Committing to registering your copyrights in 2020 probably seems a lot like other resolutions you may be making, such as eating more vegetables or going to the gym. You know it’s good for you, but it also seems unpleasant and maybe a little overwhelming. The good news is that you’re half right - registering your copyrights is essential if you intend to make a living (or even a decent side hustle) out of your creations, but it’s also not as difficult, time consuming or expensive as you may think.

WHY REGISTER?

The benefit of copyright law is protection - it gives you the exclusive right to decide how your creations are used, along with the right to get paid for your hard work. Without it, artists would have no way to prevent their work from being exploited by political causes they disagree with, or promoting products that conflict with their image. They would also have no way to demand that those who do want to use their work (and get permission) pay for the privilege.

Registering your copyright provides you a number of advantages:

• The registration creates evidence that you own the work, in case someone else tries to claim credit. Which is way better than mailing a copy to yourself and sticking the unopened envelope in a drawer (seriously, stop doing that).

• A copyright registration provides notice to others that your work is protected, even if you don’t or can’t place a copyright notice on your work.

• If someone wants to license your work ($$$), the registration lets them know who to contact for permission (and who to pay).

• A registration is required before you can file a lawsuit. That may not seem important now, but if you later discover someone is using your work in a way you want to stop, you’ll have to wait for your registration to be processed before a court can do anything about it. That could mean months of being unable to stop the infringement - by which time the damage may be done.

• A registration allows you to recover your attorneys’ fees as well as statutory damages from an infringer. That gives you greater leverage if you have to demand that infringers stop their theft, and if they won’t, makes it more economically feasible to go to court to make them stop. More importantly, it provides a powerful incentive for others to avoid stealing your work in the first place.

• As a bonus, the government gives you a nice certificate, suitable for framing, confirming your creative prowess.

NO EXCUSES

It’s true that registering your copyrights involves a little paperwork and a little money - but probably not as much as you think. Copyright registration applications are pretty straightforward, and if you’re unsure about anything, you can ask a copyright attorney to help out. Alternatively, ask your attorney to prepare the first registration of the year and show you how to do subsequent applications yourself (or if you just don’t want to be bothered, ask your attorney if they will do the whole year for a discounted fee). The application fee is also pretty minimal - as low as $35 for most works. And you can often register multiple works at a time for a single fee, which works well if you need to catch up on your registrations or you create related groups of art, such as an album, a series of articles or a collection of fine art prints or photographs.

YOUR 2020 PLAN

Creating a plan for your registrations makes it easy. Resolve to catch up on all of your unregistered works in January, then set a schedule to register new works throughout the year, depending on how often you create new stuff. If you frequently update your work (like blog entries), you may want to register monthly. If you only sporadically create new stuff (e.g., writing a book or an album), make it part of your final process. For most creatives, setting a schedule to update your registrations quarterly or even every six months is likely fine. The main thing is to have a plan, and then stick to it, so nothing slips until next year. You know, like all of your other resolutions.

In my last post, I covered which creative professionals and online businesses may be caught up by the CCPA - even if they aren’t based in California. If you do fall under the CCPA (or even just want to be prepared in case you later fall under the CCPA), you’ll need to be prepared to do a number of things come 2020.

WHAT DO CONSUMERS GET?

So what exactly do you now need to be provide consumers whose information you’ve captured? A lot, actually:

Disclosure: First, consumers have the right to ask you for a report disclosing the categories of information you’ve collected about that consumer; the sources of the information; the purpose for collecting or selling the information; the categories of third parties with which you share their information; and the specific pieces of personal information you’ve collected.

Of course, giving out personal information can actually create a risk of privacy breach, so you’ll need to comply with the Attorney General’s guidance on responding to these requests. As an example, social security and bank account numbers shouldn’t be given out even if requested, and reasonable steps need to be taken to verify a consumer’s identify before providing the report. At the same time, you’re on the clock – in most cases you’ll need to acknowledge the request within 10 days, and provide the report within 45 days.

Collection: Going forward, you’ll need to inform consumers at or before the point of collection what categories of personal information you’re collecting, and why. Sure, if you’re asking for an email address to add someone to a newsletter, this may seem rather obvious. But if you’re planning on doing anything else with that email address in the future, you need to disclose it now. And there are plenty of non-obvious ways you may be collecting information without the consumer (or even you) knowing about it. For example, some DIY website providers automatically set your website to collect cookies and other information for analytics. You may need to modify your site and update your privacy policy to comply.

