The Five C’s of Software Licensing

The Five C’s of Software Licensing

The Five C’s of Software Licensing

Software licensing can be a daunting combination where the perplexing realm of technology meets legal jargon. Defined as legal documents or contracts that govern the use and distribution of software, these licenses provide necessary protection for your business. Without proper licensing, you may be prone to someone stealing your intellectual property, or you may unwittingly commit copyright infringement. As a small business owner, it is essential to understand the importance of software licensing in order to protect your business’s brand or product and to avoid illegally using someone else’s. When the terms and contracts are beyond an IT issue, Attorney Elizabeth Lewis will help you work through it. Here are 5 essential areas of software licensing.

  1. Copyright
  2. Contracts
  3. Codes
  4. Confidentiality
  5. Compliance

1. Copyright

Whether you are a mom and pop store or an expanding enterprise, your intellectual property is as valuable as your merchandise. A lot of work goes into creating marketing concepts, a logo, a business plan, and overall operations/procedures. If you neglect to protect these assets through software copyright, you will be defenseless against others profiting from what you created. Registering your software copyright with the U.S. copyright office reinforces your copyrights, especially if you ever have to take someone to court. A small business attorney will help you determine what aspects of your business – a website, a product, or an idea – need to be protected by a software license.

2. Contracts

No one hires a disgruntled employee, but people can become dissatisfied over time and want to damage your business. There are contracts to safeguard your company from any employees who may try to exploit the knowledge they have accessed while working for you. Non-compete agreements are clauses under which employees cannot create businesses like yours while you employ them or start a similar one for a determined amount of time after they leave your employment; however they are only allowed in certain situations in Colorado so it is important to know if one will really protect you or if you need to use other means as well. Other employment agreements state simply that you own any work that your employees do for you. Confidentiality agreements protect your trade secrets and prohibit others from giving damaging insight into the operations of your business. An attorney will
help you take all of the necessary precautions to protect your intellectual property and represent you in the event of these types of theft.

3. Codes

Open source code licenses allow anyone to use, modify, and share your licensed software. You may not be able to govern every single user’s actions, but you are still protected as the original creator and are entitled to credit for your contributions. These licenses can make it easy for others to share, contribute, and build upon your project without having to obtain special permission. Issues with noncompliance and proper licensing can arise when using open source code licenses. An attorney will help you with these issues as well as any open-source versus proprietary software dilemmas.

4. Confidentiality

Your business’s success depends on your competitive advantage, something you can maintain by protecting your intellectual property. Keeping your trade secrets a secret takes measures, including confidentiality agreements and nondisclosure agreements. Software licenses keep some of your most valuable information – ideas, practices, applications, websites – safely guarded.

5. Compliance

We have all scrolled rapidly to the end of the terms of an agreement and clicked “I agree” without necessarily comprehending or even reading all of the words. As a software user, it is crucial to obtain your software through legal means, know precisely who is allowed to use it and how many copies are covered by the license, and read and understand the license agreement. Many small business owners do not purchase enough copies of software, thinking they can use one copy for everyone. This will inevitably lead to consequences from having your software disabled to facing huge fines or litigation. A small business attorney will ensure you have taken the necessary precautions and represent you in the event of a software licensing violation.

If you need help with software licensing, contact me, Elizabeth Lewis, at the Law Office of E.C. Lewis, P.C., home of your Denver Business Attorney. Phone: 720-258-6647. Email:

Contact Us Today

Law Office of E.C. Lewis, P.C.
Your Denver Business Attorney


Mailing Address:

501 S. Cherry Street, Suite 1100
Denver, CO 80246

Online at:

3 Things to Know Before Starting an Online Business

3 Things to Know Before Starting an Online Business

It seems simple – no lease to sign, no building to maintain or insure, fewer employees to manage. Online is easy, and starting up a new business is as simple as building a website! Only, it’s not. More often than not, I end up helping small business owners with issues they could have avoided if they had sought advice before starting an online business.

Based on the issues I am most often asked to address after the fact, there are three things I would advise a new online startup to understand before jumping in:

  1. What type of business form is correct for my situation?
  2. What type of control am I giving to my web developer?
  3. How will I terminate an advertising and promotions contract?

