Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2013)

Copyright 2012 Bryan CaveCopyright 2013 BryanCave LLP
Copyright 2013 BryanCave LLP
May 30, 2013
Jason D. Haislmaier
jason.haislmaier@bryancave.com
Data “Property” Rights

This presentation is intended for general informational purposes only and should not
be construed as legal advice or legal opinion on any specific facts or circumstances,
nor is it intended to address specific legal compliance issues that may arise in
particular circumstances. Please consult counsel concerning your own situation and
any specific legal questions you may have.
The thoughts and opinions expressed in this presentation are those of the individual
presenters and do not necessarily reflect the official or unofficial thoughts or opinions
of their employers.
For further information regarding this presentation, please contact the presenter(s)
listed in the presentation.
Unless otherwise noted, all original content in this presentation is licensed under the
Creative Commons Creative Commons Attribution-Share Alike 3.0 United States
License available at: http://creativecommons.org/licenses/by-sa/3.0/us.

Data
Privacy
Security
Rights

Increasing importance
Increasing value
Data

What “rights”
protect data?

No specific
comprehensive legal protection
for data or databases
in the US

Data
as
Property

?Data
Rights
Data
Privacy
Data
Security
Copyright
Trade
Secret
Contract
Industry
Practice
State
Law
FTC
Action

Data Rights
• No specific comprehensive protections under US law
• Protection is available through generally applicable legal areas
– Copyright
– Trade secret
– Contract
– Other legal theories (but generally limited)
• Growing data privacy and security protections are also shaping
rights in data
– General purpose laws
– Industry-specific federal laws
– State data security and privacy laws
– Increasing federal (and state) enforcement actions
In General

Data Rights
• Limited attempts at comprehensive protection exist outside of the US
• Focused on data in the form of databases
• EU Database Directive (96/9/EC)
– Protection for non-original portions of databases not protected by copyright law
– Based on the investment in obtaining, verifying, or presenting the contents of
the database
– Prevents extraction or re-utilization of all or a portion of the contents of a database
• Limited examples of analogous laws in other countries as well
Protections Outside of the US

Trademarks
Branding and
Identity
Patents
Ideas and
Inventions
Trade Secrets
“Know-How”
Copyrights
Creative
Expressions
Traditional IP Rights In Data

• Patents
– Available to protect databases
• Structure
• Method of operation
• Business methods employing databases
– But the databases must meet the criteria for patent protection
– Less applicable in the case of unstructured “raw” data
• Trademarks
– Applicable in connection with the name or brand for a product or service
– Not applicable to data or databases themselves
Patents and Trademarks

• U.S. copyright law does not provide specific or express protection to
data or databases
• Copyright protection for data and databases is analyzed
like any other work of authorship
• The standard for obtaining a copyright is relatively low
– Original work of authorship
– Fixed in a tangible medium of expression
• But, data and databases are not always afforded protection
Copyright

“The vast majority of works make the grade quite easily,
as they possess some creative spark, no matter how
crude, humble or obvious. ”
Justice Sandra Day O’Connor
Feist Publications, Inc. v. Rural
Telephone Service Co.
499 U.S. 340 (1991)

“No one may claim originality as to facts [. . .] facts do not
owe their origin to an act of authorship. The distinction is
one between creation and discovery. The first person to
find and report a particular fact has not created the fact; he
or she has merely discovered its existence.”
Justice O’Connor in Feist

• Copyright does not protect data in the form of facts
– Originality, not “sweat of the brow,” is the basis for copyright protection
– Facts are not originally authored or created through mere discovery
• Copyright can protect information or content in the form of
original expressions
– Information or content having some level of creativity
– Entertainment content, new media, UGC may all meet this test
– Unstructured raw data in the form of facts will often fail the test
• This results in inconsistent protection for data and databases
– Unstructured raw data – no protection available
– Original information or content having some level of creativity – protection available
– Structure, coordination, and arrangement of data – “thin” protection available (for the
compilation, but not for the underlying data)
Copyright

• Nearly all states have adopted some version of the Uniform Trade
Secrets Act (UTSA)
• Under the UTSA, a “Trade Secret” is information that:
– Is not generally known to other persons and cannot be readily ascertained by other
persons without improper means
– Provides the holder with economic advantage or economic value (in some cases derived
from its secrecy)
– Is the subject of efforts that are reasonable under the circumstances to maintain its
secrecy
• Broad potential applicability to data and databases
– Virtually any type of data or information
– In nearly any form or format
• Trade secrets covering data and databases are enforceable as long as
the requirements are met
Trade Secret

Traditional IP rights provide
only limited and inconsistent
protections
Where to turn?

