How Small Businesses Handle Security Breaches [e117]

November 12, 2014

The guys talk about the email Nasir received about AmmoToGo.com informing customers of a security breach. They then answer the question, “Every quarter we have to take care of some corporate stuff and many of my employees are required to work on the weekend. Some of the employees have voiced complaints but can I legally do this?”


Full Podcast Transcript

NASIR: All right. Welcome to our podcast where we cover business in the news and answer some of your business legal questions that you, the listener, can send in to ask@legallysoundsmartbusiness.com. My name is Nasir Pasha and I’m your host for today.

MATT: My name’s Matt Staub. I’m also a host for the show, I suppose, today.

NASIR: For your wonderful, quick 10, 15-minute episode. Actually, the topic that we’re covering today is pretty interesting because I think this is our first, like, we’re making up our own news story I guess because I received an email from a vendor. What was it? It was ammotogo.com.

MATT: You got the email but, actually, I’ll ask my question later that I have just for your specific to this email. So, you got this email. I feel weird telling this story since you’re the one that received it, but I’ll go through it. I’ll go through it then you tell me what’s right, what’s accurate.

NASIR: Yeah.

MATT: So, you got this email, I guess it was a security breach – I don’t know if you want to call it a security breach – but it looks like some of their customer information was sold to a third party and this is Ammo To Go. Their customer email list was sold and they were able to kind of verify that through a couple of different avenues. They basically sent the email out to, I think, only the people they believe were affected – I think they mention that in there – and they said it looks like it might have possibly been sold to Target Sports USA which I assume is related to Target the store but maybe I’m making an inaccurate assumption.

NASIR: No, I don’t think so. I think it’s target like ammo and guns, but go on.

MATT: Oh, yeah, that makes sense. All right. Well, scratch that! So, yeah, they said no credit card information was on there and, interestingly, they said it at about the same time they had re-launched their website and changed their security and this happened conveniently around the same time which – I don’t know – if they’re going to say that, I’ll take them for their word, but who knows if that’s accurate or not. But, yeah, they said no credit card information was taken and, as a result of their new security, they put in place that, you know, everything’s fine, they don’t expect anything in the future. They suggest changing your password if you haven’t already, especially if you use the same password on multiple websites. Like I said, they said they only sent this to the people that they believe were affected which I thought was interesting. I don’t know how you could, I guess if it happened, people that signed up afterwards? I don’t know how they’re drawing that line.

NASIR: Yeah, that’s true. But what’s interesting is that one of the ways that they’ve confirmed all this is that this other Target Sports USA, they actually purchased, or this is what they believe, they purchased an email list from who they thought was Ammo To Go and, from their perspective, that didn’t happen. And so, then they started looking a little bit deeper and found out, “Okay. Wait a minute. Some of our data’s been breached and basically all the emails have been taken and now is being sold on the open market to companies like these.” So, lots of issues here but I think one of the coolest things is that – and we’ll post a screenshot of the actual email because I think – this is a very good representation as to a great way of dealing with a problem like this. I mean, a small business that is, you know, being hacked and we’ve talked about it in the past and I’m sure security experts will agree that there’s only so much things that you can do to prevent a security breach. Obviously, the smaller the business, the harder it is. But, when it happens, what do you do? And besides complying with the notice requirements of a data breach – which, obviously, this is compliant – how the exposure of information which, in some cases, this may be embarrassing for them to admit that, “Hey, not only were our servers hacked, all your email addresses have now been sold to some other company and are being sold otherwise and you may be hit with more spam,” that’s not a really great thing to admit to your customers who you wish to patron your store again.

MATT: Even the biggest of companies, I think those might even be obviously bigger targets because they have more emails and more customer information. But, for a small business, I think they handled this in about the best way they could. The one thing I would do different – at least, because I don’t know the details, but – just to be safe, maybe send this to everyone. But, like I said, maybe the people they didn’t send it to – or I guess don’t even include that clause in there that we’re only sending this to the people that are affected. I would have never even thought about it.

NASIR: Yeah, I think you’re right. They did have a cut-off date because they said, after August 2014, they updated their new secure database and I’m sure they have no reason to believe that, after that time, there’s been any data breach. So, perhaps that has something to do with it. But, you know, at the end, what I like is that I don’t know what they can do but they’re going to do what they can to fight against these hackers and anyone else who buys and abuses their stolen information.

