IT:AM Semina Series - Managing your secrets, protecting your assets - London

37
IT:AM Seminar Series Managing your secrets, protecting your assets Eversheds LLP, 20 November 2012

Transcript of IT:AM Semina Series - Managing your secrets, protecting your assets - London

IT:AM Seminar Series

Managing your secrets, protecting your

assets

Eversheds LLP,

20 November 2012

IT:AM Seminar Series

• 08:30 – 09:30 The business of secrecy

• 09:30 – 09:45 Coffee break

• 09:45 – 10:05 UsedSoft GmbH v Oracle International Corp

• 10:05 – 10:25 Communications Data Bill

• 10:25 – Close Q&A and networking

Agenda

IT:AM Seminar Series

The business of secrecy

Neil Mohring, Partner

The business of secrecy

• 80% of your corporate value is intangible

• The value of trade secrets is rising, why?

• eg: America Invents Act, technology driving more effective data usage, IP is now firmly in the boardroom

• Are trade secrets underrated ………or even protected

• From Charlie and the Chocolate Factory to date – espionage is alive and well in 2012

.....scene 1

Secrecy today – a modern business issue

The business of secrecy

• The necessary quality of confidence

– not a precise concept, necessarily flexible

– (non public) formulae, algorithms – obviously yes

– matters in the public domain – obviously not

– encryption may not protect confidentiality if decryption is possible and the encrypted version is published

and...

• Disclosure in circumstances of confidence

– under a NDA

– an obviously confidential exchange

– a confidential relationship, eg solicitor/client etc

How does confidence arise?

The business of secrecy

• Distinguish ownership of physical materials and intangible rights – both are important

• Confidential materials may also attract protection from intellectual property rights eg copyright, database right

• Confidentiality is not an IP right so effective protection is via:

– controlling disclosure of physical materials

– establishing a contractual/tort based duty in your favour

• Trade secret transactions depend on this

Who owns confidential information?

The business of secrecy

• Ensure you have defined what you want to protect and consider duration based on the commercial longevity of the information

• Make clear records of disclosure – make it clear that disclosures made are subject to the NDA

• Reject residual clauses and consider the risk of a recipient generating new IP based on the disclosed material

• Consider governing law and forum for enforcement

Analysing NDAs – if you’re the discloser

The business of secrecy

• Define what information is covered – reject broad clauses and descriptions

• Ensure there is a duration to the obligations

• Consider risk of “taint” – is the disclosed information too close to what you are doing?

• Consider a residuals clause

• Consider ownership of derivative analyses

Analysing NDAs – if you’re the recipient

The business of secrecy

• Is it really a mutual disclosure, have you got the right protections?

• Seek a fair middle ground

• Consider holding back key information

Analysing NDAs – mutual disclosure

The business of secrecy

• Material – software source code

• Release events – insolvency, material breach of support

• Scope of use – providing software support (by fixing) internally

Escrow clauses – conventional position

The business of secrecy

• Hardware – bill of materials

• Firmware

• Technical specifications

• Other materials

Escrow clauses – consider other material

The business of secrecy

• Anticipatory insolvency/financial distress triggers

• Change of control

• Reputational risk – CSR

• Service level triggers

• General material breach/other breach

and any other situations where you would need the materials

Escrow clauses – consider other release events

The business of secrecy

• Customer support

• Software distribution

• Hardware manufacture

• Subject to a reasonable royalty?

and assess these measures against your general business/product continuity planning

Escrow clauses – consider scope of use

The business of secrecy

• Move quickly to limit damage and to increase prospects of obtaining an injunction

• Gather evidence by:

– identifying links to party suspected of breach

– speaking to employees and ex-employees

– investigating IT systems and access to trade secrets

– obtaining a copy of the solution (reverse engineering or carrying out a code comparison)

Routes to enforcing trade secret protection

The business of secrecy

• Consider whether an injunction and/or claim would be appropriate and proportionate

• Consider whether a criminal offence has been committed

• Take steps to protect your secrets from the outset

Routes to enforcing trade secret protection

The business of secrecy

• Employer/employee duty based on mutual trust and confidence

• Includes an implied obligation to respect the employer’s confidential information

• Most employers use express confidentiality obligations as well

Employees and confidential information

The business of secrecy

• Trade secrets may not be used post termination

• Other “mere” confidential information is not protectable and the employee can use this (but is this limited to “tools of the trade” know how?)

• However, is this activity:

– genuine trade secret; or

– employee know-how and skill

Employees and confidential information – after

cessation of employment

The business of secrecy

• Garden leave or other covenants

• Monitor IT activity

• Exit interview - reminder

• Review subsequent activity for suspicious similarity

Employees and confidential information – practical

measures

IT:AM Seminar Series

UsedSoft GmbH v Oracle International Corp

James Walsh, Partner

UsedSoft GmbH v Oracle International Corp

• Oracle

– software owner and distributor

– software is downloaded by customers from the Oracle website

– customer enters into licence agreement with Oracle under which the customer is granted a perpetual, non-exclusive, non-transferable right to use the software

• UsedSoft

– seller of used software licences, including Oracle licences

Facts

UsedSoft GmbH v Oracle International Corp

• Article 4(2) of the Directive on the Legal Protection of computer programs (2009/24) (“the Software Directive”) provides that the first sale of a copy of a software program in the EU by the copyright holder or with the copyright holder’s consent exhausts the distribution right of that copy within the EU

• After the first authorised sale of a copy of a copyright-protected work, the work may be freely distributed within the EU

• ECJ consideration: did the downloading of a copy of a software program with the copyright holder’s consent fall within the scope of Article 4(2) and constitute a first sale?

