Technology: Keeping your company’s intellectual properties safe
Trade secret theft is on the rise.
June 10, 2011 at 11:04 AM
5 minute read
The original version of this story was published on Law.com
This is the fifth in a series of columns on information security. Prior articles dealt with simple steps to keep your data safe, especially while traveling, and with information security with respect to different forms of technology. This article will help to highlight the growing concern regarding keeping your company's intellectual properties safe given the rising tide of trade secret theft.
The recent admission by RSA that their SecureID product had been breached and the disclosure of attempted espionage at a major U.S. defense contractor both highlight the growing trend of cyber espionage and the resulting need for companies to keep their data safe. Just like other areas of the company responsible for information security, in-house counsel should be at the forefront of this effort.
The seriousness of the rise in attempted intellectual property thefts from U.S. companies is highlighted by the Department of Homeland Security's move to actively engage many companies with respect to cyber security. Additionally, it is worth noting that the U.S. Department of Defense has indicated that cyber attacks potentially could be considered acts of war. Given this heightened awareness, good governance dictates that information security be considered a mission critical part of a company's business plan.
While there are many “cyber exposures” companies should consider, such as sabotage, website defacement, electronic vandalism, electronic fraud and denial of service attacks, perhaps one of the least understood—yet increasingly problematic—exposures is cyber espionage and the theft of trade secrets and other intellectual property.
In the past, hackers and other malicious actors attacked computer networks for the notoriety, curiosity, thrill seeking or, in some cases, for extortion. However, the main threat facing companies these days is probably the theft of valuable trade secrets.
For example, in 2010 a Michigan couple was charged with allegedly stealing over $40 million worth of hybrid automobile related technology secrets. In this case, the thieves were actually employed by the company they stole from and had hoped to sell the secrets to one of the company's competitors. Also in 2010, a research scientist was charged in a 17 count indictment for economic espionage intended to benefit a foreign government. He was indicted for misappropriating and transporting trade secrets and other intellectual properties to a foreign government, while working as a research scientist at a large pharmaceutical company.
In light of this increase, companies and in-house counsel need to develop action plans to proactively address and mitigate these threats.
Understanding Your Data
The first step in creating an effective information security plan is understanding your company's data. Unless you truly understand your company's data, it will be almost impossible to secure. When we speak of understanding your data, some of the questions you should ask are:
- What is the data?
- Who is creating the data?
- Who is using the data?
- What is the level of the sensitivity of the data? (Remember, all data is not created equally.)
- Given the above, how do we protect the different data?
Additionally, you must understand the life cycle of the various types of data in question. This includes understanding:
- When and where data is originated.
- When and where data is resting.
- When and how data is transmitted.
- How the data is used.
- What happens to the data when it is at the end of its life and is no longer being used.
Developing an Information Security Plan
Once you understand the answers to the above basic questions, it becomes easier for a company to develop adequate information protection policies and procedures.
In crafting an information protection plan, companies must also understand any industry specific rules and regulations with which they must comply. For example, companies in the health care industry will need to thoroughly understand HIPAA and HITECH among other regulations, while a company in the banking industry might have to comply with Gramm-Leach-Bliley. A thorough understanding of these rules and regulations will be instrumental in developing a proper information security plan.
Finally, any information security plan must have input from the proper company employees. The most effective privacy and information security plans incorporate input from legal, compliance, information technology, finance and risk management. These types of multi-dimensional teams can more fully understand and address the risks facing a corporate enterprise. Additionally, it is worth noting that information security is increasingly landing on the radar screen of corporate boards and often falls under the oversight of either the governance or compliance committees of many boards.
In short, in-house counsel need to understand that their companies are facing an increasingly growing threats from malicious actors and that these threats must be addressed both contractually and in practice. Only through a robust information security plan can the trade secrets and other intellectual property developed by a company be adequately protected. Companies spend millions if not billions of dollars a year in research and development to build intellectual property portfolios and will need to make certain that they are protected with the same level of dedication and diligence that are applied to any mission critical asset.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllFatal Shooting of CEO Sets Off Scramble to Reassess Executive Security
5 minute readBen & Jerry’s Accuses Corporate Parent of ‘Silencing’ Support for Palestinian Rights
3 minute readShareholder Activists Poised to Pounce in 2025. Is Your Board Ready?
Regulatory Upheaval Is Coming. How Businesses Prepare and Respond Will Separate Winners and Losers
Trending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250