The Israeli Law, Information and Technology Authority (ILITA) recently imposed an administrative fine on a medical device company which apparently did not place a proper notice regarding the personal-sensitive information which it collects from its clients.
The company which manufactures and markets a medical device used for measuring sugar levels (mainly for patients who suffer from diabetes), delivered its medical device along with a certain services and warranty voucher which the client had to fill out in order to receive the service and liability (or at least she/he thought so, as explained below). The sensitive-personal information contained certain medical information regarding the type of diabetes from which such patient is suffering and the average amount of tests performed by such patient each day.
An investigation conducted by ILITA's inspectors revealed that the voucher provided by the company did not include a statement regarding the purposes for which such information is being collected nor a notification regarding to whom and for what such information may be transferred. Finally, the fonts used for a statement which appeared on the voucher regarding the fact that the clients are not under any legal obligation to provide the personal-sensitive information were significantly smaller than those used for the other text, and were not clear and readable.
In addition to the monetary sanction (2,000 NIS), ILITA determined that the company will be obligated to promptly obtain the consent of each of its clients in order to retain the information and use it. Finally, following a period of 60 days commencing on the date of such notification- any information regarding a client who had not positively delivered her/his consent as required would be required to be removed from the company's database.
We understand that the company has applied for registration of its database, and that such application is now pending the completion of all required activities pursuant to ILITA's instructions mentioned above.
The full article is available on ILITA's website (in Hebrew).
This recent decision calls for a careful examination of the notifications accompanying requests for information, including technical matters such as the size and color of the fonts used. As mentioned above, each request for information with the intention to keep such information in a database should clearly include a statement regarding the purposes for which such information is intended to be used, the identity of the transferees of such information (and for which purposes will the transfer be conducted) and whether or not the data subject is under a legal obligation to provide such information.
Thursday, May 5, 2011
Monday, March 14, 2011
The Risk of Using Location-Based Applications (or Why the IDF Will Probably Not Grant its Soldiers a "Newbie" Badge)
Apparently, along with the social benefits gained via the popular location based application Foursquare, certain problematic implications have also been emerging:
According to an article in TheMarker (in Hebrew), certain soldiers in the Israel Defense Force (“IDF”) have been arriving at their secret army unit bases and “checking-in”… By doing so, information regarding who serves where and the geographic location of certain units is made available to third parties. The report further specifies several locations of units which such soldiers have presumably unknowingly revealed, including the locations of the Israeli Defense Force’s Headquarters and several of its sub-units.
This is yet another vivid example of some of the hazards which come with uninformed use of social networking platforms which organizations such as the IDF, as well as any other organization which deals with information of confidential nature (such as financial corporations, public companies and governmental entities) should be aware of.
According to an article in TheMarker (in Hebrew), certain soldiers in the Israel Defense Force (“IDF”) have been arriving at their secret army unit bases and “checking-in”… By doing so, information regarding who serves where and the geographic location of certain units is made available to third parties. The report further specifies several locations of units which such soldiers have presumably unknowingly revealed, including the locations of the Israeli Defense Force’s Headquarters and several of its sub-units.
This is yet another vivid example of some of the hazards which come with uninformed use of social networking platforms which organizations such as the IDF, as well as any other organization which deals with information of confidential nature (such as financial corporations, public companies and governmental entities) should be aware of.
Tuesday, June 8, 2010
How to Formulate Founders' Vesting Schedules
Its been said before, the shares of the founders of a start up should in most cases be subject to vesting (a good explanation of what vesting is may be found here). Indeed, this mechanism is very common. You may ask why is this important? Let's explain by giving a simple example. Let's assume that you and a friend are starting a new venture. Each of you gets 50% of the company. After six months of hard work, your co-founder leaves the company to go surfing while you continue to work on your venture day and night. You will probably be quite frustrated at that point in time since the departing founder is keeping their 50% in the company while enjoying the sun and waves. A vesting mechanism would ensure that in such circumstances a portion of the shareholdings of the departing founder will be returned to the company or the other founders.
A vesting schedule is desirable from day one and may be commonly found in the founders agreements. To the extent you have not agreed on a vesting mechanism with your co-founders, bear in mind that you will probably be required to assume this restriction as part of the terms of your first equity financing round. In some cases, even if a vesting mechanism was agreed prior to financing, the investors may have a different view on how the mechanism should be structured.
What is the suitable vesting mechanism for your venture though?
It has been pointed out by Chris Dixon, Yokum and others, that the "plain vanilla" vesting schedule is four years with a one year cliff (see here an explanation of what a "cliff" is). This is a suitable schedule for most employees. However, there are a few parameters to be taken in to consideration when determining what is the appropriate vesting mechanism for your start up.
Here are a few examples:
1. What is the period of time in which you think the founders' involvement in the venture is crucial?
2. Are you setting the vesting schedule upon incorporation or as part of a financing round? Usually, the earlier the vesting mechanism is implemented, the longer the vesting schedule will be as most of the work is still ahead of you.
3. If the vesting mechanism is imposed by an new investor, you should consider how much work has already been done by that stage. For example, if you have been bootstrapping for a long time, it is reasonable to argue that the vesting period should be relatively shorter or that a portion of shares will be immediately vested.
