Protecting Intellectual Property & Data Loss Prevention

Protecting Intellectual Property and Data Loss Prevention Are your competitive differentiators and client lists walking out the door? Protect your competitive advantage! * Second in a series of Informational Breakfast Events with topics of timely and valuable information for small and medium size business owners and organization leaders Informational Breakfast Meeting* Sponsored by: Boston Business Alliance www.BostonBusinessAlliance.com September 23, 2009 – 7:00-9:00 AM 800 W. Cummings Park, Suite 4750 Woburn, MA 01801

Agenda

7:00 Coffee and Networking

7:15 Intellectual Property (IP) – What is it and how do you protect it?

(Attorney Vern Maine)

8:00 Information and Data Loss Prevention

(Bob Carroll, Consultant)

8:45 Questions and Answers

Speakers available for questions

9:00 Adjourn

Sponsors Website Sponsor: Techevolution Contact: Corey Tapper Phone: 781-595-2040 www.techevolution.com Facilities/Location Sponsor: Sunbelt Business Sales & Acquisitions Contact: Mariola Andoni Phone: 781-932-7355 www.sunbeltne.com Refreshment Sponsor: Analytix Solutions Contact: Jason Lefter Phone: 781-503-9000 www.analytixsolutions.com

Moderator and Speakers For more information about the event or Boston Business Alliance, go to: www.BostonBusinessAlliance.com Bob Carroll Bob Carroll has more than 20 years experience in information technology, business consulting, data services and engineering. He has been a key contributor on projects running the gamut from the B-2 Stealth Bomber to improving student performance in New England public and private schools. His work involves selecting and implementing next generation strategies, methodologies, and technologies for clients. Most recently, Bob is focused on Data Loss Prevention, Security and Regulatory Compliance, such as Mass 201 CMR 17.00 for private sector business and public sector, such as schools and local government. See www.bobcarrollconsultant.com Vern Maine Vernon Maine, of Vern Maine & Associates, leaders in intellectual property strategies and law. Founder and managing partner of the firm. Registered to practice in New Hampshire, Massachusetts, and New York, and before the U.S. Patent and Trademark Office and the Court of Appeals for the Federal Circuit. Founded the practice in 1993, providing legal counseling, services and seminars on intellectual property and business law, including U.S. provisional, utility, and design patents, PCT patent applications, trademarks, copyrights, trade secrets, licensing, infringement, contracts, and related business matters. For more info, www.vernmaine.com Ray Arpin - Moderator Ray Arpin has 30 years of experience working with small companies and start-ups, to Fortune 10, Global 2000, state and federal organizations, in a wide variety of industries and segments. His specialty is business process improvement to increase sales and reduces costs, professional services, and regulatory compliance. Most recently, he is focused on helping companies and individuals quickly apply business best practices, and specifically to become compliant with personal identity security regulations and MA 201 CMR 17.00. For more information, www.rayarpin.com

Possible Implications and Why be Concerned?

Intellectual Property – most business owners have invested their unique knowledge, experience, and creativity in their business – that should be treated as property and should be protected from competitors

Trade Secrets OUTED – What if your confidential business deal with another company to exploit your newly developed technology is scuttled before it is announced because a competitor got wind of it and made the other party a better offer for the same technology?

Infringing – What happens if you get a “Cease and Desist” letter from a lawyer saying you must stop using your trademark, or that your production method is infringing their patent, or that your website or marketing collateral are using their copyright protected materials?

Infringed – What happens if your competitor launches a new service using a trademark similar to yours? What if a competitor launches a new website and it has clearly copied images or text from your website? What if you just invented a new gizmo and filed a patent application and are investing to get it into production, and your competitor comes out with a product just like it?

Employee Obligations – What control do you have over an employee’s intellectual contributions and confidentiality during and after his or her employment ends?

Data [Information] Loss – important and confidential information may be walking out the door or even unintentionally leaked to others; even competitors – such as client lists or information

Compliance – HIPAA in health and benefits, FTC ‘Red Flags Rule’, GLBA and BASEL II in finance, MASS. 201 CMT 17.00, Electronic Medical records – all require protection of data/information

Data Loss during Downsizing – As employees exit, does the corporate data? What about loss by way of temporary or contract help?

Possible Fines – $5,000 per occurrence, and/or per person effected or compromised; in addition to a basis for a law suit, bad publicity, and other serious risks

Professional Malpractice Risks – if you are an attorney, CPA, doctor, or any other professional, did you know that you are at risk for a malpractice lawsuit if you fail to adequately protect client information?

