Anyone surfing the Web has likely come across cybersquatters. The owner of a website stating, “This domain may be for sale,” might not actually have legal rights to the domain name.

“Third parties without any legitimate interest or rights in a domain name will often purchase one knowing that someone else owns the trademark rights to the name. This forces the true owner of the trademark to either purchase the domain name from the third party or seek out another avenue to acquire the domain name,” says Jeff Nein, an associate at Kegler, Brown, Hill & Ritter.

Smart Business spoke to Nein about the process of acquiring a domain name and what to do if someone already has the Web address you want for your business.

What is the most common source of domain name disputes?

Typically, it’s cybersquatters. They’ll buy domain names with the intent to sell them directly to the trademark owner, which is a blatant example of bad faith registration. Another scenario is called typosquatting — a third party will register a domain name that’s similar to the trademark but with a letter or two out of place. In that instance, the third party usually benefits by receiving click-through revenue from links on the page.

How should a business proceed with securing rights to a domain name?

First, be aware that the Internet Corporation for Assigned Names and Numbers (ICANN) has created the Uniform Domain-Name Dispute Resolution Policy (UDRP), which authorizes domain name registrars to forcibly transfer domains in the event an approved dispute resolution service provider determines a domain name was improperly registered. Utilizing this dispute resolution process is quick and relatively inexpensive compared to traditional litigation. Any legitimate registered domain name registrar will be subject to the UDRP, which means almost every domain name falls under the governance of ICANN.

Next, evaluate the circumstances. If someone owns a domain name that encompasses your trademark in whole or in part, determine whether your trademark rights predate the current domain name holder’s registration. If so, examine how the website at the domain name is being used, if at all. If the website is not being used for a legitimate purpose — say, for instance, there is nothing but text that says ‘coming soon’ — this will work in your favor.  

If your trademark rights do not predate the current domain name holder’s registration, the likelihood of successful transfer to you from the domain name holder dramatically decreases. Likewise, if the website is being used for a legitimate purpose, and the other party didn’t know you had trademark rights in the name and simply registered the domain name before you, there’s not much you can do. At that stage, the best option may be an offer to purchase the domain name from the other party.

What if they’re not using the domain name?

In those cases, we start by sending a letter outlining our client’s rights in order to effectuate transfer of the domain name without involving any sort of legal authority. If that doesn’t work, we file a complaint under the UDRP rules and start the arbitration process.

At arbitration you will need to show that you own the trademark, that the other party has no legitimate rights or interest in the domain name, and that the domain name was registered and used in bad faith. Once the other party is given an opportunity to submit its response, the arbitration provider will make a recommendation and advise the registrar on a course of action to take, which is often to immediately transfer the domain name to the trademark holder. The entire process only takes two to four months.

How can trademark owners stay ahead of the curve?

In light of the impending release of new generic top-level domains, trademark owners that want to avoid disputes should consider taking action now. Trademark owners have the option to register with ICANN’s Trademark Clearinghouse, which will verify your rights in any trademarks you submit for approval. Once you receive approval, the Trademark Clearinghouse will provide you with a defined window of time to purchase domain names that encompass your trademark at the new, generic top-level domains before they are publicly available.

Jeff Nein is an associate at Kegler, Brown, Hill & Ritter. Reach him at (614) 462-5418 or jnein@keglerbrown.com.

Insights Legal Affairs is brought to you by Kegler, Brown, Hill & Ritter

Published in Columbus

More companies are using non-competition agreements as a means of protecting business interests when employees leave.

“Historically, the agreements in the employment context were narrowly focused on people exposed to technological secrets, or very high-level executives. It’s become more common to have contracts with employees who aren’t in the control group, such as salespeople,” says Robert Cohen, a director at Kegler, Brown, Hill & Ritter.

However, there are legal problems that arise, and courts have held that non-competition restrictions must be reasonable and exist for the purpose of protecting the business by ensuring fair competition.

Smart Business spoke with Cohen about when non-competition agreements make sense and what to incorporate in the language to avoid legal complications.

When are non-competition agreements being used in the employment context?

One example is an agreement that is used to protect confidential information in the employment context and prevent certain post-employment competition. Such an agreement typically spells-out that the employee will be exposed to confidential, proprietary information, and he or she agrees to only use that information to the benefit of the company. These restrictions are typically accompanied by a more direct restriction in the form of a non-competition covenant stating that the person cannot work in the industry for one year, or within a certain geographic radius of their work location, or that he or she cannot perform certain services for the employer’s clients.

