Category Archives: Confidentiality

New legal superhero (or supervillain) is born: the Motivated Intruder

The man on the Clapham omnibus should not be confused with Hector the Tax Inspector

The man on the Clapham omnibus should not be confused with Hector the Tax Inspector

English law is full of fantastical creatures.  Pride of place goes to the Reasonable Man who is, by all accounts, an ordinary and prudent person, who is bowler-hatted and most commonly found on the Clapham omnibus.

He gets everywhere (he has cousins on the Bondi tram and the Shau Kei Wan tram).  He is free from over-apprehension and from over-confidence.  He provides a neutral standard that assists the bemused lawyer to assess whether or not any particular act is negligent.

Contract lawyers know the Officious Bystander well.  He occasionally interrupts proceedings to suggest terms for inclusion in contracts which are so obvious that they can be implied and do not need to be stated.

The Man on the Bondi Tram retired in 1960.  Mr Pettifog remembers him well.

The Man on the Bondi Tram retired in 1960.

There is the Informed User who is something more than a consumer, knowing a fair bit about the existing design corpus but who is most definitely not an expert in the field.  He helps us to establish the boundaries of individual character in registered designs.  Or there is his close friend from the world of patents, the Person Skilled In The Art (aka the Nerd With No Imagination).  He is widely read in his field but has no imagination.  If he wouldn’t have thought of it, an invention satisfies the requirement of novelty necessary for the grant of a patent.

Less impressive is the Moron In A Hurry.  If two items are so different that they would not confuse even the Moron In A Hurry then there is no confusion and no passing off or trade mark infringement.

IP Draughts confesses that he had not heard of the Man on the Shau Kei Wan Tram

IP Draughts confesses that he had not heard of the Shau Kei Wan Tram

There is now another character to add to the fold: the Motivated Intruder.

The Information Commissioner’s Office highlighted his existence in November 2012, although some sightings date back to 2008.  He (or quite possibly she) has been quietly permeating the vexed topic of effective anonymisation.  This is more interesting than it sounds and currently matters a great deal to academic researchers although I predict it will soon matter just as much to insurance companies.

Old Etonian classics scholar, and Mayor of London, emonstrates the correct use of an omnibus

Old Etonian classics scholar, and Mayor of London, demonstrates the correct use of the masculine dative plural of “omnis”

Under UK law, information about a living and identifiable person can only be processed in accordance with the terms of the Data Protection Act.  To generalise, if you don’t have the individual’s consent (informed and freely given), you can’t use their data.  This is an issue for researchers keen to use the huge repository of data collected by the National Health Service (NHS).  The NHS holds a treasure trove of useful information but it was collected for clinical care purposes, not for research.  Obtaining individual consent permitting personal data to be used for research purposes just isn’t practical.  Cue much gnashing of academic teeth at the wasted opportunity.  But there is hope.  If the data is anonymous, it does not qualify as personal data and the restrictions of the Data Protection Act fall away.

Consent is not necessary in order to perform the act of anonymising personal data.  However, the question that now looms is just how anonymous information has to be to ensure that it is no longer classed as personal data.  The Data Protection Act is concerned with the likelihood of re-identification rather than with the possibility.  It boils down to needing to know whether any given method of anonymisation renders the information so secure that it is not reasonably likely that individuals, even individuals with rare medical conditions living in sparsely populated regions, will be re-identified.

20140318 Ta-DahHow can the researcher be confident that the data has been effectively anonymised and therefore is not personal data?  Enter the Motivated Intruder.

This character has no prior knowledge but wants to identify an individual from an anonymised dataset.  The Motivated Intruder is competent, has access to resources such as the internet and public documents, and, will take all reasonable steps to try to re-identify an individual from the anonymised dataset.  But the Motivated Intruder does not have specialist skills and will not break the law.  He sits somewhere between the inexpert member of the public and the skilled specialist.  If the statistical method used would defeat the Motivated Intruder then the data can be treated as anonymous and used with confidence by the researcher.