4. Occasionally, you may also consider using commercial milestones instead of setting a time line for the vesting of the shares. This may be suitable for example if one of the founders will contribute to the venture early on while the other founder's contribution will be needed at a later stage. If you have defined milestones for the vesting of shares, be sure to be very clear on what the milestones are. If the definition of the milestone is ambiguous you are heading towards a dispute as to whether the shares are vested or not. These vesting mechanisms are more complicated (and therefore less common) and should be well thought through and carefully drafted.
Having said all that, there is a reason why everyone likes vanilla. Using the common 4 year vesting schedule is commonly acceptable among founders and is what investors are accustomed to see.
A vesting schedule is desirable from day one and may be commonly found in the founders agreements. To the extent you have not agreed on a vesting mechanism with your co-founders, bear in mind that you will probably be required to assume this restriction as part of the terms of your first equity financing round. In some cases, even if a vesting mechanism was agreed prior to financing, the investors may have a different view on how the mechanism should be structured.
What is the suitable vesting mechanism for your venture though?
It has been pointed out by Chris Dixon, Yokum and others, that the "plain vanilla" vesting schedule is four years with a one year cliff (see here an explanation of what a "cliff" is). This is a suitable schedule for most employees. However, there are a few parameters to be taken in to consideration when determining what is the appropriate vesting mechanism for your start up.
Here are a few examples:
1. What is the period of time in which you think the founders' involvement in the venture is crucial?
2. Are you setting the vesting schedule upon incorporation or as part of a financing round? Usually, the earlier the vesting mechanism is implemented, the longer the vesting schedule will be as most of the work is still ahead of you.
3. If the vesting mechanism is imposed by an new investor, you should consider how much work has already been done by that stage. For example, if you have been bootstrapping for a long time, it is reasonable to argue that the vesting period should be relatively shorter or that a portion of shares will be immediately vested.
4. Occasionally, you may also consider using commercial milestones instead of setting a time line for the vesting of the shares. This may be suitable for example if one of the founders will contribute to the venture early on while the other founder's contribution will be needed at a later stage. If you have defined milestones for the vesting of shares, be sure to be very clear on what the milestones are. If the definition of the milestone is ambiguous you are heading towards a dispute as to whether the shares are vested or not. These vesting mechanisms are more complicated (and therefore less common) and should be well thought through and carefully drafted.
Having said all that, there is a reason why everyone likes vanilla. Using the common 4 year vesting schedule is commonly acceptable among founders and is what investors are accustomed to see.
Some General Notes, Warnings and Threats
What I am hoping to do with this blog is provide some good quality legal analysis of technology and venture related matters - whether it's an interesting court decision, a new venture industry related law proposal or an article or post I feel like rambling about. Given that I'm a lawyer (there, said it), I'm not going to make any grand promises or create wild expectations - I'll just see how it goes.
Feel free to comment, email, tweet, ping, DM or whatever the hell your preferred mode of communication is though please don't get too harsh - contrary to the stereotype [now break out the violins] lawyers are human beings with sensitive souls just like you.
Being a lawyer, and for this purpose it doesn't make any difference that most days I deal with cutting edge technologies and forward thinking entrepreneurs, I should get some good old fashioned disclaimers out of the way. I've got a disclaimers page but as most of you are not going to read it (even though you should), I'd just like to emphasize that -
* I live in Israel and am licensed to practice law in Israel only so I might write about stuff that happens elsewhere but that does not make me some sort of uber-lawyer.
* I'm a partner at a law firm (GKH) but this blog is not associated with the firm. GKH therefore takes no responsibility for the stuff I write here.
* You should not use the contents of this blog as legal advise. There is no attorney-client relationship here (nor any other kind of relationship..). I aspire to remain up to date on Israeli law but cannot promise to update posts that are no longer in compliance with current law.
* Oh, and please refrain from any sexism, racism, plagiarism and any other negative isms you might think of.
Thanks!
Feel free to comment, email, tweet, ping, DM or whatever the hell your preferred mode of communication is though please don't get too harsh - contrary to the stereotype [now break out the violins] lawyers are human beings with sensitive souls just like you.
Being a lawyer, and for this purpose it doesn't make any difference that most days I deal with cutting edge technologies and forward thinking entrepreneurs, I should get some good old fashioned disclaimers out of the way. I've got a disclaimers page but as most of you are not going to read it (even though you should), I'd just like to emphasize that -
* I live in Israel and am licensed to practice law in Israel only so I might write about stuff that happens elsewhere but that does not make me some sort of uber-lawyer.
* I'm a partner at a law firm (GKH) but this blog is not associated with the firm. GKH therefore takes no responsibility for the stuff I write here.
* You should not use the contents of this blog as legal advise. There is no attorney-client relationship here (nor any other kind of relationship..). I aspire to remain up to date on Israeli law but cannot promise to update posts that are no longer in compliance with current law.
* Oh, and please refrain from any sexism, racism, plagiarism and any other negative isms you might think of.
Thanks!
Subscribe to:
Posts (Atom)