What is Intellectual Property?

Knowledge and/or Expression conceived, created or constructed by a person or entity.

Some protectable by NOTICE and REGISTRATION , e.g. patents, trademarks, copyright.

Some protectable only by SECRECY and/or CONTRACTS .

Some protected by LAW .

Elements of Intellectual Property

Trademarks

Copyright

Design & Utility Patents

Trade Secrets

What’s in your IP portfolio?

WHY IP? WHY NOW?

IP Strategies help drive the Business Plan!

Trademarks – Source Identifiers

A word, phrase, symbol or design, sound, smell, or combination.

E.G., NBC chimes, Pink Fiberglass, Nike swoosh, golden arches, Harley sound, Microsoft graphics, Apple for computers, Target for department stores.

Notice: ™ symbol after the mark

Federal reg: – use the ® symbol.

Trademarks – 5 steps to protection

#1 Choose a defensible mark.

#2 Clear the mark.

#3 Apply common-law Notice and/or register.

#4 Use the mark correctly.

#5 Police the Mark

Copyright

Protects EXPRESSION, not idea)

NOTICE:

© or Copyright 2008, XYZ Inc.

Federal Registration available.

Best IP Bang for the Buck!

File within 3 months of publication.

www.copyright.gov

Copyright Ownership

1) author/artist or its employer unless independent contractor

2) joint or co-ownership

3) work for hire

ALWAYS use Written Agreements conveying ownership of copyright in important works.

What Is a PATENT ?

Right to Exclude (SUE) others from:

Making

Using

Selling, Offer to sell

Importing

… the Patented Invention!

20-21 year term.

Quid pro quo?

No Trespassing !

What Can Be Patented? What Should Be Patented?

Design Patents versus Utility Patents

Appearance of Articles of Manufacture

Structure or Functionality of Methods and Machines

Priority Dates and Foreign Filing Rights

First to file vs. First to Invent

U.S. Provisional Patent Applications.

Patent Cooperation Treaty applications preserve right to file in over 130 countries, including U.S.

Regional filing opportunities.

PATENT INFRINGMENT

Patent Holder must prove Infringer incorporates each & every element of at least 1 independent claim.

Infringer is unable to prove the patent invalid or otherwise unenforceable.

TRADE SECRETS

Information, the disclosure of which would be disadvantageous for the company.

Protection against those that MISAPPROPRIATE confidential information. 2 Basic Requirements:

1) Documented Information that has commercial value.

2) Safeguarded by all reasonable means.

Trade Secrets – DO’s

COMPANY POLICY

NON DISCLOSURE CONTRACTS

PHYSICAL SECURITY

ELECTRONIC SECURITY

VET OUTGOING MATERIALS

Intellectual Property Rights –Valuable but Perishable

Recognize and evaluate IP early.

Review portfolio regularly for focus and cost control.

Reassess opportunities to exploit your IP regularly to maximize return on investment.

Intellectual Property is KING

There is an inexhaustible supply of new intellectual property, accessible in some degree to everyone that wants it.

The law provides a limited opportunity for those that discover or create it to profit by it.

The skillful exploitation of IP is the single biggest factor in business success today.

IP Management and Control

Have an IP strategy component to the business plan.

Demonstrate a top-down commitment to cultivating and protecting IP.

Have a rational internal process for handling and safeguarding IP.

Conduct employee training regularly.

Document, document, document.

Search for and Evaluate competitor’s IP with same intensity.

Speakers Vern Maine Vernon Maine, of Vern Maine & Associates, leaders in intellectual property strategies and law. Founder and managing partner of the firm. Registered to practice in New Hampshire, Massachusetts, and New York, and before the U.S. Patent and Trademark Office and the Court of Appeals for the Federal Circuit. Founded the practice in 1993, providing legal counseling, services and seminars on intellectual property and business law, including U.S. provisional, utility, and design patents, PCT patent applications, trademarks, copyrights, trade secrets, licensing, infringement, contracts, and related business matters. For more info, www.vernmaine.com Bob Carroll Bob Carroll has more than 20 years experience in information technology, business consulting, data services and engineering. He has been a key contributor on projects running the gamut from the B-2 Stealth Bomber to improving student performance in New England public and private schools. His work involves selecting and implementing next generation strategies, methodologies, and technologies for clients. Most recently, Bob is focused on Data Loss Prevention, Security and Regulatory Compliance, such as Mass 201 CMR 17.00 for private sector business and public sector, such as schools and local government. See www.bobcarrollconsultant.com

Possible Implications and Why be Concerned?