Unfortunately, the Motivated Intruder is still a youngster.  There are few examples of his work.  In some cases, it has been enough to defeat the Motivated Intruder to redact certain aspects of the dataset such as the dates and locations of medical incidents.  In others the likelihood of identification was low enough that statistical information relating to same sex adoption and (in a separate case) to school entrance exams was effectively anonymised and could be released.  In another case, the raw data from a clinical trial could not be effectively anonymised and therefore should not be released.  There are questions that remain to be answered: just how hard will the Motivated Intruder try?  What sort of information does the Motivated Intruder care most about?  How much embarrassment or anxiety can the individual who is identified be expected to tolerate?

An earlier sighting

As with the Loch Ness Monster, we need a clearer picture…

As time goes on and the Motivated Intruder is cited (sighted… geddit? Unfortunately, yes. Ed) more often so we will have a clearer picture and so researchers can proceed with greater confidence.

In fact, the Motivated Intruder has the potential to play a starring role in an information debate coming to your screens in the very near future.  The care.data project has been put on ice because of growing public concern that anonymised health data could find its way into the hands of unscrupulous insurance companies who would promptly and easily re-identify it and use it to push our premiums up.  Time to call for the Motivated Intruder to restore public confidence?  Or is it too late for that?  The Motivated Intruder focuses on the likelihood of re-identification.  Public opinion might well be focussed on the possibility of re-identification.

PS IP Draughts is curious to know if there are any other fictional legal characters, not mentioned above, in readers’ jurisdictions.  He wonders whether the woman on the Edinburgh tram could be a candidate. Please let us know via this blog’s comments.

3 Comments

Filed under Confidentiality, Databases

Research results: more moonbeams in a jar?

braveI embarked on this post with trepidation.  It’s always worrying when you start out thinking that you have a problem and that you disagree with IP Draughts.  The problem involves know-how: how should you deal with it, when it is part of the output of a research project?

Many research projects produce identifiable and protectable IP. There may be negotiations over who should own that IP, and the law gives us a set of rules that explain who is the first owner if different terms are not agreed.

But research projects also produce interesting things that are not obviously classified as identifiable and protectable IP – the ill-defined stuff that is sometimes called ‘know-how’.  Partners in the research want (demand, in some cases) rights to continue to use the know-how or to stop other people from using it.   Research funders want to own it as an output of the research.   IP Draughts says it is not something that can be assigned. [Don't take any notice of his maunderings.  Ed.]

Two examples of know-how occupy my world:

Results – actual hard data.  As explained elsewhere, there is no property in information itself.  If it is to be protected, it needs to be covered by confidentiality or fixed as an acknowledged piece of IP.  It could be recorded as a copyright work or entered into a database.  But that approach doesn’t really deal with the whole problem.  The copyright owner can prevent the copyright work from being copied without permission but the data probably also exists outside of the copyright work (eg the difference between a publication and the data it is based on).  As for databases, it is the database, and the investment in creating the database, that is protected by database right and not the data itself.  Database right gives the owner of the database the right to control the use of the database rather than the content of the database.  Neither protects the data itself.  Conclusion: confidentiality is the best bet to protect the data.

Methods – specifically, refinements to established surgical methods that arise in the course of clinical trials.  Again, there is no property in the information itself.  Patenting is unlikely to be the answer (cost, difficulty in demonstrating novelty, exclusion of certain methods from patent protection).  Copyright offers some hope but the same arguments apply.  Conclusion (again): if the method is to be protected at all, confidentiality is the best bet.

Daguerrotype stereotype

Daguerrotype stereotype

The researcher will want to be able to continue to use the know-how.  The funder, stereotypically, will want to protect, restrict and commercialise.  And so we turn to the law to find out who owns the know-how and who can control it and, potentially, how to transfer it.

