Ten Common Startup Mistakes – Part 2

In this post, I wrote about the first five out of ten common startup mistakes. Now I will continue with the next five common startup mistakes.
Number 6 – Ignoring Securities Laws

When a startup raises money, it has to comply with the securities laws. The Securities Act of 1933 specifies that a company cannot issue stock without registering that stock with the SEC, unless there is an applicable exemption. There are exemptions for private sales of securities, but these exemptions have various requirements that must be satisfied. When seeking investment from an angel investor or a VC fund, it’s crucial that the startup work with an experienced, knowledgeable lawyer, who can guide the startup through the process. It’s also a good idea to work only with “accredited investors,” who are more likely to understand the kind of investment they are making, and better able to withstand losing their entire investment. Failing to comply with securities laws can give investors the right to get their money back, and can create serious civil and criminal liability on the part of the startup and its executives.
Number 7 – Failing to Protect Against Angel Investors and VCs
Angel investors and venture capital firms are in the business of investing in startups. It is something they do every day, while startups engage in financings only occasionally. Consequently, investors bring a much higher level of experience and sophistication to the process (no insult to startups intended). Startups that fail to understand this imbalance risk getting taken to the cleaners, but there are things startups can do to protect themselves. First, you need to investigate your potential investors, to make sure there is a good fit between the investors and the startup. Second, create a competitive environment, where the investors have to compete with other investors for the opportunity to become part of your startup. You will get more favorable terms that way, although you have to recognize that mishandling the competition could result in all the investors walking away. Third, you have to be willing to walk away, too. If the terms aren’t right, if the investor isn’t a good fit, walk away from the deal. The consequences of a bad deal can be worse than you imagine. Fourth, understand every aspect of the deal. The terms don’t just include the financial terms like pre-money valuation and conversion discount. There are numerous complex legal terms that may seem like boilerplate to you, but they can have a big impact on your company and your equity stake. Which leads to the fifth item, which is get your own lawyer to represent you and explain all these terms to you. Don’t rely on using the investor’s lawyer, or even a lawyer recommended by the investor. That lawyer will have a big conflict of interest, because he or she will not want to alienate the investor and future deal flow from the investor.  You can read more about this subject here and here.

 

Number 8 – Putting Off Developing Proper Management Structure

Many startups have flat organization structures, by design and preference. This may be acceptable at the early stages, but as the business grows and the headcount increases, so does the need for more structure and process. An employee handbook may seem unnecessary for a startup when there are only 3 or 4 employees, but when the hiring rate increases, a handbook is an important tool for communicating the desired culture and for setting expectations. It is also important to develop and communicate policies on harassment and discrimination, including processes for raising complaints. Clear policies in this area will help foster a productive work environment, and will help protect the company from liability. Another consideration in the HR area is creating a bring-your-own-device policy. If employees are doing company work on their own laptops, tablets, and smartphones, does the startup have procedures and policies in place to ensure data security and protection of its intellectual property? I work out of a co-work space where there are lots of startups, and I would guess that every one of them has employees and founders that use personally-owned devices. I would also guess that none of them have policies or technology in place to manage these devices (hint hint). You can read more about BYOD here.

Number 9 – Issuing Stock Options Without a Formal Stock Option Plan

Stock options can be an important compensation and recruitment tool for cash-poor startups. Stock options are securities, however, and failure to observe the formalities when issuing stock options can violate the securities laws. A company will need to reserve an option pool and create a formal stock option plan. Options will need a Section 409A valuation. Shareholder and board of director approval will be needed for all of this. There are legal and tax complexities, and a startup should consult an attorney before moving forward with stock options.

Number 10 – Failing to Consider Privacy Issues

Privacy issues are increasingly important not just for startups, but for any company. If Target can get in trouble with data breaches, so can your business. If your company is collecting information about visitors to your website, you need to disclose that in your website privacy policy. You need to disclose the kinds of information you collect, how you use it, and how visitors can opt out of information collection. There are additional requirements if you collect information about children who are 13 years old or younger. Once you have collected information about customers and visitors, you need to secure that information. Almost every state (46 at last count) requires some kind of public notice when there has been a data breach. Failing to properly consider privacy issues can cost your company millions of dollars, and could result in a devastating loss of trust between you and your customers.

Thank you for reading, and I hope you found it informative. If you are running a startup (or thinking about it), I hope this post gives you food for thought.

Follow me on Twitter @PaulHSpitz

Three Things Your Startup Needs When You Hire

Most startups are narrowly focused on two key projects – developing the product and raising capital. All too often, however, startups neglect HR-related needs, which they see as less critical to the success of the enterprise. This oversight can get a company in trouble, so here are three HR-related things every startup needs once it moves beyond its founders and starts bringing on employees.

Employee Handbook

An employee handbook lays out a company’s policies for its employees, covering benefits, conduct in the workplace, and culture. While it may seem like overkill to have an employee handbook when the company consists of only two founders and one employee, the handbook can be an essential tool in establishing and maintaining the company’s desired culture. An employee handbook also communicates the company’s policy on key issues such as workplace discrimination and sexual harassment, when the failure to have a clear policy can have serious legal consequences. Of course, the employee handbook is a work in progress, too, and as the company grows in size and resources, the handbook can always be revised to reflect the company’s growth and development.

