Now that we’ve reached 2023, it’s time to reexamine privacy policies to comply with California’s new California Privacy Rights Act.

To recap, in 2018, California enacted the California Consumer Privacy Act (CCPA).  The CCPA became effective in 2020.  Many of our clients changed their privacy policies and programs to comply with the CCPA, which established new disclosure and process requirements.  In the November 2020 election, however, California’s voters enacted a new privacy law by ballot initiative – the California Privacy Rights Act (CPRA).  As of January 1, 2023, the CPRA became effective.  It supplements and amends the CPRA.

If you established a privacy policy to comply with the CCPA, the CPRA requires additional changes to your policy.  More generally, any business doing business in California is covered by CCPA/CPRA if

Is your company considering a transaction to become acquired or to take in additional financing?  If so, the time is now to upgrade your privacy and information security practices before you are in serious discussions or receive a term sheet for the transaction.  One obvious question is:  why now?  Aren’t data protection issues something for the lawyers to handle later in negotiating the agreement and during due diligence?  In answer to the question why now, I have 350 million reasons why now is the best time to tackle data protection challenges.

The 350 million refers to the transaction in which Verizon purchased the web business of Yahoo.  After Verizon found out that Yahoo was in the midst of a data breach at the time of the purchase transaction, Verizon went back to Yahoo and shaved off $350 million from the purchase price.  Simply put, the ongoing weakness in Yahoo’s data protection program reduced the valuation of the business and Verizon wanted to slash the transaction value to reflect that reduction in value.

Executives of a target company that want to avoid taking a haircut later in the value of their M&A transaction or valuation during a financing transaction can prepare now to avoid problems later.  Taking care of data protection concerns now not only preserves valuation for the target company but also:

On January 8, 2011, the California Office of Environmental Health Hazard Assessment (OEHHA) issued a notice of proposed rulemaking aimed at amending the regulations governing the short-form warning under Proposition 65. The deadline for submitting comments in response to this notice is March 8, 2021.

In 2016, OEHHA adopted new Article 6 Clear and Reasonable Warning regulations which became operative in August 2018.  Among other changes, the regulations provided for a short-form warning which allowed for an abbreviated product warning in certain circumstances. If a company used the short form, it was not required to list the name of the chemical that created the risk. So until now the following warning was sufficient:

WARNING: Cancer and reproductive harm- www.P65Warnings.ca.gov

San Jose, Calif. — December 15, 2020 — Silicon Valley Law Group, a boutique business law firm, today announced that Laurie Berger, a veteran environmental attorney, has joined the firm’s Environmental Group as Special Counsel. Ms. Berger’s addition to Silicon Valley Law Group enhances its ability to provide services to its clients on a wide variety of environmental counseling, compliance, administrative and litigation matters.

“We are excited to have Laurie join our growing Environmental Group. Given her impeccable qualifications and depth and breadth of experience, Silicon Valley Law Group now has one of the largest and most experienced environmental law groups in the South Bay,” said Bernie Vogel, CEO of Silicon Valley Law Group.

Laurie’s practice focuses on environmental regulatory compliance and related administrative proceedings and litigation. She represents manufacturers, developers, property owners and electronics companies. Her areas of expertise include hazardous and solid waste, Proposition 65, due diligence, vapor intrusion, land use, underground storage tanks, military base closure and reuse, municipal and hazardous waste landfills and conflict minerals. Laurie has deep experience with all aspects of CERCLA and the National Contingency Plan, as well as special experience with the environmental issues that arise in the solar energy industry.

European Court of Justice
In a judgment issued last week, the European Court of Justice invalidated the EU-U.S. Privacy Shield Program by which businesses in the United States could self-certify their compliance with a framework of principles for data protection. This judgment is the top privacy story for multinational companies this year. What does this mean for artificial intelligence companies? For AI companies using personal data to train machine learning systems, the answer is that it just got harder to import personal data from the European Union (EU) and broader European Economic Area (EEA) to the United States.

