How to Prevent Your Organisation’s IP from Being Stolen by Brian Miller Solicitor

How to Prevent Your Organisation’s IP from Being

Stolen

Brian Miller Senior Associate

IP, IT & Commercial Stone King LLP

ENSURING YOUR ORGANISATION'S IP IS

PROPERLY PROTECTED

COPYRIGHT

What Is Copyright?

Definition

• Subsistence

– Literary (includes computer programs)

– dramatic,

– musical and

– artistic works

• no copyright in idea

PROPERLY PROTECTED

How Do I Protect It? – Unlike trade marks, cannot register copyright – make sure you

• save a copy • do not amend • back it up • lock safely away or encrypt

COPYRIGHT

ENSURING YOUR ORGANISATION'S IP IS PROPERLY PROTECTED

COPYRIGHT

How Do I Protect It?

– use the copyright sign © on all materials

– if software, bank with ‘escrow agent’, who will:

• Test

• Release to named party on certain events

COPYRIGHT

What Happens if Someone Copies My Work?

– Be sure that it is your work that has been copied

Has the “Copy Test” Been Satisfied?

– Must be “substantial”

– General rule of thumb: >50%

– If satisfied, do not delay

COPYRIGHT How Long Does It Last?

• original literary, dramatic, musical and artistic works)

– life of the author plus 70 years

– computer-generated works: 50 years

• films: life of principal director plus 70 years

• Broadcasts: 50 years

• Sound recordings: 50 years

• Typographical arrangements: 25 years

PROPERLY PROTECTED

TRADE MARKS

Why Register?

• Cannot easily protect a name

• Preventing infringements costly without

• Protected from the date of registration

• No need to prove reputation

• Protection nationwide

NB. groundless threats

PROPERLY PROTECTED

TRADE MARKS

How Do I Register?

• Easy application process

• Supply name and/or mark to IPO

• Work out “classes”

• £200 per mark plus £50 per class

PROPERLY PROTECTED

TRADE MARKS

How Long Does It Take?

• 4 weeks before advertisement

• 8 weeks for opposition

• 4 weeks for final processing

• Total time: 4 months from receipt of application

PROPERLY PROTECTED

TRADE MARKS

What Does It Protect?

• Name and logo

• In classes for which registered

Where?

• United Kingdom only

• If EU or overseas protection required, register:

– EU trade mark (EEA protection)

– international mark (Madrid Protocol); or

– individual mark in the countries of concern

PROPERLY PROTECTED

TRADE MARKS

How Do I Protect My Mark After Registration?

• Fundamentally need do nothing (other than renew)

• ™ during application, ® after

• if mark used or copied, do not delay

TRADE MARKS

How Long Does It Last?

• Ten years

• Can renew indefinitely

• “Use or lose”

DESIGNS: DESIGN RIGHTS

PROPERLY PROTECTED

• Process and reasons for registering similar to TMs

• For registration to be valid, design must:

– be new

– have individual character

• Period of protection:

– five years

– Renewable for up to twenty-five years

• Unregistered designs similar to copyright

INVENTIONS: PATENTS

PROPERLY PROTECTED

• Process and reasons for registering similar

• detailed specification must be: – watertight – reveal process of production – capable of registration:

• new • have an inventive step: not obvious • capable of being used in industry • not on a list of excluded items

INVENTIONS: PATENTS

PROPERLY PROTECTED

– software generally not patentable in UK and EU

• must renew it every year after the 5th year for up to 20 years protection

• Fees vary (generally much more expensive)

WEBSITES, DOMAIN NAMES & HOSTING

WEBSITES How Do I Know If I Own the Code In My Website? • Commissioning Developers

• Ensure contract watertight on copyright • In absence of agreement, copyright vests in the developer!

• Employees • CDPA, s.11(2): employer is first owner BUT • Must be ‘in course of employment’

• Is it the developer’s work? • Possession is 9/10ths…

Make sure these rights are in the contract..

