Patents, trade secrets and confidentiality agreements are mere words on paper to the scientist, engineer or executive intent on deception and theft.

And if you have outsourced your research and development efforts overseas to countries with unenforced intellectual property laws and cultural norms that ignore individual property rights, then the intent to deceive and thieve isn’t even present—in their eyes, your intellectual property may already be their intellectual property.

Rise in IP Theft

Every other week seems to bring out a story of industrial espionage—in aerospace, technology or biopharmaceuticals.  A Kiplinger news story in January of last year noted that cyber-thieves are increasingly working behind the scenes to sell and deliver American and European company secrets to overseas competitors.

In the meantime, there has been a rise in overseas outsourcing from pharmaceutical, medical device and biotechnology companies looking to reduce expenses.  While some of this is in manufacturing, the majority of outsourcing so far has been in research and development, and in clinical trials, providing non-company personnel direct access to a firm’s developing intellectual property.

At the end of 2007, the Department of Commerce’s International Trade Administration released its summary of countries with whom it is struggling to advance US intellectual property protections.  While China may come as no surprise, few executives are aware of the second-class status of their intellectual property in India, Israel, the Philippines, Thailand and Mexico.

While these reports set the stage on the international scene, what is also on the rise is trade secret theft inside a company.  Recent lawsuits involving former executives of medical device firm Kinetic Concepts, aerospace giant Boeing and tech firms Quantum3D and SAP should give you pause for thought.

Joel Brenner, national counterintelligence executive in the Office of the Director of US National Intelligence, discussed a great shift toward increasing espionage reliance on private sector employees during a recent speech.  His main point:  employees of US and European companies can make quick cash by selling electronically-stored documents to overseas organizations simply through a few email clicks and web-based payments.

In my November 2008 webinar, Preventing Intellectual Property Theft by Contractors and Partners, I gave attendees current estimated marketplace value of different components of confidential information – from private contact information all the way through prototype blueprints and promising new drug or biologic formulations.

Gone are the days of dark street corners and cash-laden briefcases; today, IP theft occurs with the click of an email and an online bank deposit—it’s far safer, far faster and far more difficult to detect.

So what to do?

Decide What to Protect

One of the first items I ask my clients for is a list of the types of information they consider critical to business operations.  After more than 16 years, not a single client has shown me even a simple list typed on a single sheet of paper.  If you do not know what you need to keep safe, how do you expect to protect it?

The first step is to identify the information you need to protect.  Consider prioritizing your efforts on truly proprietary information such as unique processes, formulations, home-grown software, customer details, and so on.

The simplest way is to ask your colleagues, “What do we have that gives us a competitive advantage  (or will allow us to have a competitive advantage, in the case of new products) that no one outside of our company knows about?”  I also encourage you to ask your outside counsel and patent attorneys; they will also be able to give you specific insights, especially if you have not put all of the details in your patent applications.

When you’ve identified this information, it is time to explore where that information exists.  Sadly, you may be in for a surprise.

Segregate Standard Operating Procedure (SOP) Information

In an ideal world, no one individual would be able to put together the puzzle pieces of your intellectual property by themselves.  Unfortunately, in their zeal to detail out procedures, companies inadvertently place step-by-step instructions to recreating intellectual property in their standard operating procedures (SOPs). In my consulting engagements, I have seen this most often in SOPs that tackle formulations, mixing, assembly (for medical devices), and even in-process or post-assembly quality testing.

Conduct a review of your SOPs that relate in some way to your intellectual property.  Look for any detailed Step 1, Step 2, etc. processes that would give a knowledgeable person enough to duplicate your product … or get 90% there. Revise your SOPs to eliminate any trade secret-revealing step-by-step details, making sure to still capture the process and its regulatory and quality requirements.  This is a fine line to walk, but a necessary one.

If you are using a contract manufacturer (CMO)—especially for new product pilot production or clinicals—this review (and revisions to SOPs) is absolutely essential. You may also want to take this review one step further and look at the CMO’s internal SOPs related to production of your product.  Their SOPs may very well spell out your IP in step-by-step fashion.

Scattershot Storage

In a forthcoming article for BioProcess International, I point out that a 2002 University of California-Berkeley’s School of Information study calculated an interesting ratio:  for every piece of information available in front of you, there are an estimated ten pieces of directly related information (rough drafts, notes, raw data, copies, various iterations, etc.) stored elsewhere.