The background is that some U.S. businesses in the artificial intelligence field are importing personal data from European countries to train machine learning systems with a myriad of applications. Companies with a physical presence in the EEA, companies directing marketing efforts to EEA member states, and companies monitoring the behavior of individuals present in EEA member states are subject to the European Union’s General Data Protection Regulation. For more details, see my earlier blog post. In addition, other U.S. businesses may provide services to another U.S. business that has already imported personal data from EEA countries. Such U.S. businesses must then agree by contract to protect personal data from those countries with the same level of protection they would receive under GDPR in the EEA. Therefore, some AI companies are required, directly or indirectly, to meet GDPR standards.

GDPR allows for the free flow of personal data from EEA countries to countries that the European Commission has found to have an adequate level of data protection. So if the laws in those countries are stringent enough, then there is no barrier to exporting personal data to those countries from the EEA. And by “export,” I mean that a company in an EEA member state could, for instance, send the personal data to a vendor in one of those countries. As one example, a cloud storage provider in Canada could receive personal data from EEA companies without any GDPR-imposed restrictions. The laws in Canada are stringent enough to protect personal data. Other countries with such adequacy decisions include Argentina, Israel, Japan, Switzerland, and New Zealand.

Disrupt Rethink Reimagine Reinvent Speedometer Words Change 3d Illustration rendering
Growing up, I used to think New York City was the capital of the world. I started life in Columbus, Ohio, and spent most of my early years in a Cleveland, Ohio suburb called Chagrin Falls. Of course, I knew that Washington, D.C. was the political capital of the nation and that the world itself didn’t have an official capital. Nonetheless, Cleveland revolved in New York’s orbit.

While Chicago was closer, my Ohio peers and I at least subconsciously thought of New York as the place to go to seek your fortune. When young people in my area of Ohio wanted to make it to the big time, they would plan a move to New York. New York was the source of much of our media, arts, theater, jazz, literature, fashion, great sports history, and so much more. And yes, we were jealous of all those Yankee World Series wins. Simply put, New York was the place to be if you wanted to live where the momentous current events were happening.

Nonetheless, my world view started to change. I taught myself how to program computers in high school and took some computer science classes in college. I heard about Steve Jobs and Steve Wozniak in Silicon Valley. The personal computer revolution was just beginning. I knew that upstart Silicon Valley companies were doing cool things and changing the world. What attracted me was the meritocratic ethos of Silicon Valley. I did not grow up as one of the old money families on the eastern seaboard, or even my hometown of Chagrin Falls. Lack of key family ties and history matters less in Silicon Valley and California generally. The perception was that everyone had an equal shot in Silicon Valley (although of course, we know that reality does not always match the Silicon Valley mythos, and structural barriers remain for many people even in the Valley).

Artificial Intelligence and Robotics National Institute
I am pleased to announce another American Bar Association Artificial Intelligence and Robotics National Institute this fall. The Institute is a continuing legal education program, although given the interdisciplinary nature of the program, we hope that many non-lawyers will join us. Because of COVID, the Institute will be online over a series of five Wednesdays with three hour-long panels each starting on September 30, 2020. I serve as Founder and Chair of the Institute. The goal of this year’s Institute is to tackle the big artificial intelligence and robotics issues – both today’s and tomorrow’s.

The online conference format is both an accommodation in light of the inability for us to gather in person because of the COVID-19 virus. We had such deep and meaningful personal interactions at our first national institute, it is sad to not have an in-person event. Nonetheless, we are making lemonade from lemons by offering our program online. We hope the Institute will play to the strengths of an online platform.

First, anyone around the world can attend from a home or office without the need of travel. We hope to spread the word and build a broader community of people concerned with AI and robotics legal issues and public policy. Second, the format offers us the ability to join the Institute with its sister program – the American Bar Association Internet of Things National Institute. On September 30, we are bringing the speakers and audiences from both Institutes together for one large online gathering to talk about the most urgent crossover issues of the day involving AI and IoT. We would not be able to have a joint meeting of both Institutes if we were meeting live.

