Posts Tagged ‘ticket sales’

Spam Spam Spam Spam Spam….

Wednesday, November 6th, 2013

By Brian Taylor Goldstein, Esq.

Dear Law and Disorder:

If I am doing a fee split, am I entitled to the emails of the people who purchase tickets? Our group booked a show at a venue where we are supposed to be getting a portion of the ticket sales. We have asked for the names and email addresses of everyone who purchases a ticket, but the presenter says that this is against the law because it’s the presenter’s confidential, proprietary information. But if people are buying tickets to our shows, why aren’t we entitled to their names and contact info?  

Always start with the contract. What does it say? Do you even have one? If the engagement contract states that you are entitled to receive the names and contact information of everyone who purchases a ticket to your performance, then the presenter is contractually required to give it to you. Case closed.

However, assuming that your contract is silent on the subject, then the presenter may be giving you the correct answer, but for the wrong reason. A lot of people toss around the words “confidential” and “proprietary” without really having any idea what they mean. If your interest in having the names and emails is so that you can send out announcements of your future shows (ie: spam), the presenter has a legitimate concern that this may violate the CAN-SPAM Act–which has nothing to do with confidential or proprietary information.

The CAN-SPAM Act is a federal law that governs the sending of unsolicited commercial emails. This law states that anyone who receives an unsolicited commercial email has the right to request that he or she be removed from future mailings and places a number specific requirements on those who send such emails, including requiring the sender to provide an opt-out mechanism, a physical address, and to remove anyone who requests to be removed from the mailing list. It covers all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.” Under the CAN-SPAM Act, anytime you ask someone to “buy” something or spend money, its considered “commercial.” Sending emails to promote an artist or an ensemble is just as “commercial” as sending emails soliciting donations or promoting a concert, a fundraising event, or any program where tickets are sold. (The law makes no exceptions for tax-exempt 501(c)(3) organizations.) As a result, any individual or organization that sends a commercial email to someone who has specifically asked not to be contacted, or sends such emails and fails to provide an opt-out mechanism and/or to remove someone from its email list upon request, can be prosecuted for violating CAN-SPAM.

Individuals and organizations can also violate the CAN-SPAM Act by providing email addresses and contact information to third parties. Very often presenters and venues collect email information for purposes of contacting patrons to verify ticket purchases or to inform them of cancellations, but these same patrons may “opt-out” of receiving solicitations or commercial emails. If the presenter were to disclose such email addresses to a third party knowing that the third party intends to send unsolicited commercial emails, then the presenter would itself be liable for violating the CAN-SPAM Act.

In this case, if the presenter were to give you the data you want, and you violate the CAN-SPAM act, then the presenter could be liable. However, given their inarticulate basis for refusing your request, I don’t believe for a minute that your presenter is actually even aware of the CAN-SPAM act. More likely than not, your presenter simply doesn’t want you to have the ticket list because the presenter wants the names and emails all to itself to promote its own future seasons, subscriptions, donations, etc. Regardless, the bottom line remains the same: without a contract entitling you to this information, you’re at the mercy of the presenter. When performing at a venue, there is neither an inherent nor implicit right to patron names and addresses just because you are the performer and people purchases tickets to your show.

__________________________________________________________________

For additional information and resources on this and other GG_logo_for-facebooklegal and business issues for the performing arts, visit ggartslaw.com

To ask your own question, write to lawanddisorder@musicalamerica.org.

All questions on any topic related to legal and business issues will be welcome. However, please post only general questions or hypotheticals. GG Arts Law reserves the right to alter, edit or, amend questions to focus on specific issues or to avoid names, circumstances, or any information that could be used to identify or embarrass a specific individual or organization. All questions will be posted anonymously.

__________________________________________________________________

THE OFFICIAL DISCLAIMER:

THIS IS NOT LEGAL ADVICE!

The purpose of this blog is to provide general advice and guidance, not legal advice. Please consult with an attorney familiar with your specific circumstances, facts, challenges, medications, psychiatric disorders, past-lives, karmic debt, and anything else that may impact your situation before drawing any conclusions, deciding upon a course of action, sending a nasty email, filing a lawsuit, or doing anything rash!