MATT: Yeah, I wonder, I mean, do you think they have a good shot at finding the people that did this?

NASIR: I don’t, I don’t think so. I mean, unless it’s like an inside source, which it very well could be, because what I find strange is, if you steal an email list, why would you pretend to be the vendor that you stole it from to sell the list? Because you know that it’s a very high probability that it’s going to get back to that vendor, you know?

MATT: The listeners can tell we’re recording this on a different day than normal because you completely missed the pun question that I asked you, but that’s all right.

NASIR: A very subtle one.

MATT: So, my question is, have you purchased from them?

NASIR: Oh, yeah, the only reason I’m on the list is because – I don’t really like to talk about it – I have about five or six storage units down the street just full of ammo, just in case, you know, zombie apocalypse.

MATT: I’m not even sure, that seems a little bit dangerous, especially since it gets hot there.

NASIR: No, no, no, I bought some ammo from there in the past, a while ago. In fact, I think I bought something from them once but I didn’t even realize, this kind of shows you it’s almost good marketing because I don’t think they actually sent any kind of newsletters – or if they do, I’ve ignored it or not received it in the past – but this caught my eye and now, okay, now all of a sudden I’m thinking about them as a company again because, frankly, I’m pleased on how they responded and I think their other customers are also appreciated.

MATT: So, you think they did this on purpose then for people that haven’t purchase in a while?

NASIR: That’s all it is.

MATT: You get this email and you want to pay attention to it.

NASIR: Yeah, exactly. It worked on me. In fact, I’m probably the only one that received it. it may not even be news, just some social experiment for me only.

MATT: Possible. I hope that’s the case. It’d be interesting.

NASIR: Yeah, a lot of issues here. I mean, I’m sure on their privacy policy too they’ve described both in the privacy policy and this email that they don’t sell email addresses. And, also, a lot of businesses buy email lists. Forget about the – just to be kind of frank – the stupidity of buying an email list because I don’t think that’s a very effective way to market. But, besides that aspect of it is whether it’s an intelligent business move or not, the legalities are actually pretty-straightforward. I mean, you can buy an email list. I mean, there’s no law against spamming in itself. There is the CAN-SPAM Act which basically says you can spam but you have to do it in this way. The problem with buying lists is that you don’t know where the sources come from. So, if the source is, like, scraping the internet or stolen information, that’s not compliant with the CAN-SPAM Act. So, that’s something to think about when you’re thinking about buying an email list which I don’t think most marketers would advise anyway.

MATT: Yeah, and even with that, in California, there was a Court of Appeal case that just got ruled on – it must have been a week ago at the time we’re recording this – that kind of just expanded or broadened what email marketers could do.

NASIR: Because there was the question about the headers. Basically, that’s well-established, both in California and the Federal CAN-SPAM Act, that you can’t disguise your headers and so forth. But then, there was some nuances to that I don’t think I really paid attention to. I haven’t read the case in detail but I think what they’re talking about is, just because your “from” email is accurate but everything else is inaccurate, then you’re still not compliance. It’s kind of a subtle technical issue, but those that are trying to skirt the law, it’s actually a good thing to have a little bit more defined scope with that.
[MUSIC]

MATT: Question of the day. “Every quarter, we have to take care of some corporate stuff and many of my employees are required to work on the weekend. Some of the employees have voiced complaints but can I legally do this?”

NASIR: Okay. So, basically, this is a question about scheduling, and how and when can you make your employees work. Just like everything in employment law, from a conceptual point of view, usually, the employers can do everything they want unless it’s prohibited by law, right? I know that sounds funny but that’s really how you have to start it out because there are so many little small details that are prohibited that the answer to the question, “Can you do that?” “Yeah, always,” but the question is, when you do it, is it going to affect something else? Some of the things can come to mind is that, when you schedule something on the weekend then there might be some religious accommodation issues. You know, whether it’s someone going to church or a synagogue Saturday or Sunday, then requiring them to work may affect that. And so, how you address that is very simply – I mean, we talked about this in the past – by going through the reasonable accommodation process and having that communication with the employee. This doesn’t mean that you have to let them off; it just means that you have to go through this process if there’s a reasonable accommodation to let them do this or maybe it’s undue hardship on the business to not have that worker there at the time and they have to be on there on Saturday and/or Sunday.