Data-Collection-AdobeStock_105428565-1024x1024
Organizations using machine learning systems require data to train their systems. But where does that data come from? And can they get into trouble if they don’t have the rights to use that data? The short answer is yes; they can get into trouble if they aren’t careful.

A few recent cases show the risks associated with companies using personal information for training AI systems allegedly without authorization. First, Burke v. Clearview AI, Inc., a class action filed in federal district court in San Diego at the end of February 2020, involves a company, Clearview, accused of “scraping” thousands of sites to obtain three billion images of faces of individuals used for training AI algorithms for facial recognition and identification purposes. “Scraping” refers to the process of automated processes scanning the content of websites, collecting certain content from them, storing that content, and using it later for the collecting company’s own purposes. The basis for the complaint is that Clearview AI failed to obtain consent to use the scraped images. Moreover, given the vast scale of the scraping – obtaining three billion images – the risk to privacy is tremendous.

In Stein v. Clarifai, Inc., filed earlier in February, the plaintiffs’ class action complaint filed in Illinois state court claims that investors in Clarifai, founders in the dating site OKCupid, used their access to OKCupid’s database of profile photographs to transfer the database to Clarifai. Clarifai then supposedly used the photos to train its algorithms used for analyzing images and videos, including for purposes of facial recognition. Clarifai is the defendant in this case and will have to fight claims that it wasn’t entitled to take the OKCupid photos without notifying the dating site’s users and obtaining consent. OKCupid is potentially a target too. It wasn’t clear if plaintiffs are saying that OKCupid’s management approved the access to its database, but if it did, the plaintiffs may have claims against OKCupid as well.

Frequently Asked California corporation questions (FAQ)

 

Disclaimer WarningThis FAQ is published as a general informational resource and is not intended to constitute legal advice regarding any particular matter or any specific facts.  Transmission of this FAQ does not constitute legal advice for the reader and does not create an attorney-client relationship. 
Should a corporation be formed in California, Delaware, Nevada or another state? The optimal state of incorporation for a business requires an analysis of, among other things, the business plan of the corporation, the desire to avoid shareholder derivative suits, the likelihood of institutional or venture capital investors, indemnification issues, the willingness to pay both California taxes and another states taxes, and other matters which are beyond the scope of this FAQ.  Readers are encouraged to review publications on this matter at www.svlg.com.
Are there corporate name restrictions or corporate names which cannot be used? Corporations cannot use (i) corporate names previously taken by other businesses, or (ii) names that conflict closely with or resemble[1] a name of a corporation in good standing or (ii) the following words without satisfying certain requirements or obtaining governmental approval[2]:

·         “bank”, “trust,” or “trustee”

·          “cooperative” or abbreviations thereof,

·         “Olympic,” or Olympiad,” or

·         “national,” “federal,” “United States,” “reserve,” “deposit insurance,” or certain words referring to “credit unions”.

Do I need to have “Inc.”, “corporation” or some other version in the corporate name? California law allows flexibility in choosing a corporate name.  In most cases, the words “corporation,” “incorporated, “or abbreviations, such as “Inc.”, do not have to be included in a corporate name unless:

o   the corporation will be a statutory “Close Corporation[3],”

o   an individual’s name is used in the corporate name, or

o   certain types of professional corporations, such as law, accounting, medical, architectural, or engineering.[4]

However, use of such word is recommended to clearly signify a company’s corporate existence.

How can I check if a corporate name is available? A quick way of checking the availability of a corporate name is to perform a “Business Search” on the California Secretary of State website; however, you cannot be absolutely certain that the name is available without reserving the corporate name.  This is because (i) the Secretary of State database is not current due to delays in processing submitted corporate documents, (ii) there can be a conflicting corporate name which is the same or has similar pronunciation (but different spellings), and (iii) there can be corporate names already under a reservation.
Can my proposed corporate name be reserved?

