An unfiltered view of all posts.
A power of attorney (a “POA”) is a legally binding document granting another individual power to act in your place. The signer of a POA can dictate the scope of the power: it can be for a particular transaction (such as signing for the purchase of a house), a particular category of transactions, or for any and all transactions.
(more…)
Businesses are subject to a patchwork of state laws regulating the use of personal information. If your company collects private info like bank account numbers, credit card numbers, drivers’ licenses, social security numbers, or even usernames and email addresses, these laws may apply to you.
As a practical matter, you probably don’t need to worry about a specific state law until you’re collecting personal data from a meaningful number of that state’s residents.
Still, being aware of what these laws generally require can help you stay compliant as your business expands.
Here’s a high-level look at the major types of data privacy laws:
Security: Protect Personal Information
With this type of privacy law, the state’s concern is that companies that collect sensitive personal information protect that data from breaches. Make sure you’re adopting reasonable safeguards to protect the security and confidentiality of your customer and employee data.
What constitutes reasonable? Do a risk assessment, take demonstrable steps to protect private information, and periodically delete information you no longer need. Use complex passwords and/or set up SSH keys or dual authentication. Consider getting a cybersecurity policy in place and training employees on the importance of data protection. You need to make a genuine effort to protect customer data.
Notice: Tell Customers When You Get Hacked
These laws require that companies inform customers when their private data may have been compromised in a security breach. Some laws also require notice to the state Attorney General’s office. For example, North Dakota’s privacy law requires a company to inform the AG if more than 250 people were affected by a breach.
Transparency: Disclose How You Use Personal Information
These types of laws require you to inform customers how their personal information is being used. For example, California’s recent data privacy act, the CCPA, requires companies to tell customers if their data is being sold. Post a privacy policy on your website that describes how you are using customer data, and make sure it stays updated. If your actual practices don’t line up with what you say in your privacy policy, you could be the victim of an enforcement action by the FTC.
Control: Let Customers Control Their Personal Information
This is the most progressive of the three types of law. Two examples are the GDPR and the CCPA. So far, it’s the least common type of privacy protection, but these two laws apply broadly to companies not operating in either the EU or California. This type of law allows customers to tell companies not to sell their personal information. For example, the CCPA requires a link customers can click which says, “Do Not Sell My Data.” Nevada’s data privacy law requires companies to have a point of contact customers can reach out to with a similar request. It’s early days for these laws, but if implementation goes well over the next couple years, expect to see more just like them.
When you hire a new employee, you’re required to enter their name and social security on a form W-2. But what if your new employee is from outside the United States and is still waiting on their social security number?
(more…)
Choosing an attorney can be a difficult proposition. There are so many of them out there, and it’s not always clear what the differences are between firms. On top of that, license requirements put limits on how lawyers can advertise, which makes tracking down your options more difficult.
But have no fear! Your best bet is to leverage your personal network, do your homework, and know what you’re looking for. Here’s some advice on how to go about finding the right lawyer for you.
(more…)
Congratulations! You’ve recently filed your articles of incorporation and your attorney has told you that, yup, you now officially have a corporation. Great, you think. Now what?
First, Some Terminology
Founders. The people who started the company. This is not really a legal term, so it doesn’t tell you much about their current rights in the company – just that they got the ball rolling. Usually in the early phases of a startup, a founder will be an officer, such as the CEO, and be a member of the board of directors.
(more…)
If you’re a business owner in Austin, Texas, you’ve got other things on your mind than the red tape in the way of your success. Where would you even begin?
Here’s a summary of some laws that might apply to you if you own a business. We’ve included some links (just click the text!) to help you reduce the time you spend researching. If you don’t want to take the time to sort through all of these laws to figure out what applies to you, then give our free tool a try.
(more…)
A ransomware attack took down the Texas appellate court system, shutting down the entire case management system, blocking court offices from accessing the internet, and potentially encrypting or blocking access to other data as well.
This state court ransomware attack was one of three major attacks on Texas infrastructure in the past year alone. The Texas Department of Transportation was also hit just a few days after the courts’ systems were compromised, and over twenty Texas towns suffered a similar attack in late summer of 2019.
Ransomware is what it sounds like: malware used to make ransom demands. This software exploits security holes and takes over computer systems and takes data hostage either by encryption or blocking user access until the user pays a demanded sum. Once it infects one computer, the ransomware can travel to other computers through the internet and cloud-based file sharing programs. That’s why cyber criminals will often target large organizations to take advantage of the network and infect as many computers as possible.
Ransomware protection doesn’t need to be hi-tech. In fact, a lot of ransomware protection measures have few technical requirement. This list will help you get started as you develop your cybersecurity and ransomware protection habits.