PROPERLY PROTECTED

DOMAIN NAMES

How Do I Know If Own My Domain Name?

• Ensure your organisation is the registered owner of the domain (check on WHOIS, eg. www.123-reg.co.uk/domain-names/)

• registrations in employee’s name to be avoided

• Don’t forget to keep tabs on renewal

PROPERLY PROTECTED

Whois record for nspcc.org.uk

Domain name: nspcc.org.uk

Registrant:

Registrant type: UK Registered Charity, (Charity number: 216401)

Registrant's address:

NSPCC 42 Curtain Road

London

EC2A 3NH United Kingdom

Registrar:

Webfusion Ltd t/a 123-reg [Tag = 123-REG] URL: http://www.123-reg.co.uk

Relevant dates:

Registered on: before Aug-1996 Expiry date: 11-May-2013 Last updated: 08-Jun-2011

PROPERLY PROTECTED

DOMAIN NAMES

What’s to Stop Someone Registering A Similar Name?

• nothing!

• buy identical domains for generic and TLD domains

• if cybersquatter appears, complain to registrar

• allowing cybersquatters can result in

– damage to brand

– theft of business or donations

• register a trade mark relating to domain name

PROPERLY PROTECTED

DOMAIN NAMES

How Do I Know My Domain Name Does Not Infringe Another’s?

• Carry out checks (Google)

• Check Trade Marks Register and Trade Marks Journal

• Look on Companies House for similar company names

• Use a specialised agent if concerned

PROPERLY PROTECTED

HOSTING

How Do I Know I Control My Hosting Account?

• unless account in organisation’s name, you don’t

• developers often prefer to use own hosting

• agree in contract that:

– account in organisation’s name; or

– full access to be given, both during and after term

– developer to transfer all digital assets/code upon termination

ALL WEBSITES

HOW DO I KNOW MY ORGANISATION’S WEBSITE IS LEGALLY COMPLIANT?

Domain Name

• Check name not infringing a third party’s rights

Make Sure You Own Your Content

• no good paying for someone else’s content

• ensure adequate warranties regarding ownership

• extracts from other sites an infringement unless “fair dealing”

• “thumbnails” of another’s photos will infringe copyright

• lifting standard terms will infringe copyright

• defamatory statements can create liability

ALL WEBSITES

Disability Discrimination

Equality Act 2010

• website owners, broadcasters and services providers

• duty to ensure sites and services are user-friendly

• applies to visual impairment and other disabilities

• no clear guidelines as to what “accessible” means…

ALL WEBSITES

Disability Discrimination Guidelines issued by World Wide Web Consortium (W3C):

• ensure information in colour available without • have a button to increase size of text • ensure background/foreground colours contrasted • compatibility with text reading software • for every non-text element, text-equivalent version • can turn off blinking, updating, scrolling, moving objects

ALL WEBSITES

Display of Mandatory Information

Electronic Commerce (EC Directive) Regulations 2000:

• full name and address of site owner

• email and other contact details (‘contact form’ not sufficient)

• company registration number and registered charity number

• if subject to an authorisation scheme, particulars

• VAT number (even if the website is not being used for e-commerce transactions)

ALL WEBSITES

Privacy Policy/Notice Data Protection Act requires data to be processed “fairly” Not processed fairly unless data subject knows • identity of processor • purpose(s) for which information will be processed • any further information necessary to enable fair processing, eg.

– how the data will be used – to whom the information will be transmitted – whether the information is likely to leave the EEA – means of gathering information, including use of cookies

Displaying a privacy notice obvious way to satisfy these legal requirements.

ALL WEBSITES

Privacy Policy/Notice

"Sensitive (personal) data" (e.g. about a person's health)

– must only be collected if explicit consent obtained

– statement all subjects have right to see information

– opt-out box providing an opportunity to refuse

ALL WEBSITES

Cookies

Website operator must not

• store or gain access to information

• stored in the computer of user unless user

– “provided with clear and comprehensive information…

– about the purposes of the storage of, or access to, that information” and

– “has given his or her consent”*

* Privacy and Electronic Communications (EC Directive) (Amendment) Regs 2011

ALL WEBSITES

So How Do I Obtain a Valid Consent?

