Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IT:AM Semina Series - Managing your secrets, protecting your assets - Cardiff


Published on

IT:AM Seminar Series - Managing your secrets, protecting your assets. Eversheds Cardiff, 28 November 2012.

Published in: Business
  • Be the first to comment

  • Be the first to like this

IT:AM Semina Series - Managing your secrets, protecting your assets - Cardiff

  1. 1. IT:AM Seminar SeriesManaging your secrets, protecting yourassetsEversheds LLP,28 November 2012
  2. 2. IT:AM Seminar SeriesAgenda• 08:30 – 09:30 The business of secrecy• 09:30 – 09:45 Coffee break• 09:45 – 10:05 UsedSoft GmbH v Oracle International Corp• 10:05 – 10:25 Communications Data Bill• 10:25 – Close Q&A and networking
  3. 3. IT:AM Seminar SeriesThe business of secrecyMatthew Gough, Partner
  4. 4. The business of secrecySecrecy today – a modern business issue• 80% of your corporate value is intangible• The value of trade secrets is rising, why?• eg: America Invents Act, technology driving more effective data usage, IP is now firmly in the boardroom• Are trade secrets underrated ………or even protected• From Charlie and the Chocolate Factory to date – espionage is alive and well in 2012 .....scene 1
  5. 5. The business of secrecyHow does confidence arise?• The necessary quality of confidence – not a precise concept, necessarily flexible – (non public) formulae, algorithms – obviously yes – matters in the public domain – obviously not – encryption may not protect confidentiality if decryption is possible and the encrypted version is published and...• Disclosure in circumstances of confidence – under a NDA – an obviously confidential exchange – a confidential relationship, eg solicitor/client etc
  6. 6. The business of secrecyWho owns confidential information?• Distinguish ownership of physical materials and intangible rights – both are important• Confidential materials may also attract protection from intellectual property rights eg copyright, database right• Confidentiality is not an IP right so effective protection is via: – controlling disclosure of physical materials – establishing a contractual/tort based duty in your favour• Trade secret transactions depend on this
  7. 7. The business of secrecyAnalysing NDAs – if you’re the discloser• Ensure you have defined what you want to protect and consider duration based on the commercial longevity of the information• Make clear records of disclosure – make it clear that disclosures made are subject to the NDA• Reject residual clauses and consider the risk of a recipient generating new IP based on the disclosed material• Consider governing law and forum for enforcement
  8. 8. The business of secrecyAnalysing NDAs – if you’re the recipient• Define what information is covered – reject broad clauses and descriptions• Ensure there is a duration to the obligations• Consider risk of “taint” – is the disclosed information too close to what you are doing?• Consider a residuals clause• Consider ownership of derivative analyses
  9. 9. The business of secrecyAnalysing NDAs – mutual disclosure• Is it really a mutual disclosure, have you got the right protections?• Seek a fair middle ground• Consider holding back key information
  10. 10. The business of secrecyEscrow clauses – conventional position• Material – software source code• Release events – insolvency, material breach of support• Scope of use – providing software support (by fixing) internally
  11. 11. The business of secrecyEscrow clauses – consider other material• Hardware – bill of materials• Firmware• Technical specifications• Other materials
  12. 12. The business of secrecyEscrow clauses – consider other release events• Anticipatory insolvency/financial distress triggers• Change of control• Reputational risk – CSR• Service level triggers• General material breach/other breachand any other situations where you would need the materials
  13. 13. The business of secrecyEscrow clauses – consider scope of use• Customer support• Software distribution• Hardware manufacture• Subject to a reasonable royalty?and assess these measures against your general business/productcontinuity planning
  14. 14. The business of secrecyRoutes to enforcing trade secret protection• Move quickly to limit damage and to increase prospects of obtaining an injunction• Gather evidence by: – identifying links to party suspected of breach – speaking to employees and ex-employees – investigating IT systems and access to trade secrets – obtaining a copy of the solution (reverse engineering or carrying out a code comparison)
  15. 15. The business of secrecyRoutes to enforcing trade secret protection• Consider whether an injunction and/or claim would be appropriate and proportionate• Consider whether a criminal offence has been committed• Take steps to protect your secrets from the outset
  16. 16. The business of secrecyEmployees and confidential information• Employer/employee duty based on mutual trust and confidence• Includes an implied obligation to respect the employer’s confidential information• Most employers use express confidentiality obligations as well
  17. 17. The business of secrecyEmployees and confidential information – aftercessation of employment• Trade secrets may not be used post termination• Other “mere” confidential information is not protectable and the employee can use this (but is this limited to “tools of the trade” know how?)• However, is this activity: – genuine trade secret; or – employee know-how and skill
  18. 18. The business of secrecyEmployees and confidential information – practicalmeasures• Garden leave or other covenants• Monitor IT activity• Exit interview - reminder• Review subsequent activity for suspicious similarity
  19. 19. IT:AM Seminar SeriesUsedSoft GmbH v Oracle International CorpMark Rhys-Jones, Partner
  20. 20. UsedSoft GmbH v Oracle International CorpFacts• Oracle – software owner and distributor – software is downloaded by customers from the Oracle website – customer enters into licence agreement with Oracle under which the customer is granted a perpetual, non-exclusive, non-transferable right to use the software• UsedSoft – seller of used software licences, including Oracle licences