Deletion: In most cases, a consumer can now order you to delete all or part of their personal information which you’ve collected. And if you offer the option to delete just part of their data, the option to delete all information must be “more prominently presented.” Deleting data becomes especially complicated when the information you’ve collected may apply to multiple people (like a household), or when minors are involved.

Opt-Out: You can no longer sell consumer data that is subject to the CCPA unless you provide notice to your consumers, and a prominent option to opt out. Specifically, you must have a "Do Not Sell My Personal Information" link on your website’s homepage that leads to a page or form which enables a consumer to opt out of the sale of their information.

Privacy Policy Requirements: Your privacy policy (and, implicitly, this means you need to have one), must include all of the following information:

• A list of consumers’ rights under the CCPA, including their right to opt out of the sale of personal information and another link to the "Do Not Sell My Personal Information" page or form.

• The methods consumers can use to submit a request for the report mentioned above; and

• A list of all of the categories of personal information that you have collected, sold or disclosed to a third party in the preceding 12 months.

Plus, you have to update this last item (and thus update your policy) every 12 months. No more setting and forgetting this document.

Anti-Discrimination: You cannot “discriminate” against any consumer who exercises their rights under the CCPA – for example, by refusing to deal with customers who exercise their opt out rights, or charging customers for requesting their report. However, you can offer customers discounts if they allow you to sell their data, provided that the discount is reasonably related to the value of their data.

Liability for Data Breaches: Last but certainly not least, the CCPA also creates new liability if you suffer a data breach and didn’t take reasonable steps to prevent it. Unlike the rest of the CCPA, which is enforced by the California Attorney General, this is a private cause of action – meaning that consumers themselves can sue you. Even if they can’t prove the theft caused any damage, they can recover statutory damages between $100 and $750 per consumer per incident (so imagine what happens if you lose 50,000 consumers’ information in one hack). And if they can prove actual damages, they can recover those damages instead.

The good news is that the law doesn’t create a strict liability – you just need to take “reasonable” steps to protect your consumers’ data. But if you’ve been storing your consumer’s personal information on unencrypted servers, leaving it available on your phone without a passcode, or just ignoring the possibility of being hacked altogether because you’re a small business, you’re running a huge risk. Also, unlike the recent privacy laws passed in Europe, the CCPA is not limited to online and electronic data, or to sensitive data like social security numbers. Someone swiping a paper list of your customers’ names or telephone numbers from your home or office is enough to create liability. 

WHAT DO I DO NEXT?

First, you should take a hard look at your business and see if the CCPA applies to you – or could potentially apply to you in the coming years as your business wildly succeeds and grows (I’m pretty positive for a lawyer).

If it does (or could), it is essential that you have a firm understanding of the personal information you already control and what you are collecting going forward. Everything else depends on you knowing what you have and where it is kept – you can’t provide a consumer their report or delete their data if you don’t know where it is. Likewise, if you’re storing “personal information” in multiple places (e.g., names and telephone numbers in one database, email addresses in a different database, cookies with your web provider, and a spreadsheet with God-knows-what on an old hard drive), you need a plan for consolidating and tracking all of it.

You’ll also need to set up a protocol for responding to requests and generating reports – doing it ad hoc every time will overwhelm you (imagine getting 50,000 requests at once). And you’ll need to contact your website developer or IT department to implement the required notices, opt out links and options on your website.

Now would also be a good time to update your privacy policy (you have one, right?) to make sure it actually reflects your business and practices. If you’re using a form policy you found on the Internet years ago and never paid much attention to, you really need to spend some time on it now.

Finally, if in doubt, ask for help — attorneys are still getting their arms around the new law themselves, but your attorney should be able to point you in the right direction. There are also plenty of vendors who are gearing up to assist businesses with auditing their security, updating their privacy policies and protocols, and putting together a plan for compliance.

Many businesses – especially online businesses and content creators, such as bloggers, vloggers, e-distributors and e-book authors – rely on collecting email addresses and other customer information to grow their passion project into a full-time enterprise. And the beautiful thing about the Internet is those businesses can reach beyond their local community to help consumers across the country. Unfortunately, these same characteristics place online businesses squarely in the path of a new California privacy law.

HELLO, CALIFORNIA CONSUMER PRIVACY ACT

Your first instinct may be that if your business isn’t based in California, you can safely ignore one more crazy law coming out of the Golden State (I say this as a former Californian). The problem is that California is not necessarily ignoring you.

