Presentation is loading. Please wait.

Presentation is loading. Please wait.

PROTECTING YOUR IP IN THE CLOUD LEXPERT CLOUD COMPUTING CONFERENCE 2012 CLOUD COMPUTING: A PRACTICAL APPROACH VIOLET A. FRENCH 416-777-5437

Published byLeona Parker Modified over 9 years ago

Similar presentations

Presentation on theme: "PROTECTING YOUR IP IN THE CLOUD LEXPERT CLOUD COMPUTING CONFERENCE 2012 CLOUD COMPUTING: A PRACTICAL APPROACH VIOLET A. FRENCH 416-777-5437"— Presentation transcript:

1 PROTECTING YOUR IP IN THE CLOUD LEXPERT CLOUD COMPUTING CONFERENCE 2012 CLOUD COMPUTING: A PRACTICAL APPROACH VIOLET A. FRENCH 416-777-5437 vfrench@torkinmanes.com DECEMBER 3, 2012 ST. ANDREW’S CLUB AND CONFERENCE CENTRE

2 Topics 1. Patent and copyright issues. 2.International jurisdiction issues: Where is the information? What rules apply? 3.Protecting trade secrets; preserving confidentiality. 4.Dangers associated with uploading confidential information to the Cloud (security risks, inadvertent disclosures, loss of control). 5.How to minimize the risk of losing trade secret rights, including selectivity in information upload, what to do when leaving the Cloud.

3 1. Patents and Copyright In the Cloud No Canadian cases involving Cloud computing and IP rights to-date. The landscape is still evolving – little guidance beyond commentaries as to how the courts or the legislatures will deal with some of these unique legal issues presented by Cloud computing. As of November 7, 2012, pursuant to an Order in Council, many provisions of the Copyright Modernization Act, SC 2012, c 20, came into force. Will be interesting to see how those affect our Cloud computing landscape. Decisions are coming out regularly in many jurisdictions that affect the landscape – summer of 2012, 5 copyright decisions issued by the Supreme Court of Canada that are relevant to various aspects of Cloud Provider services. June, 2012 decision of U.S. District Judge William Alsup of the Northern District of California dismissed Oracle’s/Java’s claim for copyright infringement against Google. The claim related to Google’s alleged copying of 37 application programming interface (API) packages. Interestingly Judge Alsup is himself a coder and programmer: “copyright law does not confer ownership over any and all ways to implement a function or specification of any and all methods used in the Java API”.

4 Copyright Issues In the Cloud There are many interesting and highly theoretical copyright issues raised by Cloud computing. Is the Cloud itself capable of being the subject matter of copyright? Is there copyright in the software applications, data and other works that might be created in the Cloud context? If yes, then who owns those copyrights? What about the contents or components of the Cloud? One very interesting question is whether a virtual application even capable of copyright protection because it is (or is not) a “fixed work”. A study released in June of this year by Harvard Business School Professor Josh Lerner looked at the impact of European copyright law decisions on venture capital investment. Professor Lerner found that copyright rulings in Germany and France that impacted Cloud Providers led to an average reduction in venture capital investment in French and German Cloud computing firms of $4.6 and $2.8 million per quarter, respectively. Uncertainty and lack of uniformity in copyright law means risk for providers, investors and companies using Cloud computing.

5 Copyright in the Cloud – Storm Clouds or Fluffy Nothings? If third party software code is delivered to a user through a Cloud Provider, it is likely that a copy has been made which means a license from the third party is required to mitigate against a claim of infringement under Section 3(1)(a) of the Copyright Act. However, if the user is simply accessing the software functionality and processing capability through the Cloud, it is more like an outsourced service and a third party software license may not be required. A number of commentators see similarities in analysis between IT virtualization and Cloud computing – both involve copying to a varying degree and the concept of fixation. If the data relating to a work is split up and stored in multiple locations in the Cloud, is the work “fixed” in a material form such that the creators can claim Copyright Act protection? And keep in mind jurisdictional issues – if the work exists in pieces in multiple jurisdictions, where ought the claim for infringement to be brought? Are the laws around infringement the same in each jurisdiction?

