Operations

Every business – from start-ups to multi-nationals – needs to control cash expenditures. In particular, new companies, with limited capital, tend to focus their spending on products, technology, and marketing, while postponing attention to “legal” matters. Although this allocation of resources may seem wise in the short term, it can prove to be a very expensive long-term decision. If a company is not established on a firm legal foundation, it can face costly disputes, lose important rights, or be subject to significant liabilities in the future.

Although companies may face a range of legal issues, there are certain legal issues that are both common to most companies and critical to positioning a company for future success. Here are three key “legal’’ initiatives that every company should consider:

1. Documenting the important business relationships among the founders and with third party service providers.

The basic terms of each important business relationship involving a company should be memorialized in a written agreement signed by all parties. The most fundamental business relationship is among a company’s founders. This relationship should be reflected in an agreement which sets forth the economic, governance, management and transfer rights among the various equity owners of the business. For example, what is the process for approving business plans, capital expenditures, the incurrence of debt? Can the equity owners transfer their interests at will or do they have to offer the other equity owners the ability to buy those interests first. Similarly, key employees and service providers for the company should have written agreements with the company, documenting the economic and performance terms, as well as the duration, of the services to be provided. Although these may be difficult issues to discuss, it is far better to address any issues at the beginning of a business venture, rather than to wait until the business is established and the parties have a meaningful disagreement about the nature or scope of their relationship.

2. Protecting essential intellectual property.

If proprietary intellectual property is vital to a company’s business objectives, the company should take appropriate action to protect that intellectual property. For example, if a company uses a particular “brand” name for its products or services, it should consider registering a trademark for that brand (at least in the primary categories and country in which it is selling the product). In the United States, trademark rights are created by using a distinctive mark in connection with the sale of products or services. However, registration of a trademark with the United States Patent and Trademark Office (“PTO”) creates a presumption that the trademark is valid in the United States, provides notice to the public of the owner’s rights in the trademark, and enhances the owner’s ability to enforce the trademark against infringers. If a company uses a particular proprietary invention, it should consider obtaining a patent. A design patent (on original ornamental designs) or a utility patent (on new and useful processes or machines) on inventions from the PTO gives the owner the right to prevent others from making, using or selling the patented invention within the United States for 20 years, in the case of a utility patent, and 14 years, in the case of a design patent. If a company’s products or services are being manufactured or sold in significant amounts in foreign jurisdictions, the company should also consider registering in those foreign jurisdictions.

3. Investing in data governance.

In the current environment, most consumer facing companies are collecting data about their customers, either in the process of selling products or services through a website or mobile app, or otherwise at a physical point of sale. It is critical for companies to have appropriate internal procedures and processes to collect, use, disclose and store that data. Companies must fully and accurately disclose their data practices to their customers. Companies must also use appropriate safeguards to protect the security of their consumer data. Failure to do so could lead to government investigations and enforcement actions by the Federal Trade Commission or state attorney generals, and/or security breaches that could result in lost customers, lost revenues and potential lawsuits. There are frequent media reports of data security breaches and cyber hacking incidents involving consumer data. Although cyber hacking may be a crime, and a company a victim of that crime, nonetheless, the company could be held liable to third parties for failing to adequately secure its customer data.

Companies should periodically review and update their data privacy policies and terms of use on e-commerce sites, take (and insist that their relevant service providers take) appropriate data security measures, and develop an action plan to respond to a possible future security breach.

A business can only grow and prosper if it has a firm foundation. A company needs a good business plan, a dedicated management team and the right products or services. Equally important, however, is a legal framework that includes the documentation of key business relationships, the protection of essential rights and the adoption of strong data governance processes.

Lois Herzeca

About the Author


Lois Herzeca


Lois is a partner at Gibson, Dunn & Crutcher LLP and Co-Chair of the Fashion, Retail and Consumer Products Practice Group. She specializes in M&A, equity investments and licensing in the fashion and retail industries. Lois is also the co- author of Fashion Law and Business: Brands & Retailers (2013), and a Lecturer in Law at the University of Pennsylvania Law School.