Decision

UsedSoft GmbH v Oracle International Corp

• ECJ held that Article 4(2) was triggered if the copyright holder authorises a download of a copy and a consequential right to use the software perpetually in return for a payment of a fee corresponding to the economic value of the copy

• It also found that there was no difference between an intangible medium (such as a download) and a tangible medium (CD-ROM, DVD etc) for the purposes of Article 4(2)

Decision...

UsedSoft GmbH v Oracle International Corp

• UsedSoft were therefore entitled to rely on the exhaustion of distribution rights under Article 4(2) to continue to purchase and resell Oracle licences

• Certain restrictions:

– not entitled to split out licences and resell part

– original acquirers of software must make own copy unusable at the time of resale

– copyright holders are entitled to ensure that the original acquirers copy of the software is made unusable

Decision...

UsedSoft GmbH v Oracle International Corp

• Maintenance agreements do not fall under Article 4(2) but Article 4(2) will extend to the resulting software updates and added functionalities as they form an integral part of the software downloaded

Decision...

UsedSoft GmbH v Oracle International Corp

• Undermines the ability of software owners to control the transfer of software

• Non-transfer and non-assignment provisions in licensing arrangements will have no effect if ‘licence’ is granted perpetually, for a lump sum fee

• Under the principles applied by the ECJ, if these elements are met, then will deemed to be a ‘first sale’

What are the implications for software owners?

UsedSoft GmbH v Oracle International Corp

• Time-limited licences

– annually renewable

– fixed short terms

– longer 15 years+ terms (Note: ‘sham’ terms)

• ‘Software as a Service’ model

• Pricing structures- avoid lump sum payments

• Employ technical methods so as to prevent the licensee’s copy of the software remaining usable on transfer

Avoiding the trigger!

UsedSoft GmbH v Oracle International Corp

• Provisions for early termination - how are these to be treated?

– breach

– change of control

– insolvency

• To what extent will a transferee be bound by the terms of the original licence?

• Is any positive action required by the transferor? Supply of dongle, disk, etc?

• Associated support and maintenance agreements

Other considerations

UsedSoft GmbH v Oracle International Corp

• Opens up potential revenue streams- licensees will now have the ability to resell software which is no longer required by them

• In order to do this, licensees must ensure that they

– obtain a supply copy of the software

– obtain a perpetual licence

– pay a lump sum licence fee

• Licensees should consider the commercial implications of a lump sum fee

• May not be as beneficial for sophisticated software

What are the implications for licensees?

IT:AM Seminar Series

Communications Data Bill

James Walsh, Partner

Communications Data Bill

• All businesses use communications data

• Existing laws governing the retention of data apply to public communications providers

• Draft Communications Data Bill will permit ‘authorised body’ to order a telecommunications provider to generate, collect, retain and disclose data to authorities that may require it

Background

Communications Data Bill

• Secretary of State has power to:

– ensure communications data is available from telecommunications operators by public authorities; or

– otherwise facilitate availability of communications data

What does the Communications Data Bill provide for?

Communications Data Bill

• Telecommunications operator

– person who controls or provides a telecommunication system or provides a telecommunications service

• Telecommunications system

– ...for the purpose of facilitating the transmission of communications by an means involving the use of electrical or electro-magnetic energy

• Telecommunications service

– ...consists in the provision of access to, and of facilities for making use of, a telecommunication system

Who is a telecommunications operator?

Communications Data Bill

• Subscriber data – information about those to whom a telecommunications service is provided

• Traffic data – information identifying any person, apparatus or location to or from which a communication is transmitted

• Use data – information about the use made by a person of a telecommunications service or system

What is communications data?

Communications Data Bill

• Broad powers e.g. collection and generation of data, processing and destruction of data

• Require operators to enter into arrangements with Secretary of State or other third parties on commercial or other basis to enable operators to collect data

• Enforce compliance with requirements regarding specified standards, specified equipment/systems and specified techniques in relation to collection and retention of data

What orders can the Secretary of State make?

Communications Data Bill

• Few protections

• Secretary of State must consult with Ofcom and Technical Advisory Board (established under RIPA) before issuing an order

• However, no obligation for Secretary of State to heed any concerns raised during the consultation process

Are there any protections as to how the Secretary of

State can exercise its powers?

Communications Data Bill

• Businesses should prepare for the bill now

• Consider:

– change control procedures

– vendors’ technical resources to collect/retain data

– provisions to pass compliance responsibilities to outsourcing providers

– termination rights for non-compliance or where a business needs to change communications vendor to ensure compliance

• Raise concerns with stakeholders and MPs

Best practice

IT:AM Seminar Series

Thank you for attending

Eversheds LLP

Q&A