We know that know-how is practical information that is secret, substantial and identified (EU Tech Transfer Reg (772/2004)) and we know that know-how is not property and cannot be assigned (IP Draughts commentaries).

English law protects trade secrets but will not protect know-how of itself (Faccenda Chicken).  Know-how is treated as a lesser being than a trade secret and needs to shelter behind confidentiality.  The EU is currently considering a draft Directive introducing specific protections for trade secrets (EU draft Dir 2013/0402) that would impose penalties for the unlawful acquisition, disclosure or use of trade secrets.  A trade secret is defined as information that is secret, has commercial value because it is secret and has been the subject of reasonable steps to keep it secret.  On that definition, know-how might amount to a trade secret in some cases.  But again we see that confidentiality is key.  We also see a requirement for that confidentiality to protect a commercial value.

small printSo, it looks like the answer to my problem is that no one really owns know-how, although you can expect to control it if you have the benefit of a confidentiality obligation that covers it.  There might be property in related IP rights but my sense is that these IP rights will often not catch the guts of the know-how – the data or the method.  Phew, I agree with IP Draughts.

And the lessons for our researcher?  Read the definitions in the research agreement and read them carefully.  Then see where and how those definitions are used.  If know-how is referred to in the definition of Confidential Information and the funder controls the Confidential Information, the researcher’s right to use their general know-how may be restricted.  If the definition of Intellectual Property includes data or methods, we may have ‘category confusion’ particularly if that data and those methods are not protected by any recognised form of IP.

A good (?) example of this is the EU’s Horizon 20/20 programme, whose contract terms define Background as follows:

Background’ means any data, know-how or information — whatever its form or nature (tangible or intangible), including any rights such as intellectual property rights — that: (a) is held by the beneficiaries before they acceded to the Agreement, and (b) is needed to implement the action or exploit the results.

Faced with a definition like this, which mixes up know-how, information and IP rights, you need to look very carefully at where the defined term is used and how it affects you.

2 Comments

Filed under Confidentiality, Intellectual Property

Confidentiality obligations in the parallel universe of M&A

familiarFor many technology-based companies, confidentiality agreements (CDAs) are routine documents that present few surprises.  Some of IP Draughts’ clients sign dozens, or even hundreds, of the things each year.  Often, they are signed as a first step in business discussions that may or may not lead to the parties signing a commercial agreement, such as a services agreement, research collaboration agreement, or IP licence agreement. A few issues tend to be negotiated, including duration, and law and jurisdiction, but most of the CDAs that one encounters are mostly on the right lines.

The conventions that are followed in relation to confidentiality in general business discussions do not always seem to flow through into the world of corporate mergers and investment transactions.  As an IP lawyer, IP Draughts has been surprised by some of the differences that he has seen.  They have included:

  1. Disclosure of a company’s trading contracts to potential purchasers or investors, despite the presence of provisions in those contracts that forbid the disclosure of the contracts’ terms.  Sometimes this issue is mitigated by limiting the disclosure to access in a data room, without the right to copy the agreements, but this doesn’t affect the fundamental issue  that the documents are being disclosed in breach of a confidentiality obligation.  If the transaction is consummated, perhaps the issue goes away, but in other cases …
  2. brokerBrokers and other finance professionals who refuse to sign CDAs, arguing that they must be free to do business with multiple companies in the same market sector, and CDAs would prevent them from doing this. Instead, clients should trust them to behave honourably.  Of course, this doesn’t protect the client, and sometimes highly sensitive, technical information about a client’s products in development is disclosed to these organisations.
  3. Other finance professionals who are not willing to sign CDAs whose obligations last longer than a year or two.  This may be okay if only financial information is provided but, again, technology-based companies sometimes find themselves disclosing technical information that is valuable as a secret for much longer periods.  Sometimes, those professionals can be persuaded to agree to a longer period in respect of “trade secrets” but in IP Draughts’ experience this cannot be assumed.
  4. Finance professionals who insist (as do some major companies, particularly those headquartered in the US) that if information is disclosed orally, it will only be treated as confidential if it is confirmed in writing within a period such as 28 days.  Yet in practice most of the subsequent discussions are held in meetings and by phone, and no confirmatory record is prepared.  Admittedly this problem is not unique to the financial sector.

secretsLawyers who work with the financial sector on a regular basis will no doubt be very familiar with its practices, which seem remote from the business world.  IP Draughts wonders whether these practices (of which the terms of CDAs form a very small part) will change in light of the recent upheaval in the world of finance.

