Data Privacy

Data Privacy

For businesses, data privacy and protection has become an important aspect of everyday operations.  Data breaches, such as those seen in the news at large companies including Target and Equifax, can result in costly regulatory compliance requirements and damage to a brand’s reputation.  Businesses that wish to adopt data protection “best practices” need to be aware of the software their company uses and how that software could contribute to a disaster such as a data breach.  A lack of proper policies and procedures governing the use and maintenance of software products can lead to serious consequences down the line.

First, what is Open Source Software?

Open Source Software is the byproduct of a movement in the software development community that wants software development to be an open and collaborative process.  Anyone can access and edit the source code for open source software—source code is the text used by software developers to create and edit a program.  Most commercial software products (or “proprietary software”) do not allow users to access or edit the software’s source code.  Consumers that purchase a proprietary software product are usually required to sign or electronically “accept” a license stating that they will not copy, edit, or perform any other restricted actions to the software.  For example, think of purchasing Microsoft Office (a proprietary software product), and the long list of restrictions in the license a user must accept in order to use the program.  In contrast, open source software products usually have less restrictive licenses, and many open source software programs are free to use.

Open source software is usually free? That sounds great!

Open source software does have many benefits: it is often free to download, users can modify the software to fit their particular needs, and an extensive community of developers work on open source software programs.  Many people use open source software without even knowing it, including popular programs such as WordPress and Mozilla Firefox.  The open source community works to monitor for any hackers and attempts to quickly fix and update open source software programs, but even this is not enough to mitigate all threats. 

So, there are risks associated with using Open Source Software? 

Yes.  A misconception exists that since open source software is usually free, that there are no strings attached to using such software.  In reality, open source software requires quite a bit of maintenance. 

  • Users need to monitor for announcements about security-related issues or updates to their open source software products.  Open source software users who do not understand this responsibility, or who ignore notices and updates, make themselves vulnerable to hackers. 
  • Because of the open and collaborative nature of open source software, the source code is available to the public.  This means that hackers can access the code and make malicious changes, or a well meaning developer can make a mistake for a hacker to exploit. 
  • Users need to understand the open source software’s licenses and comply with any requirements.  Failing to comply with an open source license can result in a lawsuit.  
  • Open source software typically does not offer warranties or indemnification, any legal risk associated with using the open source software product traces back to the user himself.

Are there any examples of open source software leading to a data privacy or security issue? 

Yes.  A hacker can wreak havoc regardless of the type of software.  The significant difference is that a company using open source software is responsible for vigilantly checking for any issues with the software and making fixes themselves. A company using proprietary software company, however, has accept to customer support and security updates.  Equifax’s historic 2017 data breach was traced back to a vulnerability in open source software they used.  Equifax saw the notice about the software’s vulnerability and information about how to fix it, but left the problem unresolved for too long.   Hackers noticed the open source software had not been updated and took advantage of this vulnerability to access the personal information (including social security numbers and addresses) of over 150 million U.S. citizens. 

What can be done to mitigate the risks of using open source software?

Open source software can be a great resource for businesses, but it needs to be used properly.  Hiring employees who understand all the requirements and risks associated with using open source software can be expensive, but a lawsuit or security issue like a data breach could be even more costly.  Businesses who use open source software should have policies and procedures that require all open source software usage to be tracked, all notices and updates to be monitored, any relevant changes or updates to be made correctly and quickly, and for all license requirements to be complied with.  At Gavin Law, our attorneys can help users understand licenses and license requirements as well as draft these crucial policies and procedures for employees.


Public Domain Day 2019

Happy New Year, Gavin Law followers!

Some people think the most wonderful time of the year is Christmas, but starting 2019, we are going to receive gifts every January 1st.  Why is that, you ask?

Previously copyrighted works are starting to enter the public domain again!  No copyrighted works have entered the public domain since January 1st, 1998, so this is a truly momentous occasion.  

What does it mean for a work to enter the public domain?  

