The growth of technology is undoubtedly linked to the change in the nature of business assets, no longer are business assets purely tangible, writes Maria Peyman, senior associate, Birketts LLP.
For many businesses, and particularly those in the technology sector, assets are often intangible and often centred around intellectual property (IP) and ‘data’. However, where technology moves at pace legislation does not necessarily follow suit.
If the traditional legal structure for protecting IP is not meeting sector needs and legislation is not keeping apace of the developments by introducing new legislative measures, the termed ‘web of protection’ is vital and so is a brief exploration of what lies beyond the traditional frameworks for IP protection.
This is not advocating an abandonment of the usual avenues of registration of IP rights nor ceasing to maintain records to evidence unregistered IP rights.
That all remains a crucial part of strategic consideration. But, where registered IP rights might not be applicable or time is of the essence, to maximise protection then other effective tools, often overlooked in the context of traditional IP rights protection, by way of example are:
- Ensure that employee contracts contain effective restrictive covenants and that this is for all levels of employees who have access to/are involved with an organisation’s technological developments
- Use non-disclosure agreements (NDAs) before disclosing any information for collaborations. Both parties should be clear about the nature of the information being provided (i.e. is it confidential) and how it can or more importantly cannot be utilised
- Consider the technical measures which will enable you to take action against potential infringers, for example in CAD files consider placing a ‘seed’ to enable an organisation to ‘track back’ and identify who is facilitating the infringement
- Internally to your organisation design encryption and limiting the number of people with access to the designs, as well as keeping them in secure facilities may be effective; and
- Block leaks of your confidential information. Leaks can occur as a result of unscrupulous employees, breaches of confidentiality by third parties following disclosure to them of information and through a breach of your cyber security.
As highlighted at the outset, data collected by technology linked companies is an asset, as demonstrated by the growth in the wearables sector and the surge in popularity of devices related to one’s health and fitness.
As well as comprising a business asset, personal data collected from the wearables is, sensitive personal data and must be handled with the highest standards. In contrast to the proceeding reference to the slow changes in IP legislation, this is an area which is seeing significant change in legislation in the coming year.
Organisations need to recognise that with collection comes responsibility and those which collect data from their customers/users must already comply with the Data Protection Regulations.
However, the General Data Protection Regulation (GDPR) coming into effect in a year enhances the obligations on organisations which process customers’ data. Organisations will need to be appraised of the impact of the GDPR as a whole.
Is your organisation ready for the GDPR and has it considered the impact of the changes that are coming in, for example do you need to review the manner in which consent is obtained from the customers and are your R & D team factoring in the privacy by design and default implications?
Of course, intangible assets need more than an iron lock and key at the gate of your premises to protect them but with significant value need to be properly protected.
Where an organisation’s data and assets are held within a network a breach of security would give a third party unfettered access to everything. Security goes beyond just complying with legislatory obligations, each organisation needs to recognise the risks are posed to it. This will be dependent on its business and the nature of the assets held (including sensitive personal data which can be of considerable interest to third parties).
Good cyber security measures are about the use of software and the use of an organisation’s people and here are examples of prudent steps.
The board should adopt a proactive approach to cyber security as well as an overall business commitment to teaching employee awareness.
Software must be current, up to date and of sufficient security for the type of organisation question.
If what is in place will sufficiently protect the organisation from a legislator point of view going forward it will also help it manage its exposure in the event that there is a cyber incident in the future.
Educating and maintaining awareness in organisations’ employees and consultants is key. Each organisation should produce user security policies, establish a safe staff training programme, implement effective security awareness campaigns, maintain user awareness, promote incident reporting so that they can do so without fear of recrimination and make sure that you test the policies and training that you have in place.
A clear plan of what happens in the event of a cyber security incident is essential.
In the age of fast moving technology thinking beyond the traditional can lead to alternative and effect methods of protecting intangible assets that arise from technology whilst recognising other assets, such as data, allows your organisation to plan for regulatory obligations.
• You can call Maria Peyman on 01223 326596 or email her at:
maria-peyman [at] birketts.co.uk