Patents and information security have always been connected. The most obvious connection is that in order to obtain a patent, an invention must be new and inventive. If information about the invention has reached the public before a patent application is filed, that requirement may be compromised. Further, protecting proprietary technical solutions as trade secrets is a direct alternative to patenting. While a company cannot do both simultaneously (patenting requires disclosure of the invention, whereas protecting an invention as a trade secret requires the opposite), both options should be part of a wider IP rights strategy. In order to ensure that patents and trade secrets are legally protected against misuse, the way that a company handles them is important.
Consequently, it is natural for a company to plan its information security policies with the requirements dictated by its patent strategies and trade secrets in mind. However, a company can go even further by:
- using its IP rights as legal tools to protect something larger and more multifaceted – namely, its intellectual property (without the rights attached); and
- considering what intellectual property consists of, the role that it plays in value creation and how it could be among the company's most valuable assets.
Information is valuable and, as such, companies usually establish IT departments to ensure that their information is secure and accessible. However, while an IT department may know how to protect information, it may not know which information is valuable – for example:
- which information must not be made publicly available;
- which information could be used in marketing;
- which information is critical for the company to conduct its operations;
- which information the company should include in its non-disclosure agreements; and
- how an employment contract should regulate the ownership of information and transfer of IP rights.
By approaching information security as a tool to protect intellectual property, companies are better placed to:
- implement the correct measures and contingency plans in that regard; and
- secure and extract value from their intellectual property more efficiently.
For example, technical product features and technical know-how provide competitive advantages. A strong patent portfolio can protect those advantages. Conversely, the risk of being confronted with a patent infringement suit may disrupt the company's ability to operate. Protection against this risk is provided through monitoring and analysing third-party rights and responding adequately to identified threats. In the same way, reliable information security protects a company's competitive advantages, and continuity management (ie, the management of exposure to business disruptions and planning for continuity and the restoration of core operations in case of disaster) prepares it for potential disruption caused by IT breakdowns or hostile attacks on information assets.
A company cannot have a well-implemented IP rights strategy if it does not consider information security. Processes, routines, awareness and technology are all countermeasures that should be implemented to protect intangible assets.
As business is becoming increasingly connected and documentation is now mainly digital, the exposure of information has changed. Companies should thus be aware of the value of their information and how to protect it.
This article was first published in International Law Office on December 19, 2016.