MATT: And what makes this trickier too is I think the religious accommodations come into play because, typically, Saturday and Sunday are days that you would not be working and both days of the weekend can be big days for religious observance. So, it does make things a little bit trickier and, as an employer, you maybe make some reasonable accommodations for religious purposes and I think it’s a little bit more for religious purposes as opposed to something else. And there was also a federal case, it was recently said that employers may be required to make scheduling accommodations to attend purported religious activities or functions such as church food drives or community feeding ceremonies – that’s a little bit weirdly worded but – as long as the employee sincerely believes his /her attendance is a “serious component” of his/her beliefs.

NASIR: I don’t think I’ve been to a meeting ceremony.

MATT: Feeding ceremony. Is that what you said?

NASIR: Oh, is it feeding or meeting ceremony?

MATT: Feeding, yeah.

NASIR: Either one is weird.

MATT: Yeah, feeding ceremony.

NASIR: Feeding ceremony.

MATT: Not to get too off-track but, yeah, so that’s pretty broad.

NASIR: That’s pretty broad, yeah. But they mentioned that the employees have voiced complaints. Really, at the end of the day, it depends what the complaints are. I would assume, for most people, it’s going to be like, “Oh, we have to work the weekend,” it’s one of those kinds of complaints. But, if they’re more specific as like, “Hey, I have to go to church on Sunday,” or, “I have to go to the synagogue on Saturday,” or, “I have this food drive that is prescheduled on this day,” or something like that.

MATT: Yeah.

NASIR: Then, okay, that’s something to pay attention to. But, you know, if they’re just complaining, and, at the same time, again, remember, this doesn’t sound like this is a regular work week kind of schedule or workplace but, obviously, like, if you’re a restaurant and/or some kind of business that is really busy on the weekends like that, then maybe these kinds of religious accommodations aren’t as applicable to you because it may – or may not – have some undue hardship if you don’t have those employees available during those weekends.

MATT: Yeah, and a one-time occurrence every year is different than every single Saturday or Sunday.

NASIR: True.

MATT: So, factor that in.

NASIR: But I think the most important thing is communication with your employees and kind of working it out and see if you find a compromise or an alternative and so forth, and just being careful in this day and age with that kind of stuff. Also, remember, most likely, if they’re working on a Saturday or Sunday and they work through Monday through Friday then there’s going to be overtime implications to it as well if they’re non-exempt.

MATT: Yeah, definitely another consideration.

NASIR: And maybe even consider not doing it on a Saturday or Sunday. That’s annoying – to have to work on a Saturday and Sunday.

MATT: Yeah.

NASIR: What a terrible boss.

MATT: It happens. It happens. As long as it’s not on a Superbowl Sunday, I guess. That’d probably be the worst Sunday to do it.

NASIR: For some, that’s like a religious holiday.

MATT: Yeah, that’s true. Make the argument that football is religion. I guarantee people have done it.

NASIR: I’m sure it has happened in Texas. We’ll look it up. Okay, guys. Well, thanks for joining us.

MATT: Keep it sound and keep it smart.

Legally Sound | Smart Business

By

The Podcast Where Nasir Pasha and Matt Staub cover business in the news with their legal twist and answer business legal questions that you the listener can send it to info@legallysoundsmartbusiness.com.

Get Business Legal Updates

Please provide your full name.
Please provide a valid email address.
We respect your privacy, and we will never share your information. Unsubscribe at any time.
Legally Sound Smart Business cover art

Legally Sound Smart Business

A business podcast with a legal twist

Legally Sound Smart Business is a podcast by Pasha Law PC covering different topics in business advice and news with a legal twist with attorneys Nasir Pasha and Matt Staub.
Apple Podcast badge
Google Podcast badge
Spotify Podcast badge

Latest Episodes

July 14, 2021

Through a five-round championship bout, Matt travels to Texas from California to determine which state is better for business. Will it be a knockout with a clear winner or will it go to the scorecards?