To start, copyrights give a certain amount of protection to their owners, but do eventually expire.  When a work reaches the end of its term (either by expiration, abandonment, or lack of protection), it enters the public domain. The public domain is full of beautiful creative works of originality that can be used by ANYONE, without fear of infringing copyrights in these works.  Some examples of works famously in the public domain are works of Shakespeare.  This is why we have so many Shakespeare-based derivative films, such as Romeo and Juliet, or Rosencrantz and Guildenstern are dead.  Because Jane Austen’s works are in the public domain, we have Pride and Prejudice and Zombies!  Works that enter into the public domain often feed the creativity of new artists.

How long do copyrights last, anyways?

The term of copyright for a particular work depends on several factors, including whether it has been published, and, if so, the date of first publication. As a general rule, for works created after January 1, 1978, copyright protection lasts for the life of the author plus an additional 70 years. For an anonymous work, a pseudonymous work, or a work made for hire, the copyright endures for a term of 95 years from the year of its first publication or a term of 120 years from the year of its creation, whichever expires first. For works first published prior to 1978, the term will vary depending on several factors.

Why did works stop entering the public domain 20 years ago?

IN 1998, Congress passed the Sonny Bono Copyright Term Extension Act, which effectively added twenty-one years of protection to works that were under the protection of copyright law.  This Act was incredibly controversial, and many believed that Disney lobbyists were the driving motivator behind the Act, as a copyright on Mickey Mouse was due to expire.  Works created in 1923 or later were therefore set to enter the public domain, not in 1998, but in 2019.     

What works enter the public domain this year?

A variety of works enter the public domain, including the below that are particularly exciting.  However, Duke has published the full list, which you should feel free to peruse here:

  • Tarzan and the Golden Lion, by Edgar Rice Burroughs
  • The Inimitable Jeeves, by P.G. Wodehouse
  • Stopping by Woods on a Snowy Evening, by Robert Frost
  • Don Quixote, by Miguel Cervantes
  • The Ego and the Id, by Sigmund Freud
  • The Prophet, by Kahlil Gibran
  • Tulips & Chimneys, by e.e. cummings

Music Modernization Part III

Concluding our coverage of the Music Modernization Act (MMA), this article explores the final Title III of the bill, the “Allocation for Music Products Act” or AMP Act. (To read more about the bill generally, visit the prior blogs Title I and Title II.) Whereas the other two titles have focused primarily on songwriters and musicians, the AMP Act is the Copyright Act’s effort to recognize the roles of producers, mixers, and sound engineers in the creation and production of a sound recording by granting them a statutory right to royalties in from digital performance services. Critically, thanks to the AMP Act, producers, mixers, and sound engineers will not need to enter into contracts that explicitly establish compensation for digital transmissions.

As reported by IP Law Watch, the AMP Act “codifies the requested royalty allocations from artists to studio professionals that SoundExchange[1] has honored since 2004. (For more information see S. Rept. 115-339 (115th Congress Sept. 17, 2018) (Report of the Committee on the Judiciary to accompany S. 2823, The Music Modernization Act). In particular, the AMP Act allows SoundExchange to receive a “letter of direction” from an artist to “distribute, to a producer, mixer, or sound engineer who was part of the creative process that created a sound recording, a portion of the payments to which the payee would otherwise be entitled from the licensing of transmissions of the sound recording.” Although similar allocations are already in place for many, if not most, sound recordings after 1995, this authorization granted by the AMP Act is unique as it enables a more direct, and ideally efficient, process.

Because SoundExchange mainly handles sound recordings created after 1995, the AMP Act provides guidance for sound recordings predating November 1, 1995. For these sound recordings, producers, mixers and sound engineers may receive a distribution of 2% of collected receipts from licensing transmissions of the sound recording as deducted from the amounts payable to the artist provided that the producer, mixer, or sound engineer can evidence a failed attempt to obtain a “letter of direction” from the artist. In addition to these requirements, producers, mixers, and sound engineers would not be immediately entitled to the 2% distribution—there would be an “objection period” in which an artist or owner of the sound recording could raise objections.

