The biggest security threat for legal practitioners in the area of intellectual property law or companies themselves is some sort of data breach that allows the outside world to access their intellectual property (IP) or that of a client without any other IP protection in place. Two prime examples of this would be (1) any leak/breach of a patent application or data for an application prior to filing with the U.S. Patent and Trademark Office (USPTO), and (2) any leak/breach of trade secret information without proper confidentiality documents in place.
In these two scenarios, the bigger concern for practitioners is unauthorized access to their clients' IP or other information. In order to reduce the risk of a data breach, practitioners should implement cyber security measures according to the latest standards for the industry and regularly update them. Additionally, maintaining notice to staff about the confidentiality expectations can aid in preventing unwanted access. Finally, the inclusion of indemnification clauses or penalties due on breach within any contracts with software or security companies that practitioners deal with may be a good idea. The consequences of losing control over a client's confidential information include:
- Loss of Patentability (a.k.a. loss of $ for both attorney and client)
- Loss of Attorney/Client Privilege
- Malpractice
- Punishment for Violation of Rules of Professional Responsibility (including suspension from practice or disbarment)
- Loss of Reputation
- Loss of Clients
- Increased Cost of Insurance
The second scenario concerning trade secrets is more of a concern for companies themselves. A loss of control over the trade secret results in the loss of the trade secret itself. This translates to a possible loss in the profitability of the company or a loss in the market edge that the trade secret provided. In order to reduce the security risks associated with unauthorized access or redistribution of trade secrets, companies should opt to keep the details of the trade secret offline or only within secure intranets. Additionally, knowledge of the details of the trade secret should be limited those few who need to know, and if some disclosure is necessary, ensure that there are proper confidentiality agreements in place before disclosing.
From the perspective of practitioners, if your client tells you that they have a trade secret, the best thing that you can do is to avoid finding out the details of the trade secret or keeping any information that may lead to its discovery. This prevents an attorney from accepting more risk than is necessary into his or her practice. Instead, attorneys can help clients understand the risks and benefits involved with opting for trade secret protection of their IP, as well as advising them on the best methods to ensure the trade secret's continued protection.
Although this may seem daunting, keep in mind that an attorney or a company may maintain the ability to recover losses through a misappropriation claim. As long as you can show that you made
reasonable efforts in maintaining the security of the data and you can track down whoever accessed it without authorization, you may be able to recover the money you would have made had the data not been redistributed. For example, the if kept confidential the information for a patent application could qualify as a trade secret and thus be potentially subject to a misappropriation claim in which the damages included punitive damages for the trespass, compensatory damages for the full value of the patent (had it been patented), and attorneys fees. The key here would be using experts to prove the valuation you're claiming, weaving the full story of the heinous acts of the defendant, and showing that the security measures you had in place were up to the standards of the industry.
The article below is an example of a recent theft of trade secrets case in Milwaukee from a few months ago to prove the point that as far out as corporate espionage sounds, this phenomenon is real and not confined to the movies.
Chinese engineer to plead guilty in theft of GE Healthcare trade secrets