The Correct Form for an Online Business

The rules governing your information technology company, information services company, or online business are different than a traditional brick-and-mortar business. There are the typical business formation questions; should you form your business as a corporation or LLC, for example. But it is also important to understand the legal implications of having a brick-and-mortar store with an online presence, or even transitioning your brick-and-mortar store to being solely online. And while it may look more affordable to ditch the brick-and-mortar storefront for a website, your agreement with the company that creates and maintains a website for you is in many ways similar to a lease. Signing a contract with a questionable company can cause you just as much grief as bad landlord.

Controlling Your Online Assets

With the growth of the internet and information technologies, more and more businesses are based completely online. An online business can include online advertising, a social media presence, and online sales of physical products, all of which come with their own set of legal ramifications. Whether your business is an information technology business, IT services business, supplements its income with an online store, or is completely online, you will probably be signing contracts with web development firms who will help you build and maintain your website. It is crucial that you understand what you are agreeing to when you allow someone to build a website for you. I hear stories all the time from developers such as:

I was being asked to build a third website for her, after two previous contractors failed to deliver a finished product, or failed to deliver a quality product. When I attempted to set up her new site, I found the previous developer had moved her domain, which she had owned and had control of for many years. She had given them permission to do so, but she didn’t understand that she was giving up control of her URL when she did. In addition, the company she contracted with to build her previous site had been controlling and filtering her email. She spent days on the phone trying to end the contract and get her domain and email back, and she lost much of her email history, and all of her website content in the process.

Unfortunately, this is a typical and frustrating scenario I hear from newcomers to online businesses. Another stumbling block I see small business owners encounter as they enter the online world involves contracts with companies that offer to help with advertising and promotion.

Promoting Your Online Business

Promoting your online business comes with it’s own set of concerns, whether you do it yourself or hire someone to help you. Some contracts tie you to a service regardless of whether or not it performs well for you – in this case, what you don’t know about social media, advertising, and promoting a business online can really hurt you. Again, a trusted advisor who understands internet technologies, and online business promotion can really help here. Until you have some experience and know what works for you, ask someone who does to recommend a company that can do it for you, or train you to do it yourself.

Even if you are an experienced entrepreneur, you will face challenges as you enter the online world and perhaps encounter unscrupulous actors offering to help you launch an online business. An attorney can help you make sure that important assets, such as your domain name, remain in your control. It is also very important that a clear means for you to retain the contents and coding for your website exists, even if you choose to end the relationship with the contractor or company that builds it for you. These, and other concerns can be avoided just by getting a good referral to a reputable firm. An attorney with a strong background in IT and online business practice can guide you to reputable firms, and make sure the contracts you sign are fair.

If you need guidance concerning the formation of your online business, or help reviewing a contract with a web developer or firm offering to promote your business online, contact me, Elizabeth Lewis, at the Law Office of E.C. Lewis, P.C., home of your Denver Small Business Attorney. Phone: 720-258-6647. Email:

Contact Us Today

Law Office of E.C. Lewis, P.C.
Your Denver Business Attorney


Mailing Address:

501 S. Cherry Street, Suite 1100
Denver, CO 80246

Online at:

European Union & Canada’s Privacy Policy Laws and What it Means for US Businesses

Did you know that if you do business with someone or sell to consumers in the European Union, that you must comply with EU law, even if your business is located in the United States? This post will review both EU and Canadian Privacy Policy Laws and what it means for US businesses.

In the EU, organizations that collect personal data must do so in accordance with the Data Protection Directive. US businesses must also provide an “adequate level of protection” if they do business with the EU. Personal data can only be gathered under strict conditions and for a legitimate purpose. Further, this information must be managed by the organization in a way that protects certain rights and prevents misuse.