• ‘pop-ups’ one method

• referring to a Privacy Policy not ideal

• see ICO’s guidance notes for technical detail (or look at its Privacy Notice)

So How Do I Obtain A Valid Consent?

ALL WEBSITES

Terms and Conditions of Use

• advisable if any degree of interactivity possible by user

• ensure applicable law stated

E-COMMERCE WEBSITES

Formation of Contract

• Ensure customers agree to standard T&Cs

• If contract created online, must:

– include details of:

• technical steps to conclude a contract

• means of correcting errors

• language of the contract

• any applicable code of conduct

– allow customer to access, store and reproduce T&Cs

– acknowledge receipt of order

E-COMMERCE WEBSITES

Distance Selling Regulations

No. of detailed requirements concerning:

• provision of information

• statutory right of cancellation

• supply goods within 30 days

• allowing consumers to open/return goods

• providing a refund within thirty days

E-COMMERCE WEBSITES

Online Advertising

• no one source for all rules • CAP Code main rules (enforced/administered by ASA) All marketing communications should: • be "legal, decent, honest and truthful" • not include anything likely to cause offence • not be misleading and can be substantiated • be prepared with a sense of responsibility to consumers/society • respect the principles of fair competition • not bring advertising into disrepute Code not statutory but adverse ASA adjudication is bad publicity

E-COMMERCE WEBSITES

Payment Processing

Online card payments must be PCI compliant

• Number of stringent requirements

• Best to outsource to a provider

– Eg Worldpay, Paypal

• Failure to comply can mean large fines and removal of merchant status

LEGAL PROS AND CONS OF PUTTING DATA IN THE CLOUD

Security • If provider not using adequate security, data never safe

– Adequate firewalls – Adequate encryption

• Data Protection Act, Principle 7:

“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

– IT guru must do due diligence on cloud provider – If you cannot show this, you could be liable if breach

Security Same applies to your website security:

Personal data accessible by a third party

Breach of the Data Protection Act

Get your website penetration-tested regularly!

Who Are You Contracting With?

• May be a number of providers involved

• Confirmation sub-contractors bound by same standards of

– Security

– Confidentiality

• Main provider needs to carry can

Where is My Data?

• If data stored or transferred outside EEA, 8th Principle:

– requires adequate security measures to be in place:

– Non-US countries: model clauses signed up

– US states: entity on US Government’s Safe Harbor List

• ICO recommends getting

– list of countries where data is likely to be processed

– details of the safeguards in place

• “If in doubt, don’t use a provider you cannot trust!”

Conclusion Covered a lot of ground: • copyright, trade marks, designs and patents • ensuring your website, domain names and hosting are

– within its ownership and control – legally compliant

• putting your data in the cloud: do the advantages outweigh the risks?

For a whistle-stop tour of today’s workshop, go to QuickPoints on the firm’s website: – Is Your Website Legally Compliant – Cloud Computing: What You Need To Know

How to Prevent Your Organisation’s IP from Being Stolen by Brian Miller Solicitor

Technology

Stolen Art

SOLICITOR BOARDS

Stolen Seeds

Solicitor 2 - rcmpi.vic.gov.au

Stolen girls

IS YOUR ORGANISATION’S INFORMATION SECURE?

Solicitor General Brief

Shaping Your Organisation’s Narrative Infrastructure

Stolen Moments

OUTSOURCING AND ORGANISATION’S PERFORMANCE IN …

Stolen Sands

Stolen Seafood

Stolen Legacy: Greek Philosophy is Stolen Egyptian Philosophy

"Stolen Futures"

STOLEN INSTRUMENTS

Stolen Bacillus

THE STOLEN

Stolen Childhoods

Stolen Wages

Stolen Away