June 16, 2021

Covered in this episode of Legally Sound Smart Business are some typical business mistakes blunders small businesses often make and how to avoid them. Blunder #1: Copying and pasting agreements It may sound like a good idea at the time, but this blunder comes with hidden pitfalls. Having an attorney draft terms that are specific…

February 4, 2021

How you terminate an employee can make the difference between a graceful transition to avoidable negative outcomes like a dramatic exit or even a lawsuit. We gathered a panel of experts and asked them – is there a “right way” to fire an employee? We would like to thank our guests for this episode: Amr…

December 2, 2020

The COVID-19 pandemic has turned nearly every aspect of life on its head, and that certainly holds true for the business world. In this episode, Matt and Nasir explain how the early days of the pandemic felt like the Wild West and how the shifting legal playing field left a lot open to interpretation and…

November 16, 2020

After plenty of ups and downs, our buyer has finally closed on the purchase of their business. While we’re marking this down in the ‘wins’ column, it never hurts to review the game tape. In this final episode, our hosts, Matt Staub and Nasir Pasha, return to the deal almost a year later to reflect…

September 15, 2020

The ink is drying on the signature line and things are looking great for our buyer. After so much hard work, the finish line is in sight and the cheering within ear shot.   Though the landlord is still serving friction, things seem safe to move forward and for now, our buyer will be keeping…

July 31, 2020

Though things are coming along well, the journey would not be interesting if it was purely smooth sailing. After our buyer opens escrow, they are forced to push the closing date back when suddenly a letter from an attorney was received claiming the business, we are buying has a trade mark on the name!  Now…

June 12, 2020

With frustration at an all-time high and professionalism at an all-time low, our friend the Buyer has “had it” with the Seller and quite frankly their lack of knowledge. At present our Buyer is rightfully concerned that the latest misstep from our loose-lipped Seller will threaten not only the entire operation of the businesses but…

May 11, 2020

As we go deeper into the buying process, we start to uncover more challenges from our seller and encounter some of the wrenches they are tossing our way. When we last left off in episode three our team was knee deep in due diligence for our buyer, had already penned and signed the Letter of…

April 4, 2020

One word–interloper! When a new mysterious broker enters the transaction and starts to kick up dust, Nasir and Matt take the reins. The seller signed off on the letter of intent (see episode 2), yet this “business broker” serves only friction and challenges by refusing to send financials, whilst demanding more of a firm commitment…

April 4, 2020

Just as most stories and deals start out, everyone is optimistic, idealistic and full of hope for clear skies. It’s a perfect outlook with a perfect setup for the ups and downs yet to come. Peek further behind the curtain and into the first steps of buying a business: the letter of intent. After the…

April 4, 2020

When a savvy buyer hears opportunity knocking to purchase a prime positioned business, she decides not to go it alone and taps in the professionals to help navigate what could potentially be a fruitful acquisition. “Behind the Buy” is a truly rare and exclusive peak into the actual process, dangers, pitfalls and achievements, that can…

August 7, 2019

GrubHub is subject to two “matters of controversy” that have likely become common knowledge to business owners: “fake” orders and unfriendly microsites.

May 28, 2019

In this podcast episode, Matt and Nasir breakdown the legal issues of the subscription industry’s business on the internet. Resources A good 50-state survey for data breach notifications as of July 2018. California Auto-Renewal Law (July 2018) Privacy Policies Law by State Why Users of Ashley Madison May Not Sue for Data Breach [e210] Ultimate…

March 12, 2019

In recording this episode’s topic on the business buying process, Matt’s metaphor, in comparing the process to getting married probably went too far, but they do resemble one another. Listen to the episode for legal advice on buying a business.

December 3, 2018

Nasir and Matt return to discuss the different options available to companies looking to raise funds through general solicitation and crowdfunding. They discuss the rules associated with the various offerings under SEC regulations and state laws, as well as more informal arrangements. The two also discuss the intriguing story about a couple who raised over…

July 24, 2018

Flight Sim Labs, a software add-on creator for flight simulators, stepped into a PR disaster and possibly some substantial legal issues when it allegedly included a Trojan horse of sorts as malware to combat pirating of its $100 Airbus A320 software. The hidden test.exe file triggered anti-virus software for good reason as it was actually…

April 17, 2018

Attorneys Matt Staub and Nasir Pasha examine Mark Zuckerberg’s congressional hearings about the state of Facebook. The two also discuss Cambridge Analytica and the series of events that led to the congressional hearings, the former and current versions of Facebook’s Terms of Service, and how businesses should be handling data privacy. Full Podcast Transcript NASIR:…