If you are a US company, you can comply with the requirements by joining the US-EU Safe Harbor Program. To do so, you must adhere to the following seven Safe Harbor Privacy Principles:

  1. Notice-Organizations must notify individuals about the purpose for which they collect and use information about them, contact information of the organization, the means the organization provides for limiting its use and disclosure, and the kind of third parties that the organization discloses your information to if any.
  2. Choice-Organizations must provide the opportunity to opt out (and if the information is sensitive like health information, it must be in the form of an opt in) of the collection of personal information that will be disclosed to a third party or used for any purpose beyond that of its original collection.
  3. Onward Transfer-In order to disclose to a third party, an organization must comply with the above Notice and Choice principles.
  4. Access-Individuals must be able to view, correct, amend, or delete their personal information, with some exceptions.
  5. Security-Reasonable precautions must be made by organizations to protect personal information.
  6. Data Integrity-Personal information collected must be relevant to all the purposes it will be used for.
  7. Enforcement-Organizations must have accessible independent recourse mechanisms for complaints to be resolved and have damages awarded if applicable. They must also have procedures for verifying the adherence to all principles, and to correct problems from any failures to comply.

In Canada, the applicable law is the Personal Information Protection and Electronic Documents Act or “PIPEDA.” It applies to any organization that collects, uses, or discloses personal information in the course of commercial activities. As a US company, you will still fall within the scope of PIPEDA if you have operations in Canada. Also, even if you do not have any Canadian operations but are collecting the personal information of Canadian citizens, you may be found to be within the scope of the law.

Any collection, use, or disclosure of personal information under this law can only be for purposes that a reasonable person would consider appropriate under the circumstances. In addition to this, there are ten principles that are to be followed to comply.

  1. Accountability-There must be people responsible for your organization’s compliance with the ten principles, protect all personal information, and implement personal information policies and practices.
  2. Identifying Purposes-The organization must identify, document, and inform the user the reasons for collecting personal information at the time of collection or beforehand.
  3. Consent-The user must be meaningfully informed of the purposes for collection and use or disclosure of the personal information and then consent to them.
  4. Limiting Collection-An organization cannot deceive, mislead, or be indiscriminate with their collection of personal information or statements of reasons for collecting it.
  5. Limiting Use, Disclosure, and Retention-Personal information cannot be used beyond its original purpose for collection or kept longer than is necessary.  There must also be procedures in place for retention, destruction, and the resolution of grievances in relation to the data.
  6. Accuracy-The possibility of disclosing or making a decision based on personal information that is incorrect must be minimized.
  7. Safeguards-The personal information must be protected from loss, theft, unauthorized access, disclosure, copying, use, or modification, regardless of the information’s form.
  8. Openness-The organization must have understandable policies for the management of personal information that are readily available to users.
  9. Individual Access-Users should generally be given the opportunity to access the personal information that the organization possesses.
  10. Challenging Compliance-The organization must provide simple and easily understandable complaint procedures that inform of all avenues of recourse, investigate all complaints, and take appropriate corrective measures.

If you need help creating or updating the privacy policy for your business’ website, please contact the Law Office of E.C. Lewis PC, home of your Denver Business Lawyer, Elizabeth Lewis at 720-258-6647 or email her at

Children’s Online Privacy Protection Act

COPPA became effective in April of 2000, and it applies to commercial websites that collects personal information from children under 13 years old, whether or not the collection is mandatory or voluntary. Personal information is defined by the act as any information that is individually identifiable, or would allow someone to identify or contact the child. If your website does this, then you must take certain measures in order to comply with this law.

Personal information includes:

  • First and last name
  • Address including street name
  • Online contact information
  • Username that functions as online contact information
  • Telephone number
  • Social Security Number
  • Persistent identifier that can be used to recognize a user over time and different website services
  • A photo, video, or audio file, containing a child’s image or voice
  • Geolocation information sufficient to identify street and city name
  • Other information about the child or parent collected from the child when combined with one of the above identifiers

If you collect personal information such as those described above, you must follow these steps to comply with COPPA:

1. You must post a clearly written and understandable online privacy policy that is comprehensive and describes your practices for collecting personal information from children. There are certain elements that need to be included.

a. You must name the individuals collecting or maintaining personal information, as well as provide their contact information.

b. You must describe the personal information that is collected, how it is collected, how it is used, and whether you disclose the information to third parties, as well as the categories of businesses of the third parties and how they use the information if you do disclose to third parties.

c. You must describe the parents’ rights with regard to the personal information. You must tell parents that you will not require a child to disclose more information than is reasonably necessary to participate in an activity, that they can review their child’s personal information, request its deletion, refuse to allow any further collection or use of the child’s information, agree to the collection and use of the child’s information with the option to disallow any further collection or use of the child’s information, and lastly, the procedures to exercise these rights.