6 Patents in the Cloud The Cloud may pose problems for claims of infringement. If a competitor is using a Cloud service, it may not be perfectly clear where the infringement of a patent is taking place. The patent holder may hold a patent in Canada and the US, but if the competitor’s allegedly infringing acts take place in the Cloud located in Europe, will the patent owner be able to show infringement? Use of the Cloud can pose evidentiary hurdles for patent owners looking to make claims of infringement. The patent owner may not be able to access the technical information needed to make out a claim for infringement. The very nature of the Cloud – abstracted and dynamic – is at odds with the requirement for concrete and objective evidence needed to sustain an infringement claim.

7 Patents in the Cloud The scattered nature of the Cloud makes it possible that infringement may be divided amongst many jurisdictions and across different Cloud Providers such that there isn’t one clear infringer. Different parties are responsible for different aspects of a system that may infringe. The result is that there may not be a single party that can be shown to have infringed all of the elements of a patented invention. Instead, there is “Divided Infringement” which poses enforcement problems for the patent owner.

8 Patents for the Cloud We’ve just passed the one year anniversary of Canadian Federal Court of Appeal’s decision in Amazon.com, Inc. v. Canada (Commissioner of Patents) where the Court held that a “a novel business method can be an essential element of a valid patent claim” The Amazon one-click Canadian patent was issued almost a year ago. We are just at the beginning of the patent frenzy for Cloud computing patents. National patent laws will be stress tested in this process because of the multinational nature of Cloud computing. Example of patents in Cloud computing - in 2011, Apple filed for a patent that uses “Cloud syncing” to let Apple users pause a song or video on one device and then resume it from that same place on another device.

9 2. International jurisdiction Where is the information? What rules apply? Cloud Providers are not always clear on exactly which of their data centres will be hosting a company’s data. It is often the case that data will be hosted in multiple centres, in different locations. In terms of due diligence, it is critical that companies considering Cloud Providers ask and receive clear information about where the servers are located. The distributed method of Cloud computing poses challenges for companies. To be competitive and offer the types of services demanded of users, Cloud Providers will store data in multiple locations – leads to the important questions of who has jurisdiction over data? What country’s laws will apply to the data? Ever-present worry that using Cloud Providers located in the US puts Canadian data under the purview of the US Patriot Act as discussed earlier.

10 % of respondents stating barrier is restricting (very/completely) Cloud adoption Source IDC 2012 - IDC Final Report, 13 July 2012

11 International Jurisdiction – cont’d Do not make the mistake of thinking that a choice of law clause in the Cloud Provider agreement will address all the jurisdictional issues that might arise. Such clauses are limited in effect to the parties to the agreement itself – and even then, courts may not uphold the parties’ express choice of law clause. Remember, that local laws will still apply for tort claims, intellectual property matters, consumer protection laws and other matters that the local country may regulate including privacy. Your choice of law clause will not exempt you from the application of these local laws. There are no easy answers – the location of the server is not dispositive of the issue of jurisdiction. The “rules” for determining jurisdiction vary from country to country and even within a country, there will be different local state or provincial jurisdictional approaches. There is not one body of law that determines jurisdiction for all purposes – it varies based on the substantive involved and the territory/nationality of the dispute.

12 International Jurisdiction – cont’d In general, the courts will take jurisdiction over a dispute if there is a “real and substantial” connection between the jurisdiction and the matters at issue or the parties involved. As it relates to the Cloud, what this means is that even if the information is stored in the “Cloud” in one country, to the extent that a consumer accesses the services in another country, the courts in that country could well claim jurisdiction based on where the services are “consumed”. Large Cloud Providers have data centres all over the world and it may be difficult to ensure that your data is being kept in a centre within your home jurisdiction. Clearly, jurisdiction is important and will continue to be important.

13 Trade Secrets Historically keeping the “crown jewels” under your physical control and close by – in a vault or some type of physically secured premises nearby and restricted is the best way to protect trade secrets. The Cloud puts stress on the traditional method for proving and maintaining common law protection of trade secrets. Tension between the desire to treat the Cloud as an extension of the company’s own organization - ease of access - versus the need to “hide” trade secrets to protect them. How to minimize the risk of losing trade secret rights, including selectivity in information uploaded to the Cloud. As well, what to do when leaving the Cloud? How can you ensure that the Cloud is “clean” of your trade secrets?