There is one minor wrinkle to the above guidelines for sound recordings fixed before November 1, 1995: the relevant sections of the AMP Act—Section 114(g)(5)(B) (pre-1995 recordings) and Section 114(g)(6)(E)(right to receive payments)—do not go into effect until January 1, 2020. This delay is not a bad thing though; rather, it is to provide SoundExchange the necessary time to prepare and upgrade its own internal processes to best accommodate the AMP Act.

[1]SoundExchange is a non-profit collective rights management organization designated by Congress to collect and distribute digital performance royalties for sound recordings.

Music Modernization Act Part II

Continuing our coverage of the Music Modernization Act (MMA), this article explores Title II of the bill, the “Compensating Legacy Artists for their Songs, Service, and Important Contributions to Society Act” or CLASSICS Act. (To read more about the bill generally and Title I, please visit our blog here.)

While Title I was concerned about contemporary songwriters and their publishers, Title II, as its name may suggest, is interested in the past. In particular, Title II allows for songwriters and record labels to obtain compensation for music sound recordings created before 1972. This is important because 1972 was the year that federal copyright protection was first extended to music sound recordings; as such, compensation claims for music sound recordings made before 1972 are only covered by state laws, and the states have been anything but consistent in this area.  The CLASSICS Act presents a clean solution to this problem by requiring digital music services to provide notice, track, and pay royalties, just as they would for music sound recordings made after 1972.

In addition, the CLASSICS Act will create “a digital performance right in favor of rights owners of sound recordings recorded before February 15, 1972 (and after January 1, 1923).” That is, in the event there is no separate voluntary license between the sound recording rights owner and the digital service, the royalties will be calculated and paid under the same system that is applied to works made after 1972. See IP Law Watch for more information.

The CLASSICS Act includes two final details that are relatively unique. First, the act provides protection for pre-1972 sound recordings as calculated by 95 years from initial publication. It is therefore possible sound recordings can gain an additional period of 3-15 years worth of copyright protection, depending on how recently the song was published. Second, and perhaps more peculiar, is that the CLASSICS Act provides an approach to “orphan works,” that is, music sound recordings for which an owner cannot be identified. The CLASSICS Act will permit “certain noncommercial uses of sound recordings that are not being commercially exploited,” so long as the person engaging in the use makes a good faith, reasonable search for, but does not find, the owner of such sound recording and notice is provided to the Copyright Office.

Black Friday, Cyber Monday, & Trademark Law

GLO readers, did you take advantage of any Black Friday and Cyber Monday deals? Millions shop, billions have been spent, and businesses may be thinking of ways to use “Black Friday” and “Cyber Monday” to promote the sales that their companies will have on these days. The question is – When it comes to trademarks and potential infringement, should companies be worried about using these terms in their marketing?

Using catchy phrases and slogans can create a lasting image with customers and allows companies to create brand recognition and increase the potential for sales. Acquiring trademarks for a business’s intellectual property protects a business from copycats and provides legal remedies. Companies (some more than others) diligently patrol the use of their trademarks and pursue infringement not just for monetary damages, but so that they do not lose their trademark or its marketing power.

The short answer to whether companies should be worried about receiving a cease and desist letter or otherwise for using “Black Friday” or “Cyber Monday” in their marketing is: probably not. However, it is worthwhile to understand why this is, and when businesses do need to worry.

Why are “Black Friday” and “Cyber Monday” okay for businesses?

If a business had to avoid using “Black Friday” or “Cyber Monday” the way they evade using “Super Bowl” and “March Madness” in their advertisements, no one would be able to refer to their sale as the “Black Friday Sale”, or “Black Friday Deals”. However, it turns out that no one has control of these terms in the same broad way that other companies have over trademarks.