Starting January 1, the most far-reaching privacy law in the nation goes into effect, creating the potential for huge fines and liability risks. The California Consumer Privacy Act of 2018 (CCPA) represents a massive shift in the way that personal information will need to be collected, used and protected. The good news is that the law has some safeguards to exempt non-California companies and small businesses from the most onerous of the requests. The bad news is those safeguards may not apply to businesses with an online presence and even a moderate customer list.

A word of warning before we begin – due in part to the way it was written and passed (Google it if you’re interested), the CCPA is incredibly vague in places and is actually still in the process of being fine-tuned by the legislature and the California Attorney General as to what some of it even means. I’ve attempted to give a general overview here, but the devil is in the details, so if it sounds like the CCPA may apply to you, please check in with your favorite attorney to figure out exactly what your business needs to do.

WHICH ONLINE BUSINESSES NEED TO WORRY?

First and foremost, you need to know if the new law applies to you. If it does, you have some work to do. If it doesn’t, you can go back to ignoring the California legislature – for now. But as your business grows and changes, keep the CCPA in the back of your mind so that you don’t accidentally wander into its jurisdiction without planning ahead. And of course, there’s always the chance that other states or Congress sees what California did and decides to adopts it themselves.

So who does the CCPA apply to? Think of it as a three-step checklist – if you meet all three criteria, the CCPA applies to you regardless of where your business is located. Generally speaking, the three criteria are:

1.     You’re a for-profit business;

2.    You “do business in California”; and

3.    Any of the following describes your business:

·      You have annual gross revenues (not profits) in excess of $25 Million;
·      More than 50% of your annual revenues comes from selling consumers’ personal information; or
·      You annually buy, receive, sell, and/or share personal information of 50,000 or more California consumers, households, or devices (in any combination).

Let’s take each of these in turn. First, whether you are a for-profit business is probably self-explanatory (and no, it doesn’t turn on how much profit you’re making) – if you’re really not sure, check with your attorney or accountant.

Second, whether you “do business in California” is – like most of this law – a little unclear, but California seems to be taking a pretty broad view on this. If you are registered with California to do business or pay California taxes, you’re almost certainly covered. Even if you don’t, the statute only excludes businesses “if every aspect of … commercial conduct takes place wholly outside of California,” which potentially means that if any part of capturing or using a consumer’s information took place in California, it counts. That likely includes collecting information from a Californian while they are in California, even over the internet or phone.

The third criteria is the one that will give many small businesses a false sense of security. The average blogger probably isn’t pulling in $25 million in revenues (if you are, congrats!), and if you primarily make your money selling data, the CCPA likely isn’t coming as any surprise. But the third item has a number of non-obvious “gotchas” for even small online businesses.

At first glance, 50,000 may seem like a big number. The problem is in how broadly the statute defines “personal information,” and that any combination of information adding up to 50,000 people, households and/or devices in a year gets you across the threshold. “Personal information” is not just sensitive information like names, birthdates and social security numbers. It’s essentially anything that can reasonably linked back to a particular consumer or household. Names, telephone numbers, email addresses, cookies, IP addresses, geolocation data, Facebook profiles – even customer profile information that you assemble yourself, like purchase history, counts towards the total. So, if your website is automatically capturing information such as cookies or IP addresses, you can get to 50,000 with just 137 unique visitors a day. Even if that doesn’t put you over the top, consider the number of other pieces of information you collect during the course of the year, then add it to your website totals and see what it amounts to.

“Consumer” is also non-intuitively defined as any California resident – not just customers. Information about your own employees (if they are California residents) counts, and if you work with California businesses (e.g., vendors or distributors) and track contact information for their personnel, you may be well on your way to 50,000.

Other potential traps are sales leads and email lists. If you acquire or trade a list of potential customers, that counts towards your total, as does collecting email addresses (or any other personal information) for newsletters, email blasts or social media ads.

If you think the CCPA applies to your business - or even may apply in the future - my next post will cover what the CCPA actually requires you to do and what you can do next to prepare.

I get it. Part of the appeal of any form of art – whether it’s gallery-level paintings or blogging about your favorite TV show – is creativity and freedom. And the (shudder) law is exactly the opposite. It is, by definition, a set of rules you are not supposed to break. So you would be forgiven for assuming that legal issues, like taxes and the dentist, should be ignored as long and as much as possible.

The problem is that there are a whole host of laws that can actually help artists and creative types protect their work and maybe make a few bucks doing it.

