Intellectual Property Lawyer
Companies risk allocating finite resources on measures that fail to protect their core business when they spend on information security without identifying and securing their proprietary information and intellectual property.
Intangible assets make up over 80% of an average businesses value, yet the advances in technology expose these core assets to increasing risk of theft, disclosure, loss or damage.
The only cost effective way for businesses to handle this risk is to identify and manage their core intellectual property first, because this informs and prioritizes the information security strategy.
Jacqueline is an intellectual property (IP) lawyer at mdp Law, a specialist IP firm that prepares its clients to be growth-ready. She has previous experience in private commercial law, government, policy, free trade agreement negotiations (IP), trade and international law.
Australia does not annually report on the impact of IP theft, however the US IP Commission 2017 report quotes the cost to the US economy at $600 billion a year. A simple equivalence (Australian GDP) indicates this may be costing our economy $56.7 billion per year. Anecdotally, IP professionals see this problem increasing with the drive to maximize our export opportunities and demand in the Asia Pacific.
The two major sources of this problem stem from a lack of awareness and respect for those generating intellectual capital and failing to take a holistic approach to IP asset protection and information security. The most common threats to IP and information security are:
- Overt - counterfeiting, pirating, espionage, theft of trade secrets, malware, hacking, deliberate publication or leaking; and
- Inadvertent - dissemination of information from premises by staff/contractors/third parties, unguarded grant or investor negotiations, recruitment and invitations to speak on “expert topics.”
For most businesses, the most frequent threats to IP usually come from “insiders” and not “external” overt threats. These are employees, contractors, business partners who may be malicious but are more likely to be unsuspecting users, uneducated in IP and how business should handle it. For example, staff who email themselves work to complete, disclosures with potential business partners or researchers invited to speak at competitor sponsored conferences.
As a leading intellectual property and commercialisation law and attorney firm, mdp have compiled five tips for businesses to consider prior to investing in information security.
1. Identify who you are and your intangibles broadly
Sit down and ask yourself “What do we do?” Think about your concept, why you entered business and what is unique about how you assist customers. Consider your staff and their roles and ask them what solutions, projects or skills they are most proud of. Document or list all information and it’s source, marketing collateral, ideas, inventions or solutions, methods/processes, recipes, designs, databases, relationships, staff information and consider your online and offline sources.
2. Prioritise your information and IP
Once you have collected this information, map it on a large sheet and ask yourself “What would finish us if competitors got hold of it or it was leaked entirely online?” Experienced businesses build this risk and cost-benefit analysis into a cyclical review. Educate yourself about IP, intangible protection and seek out an experienced intellectual property and commercial advisor. This is a long term cost saving because Australian data is starting to reflect anecdotal experience where a majority of self-filed patents are not enforceable, exportable and investor-worthy. An experienced IP professional will not try to sell you one type of IP and has a commercial approach. Years of examining applications taught me that the best IP advisers are across all IP and related legal areas and consistently demonstrate a holistic view best captured in the diagram below.
3. Protect your intangible assets – legally, technologically and physically
After obtaining the advice and prioritising your key intangible assets, it is prudent to protect in multiple channels:
- Legally - File intellectual property rights for the core assets where this is considered suitable, ensure your non-disclosure agreements, contracts and other legal protections are up-to date, enforceable and manage your portfolio either in-house or through professionals;
- Technologically –Take your prioritized list, brainstorm as many routes of attack (network, user, email, web application, remote access, mobile/devices) and consider how to place controls on these routes. This is called threat vector analysis. Keep all systems updated, including patches and block threats like peer-to-peer software.
- Physically – Have your physical premises, passes, technology, archiving/filing and shredding tools in full working order and procedures adhered to.
4. Manage & Enforce
Develop IP management protocols, policies and procedures and educate your staff and partners on these. The major focus is to ensure the intangibles are protected over their life cycle, from authoring through assembly, distribution and archiving/destruction. Ensure employees know email is not a right, but is a service they use under conditions. The management process should ensure employees and business partners understand the intangibles belong to the business, IP incidents, discoveries and improvements are reported and that attack/detection mechanisms are being used. Finally, be prepared to allocate some budget to enforcing the protection of your intangible assets and have a management process for enforcement in mind.
5. Don’t infringe others intangibles
Finally, in the course of dealing with your own intangible assets, it is important to inoculate your business from infringement actions relating to others intangibles. The main steps of identification above and appropriate documentation, management and enforcement already assist you in reducing this risk. The additional step is to search the IP registers and conduct due diligence as early as possible, before investing time and effort in developing new intangible assets. Inadvertent infringement is best dealt with early and quickly, seeking permission for use is essential and obtaining professional advice if you receive empty threats may save you time and money.
Securing a businesses intangible assets requires a holistic approach where the assets are not limited to patents/trade marks which the legal team must manage and this team is divorced from the IT team who manage information security. Intangible assets and information security are interrelated and must be addressed together to reduce the risk of financial and comparative advantage loss. The major mistake, from a cost/value perspective, is dealing with information security and IT prior to really understanding your intangible assets. Ultimately, it’s not just what or who you know in business, it’s how well you protect it and keep it to yourself. In the information dissemination age, sustained effort on this front is both inevitable and the future.
Mdp law are personable business minded lawyers and patent attorneys who tailor their suite of services of intellectual property (IP), commercial and corporate law according to clients’ needs and help them fulfill their ambition and passions.