14 Trade Secrets – What Are They? A trade secret is any information - agnostic as to what it is - formula, pattern, compilation, program, device, process, code, data, method or technique) that: Is valuable as a result of not being generally known to either the public or those who can profit from its disclosure or use; and has been kept secret or confidential by the holder – i.e. holder has made reasonable efforts to maintain the alleged trade secret as secret or confidential. In a battle to enforce a trade secret, the courts will invariably focus on whether the measures the company implemented to protect its information are reasonable and sufficient under the circumstances to warrant the court’s intervention to protect the trade secret.

15 Trade Secrets – The Legal Basis for Protection A good framework to analyze trade secrets is to think about trade secrets not as property but as a thing that the law permits the Holder to control. At common law, there are five main grounds for the holder of a trade secret holder to seek relief: 1.breach of contract (express or implied provision); 2.breach of confidence; 3.breach of fiduciary duty; 4.unjust enrichment; and 5.wrongful interference with contractual relations of others. The Supreme Court of Canada has affirmed that all these types of actions coexist and can be the subject of court protection. (See Cadbury Schweppes Inc. v. FBI Foods Ltd., [1999] 1 S.C.R. 142 [Cadbury Schweppes])

16 What Qualifies – Must It Be New, Inventive, Novel? In Cadbury Schweppes, the Supreme Court of Canada held that there is a fairly low threshold of proof required to qualify as a trade secret. The case involved the recipe for Clamato Juice: “ In the present case, the trial judge found, and the Court of Appeal agreed, that the Clamato formula and related processes, insofar as they had been disclosed to the appellants, constituted a unique combination of elements, notwithstanding that some or all of the constituent elements were themselves widely known within the juice industry.” [emphasis added] A unique combination of elements may be protectable even if the individual elements themselves are widely known. In Seager v. Copydex Ltd., [1967] 1 W.L.R. 923 (C.A.) at 936, the Court held that a “germ of an idea” as opposed to the actual embodiment may be protectable as a trade secret where the recipient uses it as a springboard for the recipient’s own use.

17 Examples of Trade Secrets Data compilations - customer lists, supplier lists, client relationship databases. Instructional manuals – training manuals, operational manuals, system manuals. Formula and recipes for producing a product – “secret recipes” Clamato Coca-Cola Barberian’s Steak Spices Specific process or technique. Business Plans; marketing plans; financial plans and forecasts. Systems/instructions for manufacturing. Personnel and employment records. Research and development plans and engineering notebooks. Source code and computer programs. Pricing and costing information.

18 Protecting Trade Secrets; Preserving Confidentiality Many US jurisdictions have statutory protection for trade secrets. Ontario protects trade secrets as part of the common law. Canadian trade secret law arises from the English law concept that trade secrets are protectable due to the confidential nature of the information in question. An advantage of a trade secret is that it can remain protected indefinitely. Since it is protected by common law, the protection is not reliant on a statute. Risk with trade secrets is that public or inadvertent disclosure of the trade secret may mean that the owner loses the protection given by law. Trade secrets are a significant source of competitive advantage to most companies. Owner protects its trade secrets by marking “Confidential” on documents; limiting access; locking cabinets; using locked or encrypted files. Key is that the trade secret must be kept out of the hands of competitors (i.e. out of the public domain) to maintain its competitive value and advantage.

19 The Cloud and Trade Secrets The main risk that strikes fear in the hearts of the holder of a trade secret is that the trade secret is made public either deliberately or accidentally. In the olden days, the secret receipt was physically kept in the “vault” and only shared with a few key people who worked in the same company for life. Today, with global operations, mobility of employees and mobility of electronic information, many company trade secrets cannot be kept in the “vault” - access is needed to maintain and enhance productivity and competitive advantage. In a Cloud computing environment, the trade secret is physically available outside the company’s business. Holder forced to rely on the third party Cloud Provider to maintain the key element of confidentiality.