Your number one defense is making sure you keep your operating system and anti-virus security software updated to the latest version. Malicious actors tend to exploit weaknesses in your systems, and software providers, including providers of security software, put out security patches precisely to fix those security gaps as they find them. For instance, the WannaCry attack in 2017, which hit more than 200,000 computers, targeted machines that hadn’t installed the most recent Windows update; computers with the newest update were protected.
One way malicious actors attack computers is by getting users to click on a link or email attachment that triggers a ransomware infection download. In what’s called a phishing attack, they’ll email you from what looks like a legitimate organization, such as a business associate or vendor, and ask you to click on the link in the email to do something that seems normal, such as verify payment information, or register to take advantage of a discount. But as soon as you click, the malicious software download starts. The same can be true of popups online.
To avoid accidentally installing malware, avoid clicking on pop-ups online or links or attachments (even if it is a PDF attachment or other familiar file extension) from suspicious emails or emails from unfamiliar parties. Keep an eye out for typos and grammatical errors in the body of emails (which may indicate that they come from a bad actor). Verify that the domain name in the sending email is a valid company or website. Additionally, when a company reaches out asking for information, ignore the request and contact them independently to verify the source.
Think you can identify phishing attacks?
Try this free quiz from Google.
Apart from phishing attacks, malicious actors sometimes engage in brute force password attacks, which basically involve trying as many passwords as possible to break into your system. According to research by one cybersecurity company, nearly a third of ransomware attacks are conducted using brute force techniques.
It may seem like too basic a step to be effective, but actually using a different, hard-to-remember and hard-to-guess password for each of your logins can be a very effective way to thwart these attacks. Try making your password a sentence or phrase rather than just a word, and check out password generators and password managers as options to keep your data safe.
Periodically back up your data on an external drive that you keep unplugged from your computer when you aren’t updating it to have an option to create a system restore point. If ransomware takes over your computer, you’ll need to disconnect your device from the internet and completely wipe the device. If you’ve backed everything up, you’ll be able to do a system restore and access most of your files!
Ransomware spreads from one device to another over the internet and, within companies’ private servers, over file sharing services. To mitigate the effects of an attack, try and compartmentalize data: limit file access to those who absolutely need it. For particularly sensitive departments or roles, like accounting and CFO, you might even consider having two company computers one that’s used to access company accounts and banking information, and which is is on it’s on Virtual Local Area Network, or VLAN, (meaning it doesn’t communicate or share information with the rest of the company network) and another used for normal day-to-day work. This type of segmentation can help prevent ransomware from spreading from an infected computer to your entire network.
Note: This resource may be out of date.
During the pandemic, the government has put renter protections in place to make sure you don’t get evicted if you can’t pay your rent. But it can be confusing to keep track of your rights and all the various deadlines, given that city, county, state and federal governments are all passing different laws.
Click here to receive a free quick-reference guide for Austin renters, including a form letter you can use to contest an unlawful eviction notice from your landlord.
Guest Post by: Alyssa Kutach, MSHRM, SHRM-CP
Have you ever been sitting at your desk at work, just stewing with anger because you and your co-worker got in a tiff over a work assignment? Workplace conflict is all too common in the workforce these days, but is seemingly passed over or swept under the rug as if the problems were not left there to fester.
Workplace conflict is a “dispute” between two or more employees, co-workers or employers. Really anyone involved in a business setting that has a conflict. Conflict in the workplace often fosters insight and growth, yet is frequently perceived as a problem. Basically, workplace conflict can manifest in any situation in which an employee’s concerns or desires differ from those of another person in the same business setting. Unfortunately, most employers do not train their employees how to handle internal conflict, (i.e. why we have Employee Relations in HR, EEOC for Equal Employment and a Grievance process for those who have let it go too far), giving way for emotions such as anger. Anger causes conflicts to escalate and explode, which is why we usually associate conflict with anger. However, conflict is a natural fact of life, and whether you actively avoid, collaborate, compete, compromise or accommodate (conflict resolution styles) it or not, everyone will experience workplace conflict at some point in their life.
(more…)
The U.S. Constitution is there to protect our rights and freedoms, but so often we as Americans disagree on what it means. Part of the challenge is that the Constitution states our rights so briefly and succinctly, there’s plenty of room for interpretation and argument.
For example, the First Amendment says “no law shall abridge the freedom of speech.” But what’s free speech?
Can I accuse someone of murder when I know it’s a lie? Can I record myself reading a Harry Potter book and sell it to whoever I want? Almost everyone will universally agree that that isn’t okay, or even permitted under the law. So what gives?
(more…)