  21. 21. UsedSoft GmbH v Oracle International CorpDecision• Article 4(2) of the Directive on the Legal Protection of computer programs (2009/24) (“the Software Directive”) provides that the first sale of a copy of a software program in the EU by the copyright holder or with the copyright holder’s consent exhausts the distribution right of that copy within the EU• After the first authorised sale of a copy of a copyright-protected work, the work may be freely distributed within the EU• ECJ consideration: did the downloading of a copy of a software program with the copyright holder’s consent fall within the scope of Article 4(2) and constitute a first sale?
  22. 22. UsedSoft GmbH v Oracle International CorpDecision...• ECJ held that Article 4(2) was triggered if the copyright holder authorises a download of a copy and a consequential right to use the software perpetually in return for a payment of a fee corresponding to the economic value of the copy• It also found that there was no difference between an intangible medium (such as a download) and a tangible medium (CD-ROM, DVD etc) for the purposes of Article 4(2)
  23. 23. UsedSoft GmbH v Oracle International CorpDecision...• UsedSoft were therefore entitled to rely on the exhaustion of distribution rights under Article 4(2) to continue to purchase and resell Oracle licences• Certain restrictions: – not entitled to split out licences and resell part – original acquirers of software must make own copy unusable at the time of resale – copyright holders are entitled to ensure that the original acquirers copy of the software is made unusable
  24. 24. UsedSoft GmbH v Oracle International CorpDecision...• Maintenance agreements do not fall under Article 4(2) but Article 4(2) will extend to the resulting software updates and added functionalities as they form an integral part of the software downloaded
  25. 25. UsedSoft GmbH v Oracle International CorpWhat are the implications for software owners?• Undermines the ability of software owners to control the transfer of software• Non-transfer and non-assignment provisions in licensing arrangements will have no effect if ‘licence’ is granted perpetually, for a lump sum fee• Under the principles applied by the ECJ, if these elements are met, then will deemed to be a ‘first sale’
  26. 26. UsedSoft GmbH v Oracle International CorpAvoiding the trigger!• Time-limited licences – annually renewable – fixed short terms – longer 15 years+ terms (Note: ‘sham’ terms)• ‘Software as a Service’ model• Pricing structures- avoid lump sum payments• Employ technical methods so as to prevent the licensee’s copy of the software remaining usable on transfer
  27. 27. UsedSoft GmbH v Oracle International CorpOther considerations• Provisions for early termination - how are these to be treated? – breach – change of control – insolvency• To what extent will a transferee be bound by the terms of the original licence?• Is any positive action required by the transferor? Supply of dongle, disk, etc?• Associated support and maintenance agreements
  28. 28. UsedSoft GmbH v Oracle International CorpWhat are the implications for licensees?• Opens up potential revenue streams- licensees will now have the ability to resell software which is no longer required by them• In order to do this, licensees must ensure that they – obtain a supply copy of the software – obtain a perpetual licence – pay a lump sum licence fee• Licensees should consider the commercial implications of a lump sum fee• May not be as beneficial for sophisticated software
  29. 29. IT:AM Seminar SeriesCommunications Data BillEve England, Associate
  30. 30. Communications Data BillBackground• All businesses use communications data• Existing laws governing the retention of data apply to public communications providers• Draft Communications Data Bill will permit ‘authorised body’ to order a telecommunications provider to generate, collect, retain and disclose data to authorities that may require it
  31. 31. Communications Data BillWhat does the Communications Data Bill provide for?• Secretary of State has power to: – ensure communications data is available from telecommunications operators by public authorities; or – otherwise facilitate availability of communications data
  32. 32. Communications Data BillWho is a telecommunications operator?• Telecommunications operator – person who controls or provides a telecommunication system or provides a telecommunications service• Telecommunications system – ...for the purpose of facilitating the transmission of communications by an means involving the use of electrical or electro-magnetic energy• Telecommunications service – ...consists in the provision of access to, and of facilities for making use of, a telecommunication system
  33. 33. Communications Data BillWhat is communications data?• Subscriber data – information about those to whom a telecommunications service is provided• Traffic data – information identifying any person, apparatus or location to or from which a communication is transmitted• Use data – information about the use made by a person of a telecommunications service or system
  34. 34. Communications Data BillWhat orders can the Secretary of State make?• Broad powers e.g. collection and generation of data, processing and destruction of data• Require operators to enter into arrangements with Secretary of State or other third parties on commercial or other basis to enable operators to collect data• Enforce compliance with requirements regarding specified standards, specified equipment/systems and specified techniques in relation to collection and retention of data
  35. 35. Communications Data BillAre there any protections as to how the Secretary ofState can exercise its powers?• Few protections• Secretary of State must consult with Ofcom and Technical Advisory Board (established under RIPA) before issuing an order• However, no obligation for Secretary of State to heed any concerns raised during the consultation process
  36. 36. Communications Data BillBest practice• Businesses should prepare for the bill now• Consider: – change control procedures – vendors’ technical resources to collect/retain data – provisions to pass compliance responsibilities to outsourcing providers – termination rights for non-compliance or where a business needs to change communications vendor to ensure compliance• Raise concerns with stakeholders and MPs
  37. 37. IT:AM Seminar SeriesQ&AThank you for attendingEversheds LLP