How to Prevent Your Organisation’s IP from Being Stolen by Brian Miller Solicitor
-
Upload
brian-miller-solicitor -
Category
Technology
-
view
240 -
download
0
description
Transcript of How to Prevent Your Organisation’s IP from Being Stolen by Brian Miller Solicitor
1
How to Prevent Your Organisation’s IP from Being
Stolen
Brian Miller Senior Associate
IP, IT & Commercial Stone King LLP
2
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
COPYRIGHT
What Is Copyright?
Definition
• Subsistence
– Literary (includes computer programs)
– dramatic,
– musical and
– artistic works
• no copyright in idea
3
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
How Do I Protect It? – Unlike trade marks, cannot register copyright – make sure you
• save a copy • do not amend • back it up • lock safely away or encrypt
COPYRIGHT
4
ENSURING YOUR ORGANISATION'S IP IS PROPERLY PROTECTED
COPYRIGHT
How Do I Protect It?
– use the copyright sign © on all materials
– if software, bank with ‘escrow agent’, who will:
• Test
• Release to named party on certain events
5
ENSURING YOUR ORGANISATION'S IP IS PROPERLY PROTECTED
COPYRIGHT
What Happens if Someone Copies My Work?
– Be sure that it is your work that has been copied
Has the “Copy Test” Been Satisfied?
– Must be “substantial”
– General rule of thumb: >50%
– If satisfied, do not delay
6
ENSURING YOUR ORGANISATION'S IP IS PROPERLY PROTECTED
COPYRIGHT How Long Does It Last?
• original literary, dramatic, musical and artistic works)
– life of the author plus 70 years
– computer-generated works: 50 years
• films: life of principal director plus 70 years
• Broadcasts: 50 years
• Sound recordings: 50 years
• Typographical arrangements: 25 years
7
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
TRADE MARKS
Why Register?
• Cannot easily protect a name
• Preventing infringements costly without
• Protected from the date of registration
• No need to prove reputation
• Protection nationwide
NB. groundless threats
8
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
TRADE MARKS
How Do I Register?
• Easy application process
• Supply name and/or mark to IPO
• Work out “classes”
• £200 per mark plus £50 per class
9
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
TRADE MARKS
How Long Does It Take?
• 4 weeks before advertisement
• 8 weeks for opposition
• 4 weeks for final processing
• Total time: 4 months from receipt of application
10
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
TRADE MARKS
What Does It Protect?
• Name and logo
• In classes for which registered
Where?
• United Kingdom only
• If EU or overseas protection required, register:
– EU trade mark (EEA protection)
– international mark (Madrid Protocol); or
– individual mark in the countries of concern
11
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
TRADE MARKS
How Do I Protect My Mark After Registration?
• Fundamentally need do nothing (other than renew)
• ™ during application, ® after
• if mark used or copied, do not delay
12
ENSURING YOUR ORGANISATION'S IP IS PROPERLY PROTECTED
TRADE MARKS
How Long Does It Last?
• Ten years
• Can renew indefinitely
• “Use or lose”
13
DESIGNS: DESIGN RIGHTS
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
• Process and reasons for registering similar to TMs
• For registration to be valid, design must:
– be new
– have individual character
• Period of protection:
– five years
– Renewable for up to twenty-five years
• Unregistered designs similar to copyright
14
INVENTIONS: PATENTS
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
• Process and reasons for registering similar
• detailed specification must be: – watertight – reveal process of production – capable of registration:
• new • have an inventive step: not obvious • capable of being used in industry • not on a list of excluded items
15
INVENTIONS: PATENTS
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
– software generally not patentable in UK and EU
• must renew it every year after the 5th year for up to 20 years protection
• Fees vary (generally much more expensive)
16
WEBSITES, DOMAIN NAMES & HOSTING
ENSURING YOUR ORGANISATION'S IP IS PROPERLY PROTECTED
WEBSITES How Do I Know If I Own the Code In My Website? • Commissioning Developers
• Ensure contract watertight on copyright • In absence of agreement, copyright vests in the developer!