Bring-Your-Own-Device (BYOD) Policy

A growing trend among companies of all sizes is for employees to use their own laptops, tablets, and smartphones for business purposes. This is particularly widespread in the startup world, where a company may not have $10,000 sitting around to spend on laptops and smartphones to issue to employees. The problem with BYOD practices, however, is that all too often, no thought has been devoted to ownership and control of the data stored on the devices. An employee’s personal laptop could contain crucial intellectual property, customer information, or financial projections that belong to the company. A BYOD policy should outline what happens when an employee leaves the company, including whether the company has the right to remotely wipe data from the device. Another BYOD issue is technical support. If some employees use Apple laptops, while others use PCs, and you have some employees using iPhones and others using Android phones, there will be a lot of problems in supporting and maintaining all the different hardware, operating systems, and software. A third issue is security. Obviously, the company wants to ensure that any company information on the devices is secure from prying eyes. At the same time, employees will have their personal information on the same devices, and want to ensure that such information is not available to the company. I’ve written about BYOD in more depth here.

IP Assignment Agreement

A third essential item is an IP assignment agreement. This is an agreement that every employee should sign, stating that any work done for the company belongs to the company, regardless of whether that work is performed during normal working hours (whatever those are!) or in the evenings or on weekends. A good IP assignment agreement also should state that any IP developed that is related to the company’s business belongs to the company, even if the employee did not create such IP as part of his or her specific, assigned duties. If you’ve seen The Social Network, or are familiar with the dispute between Facebook and Mark Zuckerberg, on the one side, and the Winklevoss brothers on the other side, you should understand why having a good IP assignment agreement is important. Having such agreements in place for each founder, employee, and contractor also will be required when the company starts to seek outside funding.

While it may seem like HR issues aren’t critical areas for a startup to focus on, these three items can be essential building blocks for the startup as it grows.

Follow me on Twitter @PaulHSpitz 

Bring Your Own Device – Pitfalls and Policies

A fairly recent issue facing businesses and their employees is the trend known as Bring Your Own Device, or BYOD. This term describes the practice where an employer relies on its employees to bring their own laptops, tablets, and/or smartphones to work for business use, rather than issuing them company-owned devices. BYOD raises a variety of legal and business issues, including privacy, data security, wage & hours tracking, and litigation, to name just a few. These issues apply to companies of all sizes, including startups where the founding team may be using their personally-owned laptops, tablets, and smartphones. Take the jump for a discussion of the business and legal issues raised by BYOD, as well as some of the components of any workplace BYOD policy.

A key business issue is how to maintain and support the variety of devices that currently exist. One employee may have a Windows laptop, while another might use an MacBook, and a third might have a Chromebook. Three different operating systems, and three different versions of software, although there are many software programs that are written solely for one operating system. The same split applies to tablets and smartphones, where you have Android, iOS, Windows, Blackberry, etc.

A second issue that has both business and legal ramifications is providing security for the data stored on the device, as well as for the company’s data in general. We have all heard about someone losing a laptop that contains customer data, including social security numbers or credit card numbers. Just as dangerous is a tablet or smartphone that gives the user access to the corporate network, and all the data stored there. If a company implements BYOD, it must ensure that any device used has adequate security protocols programmed into it.

A third issue is data ownership. If an employee uses her own smartphone or tablet for work, it is likely that the device will contain data belonging to the employer, as well as data belonging to the employee. Separating out this data is a thorny issue. For example, the contacts on a smartphone might include the contact information of friends, family members, coworkers, and business contacts such as customers. If the employee is subject to a non-compete agreement, how does that affect the customer contact information on the employee’s smartphone when she leaves her job?

A fourth issue is privacy. An employee may store sensitive personal information on the device, such as bank account numbers, passwords, credit card information, browsing history, etc. How can the employee prevent the employer from accessing such information on a personal device used for work? In addition, there are federal laws such as the Computer Fraud & Abuse Act and the Stored Communications Act, which prohibit unauthorized access to certain electronically-stored information.

An issue related to data ownership and privacy is the effect of litigation and e-discovery. In a pending lawsuit, a company may have to turn over certain specified information to the adverse party as part of the discovery process. The information can include files, email messages, and even instant message and chat logs. Information subject to a discovery order may be stored on an employee’s personal device. Gaining access to all these devices is much more complicated than if the company is merely accessing data on its own network. Moreover, there is the risk of accidentally accessing and turning over personal information owned by the employee.

Before adopting a BYOD approach, the employer should carefully develop a policy to address the variety of issues raised by BYOD. The policy should cover, at a minimum:

1. Scope – will BYOD be voluntary or mandatory? In addition, will BYOD be limited to certain employees or classes of employees, or will it apply company-wide?

2. Supported Devices – which devices and brands will be supported by the company?

3. Security – will the company use mobile device management (MDM) tools, such as requiring registration of devices with the MDM program as a condition of access, password strength protocols, encryption, remote wiping, etc.?

4. Consent to Employer Access – the company should have each employee affirmatively consent, in writing, to the employer having access to any personal device used for work.

5. Remote Wiping of Data – the company should have the ability to remotely wipe data from devices if the device is lost, if the employment is terminated, and if the employee removes required security settings.

6. Definition of Permissible Use – this should cover use of cloud storage, access to secured vs. unsecured wireless networks, etc.

7. Exit Procedures – when employment is terminated, there needs to be a process for the employer to remove company data from any personal devices.

8. Application of Other Employment Policies – the employer needs to consider how other employment policies, covering subjects such as workplace harassment, access to certain websites, use of social media, etc., might apply when an employee is using his own device for work.

9. Cost Reimbursement – the employer needs to determine who will pay for the device as well as for any data plan. In addition, state law might impact whether the employer must pay for some or all of these costs.

10. Technical Support and Maintenance – the employer must address the issue of providing adequate support and maintenance for any personal devices covered by BYOD.

This is just a brief overview of what has quickly become a complex issue for companies large and small. I would be remiss if I didn’t close by suggesting that employers consult an attorney in crafting their approach to BYOD.

Follow me on Twitter @PaulHSpitz