by May 4, 2006 0 comments



Hundreds of documents and thousands of e-mails (not
counting spam) in a day flow into your enterprise’s file and messaging
servers. In addition, there are those transactions that may never get recorded
in printable format files-those that happen over voice and instant messengers.
All this data is information to the enterprise and ultimately IP (intellectual
property). Much of it needs to be secured away from prying eyes and somehow
needs to be instantly available when needed. Based on several factors, you would
back up this information for a period of time and then destroy it safely. In
this article, we will open  Pandora’s box of IP management and examine
the aspects that govern what you should keep, what you must destroy and how long
you should protect information, along with how to get stored information back
when you require it.

Direct
Hit!
Applies to:
CIOs, compliance officers
USP:
We delve into the intricacies of dealing with information and using IT to keep it at your fingertips for several needs
Links:
http://www.cio.com/research/intranet/refmodel/ sld021.htm
 
Google keywords:
enterprise IP compliance -network

KMS vs DMS
It is likely that you have some sort of KMS (Knowledge Management System)
deployed in your enterprise. At the basic level, it would be your Intranet, and
at an advanced  level  it would be a DMS (Document Management System).
However, even your DMS isn’t a full-fledged KMS, since a lot of information
would still be out of its purview, for example your e-mail as we said above. All
of this information centers on the knowledge that your enterprise is creating or
getting access to. Some of this is created internally, while some may come from
(and be owned) by external sources. And all of this is essentially part of your
IP. A typical DMS would not handle all your IP- at the most, it would manage
documents that have been scanned or fed into the system or created inside it and
the communications and notations as entered with the DMS interface. It would
not, for instance, include the idea notations in a plain text file jotted on the
desktop of your marketing manager.

Identify your IP
The first step in managing your IP is of course to know that you have it in
your possession and what exactly it is that you possess. Frequent auditing of
your knowledge base to glean what diamonds are there in it and then ascribing a
commercial value to it, will

certainly help manage that IP a lot better.

The value of that IP would be two fold: one, it would be
the value of commercializing that IP in the form of a product or a service (if
it is possible). And two, its value if lost, especially to competition. Many
enterprises suffer from the fact that they do not realize what intellectual
property they own and how much it is worth (today and a few years down the
line).

The enterprise, therefore, should have a clear intellectual
property policy, demarcating the lines of contribution and development. Also, IP
should form a part of the employment contract, with the employee agreeing to
sign the requisite IP filing forms. IP could be used as a tremendous motivation
tool with the ‘authors’ [employees] being credited in IP filings.

IPR and
Indian Law

Rodney D Ryder leads
Preconcept, a full service corporate law firm
 

What aspects should
be considered by enterprises to comply with Indian regulations?
Intellectual Property Management in Corporate India [or for that
matter anywhere else in the world] is purely voluntary unlike other
corporate compliance except when it come to utilising another person or
entity’s IP.

The basic guidelines
ought to be [or are]: Audit your IP so that you know what you own. Look to
add value and commercialise. Second, while using the IP that is owned by
others, make sure you either have permission or a license to do so or that
your use falls under ‘fair use’ principles.

How should companies
seperate IP ownership?
Perhaps the most crucial part is in correctly identifying IP. Many
companies do not realise what they have. It is crucial that companies view
IP as perhaps a separate business unit with costs and goals of its own.
The company should have a clear IP policy, demarcating the lines of
contribution and development. Also, IP should form a part of the
employment contract, with the employee agreeing to sign the requisite IP
filing forms. IP could be used as a tremendous motivation tool with the
‘authors’ [employees] being credited in IP filings.

What is the role of
international compliance requirements in the Indian context?
The strategic importance of intellectual property and the risk of
liability from intellectual property litigation are growing at a time when
potential liability of directors for the inadequate oversight of
management has never been higher. Thus, the potential risks to directors
are simply too great to ignore and to not implement some type of policy to
protect directors against such risks.

How do you see this
changing in the near term (next 5 to 10 years)?
The situation will become stricter and the regime more stringent in
the years to come.

Guarding your IP
You can guard it better only once you have ascribed a value to it (as we
said above). Since most ‘IP’ that gets into the ‘lets guard this with our
lives’ category is of the internal kind, it can only be stolen from the
inside. This means someone in the organization is in violation of his or her
employment contract. Today, IP can be stolen or leaked in a variety of ways,
some of which may even actually be inadvertent. Consider the following
scenarios.

Carelessness:  It could accidentally be mailed
over to an incorrect recipient. Or, if the user is also a member of public
provider services (like e-mail or instant messaging) then problems with that
third party network and systems can accidentally put your IP out on the Internet
for everyone to see and use. It could also be

left behind on USB drives lent to colleagues or friends that are then spotted
and copied out. The way out in both cases is of course

automatic digital encryption of the data during transfer so that only intended
recipients with a valid decrypting key can actually read it.

Willful transfer: Here, an employee with access to
privileged information can transfer the data (by e-mail or in hard copy or in a
variety of formats) to the outside world or to someone who is not authorized to
see it. This would of course constitute willful theft of that IP.

IP theft would first and foremost be a breach of contract.
Further, a well-maintained logbook would ensure that all IP is documented and
its subsequent transfer understood at all levels within organizational
hierarchy. Therefore, periodic auditing of who has accessed what IP can quickly
reveal the (including potential) leaks. This can be done easily with a chain of
custody sign-off forms, where people handling that IP sign off on a log sheet.

IP and

India
The Indian environment is such that people sit up and take notice only once
something bad happens to them or to someone else in the industry, who is a close
enough competitor. For instance, the idea that someone as high up in the ladder
as the CIO or the CTO could be liable for information entered by a user on the
company’s store Web front only came to light in the aftermath of the Bazee.com
scandal. CxOs through the Indian business establishment did a hurried audit of
what exactly lay on their servers that they might have to go to jail for. In the
international community, laws like the Sarb-Ox (US) and the Data Protection Act
(UK) seek to ensure a level of compliance with regard to what companies do with
the data they gather and how they gather it. They also subject it to privacy
laws. In

India


, obviously, this has a long way to go. IP is not even recognized by the Indian
IT Act as a relevant topic (as knowledge handled by the IT infrastructure). It
is covered under the Patents Act, Trademarks Act, Copyright Act and Designs Act.
Confidential information and trade secrets are covered under the Contract Act.

With the ever-growing scrutiny faced by corporate directors
in the wake of recent corporate scandals and government policing, there is an
increasing importance for company directors to oversee intellectual-property
assets more closely than ever before. Intellectual property is ubiquitous in
almost all business sectors. Intellectual property procurement and enforcement
are becoming more and more important to most businesses, and the costs
attributable to intellectual property procurement as well as intellectual
property law suits are growing based on outside counsel costs, time, as well as
the number of suits filed. Furthermore, there are substantial increases in
settlements and judgments in intellectual property litigation. These factors
alone suggest that company directors should maintain intellectual property
oversight. The situation will become stricter and the regime more stringent in
the years to come.

Note: PCQuest does not offer legal advice. The
material presented above should not be construed as legal advice. You are
encouraged to consult your legal counsel before taking any action on this
subject.


Sujay V Sarma

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.