• Employees • CDPA, s.11(2): employer is first owner BUT • Must be ‘in course of employment’
• Is it the developer’s work? • Possession is 9/10ths…
Make sure these rights are in the contract..
17
WEBSITES, DOMAIN NAMES & HOSTING
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
DOMAIN NAMES
How Do I Know If Own My Domain Name?
• Ensure your organisation is the registered owner of the domain (check on WHOIS, eg. www.123-reg.co.uk/domain-names/)
• registrations in employee’s name to be avoided
• Don’t forget to keep tabs on renewal
18
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
Whois record for nspcc.org.uk
Domain name: nspcc.org.uk
Registrant:
NSPCC
Registrant type: UK Registered Charity, (Charity number: 216401)
Registrant's address:
NSPCC 42 Curtain Road
London
EC2A 3NH United Kingdom
Registrar:
Webfusion Ltd t/a 123-reg [Tag = 123-REG] URL: http://www.123-reg.co.uk
Relevant dates:
Registered on: before Aug-1996 Expiry date: 11-May-2013 Last updated: 08-Jun-2011
19
WEBSITES, DOMAIN NAMES & HOSTING
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
DOMAIN NAMES
What’s to Stop Someone Registering A Similar Name?
• nothing!
• buy identical domains for generic and TLD domains
• if cybersquatter appears, complain to registrar
• allowing cybersquatters can result in
– damage to brand
– theft of business or donations
• register a trade mark relating to domain name
20
WEBSITES, DOMAIN NAMES & HOSTING
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
DOMAIN NAMES
How Do I Know My Domain Name Does Not Infringe Another’s?
• Carry out checks (Google)
• Check Trade Marks Register and Trade Marks Journal
• Look on Companies House for similar company names
• Use a specialised agent if concerned
21
WEBSITES, DOMAIN NAMES & HOSTING
ENSURING YOUR ORGANISATION'S IP IS
PROPERLY PROTECTED
HOSTING
How Do I Know I Control My Hosting Account?
• unless account in organisation’s name, you don’t
• developers often prefer to use own hosting
• agree in contract that:
– account in organisation’s name; or
– full access to be given, both during and after term
– developer to transfer all digital assets/code upon termination
22
ALL WEBSITES
HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?
Domain Name
• Check name not infringing a third party’s rights
Make Sure You Own Your Content
• no good paying for someone else’s content
• ensure adequate warranties regarding ownership
• extracts from other sites an infringement unless “fair dealing”
• “thumbnails” of another’s photos will infringe copyright
• lifting standard terms will infringe copyright
• defamatory statements can create liability
23
ALL WEBSITES
HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?
Disability Discrimination
Equality Act 2010
• website owners, broadcasters and services providers
• duty to ensure sites and services are user-friendly
• applies to visual impairment and other disabilities
• no clear guidelines as to what “accessible” means…
24
ALL WEBSITES
HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?
Disability Discrimination Guidelines issued by World Wide Web Consortium (W3C):
• ensure information in colour available without • have a button to increase size of text • ensure background/foreground colours contrasted • compatibility with text reading software • for every non-text element, text-equivalent version • can turn off blinking, updating, scrolling, moving objects
25
ALL WEBSITES
HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?
Display of Mandatory Information
Electronic Commerce (EC Directive) Regulations 2000:
• full name and address of site owner
• email and other contact details (‘contact form’ not sufficient)
• company registration number and registered charity number
• if subject to an authorisation scheme, particulars
• VAT number (even if the website is not being used for e-commerce transactions)
26
ALL WEBSITES
HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?
Privacy Policy/Notice Data Protection Act requires data to be processed “fairly” Not processed fairly unless data subject knows • identity of processor • purpose(s) for which information will be processed • any further information necessary to enable fair processing, eg.
– how the data will be used – to whom the information will be transmitted – whether the information is likely to leave the EEA – means of gathering information, including use of cookies
Displaying a privacy notice obvious way to satisfy these legal requirements.
27
ALL WEBSITES
HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?