2. You must also give direct notice to parents and obtain verifiable parental consent prior to collecting personal information online from children, with some limited exceptions. Parents must also be given the option to consent to the collection of a child’s information by the website but disallow the disclosure of such information to third parties, unless this information is considered integral to the website, which must be made clear to the parents.

3. You must also maintain the confidentiality, security, and integrity of information collected by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security.

4. You can only collect and keep such information for as long as is necessary to fulfill the purpose it was collected for, and you must take reasonable measures to protect and securely delete the information afterward.

If you have any questions about whether or not your website falls under COPPA or how to comply with COPPA, do not hesitate to reach out to the Law Office of E.C. Lewis, PC, the home of your Denver Business Lawyer, Elizabeth Lewis at 720-258-6647 or email her at

U.S. Privacy Policy Laws and Do Not Track

Most websites offer a privacy policy, but did you know that few states have any laws regulating privacy policies of private entities?

Nebraska and Pennsylvania consider any false or misleading statements in privacy policies illegal under their deceptive and fraudulent business practices laws. Connecticut requires businesses that collect Social Security Numbers to have a publicly displayed privacy protection policy on their website that protects SSN confidentiality and disclosure. Currently, only California, in its Online Privacy Protection Act of 2003, requires websites that collect personally identifiable information of California residents to conspicuously post a privacy policy on their website.  However, many websites comply with this standard nationwide, not differentiating between residents of different states. 

Additionally, in September of 2013, California enacted a novel addition to their law on website privacy policies known as “do not track.” This law, AB 370, requires websites that collect personally identifiable information or “PII” of California residents to include certain information in their privacy policies, which must be available in a conspicuous link on their website. PII is defined by California law as:

“individually identifiable information about an individual consumer collected online…from that individual…in an accessible form, including any of the following: first and last name, physical address, email address, phone number, social security number, and any other identifier that permits the physical or online contacting of a specific individual.”

Such disclosures must state whether or not PII is collected, what categories of PII are collected, if PII is made available to third parties, if users can adjust such collections of information, describe how the site notifies users of changes to such collections, the effective date of the policy, whether other parties collect PII when you use their website, and whether or not  “do not track” signals from web browsers are complied with. “Do not track” is a signal from a web browser to a web site that is designed to inform the website that the user does not wish to have their usage and information followed and saved by websites, and the idea is that the website would then comply with that request.

Currently, most major web browsers (Internet Explorer, Safari, Chrome, and Mozilla Firefox) support “do not track” signal transmissions, but you have to turn it on. See your preferred web browser’s website for information on how to do this. However, many websites do not listen or comply with such signals, so be sure and take additional measures if you want to prevent this kind of tracking.

If you need help creating a privacy policy for your business or checking to see if it complies with these standards, be sure to contact the Law Office of E.C. Lewis, PC, home of your Denver Small Business Lawyer, Elizabeth Lewis at 720-258-6647 or email her at

Anonymous no longer?

In a recent ruling by a Virginia court, the court ruled that, which provides online review from consumers for companies, had to release information about consumers who “anonymously” review companies. In the Virginia case, the owner of Hadeed Carpet Cleaning, Joe Hadeed, alleged that the reviewers of his site were not real customers and needing information about them to determine if they were real customers.  If the individuals leaving negative comments were actual customers, then the review would be protected under the first amendment.  However, if the reviews were not from customers then they would not be protected speech and Mr. Hadeed would be able to sue the reviewer. Mr. Hadeed requested information about the reviewers from Yelp; however, Yelp refused to disclose the information.

The court ruled that Yelp must reveal the names of the users to Mr. Hadeed because if the users were not customers then the speech was not protected speech. Yelp has stated that it disagrees with the ruling and that it will silence critics online. However, others hope that it will ensure that when businesses are reviewed, it is by actual customers.

This case highlights other issues that have been present about Yelp, namely issues with “hidden” results and the number of inaccurate reviews on the site.  At this time, there is no news about whether Yelp will appeal the decision so online reviewers should be aware that reviews should be accurate and truthful because they may not be as anonymous as you think.

If you are a business that has had issues with possible inaccurate reviews online, please contact me, your Denver Business Attorney, Elizabeth Lewis at 720-258-6647 or