20 Private Versus Public Cloud – There is Difference Question – are trade secrets stored in the Cloud still protectable as trade secrets or have they lost the essential element of “secrecy” or confidentiality? A trade secret stored in a Public Cloud or Community Cloud is problematic – the fact that anyone can access the trade secret shows that the holder doesn’t care about confidentiality and therefore why should the courts. So, no matter how inexpensive or attractive, do not use Public Cloud for storing any type of confidential know-how or trade secrets! Private Cloud – suggest that storing trade secrets in a Private Cloud will not in and of itself disentitle Holder to protection. However, there are safeguards that need to be put in place and the Holder has to act reasonably to be able to avail itself of the protection of the courts to enforce the confidentiality of a trade secret stored with a Private Cloud Provider.

21 How to Safeguard Trade Secrets in the Cloud As the real estate agent says, “location, location, location” or in this case “diligence, diligence, diligence”. Take the time to question and consider every aspect of the Cloud Provider’s process: Who is going to hold your trade secrets? (find out if there are sub-Cloud Providers) When will third parties have access to your data - is there any public access? Where will your trade secrets be held – location of servers; sub- contractors (if any); and What measures or safeguards are in place to protect against inadvertent or intentional disclosure?

22 Key Questions To Ask Prior to Using a Cloud Provider What certifications and security measures are in place – document these. You will want to be able to show you took adequate steps to secure and maintain the confidentiality of all information if there is a leak or disclosure. Ask about past history and past performance. Have there been inadvertent or deliberate disclosures with other customers? Previous law suits for theft, breaches or improper use? How has the potential Cloud Provider dealt with past breaches – speak to their customers! Has the potential Cloud Provider’s services ever been hacked? Is the potential Cloud Provider also a competitor – perhaps consider another Provider. Is the potential Cloud Provider a supplier to your competitors – risk of comingling. Will there be sub-contracts with other Cloud Providers – such as peak demand or back-up sites? Conduct the same due diligence on all potential sub-contractors that the Cloud Provider may use. If there could be future sub-contractors, insist on due diligence and pre-approval rights for any potential new sub-contractor.

23 Key Contractual Provisions to Safeguard Trade Secrets Expansive confidentiality language – one or two sentences is not enough. This is not boilerplate. Be thoughtful and use fulsome language both to adequately address the legal obligation of the Cloud Provider and to evidence the company’s intention to maintain the confidentiality of its trade secrets. Indemnity - beware of overall caps on liability. A low cap may show that the Company doesn’t value its own trade secrets if it is willing to accept a low dollar cap on breaches of trade secrets. Indemnity – investigate the credit-worthiness of your Cloud Provider. The best drafted indemnity is worthless if there Cloud Provider is not financially viable. Try and negotiate for a substantially higher cap or no cap for improper disclosure of trade secrets. Insurance – is there any insurance available to increase the protection – at what cost? Minimum Service/Security Standards Be specific – cover off security, disaster recovery, access, encryption. Take the time up front to map out what is needed to protect trade secrets.

24 Key Contractual Terms…cont’d Include some type of planning and co-operation/reporting obligations if there is an unauthorized disclosure. Incentives for compliance – financial/credits. Negative incentives for breaches – perhaps reason to avoid private arbitration of disputes. Incentive for Cloud Provider to work with the company rather than face a public court dispute. Rights to audit and inspect in favour of the company. Obligation on Cloud Provider to upgrade security and safeguards as new technologies emerge.

25 Key Contractual Terms…cont’d Ensure the Cloud Provider shares any audits or inspections done by Cloud Provider or its auditors or consultants. Explicit Duty of Confidentiality – ensure that the Cloud Provider has to give the company plenty of notice if there is a court order of disclosure. Gives the company time to seek a protective order. Cloud Provider should not be able to withhold performance or restrict access to company’s information if there is a dispute – decouple a contractual dispute from the underlying information being stored or processed – it can’t be used as a pawn or bargaining chip. Deal with ownership if IP explicitly in the Cloud Agreement. Confirmation as to who owns what and how work product/data is to be owned.

26 Key Contractual Terms…cont’d Pay attention to transition provisions on expiration or termination of the relationship (planned and unplanned). What happens to data – no copies; maintain security during any transition. Be careful about archived copies of trade secrets. Ensure the confidentiality obligation survives the termination or expiration of the agreement. Certification to verify that all information has been wiped from Cloud.