How restrictive can companies be?

The general answer, based on Ohio Supreme Court decisions, is that agreements are enforced only if they are reasonable. Obviously the concept of reasonableness is a very general one. A test of reasonableness takes into consideration several factors, including:

  • Temporal and geographic restrictions.
  • Whether the employee represents the sole company contact with a customer.
  • Whether the employee possesses confidential information or trade secrets.
  • Whether the covenant seeks to eliminate unfair or merely ordinary competition.
  • Whether the restriction serves to bar the employee’s sole means of support.
  • Whether the talent the employer seeks to suppress was actually developed during the period of employment with the former employer.
  • Whether the forbidden employment is incidental to the main employment.

These factors don’t serve as a checklist, they don’t apply in all cases and they are not weighted equally. The overriding law is that non-competition restrictions are enforceable so long as they preclude unfair competition, but are not acceptable if they are being used to eliminate ordinary competition.

Court decisions vary regarding what is reasonable. There are decisions upholding competitive employment and customer restrictions for time periods of six months to five years. But there are also court decisions holding that restrictions of this same time range are not reasonable on the facts of particular cases. Ohio law also allows the court to shorten the time period set forth in the non-competition restriction to one the court believes is more reasonable.

What is your advice as to whether companies should have non-competition agreements?

Focus on whether either of the following is occurring in the particular business:

  • Is the company investing time and money to train employees or establish relationships between those employees and the company’s customers?
  • Is the company exposing its employees to confidential or trade secret information?

In those cases, the company has an interest in protecting its investment from being misappropriated to the competition.

If you’re going to have a non-competition agreement, include a question on the employment application asking if the person is willing to enter into such an agreement. This allows potential employees to consider the restrictions before committing to the employment relationship.

Narrowly tailor the agreement to protect your legitimate business interests. For example, geographic restrictions should be limited to your market area, or in some cases to the particular area where the employee functions.

Robert Cohen is a director at Kegler, Brown, Hill & Ritter Co., L.P.A. Reach him at (614) 462-5492 or rcohen@keglerbrown.com.

Insights Legal Affairs is brought to you by Kegler, Brown, Hill & Ritter

Published in Columbus

Mobile devices have improved the flexibility of the workforce, but also have introduced serious concerns for employers.

“The wall between work and personal time is gone, which creates costly liabilities for employers. If your company is sued, it is a lot easier to defend that action when you can demonstrate you thought about the risks and tried to mitigate them,” says Kailee M. Goold, an associate at Kegler, Brown, Hill & Ritter.

Smart Business spoke to Goold about the risks of working on mobile devices and ways to limit the potential liability for employers.

What are the risks associated with mobile devices and data security?

There are two potential areas of liability: data security and employee behavior. Unfortunately, there is no one-size-fits-all policy or agreement that will provide a solution. Because you cannot eliminate all liability, you have to develop a policy that fits your regulatory environment, risk tolerance and trust assessment.

Identifying important data is a critical concern. Protected health information and financial information are the most regulated data, and the law requires companies handling this data to protect against security breaches. On the other hand, some data can be essential to your business but not regulated by law. For example, your company’s success may hinge on your trade secrets or customer information.

Regardless of the data you work with, you need to consider questions like: Do independent contractors have access to your system? What happens when a cloud-connected device is lost? Does the loss of data make your company liable to third parties?

What should companies know about mobile devices and employee behavior?

As far as behavioral issues, three costly liabilities are worth highlighting. First, consider if you are in compliance with wage and hour laws. Are employees working from mobile devices outside of work hours? Does this off-the-clock work push the employees over 40 hours a week? What seems like a small problem can quickly escalate into a wall-to-wall audit by the Department of Labor and a million-dollar lawsuit.

The second serious behavioral risk is distracted driving. If an employee is using a mobile device for work purposes and causes an accident, the company will be on the hook for all of the resulting damage. This is no small matter: verdicts and settlements have been running in the $15 million to $25 million range. Carefully drafted policies can only help your defense.

Third, you should think about the harm a terminated employee can inflict. For example, when an employee separates from your company, can they take your sensitive data and work for a competitor? If you do not have adequate safeguards in place, you will likely have to sue the former employee, as well as the new employer, to stop the bleeding. This loss of data may also make you liable to third parties if they had rights in the data.

As with most employee behavior issues, proper policies and monitoring can avoid headaches and expensive litigation.

Does it matter if the device is employee-owned or supplied by the employer?

