• Save
Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2013)
Upcoming SlideShare
Loading in...5
×
 

Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2013)

on

  • 396 views

Presentation at the 2012 Rocky Mountain IP and Technology Institute. Covering the emerging rights in "data" and the sources for legal protection of data.

Presentation at the 2012 Rocky Mountain IP and Technology Institute. Covering the emerging rights in "data" and the sources for legal protection of data.

Statistics

Views

Total Views
396
Slideshare-icon Views on SlideShare
391
Embed Views
5

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 5

https://twitter.com 5

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2013) Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2013) Presentation Transcript

    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPCopyright 2013 BryanCave LLPMay 30, 2013Jason D. Haislmaierjason.haislmaier@bryancave.comData “Property” RightsCopyright 2013 BryanCave LLP
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPThis presentation is intended for general informational purposes only and should notbe construed as legal advice or legal opinion on any specific facts or circumstances,nor is it intended to address specific legal compliance issues that may arise inparticular circumstances. Please consult counsel concerning your own situation andany specific legal questions you may have.The thoughts and opinions expressed in this presentation are those of the individualpresenters and do not necessarily reflect the official or unofficial thoughts or opinionsof their employers.For further information regarding this presentation, please contact the presenter(s)listed in the presentation.Unless otherwise noted, all original content in this presentation is licensed under theCreative Commons Creative Commons Attribution-Share Alike 3.0 United StatesLicense available at: http://creativecommons.org/licenses/by-sa/3.0/us.
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPDataPrivacySecurityRights
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPIncreasing importanceIncreasing valueData
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPWhat “rights”protect data?
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPNo specificcomprehensive legal protectionfor data or databasesin the US
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPDataasProperty
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP?DataRightsDataPrivacyDataSecurityCopyrightTradeSecretContractIndustryPracticeStateLawFTCAction
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPData Rights• No specific comprehensive protections under US law• Protection is available through generally applicable legal areas– Copyright– Trade secret– Contract– Other legal theories (but generally limited)• Growing data privacy and security protections are also shapingrights in data– General purpose laws– Industry-specific federal laws– State data security and privacy laws– Increasing federal (and state) enforcement actionsIn General
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPData Rights• Limited attempts at comprehensive protection exist outside of the US• Focused on data in the form of databases• EU Database Directive (96/9/EC)– Protection for non-original portions of databases not protected by copyright law– Based on the investment in obtaining, verifying, or presenting the contents ofthe database– Prevents extraction or re-utilization of all or a portion of the contents of a database• Limited examples of analogous laws in other countries as wellProtections Outside of the US
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPTrademarksBranding andIdentityPatentsIdeas andInventionsTrade Secrets“Know-How”CopyrightsCreativeExpressionsTraditional IP Rights In Data
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPTraditional IP Rights In Data• Patents– Available to protect databases• Structure• Method of operation• Business methods employing databases– But the databases must meet the criteria for patent protection– Less applicable in the case of unstructured “raw” data• Trademarks– Applicable in connection with the name or brand for a product or service– Not applicable to data or databases themselvesPatents and Trademarks
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP• U.S. copyright law does not provide specific or express protection todata or databases• Copyright protection for data and databases is analyzedlike any other work of authorship• The standard for obtaining a copyright is relatively low– Original work of authorship– Fixed in a tangible medium of expression• But, data and databases are not always afforded protectionCopyrightTraditional IP Rights In Data
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP“The vast majority of works make the grade quite easily,as they possess some creative spark, no matter howcrude, humble or obvious. ”Justice Sandra Day O’ConnorFeist Publications, Inc. v. RuralTelephone Service Co.499 U.S. 340 (1991)Traditional IP Rights In Data
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP“No one may claim originality as to facts [. . .] facts do notowe their origin to an act of authorship. The distinction isone between creation and discovery. The first person tofind and report a particular fact has not created the fact; heor she has merely discovered its existence.”Justice O’Connor in FeistTraditional IP Rights In Data
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP• Copyright does not protect data in the form of facts– Originality, not “sweat of the brow,” is the basis for copyright protection– Facts are not originally authored or created through mere discovery• Copyright can protect information or content in the form oforiginal expressions– Information or content having some level of creativity– Entertainment content, new media, UGC may all meet this test– Unstructured raw data in the form of facts will often fail the test• This results in inconsistent protection for data and databases– Unstructured raw data – no protection available– Original information or content having some level of creativity – protection available– Structure, coordination, and arrangement of data – “thin” protection available (for thecompilation, but not for the underlying data)CopyrightTraditional IP Rights In Data