27 Dangers associated with uploading confidential information to the Cloud (security risks, inadvertent disclosures, loss of control) Remember that in February, 2012 the Office of the Superintendent of Financial Institutions (OSFI) issued a memorandum to remind federally regulated financial institutions that OSFI’s March 2009 Guideline B-10 – Outsourcing of Business Activities, Functions and Processes applies to Cloud Providers. Guideline B-10 focuses on the following concerns: (i) confidentiality, security and separation of property: (ii) contingency planning; (iii) location of records; (iv) access and audit rights; (v) subcontracting; and (vi) Monitoring the material outsourcing arrangements. This is a useful check-list for any company considering using Cloud Computing services.

28 Questions? Thank you! VIOLET A. FRENCH 416-777-5437 vfrench@torkinmanes.com vfrench@torkinmanes.com TORKIN MANES LLP – BARRISTERS & SOLICITORS 151 YONGE STREET, SUITE 1500 TORONTO, ON M5C 2W7 TORKINMANES.COM

Download ppt "PROTECTING YOUR IP IN THE CLOUD LEXPERT CLOUD COMPUTING CONFERENCE 2012 CLOUD COMPUTING: A PRACTICAL APPROACH VIOLET A. FRENCH 416-777-5437"

Similar presentations

Negotiating Technology License Agreements Tamara Nanayakkara.

Negotiating Technology License Agreements Tamara Nanayakkara.
A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.
Protecting Your IP in the Cloud Violet A. French 416 777 5437 LEXPERT Cloud Computing Conference 2013 November 28, 2013.

Protecting Your IP in the Cloud Violet A. French LEXPERT Cloud Computing Conference 2013 November 28, 2013.
WIPO - TCCIA WORKSHOP ON INTELLECTUAL PROPERTY FOR BUSINESS FOR SMEs Dar-es-Salaam, Tanzania, May 10 and 11, 2005 Keeping Confidence: Trade Secrets in.

WIPO - TCCIA WORKSHOP ON INTELLECTUAL PROPERTY FOR BUSINESS FOR SMEs Dar-es-Salaam, Tanzania, May 10 and 11, 2005 Keeping Confidence: Trade Secrets in.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
CARLIN LAW GROUP, APC (619)615-5325 Know Your Indemnity Obligation Know Your Risk Know Your Insurance Company by KEVIN R. CARLIN, ESQ.

CARLIN LAW GROUP, APC (619) Know Your Indemnity Obligation Know Your Risk Know Your Insurance Company by KEVIN R. CARLIN, ESQ.
Drafting and Reviewing Confidentiality Agreements West LegalEdcenter 2012.

Drafting and Reviewing Confidentiality Agreements West LegalEdcenter 2012.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
Trade Secrets and Confidential Information

Trade Secrets and Confidential Information
Copyright Security-Assessment.com 2006 Protecting The Data Data security, compliance, disclosure requirements and what can happen if you get it wrong Presented.

Copyright Security-Assessment.com 2006 Protecting The Data Data security, compliance, disclosure requirements and what can happen if you get it wrong Presented.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
1 Introduction to Software Engineering Lecture 38 – Intellectual Property.

1 Introduction to Software Engineering Lecture 38 – Intellectual Property.
Chapter 7.5 Intellectual Property Content, Law and Practice.

Chapter 7.5 Intellectual Property Content, Law and Practice.
ISO 9001 Interpretation : Exclusions

ISO 9001 Interpretation : Exclusions
CS 501: Software Engineering Fall 2000 Lecture 7 Management II Business and Legal Aspects of Software Engineering.

CS 501: Software Engineering Fall 2000 Lecture 7 Management II Business and Legal Aspects of Software Engineering.
Patents and trade secrets 6 6 Chapter. Patents  Grant of property rights to inventors  Issued by the U.S. Patent and Trademark Office (USPTO)  Permits.

Patents and trade secrets 6 6 Chapter. Patents  Grant of property rights to inventors  Issued by the U.S. Patent and Trademark Office (USPTO)  Permits.

Similar presentations

Ads by Google