• Emerging as a primary form of protection for data
• Permit broad protection, potentially even over data and databases not
subject to traditional IP protection
• Limited to the entities bound by the contract
• Even where traditional IP protection is not available, contracts have
become critical to obtaining and clarifying rights in data
– Each form of IP has its own rules regarding ownership
– Left to applicable law, ownership is often (very) unclear
– At best this leaves the potential for confusion
– Assignments and licenses are preferred to clarify these rights
• Industry expectations have risen with the rising value of data
– Contracts required to evidence adequate rights in transactions involving data
– Not unlike rights in software itself
Contracts
Contract Rights in Data

Other sources of protection. . .

Data Privacy
Data Security

No specific comprehensive
data privacy or security legislation
in the US

• EU Data Protection Directive (95/46/EC)
• Regulates the processing of personal data of EU subjects
– Broad scope of “personal data”
– Restricts processing unless stated conditions are met
– Prohibits transfer to countries not offering adequate levels of protection
• Requires the member countries to pass consistent laws (more or less)
• US Department of Commerce-negotiated “Safe Harbor Principles” enable
transfers to US companies
– Self-certification regime
– Allows US companies to register as compliant
– FTC oversight
• Proposed overhaul in the works (announced Jan. 25, 2012)
Longstanding Comprehensive EU Regulations
Data Privacy and Security

• State consumer protection statutes
– All 50 states
– Prohibitions on “unfair or deceptive” trade practices
• Data breach notification statutes
– At least 46 states (DC and various US territories)
– Notification of state residents (and perhaps regulators) affected by unauthorized access
to sensitive personal information
• Data safeguards statutes
– (Significant) minority of states
– Safeguards to secure consumer information from unauthorized access
• Data privacy statutes
– Online privacy policies covering use and sharing of consumer information
– Use of personal information for direct marketing purposes
Growing Array of Relevant State Laws

• Consumer credit - Fair Credit Reporting Act (FCRA)
• Financial services - Gramm Leach Bliley Act (GLBA)
• Healthcare providers - Health Insurance Portability and Accountability Act
(HIPAA)
• Children (under 13) - Children’s Online Privacy Protection Act (COPPA)
• Video content - Video Privacy Protection Act
• Others statutes covering education, payment processing, etc.
Industry-specific Federal Statutes

Federal Trade Commission Act
(15 U.S.C. 41, et seq)
“Unfair or deceptive acts or practices”

• Trend toward increasing enforcement
– More than 45 actions to date
– More than 25 in the last 6 years
– Many more investigated but not brought
• Covering largely electronically stored data and information
• Targeting data security as well as data privacy
• Increasing trend toward mobile data privacy and security
Increasing Activity
FTC Enforcement Actions

Emerging Models
For Compliance

• 20 year term
• Cease misrepresentations regarding practices for information security, privacy,
confidentiality, and integrity
• Conduct assessment of reasonably-foreseeable, material security risks
• Establish comprehensive written information security and privacy program
• Designate employee(s) to coordinate and be accountable for the program
• Implement employee training
• Conduct biennial independent third party security and privacy assessments
• Implement multiple record-keeping requirements
• Implement regular testing, monitoring, and assessment
• Undergo periodic reporting and compliance requirements
• Impose requirements on service providers
Legislation by Consent Decree

Not just enforcement. . .
Standards
Best practices
Codes of Conduct

• We are in an era of increasing data value
• Increasing value means greater focus on data rights
• We do not have the benefit of strong and comprehensive laws to match
• Data “rights” are defined through an increasingly broad array of sources
– Traditional IP rights,
– Contract protections
– Growing data privacy and data security obligations
• Understand the protections, understand the inconsistencies
• Issues relating to data will only continue to increase
(transactions and litigation)
Lessons Learned
Closing Thoughts

Thank You.
Jason Haislmaier
jason.haislmaier@bryancave.com
@haislmaier
http://www.linkedin.com/in/haislmaier

Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2013)

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (14)

Similar to Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2013)

Similar to Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2013) (20)

More from Jason Haislmaier

More from Jason Haislmaier (10)

Recently uploaded

Recently uploaded (20)

Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2013)