Intellectual Property – most business owners have invested their unique knowledge, experience, and creativity in their business – that should be treated as property and should be protected from competitors

Trade Secrets OUTED – What if your confidential business deal with another company to exploit your newly developed technology is scuttled before it is announced because a competitor got wind of it and made the other party a better offer for the same technology?

Infringing – What happens if you get a “Cease and Desist” letter from a lawyer saying you must stop using your trademark, or that your production method is infringing their patent, or that your website or marketing collateral are using their copyright protected materials?

Infringed – What happens if your competitor launches a new service using a trademark similar to yours? What if a competitor launches a new website and it has clearly copied images or text from your website? What if you just invented a new gizmo and filed a patent application and are investing to get it into production, and your competitor comes out with a product just like it?

Employee Obligations – What control do you have over an employee’s intellectual contributions and confidentiality during and after his or her employment ends?

Data [Information] Loss – important and confidential information may be walking out the door or even unintentionally leaked to others; even competitors – such as client lists or information

Compliance – HIPAA in health and benefits, FTC ‘Red Flags Rule’, GLBA and BASEL II in finance, MASS. 201 CMT 17.00, Electronic Medical records – all require protection of data/information

Data Loss during Downsizing – As employees exit, does the corporate data? What about loss by way of temporary or contract help?

Possible Fines – $5,000 per occurrence, and/or per person effected or compromised; in addition to a basis for a law suit, bad publicity, and other serious risks

Professional Malpractice Risks – if you are an attorney, CPA, doctor, or any other professional, did you know that you are at risk for a malpractice lawsuit if you fail to adequately protect client information?

What is DLP ?

Data Loss Prevention (DLP) is a computer security term referring to systems that identify, monitor, and protect data

World Wide Web 0111011000111 .qbm .qbb Endpoints In Motion At Rest

Data Loss Prevention Drivers Customer Data Social Sec. Num. Credit Card Data Health Records The Risk

1:400 Messages contains confidential data

1:50 Network files is wrongly exposed

4:5 Companies lost data on laptops

1:2 Lost Data on USB Devices

Corporate Data Financials Mergers and acquisitions Employee data Intellectual Prop. Source code Design documents Work products Confidential Data Types

Areas of Concern Note: Mean average ratings based on a five-point scale where 1 is “not at all concerned” and 5 is “extremely concerned” Data: Informationweek Analytics Data Loss Prevention Survey of 218 business technology professionals How Concerned are you about the following sources of data leaks Out of a maximum rating of ‘5’

The Concern is Well Founded

…And

Of course there is the elephant in the room that people don’t want to talk about:

Data Loss Risks During Downsizing

As employees exit, so does the corporate data

What type of confidential, sensitive or proprietary information did you keep after leaving your former company?

For the Non-Believers

How Was Data Removed?

Other Reasons for DLP ?

Most SMB’s fall are regulated by law(s) that mandate controls over information;

Sarbanes-Oxley (SOX) Act

HIPAA in health and benefits

American Recovery and Reinvestment Act (ARRA)

FTC ‘Red Flags Rule’

Gramm-Leach-Bliley Act and Basel II in finance

MASS. 201 CMR 17.00

Payment Card Industry (PCI) Data Security Standard (DSS)

So, What Should I Do?

DLP is more than just technology

A comprehensive initiative or Program

Strategy

People

Process

Technology

Outline ‘DLP Recipes’ (Recommendations)

Recipes for DLP

Check Bostonbusinessalliance.com for ‘How To’s’ links, resources, and articles

Recommendations

Strategy

Stakeholders and business owners need to be aware of this and understand the concepts and consequences

Governance – What applies to your business?

201 CMR 17.00 ?

FTC Red Flag ?

HIPAA ?

Put policies and agreements in place

Start with an assessment. Where is the risk, what is the risk and how much could it cost my business ?

Adopt an acceptable Use policy – (no it is not ok to view pornography on company resources.)