Think about this in the context of a blueprint of a new product yet to be launched.  Do you know where in your company – or in your development partner’s company – all the various iterations of that blueprint are stored?  What about those left accidentally lying about?  If I were to tell you the number of times over the past three years I’ve found some of my clients’ confidential documents lying in open, shared areas near copiers and printers either in their company or in the facility of a contract partner, you would have a good idea of how many intellectual property theft assessments I’ve conducted.

I recommend to my clients that they work with their legal counsel, records management groups, information technology (IT/ICT) teams, and development project personnel to put together a matrix of their stored intellectual property to ensure they’ve accounted for it all – and have published policies and contractual terms and conditions that govern its control.  This can be a lengthy process, but if you know exactly what to do and how to do it, then it can be easy.  In workshops and consulting engagements, I caution that while perfection is ideal, a capture rate in the 90th percentile is usually “good enough.”

Communicate to Personnel

If your personnel – particularly those that deal with outside vendors and suppliers – do not know that particular information is confidential, they may not know not to share it (or at least to ask permission before sharing it).

This does not mean you spell out the particulars of your trade secrets or intellectual property, but rather you note that (in the case of a drug, for instance) the formulation is considered highly confidential and will only be shared with certain individuals.  I recommend you also clarify that information supporting the creation and testing of the product “may be confidential as well” and provide a point of contact (such as your patent counsel) to seek further clarification.   While stating that something “may be confidential as well” is not akin to marking it “confidential” or “trade secret,” I’ve found that this ambiguity ironically can give people pause and serve as another check on critical knowledge leakage.

Work with your computer department to ensure that access to the information is restricted and monitored.  In the stories I tell in my workshops, I make it clear that simply restricting access is like expecting a locked door to prevent burglaries.  Some level of monitoring is necessary to deter a would-be thief, stop them in the act, or catch them afterward.  While there are many tactics to take advantage of French philosopher Michel Foucault’s Panoptikon theory when it comes to preventing intellectual property theft, one of the first is informing all personnel that the company has monitoring in place, just as a burglar alarm company places a “protected by” sign out in front of a building.

Final Thoughts

Deciding what to protect, finding it, communicating its importance to personnel, and then ensuring your SOPs are not inadvertently providing step-by-step trade secrets recipes are only a few of the tactics to master when it comes to saving your intellectual property.

Fundamental to all of this is recognizing that the greatest threat is not without, but within.  Ignoring the realities of internal risks ignores reality:  employees do not work for you for their lifetime; contractors come and go; and outsourced partners grow stale.  In the end, money is always more tempting than any corporate mission statement.

Are you ready?

About the Author

John Avellanet is the founder of the regulatory intelligence, quality systems and intellectual property protection advisory program for executives and business owners, SmarterCompliance.  He is the author of more than 30 articles on intellectual property theft and modern quality systems, a contributing author to the book Best Practices in Biotechnology Business Development, a syndicated columnist, and a frequent speaker on preventing intellectual property theft and cost-effective life sciences regulatory compliance in research and development environs.

He can be directly reached through his independent advisory firm, Cerulean Associates LLC, on the web.

Today’s post is by Guest Barista John Avellanet, Managing Director and Principal of Cerulean Associates LLC.  Adapted, in part, from the SmarterCompliance™ newsletter  2(2):  pp. 1,4-5 (February 2008).

  Print This Post Print This Post  

2 Comments

  1. Notice: Object of class WP_Comment could not be converted to int in /hermes/bosnacweb01/bosnacweb01ad/b2262/ipw.patentba/public_html/wp/wp-content/plugins/polldaddy/rating.php on line 7

    Agree with Guest Barista John Avellonet’s observations on the importance of the “why” to preceed the “what” on the protection of Intellectual Property within the enterprise.

    Nice compilation of rules to live by.

    All the best,
    Christopher Burgess

  2. Notice: Object of class WP_Comment could not be converted to int in /hermes/bosnacweb01/bosnacweb01ad/b2262/ipw.patentba/public_html/wp/wp-content/plugins/polldaddy/rating.php on line 7

    […] Website Legal Forms Generator Software Review – Mike Young Internet Attorney Protect your stuff with a hit man | zedomax.com – The DIY, HOW TO, Hacks, Gadgets, and Tech Blog/Search Engine! I need to find a website where I can do free background checks on individuals? The Quarter Wiki – a new online Encyclopedia where users can buy a page for just a quarter! | The Zedomax Network – The New Niche Blog Search Engine Company Essentials of E-Mail and IM Archiving Intel Business Exchange, Software solutions for Small and Medium BusinessesWhat Does a Community Manager Do? | Blog The Brand – Brand and domain names protection, web monitoringDebug And Fix You Blog Archive Hacking Google Gmail accountPatent Baristas Saving Your Intellectual Property […]