March 10, 2018

The Trump presidency has led to a major increase in ICE immigration enforcement. It’s critical for business owners to both comply with and know their rights when it comes to an ICE audit or raid. Nasir, Matt, and Pasha Law attorney Karen McConville discuss how businesses can prepare for potential ICE action and how to…

February 5, 2018

New years always bring new laws. Effective January 1, 2018, California has made general contractors jointly liable for the unpaid wages, fringe benefits, and other benefit payments of a subcontractor. Nasir and Matt discuss who the new law applies to and how this affects all tiers in the general contractor-subcontractor relationship. Click here to learn…

January 2, 2018

With a seemingly endless amount of new mattress options becoming available, it is unsurprising that the market has become increasingly aggressive. As companies invest in more innovative solutions to get in front of customers, review sites, blogs and YouTube videos have moved to the forefront of how customers are deciding on their mattresses and how…

December 7, 2017

In recent months explosive amounts of high profile allegations of sexual harassment, assault, and varying acts of inappropriate behavior have transcended every sector of our professional world. With a deluge from Hollywood and politics, and the private workforce, accusations have inundated our feeds and mass media. This harassment watershed has not only been felt within…

November 16, 2017

If you are not familiar with the EB-5 program started in 1990 to give green cards to certain qualified investors in the United States, then you may not have been alone a few years ago. Currently, the EB-5 program has since exploded since its inception and now hits its quotas consistently each year. The program…

October 10, 2017

Government requests come in multiple forms. They can come in as requests for client information or even in the form of investigating your company or your employees. Requests for Client Information General Rule to Follow Without understanding the nuances of criminal and constitutional law and having to cite Supreme Court cases, any government requests for…

August 24, 2017

Nasir and Matt suit up to talk about everything pertaining to employee dress codes. They discuss the Federal laws that govern many rules for employers, as well as state specific nuances in California and other states. The two also emphasize the difficulty in identifyingreligious expression in dress and appearance, how gender-related dress codes have evolved…

June 28, 2017

Nasir and Matt discuss the life cycle of a negative online review. They talk about how businesses should properly respond, how to determine if the review is defamatory, the options available to seek removal of the review, how to identify anonymous reviewers, whether businesses can require clients to agree not to write negative reviews, and…

June 7, 2017

On this episode of the Ultimate Legal Breakdown, Nasir and Mattbreak down social media marketing withguests Tyler Sickmeyer and Kyle Weberof Fidelitas Development. They first discuss contests and promotionsand talk about where social media promotions can go wrong,when businesses are actually running an illegal lottery, and the importance of a soundterms and conditions. Next, they…

April 3, 2017

On this episode of the Ultimate Legal Breakdown, Nasir and Matt go in depth with the subscription box business. They discuss where subscription box companies have gone wrong(4:30), the importance of a specifically tailored terms and conditions(6:30), how to structure return policies (11:45), product liability concerns (14:45),the offensive and defensive side of intellectual property (19:00),…

February 1, 2017

Nasir and Matt discuss the suit against Apple that resultedfrom a car crashed caused by the use of FaceTime while driving. They also discuss howforeseeable use of apps can increase liability for companies. Full Podcast Transcript NASIR: Hi and welcome to Legally Sound Smart Business! I’m Nasir Pasha. MATT: And I’m Matt Staub. Two attorneys…

January 5, 2017

The guys kick in the new year by first discussing Cinnabon’s portrayal of Carrie Fisher as Princess Leia soon after her death, as well as other gaffes involving Prince and David Bowie. They alsotalk about right of publicity claims companies could be held liable for based on using someone’s name or likeness for commercial gain.

December 22, 2016

Nasir and Matt discuss the recent incidentat a Victoria’s Secret store where the store manager kicked out all black women after one black woman was caught shoplifting. They then each present dueling steps businesses should take when employees are accused of harassment.

December 8, 2016

Nasir and Matt return to talk about the different types of clients that may have outstanding invoices and how businesses can convert unpaid bills to getting paid.

November 10, 2016

After a long break, Nasir and Matt are back to discuss a Milwaukee frozen custard stand that is now revising it’s English only policy for employees. The guys also discuss how similar policies could be grounds for discrimination and what employers can do to revise their policies.