Consider Free and Open Source (Truecrypt, Pretty Good Privacy, PGP)

Execute non-Compete, NDA, Confidentiality

Recommendations

People

Most likely the biggest risk to SMB

If you use Temporary Labor

Bookkeepers

Paralegals

Clerks

Contract attorneys

If you use contractors (1099)

Assign roles and responsibilities e.g. “Data Stewards”

Conduct initial and ongoing training and record acceptance

Allow access on “Need to know” basis only

PRIOR to the employee leaving, companies should monitor the employee’s access to the network or system to make sure sensitive and confidential data is not being downloaded or send to the employee’s personal email account.

Recommendations

Process

Identify your Intellectual Property and confidential data

Are Standard Operating Procedures (SOP) or Written Information Security Program (WISP) required by law?

Understand your processes

Are there safeguards and audits built into the process – catching what is missing

Ensure that policies and procedures clearly state former employees will no longer have access to sensitive and confidential information they used in their jobs. Enforce this!

Where possible and practical, use standard automated workflow processes and forms. These are easier to monitor and safeguard

Re-think the process of how you send data and email

-Encryption

-sftp, https://

Recommendations

Technology

Start small with the high value data

The notion of ‘Reasonable ,’ ‘Usual and Customary ’

Break up the problem:

Data in use (e.g., endpoint actions),

Lost or stolen laptops

Data in motion (e.g., network actions),

Email

Instant messaging

Data at rest (e.g., data storage)

Who has access

Secure storage

Ensure that basics are in place:

-Patches are applied, AV and malware protection, Firewalls

Prevent access to and downloads from sensitive data

Encryption –data, computers, and email (passwords on files ≠ encryption)

Shift the responsibility to hosted or third parties – the cloud

Keep your kids off ‘work’ computers and NO P2P

Recommendations

Questions and Answers

Call to Action

Intellectual Property

Have an IP strategy component to the business plan

Demonstrate a top-down commitment to cultivating and protecting IP

Have a rational internal process for handling and safeguarding IP

Conduct employee training regularly

Document, document, document

Search for and Evaluate competitor’s IP with same intensity

Data Loss Prevention

Understand and mitigate the risks

Know where information resides, especially electronic

Get educated

You have taken the first step

Visit Bostonbusinessalliance.com for new details and information

Closing and Adjourn

Reminder about Boston Business Alliance

Visit website for suggesting Hot Topics for these type of meetings

Invite other small business owners and peers who might benefit

Register for future meetings

Ask us to put your name on our email list to be notified of future meetings and events

Evaluation form

Please complete and leave on the table going out so that we can continuously improve

Sponsors Website Sponsor: Techevolution Contact: Corey Tapper Phone: 781-595-2040 www.techevolution.com Facilities/Location Sponsor: Sunbelt Business Sales & Acquisitions Contact: Mariola Andoni Phone: 781-932-7355 www.sunbeltne.com Refreshment Sponsor: Analytix Solutions Contact: Jason Lefter Phone: 781-503-9000 www.analytixsolutions.com

Contact Information

Boston Business Alliance

www.BostonBusinessAlliance.com

See website for additional Contact and Member information

Attorney Vern Maine

Phone: (603) 886-6100 x7007

Email: [email_address]

Website: www.vernmaine.com

Bob Carroll

Phone: (617) 314-9813

Email: [email_address]

Website: www.bobcarrollconsultant.com

See our website and handouts for other contacts, along with information on Intellectual Property, Data Loss Prevention, the Boston Business Alliance, our members and our sponsors.

www.BostonBusinessAlliance.com

Feel free to pick up any of the handouts on the table.

Appendix Slides

Applicable Statutes and Regulations

Sarbanes-Oxley (SOX) Visibility and disclosure regulations for public companies

Gramm-Leach-Bliley Act of 1999 (sometimes called the financial modernization act

HIPAA – Health Insurance Portability and Accountability Act of 1996 places requirements on the health care industry

FTC ‘Red Flags Rule’ – for law firms, professional services, and financial institutions

MASS. 201 CMR 17.00 for Personal Identity Information

PCI-DSS Payment Card Industry Data Security Standards – For processing credit cards

FERPA - Family Educational Rights and Privacy Act – If you deal with public schools

BASEL – Bank of International Settlements – Banking laws

Technology Terms

Data Loss Prevention (DLP) - Data Loss Prevention (DLP) is a computer security term referring to systems that identify, monitor, and protect data: at the endpoints - in use (USB devices, laptops, PDA, iPhone), in motion (e.g., moving through the network – browsers and email), and data at rest (file systems, databases, and other storage