A search for “Black Friday” on the U.S. Trademark Database reveals 38 “Black Friday” trademarks or marks using “Black Friday” with another word or term (ex: Black Friday Store). The live marks for “Black Friday” include one for a beer, a computer game, and an individual in Cleveland, Ohio for advertising and marketing services.

These examples help demonstrate an important principle of trademark law— trademarks only cover the registered use of a specific good or service – meaning that unless someone uses Black Friday to market a beer, computer program, or advertising services, they are likely not going to run into any problems. A search for “Cyber Monday” turns up no trademark for the exact phrase, though there are several variations (ex: TGI Cyber Monday).

So, why has no one else registered Black Friday or Cyber Monday as a trademark?

Depending on who you ask, many say that “Black Friday” originated in Philadelphia as a phrase used to describe post-Thanksgiving traffic.  Over time, it developed into a colloquialism for retail services the day after Thanksgiving. It may seem like a great idea to register a trademark for “Black Friday” or “Cyber Monday” for everything you can think of so you have a monopoly on the terms. However, you cannot register any phrase you want as a trademark – there are specific rules you must follow.

The USPTO does not allow the registration of generic words or phrases. For instance, a company that makes computers cannot trademark the word “computer” to sell its goods. It is considered generic, and too likely to be used in the course of daily business for many businesses in the same industry. A business can use a generic term if it does not fall within the industry, though. For example, Apple Inc. is allowed to use “Apple” and the apple logo to sell computers because the word is not generic for the sale of computers. The word apple makes you think of the brand that sells computers instead of just the fruit, or instead of just computers.

Previously inventive terms can also become generic. If due to its popularity or significance, the brand’s trademark has become the generic name for, or synonymous with, a general class of product or service (usually against the intentions of the trademark’s holder) then the company may lose its trademark. Examples of companies that are constantly facing this issue are “Xerox”, “Band-Aid”, and “Kleenex”. The mark BLACK FRIDAY as registered in connection with beer avoids this issue because it is not a generic term for beer. “Black Friday” has become the generic term used for the day for sales after Thanksgiving, and “Cyber Monday” for online sales the following Monday. Therefore, companies may use these terms to promote their own sales on those days with little risk of trademark infringement – no one owns trademarks for that type of use, and likely no one can register the terms due to them being generic promotional terms.

Black Friday – not just in the United States

While we think of Thanksgiving as a holiday unique to the United States and Canada, it has spread globally, as has the awareness of Black Friday and Black Friday deals. Picking up on this, Hong Kong-based company Super Union Holdings Ltd. (“Super Union”) registered the trademark “Black Friday” in Germany for almost all goods and services. Super Union, not unlike the NFL and NCAA, diligently patrolled the use of its mark, and even more diligently enforced it. When other businesses used “Black Friday”, Super Union sent warnings, and several injunctions to stop using the term were issued. Eventually, companies filed cancellation requests against the registration. PayPal, itself not the target of any enforcement measures, decided to join the cancellation proceedings specifically to take a stand for the rights and interests of retail. One company that filed a complaint stated that “Black Friday” was a purely promotional term in widespread use around the world and well-known in Germany, and that its registration as a trademark was illegitimate in the first place.

In April 2018, the German Patent and Trademark Office (DPMA) finally declared the term free for all to use in commerce, signaling the end of Super Union’s trademark monopoly on “Black Friday” in Germany. DPMA considered that lack of distinctiveness, being that the term was generic, was enough to cancel the mark.


If this all makes you nervous about whether or not a word or term is a registered trademark or not, here is some advice: if you see the ® for a registered trademark or a ™ for a trademark in the process of being registered, you are being notified that you must not use this trademarked phrase without permission in any other business. The best place to be sure of the status of a phrase or name is the U.S. Patent and Trademark Office (USPTO) website, which anyone can access for free. As always, you should contact an attorney before you use a trademarked word or phrase in commerce to avoid any issues stemming from potential trademark infringement.

Happy shopping!