October 6, 2016

The guys discuss the new California law that allows actors to request the removal of their date of birth and birthdays on their IMDB page and why they think the law won’t last. They also discuss how age discrimination claims arise for business owner.

September 29, 2016

Nasir and Matt discuss the racial discrimination claims surroundingAirbnb and how it’s handled the situation. They also discuss some practical tips for businesses experiencing similar issues.

September 8, 2016

Nasir and Matt discuss whyAmazon seller accounts are getting suspended and banned without notice and how business owners can rectify this situation through a Corrective Action Plan.

August 25, 2016

Nasir and Matt talk about the accusations surroundingfashion giant Zararipping off the designs of independent artists like Tuesday Bassen and howsmaller companies can battle the industry giants.

August 18, 2016

Nasir and Matt discuss Brave Software’s ad replacing technology that has caught the eye of almost every national newspaper and has a potential copyright infringement claim looming. They also welcome digital marketing expert Matt Michaelree to speak on the specifics of what Brave is attempting to do and whether it has the answers moving forward.

July 28, 2016

Nasir and Matt discuss the sexual harassment lawsuit filed by Gretchen Carlson against Fox CEO Roger Ailes. They also talk aboutthe importance of sexual harassment training and properly handling such allegations in the office.

July 15, 2016

Nasir and Matt talk about the changes at Starbucks that have led to many disgruntled employees and customers.

June 23, 2016

Nasir and Matt discuss the criminal charges facing FedExinvolving the alleged transportation of illegal drugs. They also talk about how business owners should address working with customers that may be breaking the law.

June 15, 2016

The guys return after a long break to discuss why Yahoo is auctioning off over 3,000 patents and how this decision will affect the longevity of the company.

May 25, 2016

Nasir and Matt discuss the increase in the salary thresholdfor exempt employees and how employerscan try to avoid paying overtime as a result.

May 18, 2016

Nasir and Matt discuss the Baltimore law that makes it very difficult to operate food trucks in the city. They also discuss all the legal restrictions tohaving a food truck.

May 11, 2016

Matt listens to Nasir recap the developing battle in his hometown of Vandalia, Ohio over whether a Dunkin Donuts can move into a location in close proximity to a local favorite donut shop. They then discusswhether the issue is more legal or personal.

May 9, 2016

The guys kick off the week by discussing a Nevada employee who is claiming she was fired for not supporting the Scientology beliefs of her employer.

April 27, 2016

The guys discuss the massive floods in Houston,how employers responded, and why one meteorologist became a local hero. They also discuss the steps businesses should take in preparing for storms outside the workplace.

April 20, 2016

The guys discuss the boycott of Amazon over the products of an unnamed presidential candidate. They also talkabout how a business should handle a boycott and whether it’s possible to exit one unscathed.

April 13, 2016

Click here to read HubSpot’s response on this topic. Nasir and Matt discuss the trend in startups to compensate programmers and other early employees with stock options and how the company culture at HubSpot isn’t what it seems.

April 6, 2016

Nasir and Matt discuss various lawsuits against social media platforms in which users are accused of artificially inflating their social currency.

We represent businesses.
That’s all we do.

Oh, and we love it.

We love our work. We love reviewing that lease for your new location. We thrive on closing that acquisition that nearly fell through. We’re fulfilled when we structure a business to grow, raise capital, and be legally protected.

We focus on developing close relationships with our clients by being like business partners. A partner who provides essential, personalized, proactive legal support.

We do all of this without utilizing the traditional billable hour model. You pay for the value we bring, not the time spent on calls, emails, and meetings.

Our team is made up of attorneys and staff that share these values and we are retained by clients who want the same.

Pasha Law PC operates in the states of California, Illinois, New York, and Texas.

Meet Our Team

Fractional General Counsel Services

Pasha Law Select offers the expertise of a high-end general counsel legal team for every aspect of your business at a fixed monthly rate. Pasha Law Select is deliberately designed to allow our legal team to be proactive, to anticipate, and to be comprehensive in serving our clients. To be great lawyers, we need to know our clients. We can’t know our clients unless we represent a select number of clients in the long-term. This is Pasha Law Select.

Learn More