What are you seeing?

 

Leave a comment

Filed under Confidentiality, General Commercial

Keeping secrets deep in the heart of Texas

texasHow much time should you spend in negotiating the law and jurisdiction clause in a confidentiality agreement (CDA)?

This question probably assumes that the parties are based in different jurisdictions.  If both parties are located in the same jurisdiction, it would be rare for them to propose a different jurisdiction for their contract.  Rare but not impossible: some Russian oligarchs seem to prefer to use the English courts to resolve their business disputes.

In most types of business contract, it would be unwise to gloss over this important issue in negotiations or to leave the point unaddressed in the contract.  But there are exceptions.  Research contracts with US state universities commonly leave the point unstated, as many US state universities claim to be not allowed, as a matter of state law, to agree to a law and jurisdiction outside their state.  A practice has developed, particularly in multi-party collaborations that involve several US state universities, for the collaboration agreement to remain silent on law and jurisdiction.

frogAnother exception may be routine CDAs.  Some technology-based companies enter into dozens, or sometimes even hundreds, of CDAs per year.  Often, these CDAs are the first stage in a business courtship.  For any given package of technology, the technology owner may enter into CDAs and then discuss potential business transactions with multiple, potential collaborators, before entering into a more substantive agreement with one of them.  Put more graphically, the company kisses a large number of frogs before finding, and consummating a relationship with, what it hopes will be a charming prince.

Given the large number of CDAs that some companies sign, and the smaller number that lead to a substantive transaction, it is tempting to try to minimise the time and costs of negotiating each CDA.  Thus, when a sticking point in the negotiations is the law and jurisdiction clause (as it often is), it is tempting to omit the clause completely.

IP Draughts recognises that this is a pragmatic approach in CDAs, and in many cases he would not fight with a client who proposed to follow this route, particularly if the other party’s jurisdiction is a reasonably mainstream one, and preferably (but not essentially) one with a familiar, common law legal system.  To take an example at random, this thought process might be followed if one party is based in England and the other party is based, say, in Texas.

Forum shopping with Frankie Howard

Forum shopping with Frankie Howard

Although this is a pragmatic solution, and saves costs in the short term, there is always the risk that the CDA will be litigated.  In that case, the litigation costs may well be increased, and the outcome of the litigation may be less predictable, if there is no law and jurisdiction clause in the contract.

A good illustration of this point, and the reason for writing this article, is the recent litigation between two listed companies operating in the market for touch-screen displays: (1) a UK company based in Yorkshire, England, Carclo plc (listed on the London Stock Exchange), and more particularly its subsidiary Conductive Inkjet Technology Limited (CIT), and (2) a US corporation based in Texas, UniPixel Displays, Inc (UPD, listed on NASDAQ).

These parties are currently engaged in simultaneous litigation in both the English and Texas courts in relation to a claim that UPD has breached confidentiality obligations with CIT.  Essentially CIT claims that certain patent applications filed by UPD claim inventive concepts and subject matter that were disclosed to UPD by CIT in confidence, and therefore CIT should be treated as the owner or part-owner of these patent applications.