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP• Nearly all states have adopted some version of the Uniform TradeSecrets Act (UTSA)• Under the UTSA, a “Trade Secret” is information that:– Is not generally known to other persons and cannot be readily ascertained by otherpersons without improper means– Provides the holder with economic advantage or economic value (in some cases derivedfrom its secrecy)– Is the subject of efforts that are reasonable under the circumstances to maintain itssecrecy• Broad potential applicability to data and databases– Virtually any type of data or information– In nearly any form or format• Trade secrets covering data and databases are enforceable as long asthe requirements are metTrade SecretTraditional IP Rights In Data
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPTraditional IP rights provideonly limited and inconsistentprotectionsWhere to turn?Traditional IP Rights In Data
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP• Emerging as a primary form of protection for data• Permit broad protection, potentially even over data and databases notsubject to traditional IP protection• Limited to the entities bound by the contract• Even where traditional IP protection is not available, contracts havebecome critical to obtaining and clarifying rights in data– Each form of IP has its own rules regarding ownership– Left to applicable law, ownership is often (very) unclear– At best this leaves the potential for confusion– Assignments and licenses are preferred to clarify these rights• Industry expectations have risen with the rising value of data– Contracts required to evidence adequate rights in transactions involving data– Not unlike rights in software itselfContractsContract Rights in Data
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPOther sources of protection. . .
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPData PrivacyData Security
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPNo specific comprehensivedata privacy or security legislationin the US
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP• EU Data Protection Directive (95/46/EC)• Regulates the processing of personal data of EU subjects– Broad scope of “personal data”– Restricts processing unless stated conditions are met– Prohibits transfer to countries not offering adequate levels of protection• Requires the member countries to pass consistent laws (more or less)• US Department of Commerce-negotiated “Safe Harbor Principles” enabletransfers to US companies– Self-certification regime– Allows US companies to register as compliant– FTC oversight• Proposed overhaul in the works (announced Jan. 25, 2012)Longstanding Comprehensive EU RegulationsData Privacy and Security
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP• State consumer protection statutes– All 50 states– Prohibitions on “unfair or deceptive” trade practices• Data breach notification statutes– At least 46 states (DC and various US territories)– Notification of state residents (and perhaps regulators) affected by unauthorized accessto sensitive personal information• Data safeguards statutes– (Significant) minority of states– Safeguards to secure consumer information from unauthorized access• Data privacy statutes– Online privacy policies covering use and sharing of consumer information– Use of personal information for direct marketing purposesGrowing Array of Relevant State LawsData Privacy and Security
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP• Consumer credit - Fair Credit Reporting Act (FCRA)• Financial services - Gramm Leach Bliley Act (GLBA)• Healthcare providers - Health Insurance Portability and Accountability Act(HIPAA)• Children (under 13) - Children’s Online Privacy Protection Act (COPPA)• Video content - Video Privacy Protection Act• Others statutes covering education, payment processing, etc.Industry-specific Federal StatutesData Privacy and Security
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPFederal Trade Commission Act(15 U.S.C. 41, et seq)“Unfair or deceptive acts or practices”
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP• Trend toward increasing enforcement– More than 45 actions to date– More than 25 in the last 6 years– Many more investigated but not brought• Covering largely electronically stored data and information• Targeting data security as well as data privacy• Increasing trend toward mobile data privacy and securityIncreasing ActivityFTC Enforcement Actions
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPEmerging ModelsFor ComplianceFTC Enforcement Actions
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP• 20 year term• Cease misrepresentations regarding practices for information security, privacy,confidentiality, and integrity• Conduct assessment of reasonably-foreseeable, material security risks• Establish comprehensive written information security and privacy program• Designate employee(s) to coordinate and be accountable for the program• Implement employee training• Conduct biennial independent third party security and privacy assessments• Implement multiple record-keeping requirements• Implement regular testing, monitoring, and assessment• Undergo periodic reporting and compliance requirements• Impose requirements on service providersLegislation by Consent DecreeFTC Enforcement Actions
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPNot just enforcement. . .StandardsBest practicesCodes of Conduct
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP• We are in an era of increasing data value• Increasing value means greater focus on data rights• We do not have the benefit of strong and comprehensive laws to match• Data “rights” are defined through an increasingly broad array of sources– Traditional IP rights,– Contract protections– Growing data privacy and data security obligations• Understand the protections, understand the inconsistencies• Issues relating to data will only continue to increase(transactions and litigation)Lessons LearnedClosing Thoughts
    • Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLPCopyright 2013 BryanCave LLPThank You.Jason Haislmaierjason.haislmaier@bryancave.com@haislmaierhttp://www.linkedin.com/in/haislmaier