 

 

Due to the abundance of existing corporate names and the slow processing of the articles of incorporation, you consider submitting a name availability inquiry or reserving a corporate name at the California Secretary of State’s website.  For a filing fee of $10 per name, a corporate name can be reserved for 60 days.
Does the corporation have to qualify or register in states outside a California? Although each state has its own rules, regulations and exemptions, before a corporation transacts business in another state, it should investigate the need to be qualified or registered in such state.  As a general prophylactic rule, a corporation should assume that it will need to qualify or register if the corporation is going to transact business or have a presence (assets, employees or sales – each of which have their own implications which are beyond the scope of this FAQ) in another state.
How many Board of Directors are required? California Corporation Code Section 212 (a) requires that if there is only one shareholder the number of Directors must be at least one (1); or when there are two (2) shareholders, there must be at least be two (2) Directors.  If there are more than two (2) shareholders, the number of Directors must be three (3) or more.
What is “par value” and is it required? Par value is an antiquated concept for establishing minimum legal capital, which has been eliminated in California for many years.  California, like Delaware, permits, but does not require, the issuance of stock with or without par value.  Many common stocks are issued with “No-Par Value or extremely low par values of between $.01 to $.0001.
What is and does a California corporation need a “corporate seal”? A corporate seal is a stamp, generally metal, but can be rubber, of a corporate signature which contains the corporate name, state and date of incorporation.  However, corporate seals have fallen out of use.  Even banks and insurance companies, which have requested or require corporate seals in the past, have discontinued the practice of requesting them.  Corporate seals are considered relics in California and New York.  Although California statute gives corporations the authority to use and adopt them, corporate seals have no effect on the validity of any corporate document or instrument.[5]
What factors should be considered before issuing stock of the corporation? Before founders or management issue any stock or securities of a corporation, they should identify and evaluate the characteristics of such potential shareholders. Analysis should include what consideration (cash, intellectual property, future employment, etc.) is being exchanged for the securities, whether there will be any restrictions on the transfer or sale of the stock, whether the ownership of the stock will vest over time, whether there will be voting restrictions or options to repurchase the stock, and whether the securities offering needs to be registered with the Securities Exchange Commission (SEC) or the state of California, or other states in which shareholders live.
Does the offering of securities require registration with the SEC? Unless there is an exemption, all securities sold in the United States by corporations must be registered with the SEC. Such registration involves, among other things, the delivery of financial statements and other important information regarding the securities to the investors and the preparation of a registration statement, all of which can be extensive, costly, and time-consuming.
Are there exemptions from the federal registration of securities? Most companies want to avoid the costs and challenges of filing a registration with the SEC.  The most common transactional exemptions are the Regulation D Exemption, Regulation A Exemption, Interstate Offering Exemption, and Private Offering Exemption, all of which have extensive requirements and restrictions which are beyond the scope of this FAQ.  Readers are encouraged to review publications on this matter at www.svlg.com.
What state security regulations should be of concern? In addition to complying with the SEC’s registration requirements, a company must also register and comply with Blue Sky Laws of each State, in which the investor or shareholder resides.  Founders, management and corporate legal counsel need to carefully monitor and analyze the residence, financial condition and sophistication of potential shareholders before any securities offering to determine whether the securities must be registered with the state of the potential shareholder’s residence, and whether there is an exemption under such Blue Sky Laws.  Violations of a state’s Blue Sky Laws can result in the issuance of cease-and-desist letters, injunctions, rescission offerings, costly penalties or other expensive legal proceedings.
Should I issue stock outright? Consideration should always be given to issuing stock on a vesting or earned over time basis (i.e. vesting schedule) to avoiding unnecessary windfalls, encourage completion of a shareholder’s obligations and/or commitments, and ensure retention of founders and employees.
Should the Corporation be a C Corporation or an S Corporation for income tax purposes? “C Corporations” are treated as a separate taxable entity and upon the sale of the corporation’s assets can be subject to taxation at both the corporation level and the shareholder level; commonly known as “double taxation”.  A “S Corporation” is generally treated as a pass-through entity [6]which reports income, deductions, credits and information to the federal and state income tax authorities and provides tax information to its shareholders for reporting on their personal tax returns.  Whether a corporation should be a “C Corporation” (default status), or elect to be treated[7] as an “S Corporation” is a complex question beyond the scope of this FAQ.  The relevant analysis requires, among other things, examination of the nature of the corporation’s business, the likelihood of institutional or venture capital investors, shareholders’ citizenship, potential number of shareholders, shareholder nature, characteristics and criteria, future plans for raising capital, future potential liquidity (i.e. potential sale in the future), and other variables and considerations.
What should I do if I receive notice or letter from a company soliciting to prepare annual minutes, file statement of information or file corporate documents? You should provide your corporate attorney with a copy of such notice or letter.  California companies have been receiving official looking solicitation letters or notices, warning of defaults and penalties, requesting information about a corporation payment of fees and costs, and completion of forms.  In general, these solicitations are not made by the California Secretary of State’s office and are not made by, or on behalf of, any governmental agency.  These companies have no authority and are generally viewed as fraudulent solicitations.
Does the Corporation need to have an accounting firm? The identification of an accountant or accounting firm is not immediately necessary at the time of incorporation; however, founders and management should engage an accounting firm as soon as possible for financial and tax purposes.  If you do not have an accountant or an accounting firm and need a referral, please contact Bernie Vogel of our law firm, and we will supply you with two (2) referrals.
What should be the Corporation’s Fiscal/Calendar Year End The Corporation’s Tax and Accounting Year End must be December 31 for all corporations electing to be treated as an S Corporation.  However, for C corporations, the Fiscal Year End can be December 31 or other dates during the year.  If you are contemplating using a non-December 31 year end, please discuss this matter with your accountant and have them explain the restrictions and ramifications for such a year-end.