Each of these is probably worthy of a separate post (I’m working on it), but here’s five things that any artist or creative professional should at least consider.

1. REGISTER YOUR COPYRIGHTS

Number one with a bullet is taking advantage of copyright registration. Copyright law is the primary way to exercise control over your work, from ensuring you get paid for authorized uses to allowing you to veto uses you don’t want to be associated with. You obtain some rights as soon as you create a new work, but registering the work with the Copyright Office provides all sorts of advantages if you need to enforce your rights, including increasing the potential recovery and allowing you to win back your attorney fees and costs, which in turn makes it more likely that someone else will think twice before infringing your work or back down if they do infringe and are caught. Registration is also inexpensive and not overly complicated, especially once you’ve done it a few times. If you regularly create new products, you may want to get in the habit of registering all of your new works on a schedule, such as once a month or once a quarter. Registering several works at a time is usually easier and less expensive, and doing it regularly means your works don’t go too long without protection.

2. DON’T FORGET ABOUT TRADEMARKS AND TRADE DRESS

Although copyright law is the primary shield for artists, it has its limits. For example, you can’t copyright words or phrases (like names or titles), nor can you copyright items that are useful or aren’t sufficiently “creative,” such as realistic depictions of things found in nature. But trademark law can help fill in the gaps. Because trademark law is intended to protect consumers, rather than creators, it covers things copyright law doesn’t. Trademark law is particularly useful for preventing someone from creating knock-off works that are slightly different from yours, but are intended to trade on your reputation. Trademark protection also applies to your entire brand, not individual works, so you won’t need to go through the registration process as often - usually just once in the beginning, and then only when you add a new aspect to your brand like a logo or a new brand name.

3. CONTRACTS – LET’S GET EXPLICIT

Forget thick documents filled with pseudo-Latin. A contract is nothing more than promising to do something in exchange for something else.  Buy a gallon of milk at the grocery store? That’s a contract - you’re promising to pay the amount on the price tag, and the store is promising to give you the milk. Artists and e-businesses deal with a ton of “contracts” in their business, whether they realize it or not - terms of service with their website provider, purchase orders for supplies, sales of their works, agreements with co-creators and assistants. Even if these “contracts” are friendly understandings and handshake deals, they can be just as enforceable as a fifty-page document signed in triplicate. The problem is that these friendly handshake deals probably never discussed critical details, leaving the two sides with completely different understandings about what constitutes the “deal.” If you have enough of these, a dispute is inevitable. Maybe it gets worked out after some angry phone calls, maybe a lawyer needs to get involved - but either way, it’s not pleasant and it’s not inexpensive. Here’s where the law can actually help you out - all you have to do is talk about the details ahead of time, and then write it down in a document that everyone agrees on. The law doesn’t require a contract to be anything formal or expensive - it really does want to make sure everyone gets what they bargained for. Nine times out of ten, there are no “magic words” required, and the document can be as simple as a page or two. Don’t think of it as “lawyering” a relationship, think of it as just making sure everyone is on the same page.

4. FAIR USE - GREAT IF YOU FOLLOW THE RULES

Although artists are certainly entitled to protect their creative works, “creativity” also sometimes requires building on what came before. The law recognizes this in the “fair use” doctrine, which exempts certain types of uses from copyright infringement. Fair use is particularly important for creative professionals who comment on or discuss other art, such as critics, scholars or parodists, but it can help out lots of different artists — when used correctly. Therein lies the rub. Although everyone seems to have heard of Fair Use, very few people actually understand it or when it applies. It’s not true that you’re allowed to use a certain number of seconds of a song or video for free, for example, and copyright law doesn’t cease to exist just because you didn’t make any money off your (totally infringing) YouTube video. Fair Use can be a powerful tool, but you need to make sure you actually understand the rules.

5. GALLERY AND FINE ART LAWS

Finally, if you’re a fine artist such as a painter, photographer or sculptor, several states have enacted laws specifically designed to give you extra protection in your dealings with galleries and third-party brokers. In Oregon, for example, the law gives artists additional rights regarding payment from dealers, protection in the event a work is damaged while in the dealer’s possession, and requires dealers to provide artists with a written contract that spells out certain terms. California likewise has laws protecting fine artists, including a law that gives some artists the right to prevent the destruction or modification of their works, even after the work is sold. If you work with galleries or art dealers, look into whether your existing agreement complies with local law and make sure you understand all of your rights - you may be entitled to more than you think.