How to protect big data
With data becoming a more valuable asset to businesses, in-house lawyers say they are getting better at protecting it, despite the fact that there are no specific IP rights to cover 'information infringement'
For in-house IP lawyers trained to protect their company’s IP with patents, the risk of data theft presents an interesting challenge.
Data cannot be patented, and no specific IP right exists to protect the potential infringement of said data. That is because information is not a physical invention nor a technical solution to a problem.
Rather, data is the essential ingredient necessary to tailor products or services to consumers in a way that gives businesses a competitive advantage in their industries.
Protecting data is also challenging because it is shared between companies in different sectors. With industries such as automotive and telecoms merging, competitors become collaborators and former employees become potential industrial spies.
With the that of IP protection in mind, sources from the pharmaceutical, manufacturing and insurance industries say the best methods for protecting data involve encryption and trade secrets.
“Data is IP,” explains the general counsel and IP director at a UK energy company. “In our industry, data is critical to our survival and our competitive edge. Our data could reveal something around power density in a fuel cell. That data, if it got into the wrong hands, could result in us losing our competitive edge in the market.
“What people don’t understand is that data is a commodity now, and that it will be a more valuable commodity than property in the future.”
Estimates from last year project that value of big data in the software and services industry is expected to more than double in the next decade, from $43 billion to $103 billion.
But software companies are not the only ones using big data. For those in the pharmaceutical industry who are increasingly harnessing the power of big data to feed AI research for new medicines, its protection from clinical research is vital to the survival of their business.
“All companies are in a data race,” says the legal counsel for a French pharmaceutical company. “With respect to big data, a complicated issue for us is to identify quality issues because you get data from many different partners. Then the issue is protection of the data because, in a collaboration, it is not clear who owns it.”
Another one of her concerns is that data is tightly regulated in the pharma industry. The FDA, for example, implemented requirements in 2007 that pharma companies report all data from their clinical trials. The push for transparency in the industry makes it easier for other pharma innovators to use the otherwise expensively acquired data for their own research purposes.
One way the legal counsel says she protects data is to find a technical solution to a problem that uses the data. “You can have trade secret protection, but you can have a patent when you have a technical solution to a problem that was generated by the data. A filter developed from an algorithm is an example,” she says.
Lock it up
Christine Maury Panis, general counsel at telecoms security company Viaccess-Orca in Paris, says it is particularly difficult to protect data when you cannot detect infringement. For her, the best protection method is to use a trade secret or an encryption solution that would only allow access to authorised personnel.
“Our company has been using secrets as our main way to protect certain parts of technology, and this we have been practising for a long time. For our most sensitive software, me might protect it with an extra layer of encryption,” she says.
The senior counsel at a US-based insurance company says that protecting data is difficult because it is not something lawyers were brought up learning how to do in law school. However, as the use of big data becomes common, in-house IP lawyers are scrambling to learn how to ensure it does not fall into the wrong hands.
“We have big data approaches to most things we do. The part where I come in is finding out how to protect it. But I’m the patent guy, I’m not used to doing this,” he says. “Protecting data itself is very different from protecting something that uses data.”
He explains that while secrecy is important to protecting data, his company’s approach is to use data security with encryption and only resort to trade secrets for his company’s approach to data mining. One thing that could help his business, he says, is stronger trade secret and corporate theft legislation.
“There was much less concern about data theft prior to the internet-of-things era. Then the regulations came along but they haven’t caught up with the reality,” he says.
The UK power general counsel agrees that more robust trade secret laws would be helpful for data protection. She believes shifting the burden of damages from the employee who stole the data to the company that uses it would be a good modification to the law.
“If a former employee steals a trade secret, they might not have deep pockets if you decide to sue them. That is where the law needs to catch up so that there are consequences for a break of confidentiality. There needs to be extensive damages for the party that stands to benefit from the trade secret theft,” she says.
A recent and high-profile example of a court case over stolen data, of course, was that between Uber and Google. In August, Anthony Levandowski was indicted on 33 accounts of trade secret theft for allegedly downloading data files from Google’s self-driving car programme and handing them over to Uber. The companies settled in arbitration for $245 million.
Whether it’s driverless cars or cutting edge cancer treatment, Maury Panis reminds Patent Strategy that data is only as valuable as what you can do with it. “It is very difficult to give value to data, because by itself it has no value,” she says. “If it is possible for other people to get your data it is better to keep it secret.”