for plant nurseries, it’s unlikely consumers will think the products come from the same source. However, if the trademark you found is a mobile app for calendaring meetings, that’s similar enough in function and purpose to be a problem!

If you have other questions about trademark clearance and selection, please don’t hesitate to contact us at trademarkteam@carneylaw.com.

By: Ashley Long