Privacy Policy/Notice
"Sensitive (personal) data" (e.g. about a person's health)
– must only be collected if explicit consent obtained
– statement all subjects have right to see information
– opt-out box providing an opportunity to refuse
28
ALL WEBSITES
HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?
Cookies
Website operator must not
• store or gain access to information
• stored in the computer of user unless user
– “provided with clear and comprehensive information…
– about the purposes of the storage of, or access to, that information” and
– “has given his or her consent”*
* Privacy and Electronic Communications (EC Directive) (Amendment) Regs 2011
29
ALL WEBSITES
HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?
So How Do I Obtain a Valid Consent?
• ‘pop-ups’ one method
• referring to a Privacy Policy not ideal
• see ICO’s guidance notes for technical detail (or look at its Privacy Notice)
30
HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?
So How Do I Obtain A Valid Consent?
31
ALL WEBSITES
HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?
Terms and Conditions of Use
• advisable if any degree of interactivity possible by user
• ensure applicable law stated
32
E-COMMERCE WEBSITES
HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?
Formation of Contract
• Ensure customers agree to standard T&Cs
• If contract created online, must:
– include details of:
• technical steps to conclude a contract
• means of correcting errors
• language of the contract
• any applicable code of conduct
– allow customer to access, store and reproduce T&Cs
– acknowledge receipt of order
33
E-COMMERCE WEBSITES
HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?
Distance Selling Regulations
No. of detailed requirements concerning:
• provision of information
• statutory right of cancellation
• supply goods within 30 days
• allowing consumers to open/return goods
• providing a refund within thirty days
34
E-COMMERCE WEBSITES
HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?
Online Advertising
• no one source for all rules • CAP Code main rules (enforced/administered by ASA) All marketing communications should: • be "legal, decent, honest and truthful" • not include anything likely to cause offence • not be misleading and can be substantiated • be prepared with a sense of responsibility to consumers/society • respect the principles of fair competition • not bring advertising into disrepute Code not statutory but adverse ASA adjudication is bad publicity
35
E-COMMERCE WEBSITES
HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?
Payment Processing
Online card payments must be PCI compliant
• Number of stringent requirements
• Best to outsource to a provider
– Eg Worldpay, Paypal
• Failure to comply can mean large fines and removal of merchant status
36
LEGAL PROS AND CONS OF PUTTING DATA IN THE CLOUD
Security • If provider not using adequate security, data never safe
– Adequate firewalls – Adequate encryption
• Data Protection Act, Principle 7:
“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”
– IT guru must do due diligence on cloud provider – If you cannot show this, you could be liable if breach
37
LEGAL PROS AND CONS OF PUTTING DATA IN THE CLOUD
Security Same applies to your website security:
Personal data accessible by a third party
=
Breach of the Data Protection Act
Get your website penetration-tested regularly!
38
LEGAL PROS AND CONS OF PUTTING DATA IN THE CLOUD
Who Are You Contracting With?
• May be a number of providers involved
• Confirmation sub-contractors bound by same standards of
– Security
– Confidentiality
• Main provider needs to carry can
39
LEGAL PROS AND CONS OF PUTTING DATA IN THE CLOUD
Where is My Data?
• If data stored or transferred outside EEA, 8th Principle:
– requires adequate security measures to be in place:
– Non-US countries: model clauses signed up
– US states: entity on US Government’s Safe Harbor List
• ICO recommends getting
– list of countries where data is likely to be processed
– details of the safeguards in place
• “If in doubt, don’t use a provider you cannot trust!”
40
LEGAL PROS AND CONS OF PUTTING DATA IN THE CLOUD
Conclusion Covered a lot of ground: • copyright, trade marks, designs and patents • ensuring your website, domain names and hosting are
– within its ownership and control – legally compliant
• putting your data in the cloud: do the advantages outweigh the risks?
For a whistle-stop tour of today’s workshop, go to QuickPoints on the firm’s website: – Is Your Website Legally Compliant – Cloud Computing: What You Need To Know