IP Tech

 

Bitcoins and the Law

Last year Bitcoin and other cryptocurrencies went “mainstream” with regular financial reporting of prices and tales of fortunes made or lost.  This has prompted many ordinary investors to try their hand at cryptocurrency investing.  This has fed an ever widening set of cryptocurrency products being offered to consumers and businesses alike.  These products range from Wall Street backed crypto currency exchanges like coinbase.com to initial coin offerings (“ICOs”) now being used by start-ups to attempt to bypass the regulations that normally apply to the capital-raising process.
 
The sheer exuberance surrounding cryptocurrencies and the often inaccurate depiction of cryptocurrencies as not subject to ordinary laws is fertile ground for fraudsters and high-risk unsound investment schemes.   For example, numerous market players still promote their ICOs as not subject to state or federal securities regulation despite convincing and sound conclusions to the contrary.  In fact, use of an ICO may very well expose the entity (and its individual managers) using it as a capital-raising device to potential civil and criminal charges, sanctions, and personal liability to individual investors.  
 
Due diligence requires that before you or your business involves yourself in any crypto currency undertaking that you consult with competent and experienced business counsel so you can fully understand the true risk of the undertaking.  Investors who have already lost money in a crypto currency scheme should also exercise due diligence by consulting with counsel because, under existing law, those who involved them in the scheme may be personally obligated to repay for the lost investment. 
 

Is Your Small Business Ready for Nebraska’s Updated Data Breach Notification Law?

On July 21, 2016, new changes to Nebraska’s Financial Data Protection and Consumer Notification of Data Security Breach Act become effective. In the event of a breach, any individual or commercial entity that conducts business in the state of Nebraska and owns or licenses computerized data that includes personalized data is required to 1) conduct an investigation to determine the likelihood that the personalized information has been or will be used for an unlawful purpose, and 2) notice any affected Nebraska residents. If notice is necessary, the individual or commercial entity must also notify the Attorney General. Moreover, if the personal information is maintained by an individual or commercial entity, but not owned or licensed by the individual or entity, they must notify the owner or licensee of the breach. Failure to comply may result in suit against the individual or commercial entity for damages a resident incurred because of the breach.

New updates to the law include defining personal information to include “a user name or email address, in combination with a password or security question and answer, that would permit access to an online account”. Additionally, the law is now triggered when encrypted data is stolen in addition to the confidential process or key used to decrypt the data.

Any individual or commercial entity that maintains and follows its own notice procedures regarding data breaches is deemed to be in compliance with the law. However, many other laws or regulations also cover data breaches, such as HIPAA, HITECH, GLBA, and other states where a resident affected by the breach resides. Businesses large and small should contact their attorney to ensure that they have a policy that complies with all applicable laws and regulations and reduces the risk of liability after a breach.