Forum shopping with Mr Justice Roth

Forum shopping with Mr Justice Roth

The English version of the litigation has most recently surfaced with the publication on 7 October 2013 of an interim decision in the Patents Court case of Conductive Inkjet Technology Limited v Uni-Pixel Displays Inc [2013] EWHC 2968 (Ch).  Roth J was asked to set aside permission previously granted to CIT to serve claims on UPD outside the jurisdiction of the English court – ie in Texas.  He was also asked for a stay of the English proceedings while parallel proceedings in Texas were pending.

IP Draughts would not usually trouble readers with a report of interim proceedings that discuss arcane legal principles such as applicable law, forum non conveniens, the court’s power to stay proceedings,

Forum shopping in the Texas state court with Judge Cara Wood

Forum shopping in the Texas state court with Judge Cara Wood

and jurisdiction provisions in the European Patent Convention.  He does so now only to illustrate the expensive procedural mess that parties can find themselves in, when litigating an international CDA.  The case is also interesting for its discussion of how the Texas courts have approached the parallel proceedings (with the case being bounced up to the Federal court and then back to the State court), and how two expert witnesses on Texan law (both retired Texas judges) differed in their interpretation of applicable legal principles.

The remainder of this article will therefore pick up some interesting titbits from the case rather than summarise all the legal arguments.

The case report discusses three CDAs between the same parties, referred to

Forum shopping with Judge Simeon Lake III in the Federal court for the Southern District of Texas

Forum shopping with Judge Simeon Lake III in the Federal court for the Southern District of Texas

variously as the 2005 NDA, the 2006 NDA, and the 2010 NDA.  The court focuses mainly on the 2005 and 2010 NDAs.  It seems that the parties negotiated the 2005 NDA in some detail, and agreed to remain silent on law and jurisdiction, after CIT rejected UPD’s proposal for Texas law.

When UPD presented a similar NDA in 2010, which included their preferred wording on law and jurisdiction, it seems that CIT chose not to spend time in negotiating its terms, and therefore the following wording remained in the final version:

This Agreement shall be governed by and construed in accordance with the laws of the State of Texas, except for its rules concerning the conflict of laws, and venue shall lie exclusively in the courts of Montgomery County Texas.

montgomeryInterestingly, CIT framed part of its case as a claim that UPD had breached an equitable obligation of confidence.  IP Draughts surmises that this is an attempt to bypass the argument that claims for contractual breach of confidence, under the 2010 NDA, should be heard in the Texas court.

After extensive legal analysis, Roth J dismissed UPD’s application to set aside permission to serve out of the jurisdiction or stay the action pending the outcome of the Texas case.  This is an oversimplification, but will do for now.  For complex legal reasons it seems that CIT may be in difficulty in serving proceedings overseas for anything other than a claim for a UK-wide injunction.  In other words, CIT may have to forego a claim for a worldwide injunction.

This brings us on to another point.  Although this case is also about ownership of patents, the typical claim in a breach of confidence case is for an urgent (ie interim or interlocutory) injunction.  It may be very difficult to enforce interim orders outside the jurisdiction of the court in which the injunction is granted.  Therefore negotiating for the exclusive jurisdiction of your own country’s or state’s court in a CDA may be counterproductive if you need to bring interim proceedings in the other party’s court.

yorkshireIt is not clear to IP Draughts where the CIT v UPD case is going.  It will be interesting to see whether the case comes to trial (in either the English court or the Texas court or both) and, if it does, what evidence CIT has for a claim that UPD misused CIT’s confidential information.  IP Draughts will report on the case as it develops.  In the meantime, as both companies (or their parents) are listed companies, they may have to make public disclosures of the progress of the litigation.  This report from a regional UK newpaper, the Yorkshire Post, reports on the litigation as follows:

In a separate development, Carclo’s chief executive Chris Malley said he was pleased to announce that the English High Court has said CIT can pursue claims against US rival Uni-Pixel Displays in the English courts for breach of confidence and patent entitlement.

He added that as a result of this successful decision, Uni-Pixel will be obliged to pay the majority of CIT’s costs.

Leave a comment

Filed under Confidentiality, Legal Updates