The bottom line is that the use of mobile devices at work is a risk no matter if the company owns the device or you employ a bring your own device (BYOD) policy. So you have to figure the best way for your company to manage these risks.

The advantage of a company-issued device is control. You own the software and data being transmitted, like a computer or phone at a desk. Company-issued devices mean employees have fewer privacy rights and it is easier to wipe data. The drawback is monitoring. You have to consider everything: Are they buying expensive apps? Are they using the phone for unlawful purposes while working? Can you enforce these policies in a nondiscriminatory manner?

If you choose the BYOD route, handbooks and agreements must reduce employees’ expectation of privacy in their device. You will need access to and knowledge of what they are doing with work-related data. However, your access should only be for legitimate purposes, such as the installation of security software and wiping sensitive information.

Kailee M. Gooldis an associate at Kegler, Brown, Hill & Ritter. Reach her at (614) 462-5479 or kgoold@keglerbrown.com.

Insights Legal Affairs is brought to you by Kegler, Brown, Hill & Ritter

Published in Columbus

The U.S. Department of Health and Human Services (HHS) released a final Omnibus Rule this year creating higher standards concerning protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).

As a result, hospitals and other health care providers are asking businesses working with them to sign business associate agreements, even in situations where they may not be applicable, says Rebecca Price, an associate at Kegler, Brown, Hill & Ritter, Co., L.P.A.

“It becomes problematic for businesses if you are not a business associate as defined under HIPAA, and you are asked to sign a business associate agreement,” Price says. “There are some very specific compliance requirements you don’t want to endure the cost and hassle of unless it’s really necessary.”

Smart Business spoke with Price about business associate agreements and what to do if you’re asked to sign one.

What changed with the final Omnibus Rule?

One of the biggest differences is lower-tiered subcontractors have direct liability for HIPAA compliance. Also, the terms and definitions provide more clarity regarding what is expressly required of a business associate; prior rules had gray areas.

HIPAA was unveiled in 2003, and there was a major change in 2009 that dealt with business associates and electronic information. The final Omnibus Rule is a significant document expected to have sizable financial impact on the economy.

How do you determine if you’re a business associate?

It’s a matter of determining what work you’re doing with the covered entity — the health care provider, health care clearinghouse or insurance company. Generally, any time you might have access to PHI, you are a business associate, which can include companies that provide legal, accounting, consulting, administrative or financial services for a covered entity. Anyone who sees any type of PHI is subject to HIPAA, with very few exceptions.

Covered entities want to spread the risk, and as a matter of course some are including business associate agreements as part of their standard paperwork. But there are companies doing business with covered entities, like a custodial company, that do not need business associate agreements.

What is required of a business associate?

You need a HIPAA compliance program, including designating a security official and policies and procedures. You have to audit certain data, such as the use and disclosure of PHI. There’s a long list of administrative requirements. It’s a very involved process.

Companies wanting to do business with a covered entity need to give some thought about whether to sign a business associate agreement. It’s tempting to say you have to sign one to get the business, even if you’re not really a business associate. But be intentional about your decision. If you’re going to have access to PHI, figure in the cost of being HIPAA compliant because it’s going to come off of the profit.

The final Omnibus Rule extends HIPAA compliance requirements to subcontractors doing business with business associates, such as a copy service or a company providing document management services to a law firm. In certain situations, if PHI is copied, the law firm needs to have a business associate agreement with the copy service, because the copy service has had access to the PHI and even those copy machines now store data. It’s very complicated, and the requirements keep going downstream.

Can you hire someone to provide a compliance program?

Certainly there are attorneys that supply HIPAA compliance programs. There also are non-attorney programs, but be careful not to go with something that is just forms because the amount of scrutiny anticipated under the Omnibus Rule suggests you need to pay attention to details and create a program that fits your business.

The HHS Office of Civil Rights has said it will be auditing business associates, so there is a greater risk of operating any business dealing with PHI without a comprehensive HIPAA program. Penalties range between $100 and $50,000 for the first violation. If there is a second violation in the same calendar year, fines jump to $1.5 million. So, there is a lot at stake for health care providers and their business associates.

Rebecca Price is an associate at Kegler, Brown, Hill and Ritter, Co., L.P.A. Reach her at (614) 462-5411 or rprice@keglerbrown.com.

To learn more about Kegler’s health care regulation practice, visit www.keglerbrown.com/practice-areas/health-care-regulation--hit.

Insights Legal Affairs is brought to you by Kegler, Brown, Hill & Ritter

 

Published in Columbus