This FAQ is intended to give the reader general information about various issues surrounding the formation of a Corporation.  If you desire a more extensive discussion and analysis on any of the topics listed above or any other corporate and legal matters, please contact the undersigned.

Sincerely,

Bernard J.  Vogel, III

Vogel@svlg.com

[1] Pursuant to California Corporation Code (“CCC”) Section 201(b), the California Secretary of State shall not file articles or amendments if the proposed corporate name is likely to mislead the public or resembles closely, or is the same as, any California corporation in good standing, foreign corporation qualified to do business in California and in good standing, or corporate names under reservation.

[2] Requirements, necessary governmental approvals, and procedures are beyond the scope of this FAQ

[3] A “Close Corporation” is a unique statutory California entity which is generally restricted to smaller closely held corporate ownership and has very limited uses, which is beyond the scope of this FAQ.

[4] Each Governmental Regulatory Agency has specific regulations which are beyond the scope of this FAQ.

[5] California Corporation Code Section 207 provides that a corporation shall have “the power to: (a) Adopt, use and at will alter a corporate seal, but failure to affix a seal does not affect the validity of any instrument.” [Emphasis added]

[6] A common misperception in the public is a S Corporation is a corporation treated as a partnership for income tax purposes.  This is a dangerous oversimplification.  For example, unlike a partnership, the distribution or transfer of assets out of a S Corporation is deemed to be a sale of such assets at their fair market value, which can result, and often times does, in a surprising recognition of income or gain to the shareholder.

[7] In order for a corporation to be treated as an S Corporation, all of the then current shareholders (and their spouses) must sign and file the Election To Be Treated As a Small Business Corporation (IRS Form 2553) and additional eligibility requirements beyond the scope of this FAQ must be satisfied

You may have heard that California has a new privacy law. The California Consumer Privacy Act (CCPA) came into effect on January 1, 2020. It covers large(r) businesses in California. Covered businesses have to give “consumers” four key rights:

  • The right to know their privacy practices regarding how they collect, use, share, and sell consumers’ personal information.
  • The right to demand that businesses delete personal information.  There are some exceptions in the law.
Contact Information