 

We’ve Been Hacked!

Wednesday, September 4th, 2013

By Robyn Guilliams

Dear Law & Disorder: Performing Arts Division,

We are a small presenting organization, and we use an outside company to handle our ticket sales.  The company provides us with cloud-based software, which we use to process both online and box office ticket sales. We were recently informed by the software company that they’d been hacked!  The company told us that all of our patrons’ relevant information may have been compromised, including their credit card information. A lawyer on our board said that we are responsible for notifying all of our patrons of the security breach.  Is this true?  There are over 8,000 patrons in the system, going back quite a few years!  We don’t have the personnel to devote to this type of project.  One of the reasons we out-sourced our ticketing was to avoid handling and storing this type of sensitive information.  If we don’t handle the credit card information, why are we responsible if that information is stolen?

Oy, what a headache!

Unfortunately, I would guess that the terms of your organization’s contract with the ticketing software company require your organization to notify its patrons in the event of this type of security breach.  In fact, the contracts I’ve seen for this type of service require that the presenting organization indemnify the software company in the event of a breach.  This means that you are not only responsible for your own legal expenses and damages should one of your patrons suffer a loss as a result of the breach, but you’ll have to pay the software company’s legal expenses and damages as well!  And usually, these types of provisions are not negotiable.

In addition, you may want to take a look at the website of the PCI (Payment Card Industry) Security Standards Council, which sets the standards for companies who process credit card transactions (like your ticketing software company.)

See: https://www.pcisecuritystandards.org/faq/

Because your organization doesn’t actually handle or store credit card data, it’s not required to be “PCI Compliant.” However, as stated on this site, “it is the responsibility of the merchant to ensure that the data they share with third parties is properly handled and protected – just because a merchant outsources all payment processing does not mean that the merchant won’t be held responsible by their acquirer or payment brand in the event of an account data compromise.”

The good news here (such as it is) is that most states provide a mechanism for an organization like yours to protect itself in the event a third party credit card processor is hacked.  Generally, if you provide timely notice to your patrons of the breach, you can’t be held liable for your patrons’ damages (the theory being that if your patrons know about the breach, they can take steps to protect themselves.)  For instance, in New York (and many other states), your organization is protected from liability if you notify your patrons of the security breach “in the most expedient time possible and without unreasonable delay.”  The notice can be made in writing, electronically, or by phone.

Also, there are insurance policies that cover this type of cyber liability.  These policies usually cover the cost of notifying your patrons, as well as any legal expenses or damages you may have due to the breach.

In short, the volunteer lawyer on your board is correct. (As we don’t often agree with most lawyers, this is a rare occurrence, indeed!) Given the vulnerability of identification fraud and the potential exposure of your organization, you’d be wise to find a way to notify your patrons.

_________________________________________________________________

Brian Goldstein and Robyn Guilliams will be attending the 2013 Midwest Arts Conference in Austin, Texas next week.

Our next blog will be on September 17, 2013.

_________________________________________________________________

For additional information and resources on this and other legal and business issues for the performing arts, visit ggartslaw.com

To ask your own question, write to lawanddisorder@musicalamerica.org.

All questions on any topic related to legal and business issues will be welcome. However, please post only general questions or hypotheticals. GG Arts Law reserves the right to alter, edit or, amend questions to focus on specific issues or to avoid names, circumstances, or any information that could be used to identify or embarrass a specific individual or organization. All questions will be posted anonymously.

__________________________________________________________________

THE OFFICIAL DISCLAIMER:

THIS IS NOT LEGAL ADVICE!

The purpose of this blog is to provide general advice and guidance, not legal advice. Please consult with an attorney familiar with your specific circumstances, facts, challenges, medications, psychiatric disorders, past-lives, karmic debt, and anything else that may impact your situation before drawing any conclusions, deciding upon a course of action, sending a nasty email, filing a lawsuit, or doing anything rash!