If you’re not thinking about IP risk, you’re putting yourself at risk…
In Part One of our two-part Risky Business blog post, we're talking about managing IP risk. When it comes to IP risk, your business cannot afford to approach the risk of mismanaging or losing IP assets as an afterthought. Reactively responding to issues puts you at a disadvantage that could increase your risk of losing your IP rights. While there are a few ways that you can approach risk management, the best course of action is to mitigate your risks by planning ahead.
Who is accountable for your IP risk?
Business risks related to intellectual property (IP) include the risk of losing IP rights before they are adequately protected, and the risk of infringement claims. In this two-part blog we will discuss how to manage both risks using a well-known risk management approach from the Project Management Institute (PMI).
The model first considers risk identification, then an assessment of the probability and impact of the risks, and finally a plan to respond to the risk, for which a company has four choices: Avoid, Accept, Transfer or Mitigate the risk.
We also consider all types of Intellectual Property including patents, industrial designs, trade secrets, trademarks and copyrights.
Failing to plan is planning to fail
If you do not have a strategy when it comes to your IP portfolio you are at risk of losing your IP before it can be protected. It is important to have someone who is accountable for IP and can implement risk management strategies so that the potential for IP loss (even inadvertently) is lessened.
Your approach to IP risk management should be threefold:
Risk identification
A business can lose its IP before it is properly protected. This is primarily because of a lack of cybersecurity or inadvertent disclosure due to poor IP literacy among employees, as well as inadequate IP provisions in employment agreements. Be aware of the potential weak points in your policy and infrastructure so that you can appropriate steps.
Risk assessment
The next step is to assess the probability associated with the risk. A thorough cybersecurity audit must be performed to assess weaknesses. The audit must include employees’ networking set ups when working from home, remotely or in shared settings, which increases the probability of a leak.
An audit of employee IP literacy can be done, but it can generally be assumed to be low, unless formal training has been done. A review of the IP clauses in employment and contractor agreements can also highlight potential risk.
The impact would be negative; if the IP is disclosed before proper protection is obtained (patents or trade secrets), then the IP may be available to anyone to use freely. This can have a disastrous effect on a business’s competitive advantage.
Risk response
One option is to avoid the risk by eliminating the risk or its impact. Unfortunately as it relates to IP, this is not possible. Even with proper training and strong cybersecurity, there is always a risk that IP will leak.
Another option is to accept the risk and the consequences of IP loss by taking no action to manage the risk other than acknowledging it. Since this strategy is targeted at non-critical risks when it is not possible or practical to respond to the risk using other strategies, it would not be recommended as it relates to IP loss.
You could also transfer the risk. You use this strategy when the business lacks specific skills or resources to manage the risk, or it is too busy to manage it.
The risk can be transferred to employees by giving them proper training so that they will understand and remember the critical elements of IP and develop a healthy dose of paranoia around losing unprotected IP.
In this scenario, employees should also know the processes to disclose IP they have created to ensure a timely decision is made as to how to protect it. Transferring the risk to trained employees may reduce the overall risk but the residual risk (amount of risk remaining after implementing a risk response) is still significant. Once the IP is lost, the entire business is impacted.
However, in a fourth option, you can mitigate the risk by implementing proactive policies to lessen the impact or probability of the risk. Put simply, this strategy decreases the severity of the risk.
Creating a framework
There are several ways you can mitigate risk when it comes to IP management. To ensure IP rights are adequately safeguarded at all stages of development, especially before formal protection measures are implemented, take actions such as:
- providing mandatory and regular IP awareness sessions to all your employees,
- adding proper IP protection clauses in founder/employment/contractor agreements, and enforcing when off-boarding,
- dividing software development environments so that employees only access the code they need to do their work,
- implementing an invention disclosure process with incentives, making timely decisions on the type of protection (patent or trade secret) and managing accordingly,
- mining for inventions regularly and/or including IP checkpoints in the product development process,
- regular monitoring to ensure IP has not been misappropriated and taking immediate actions,
- reviewing cybersecurity systems regularly and upgrading to state-of-the-art as needed,
- enforcing a policy around the use of open-source software and monitoring compliance to licenses, and
- monitoring trademark usage.
Selecting a mitigation strategy that addresses the risk of losing IP before it is protected provides a business with a framework to make conscious and proactive decisions.
All options should be discussed with the company’s board, so everyone is aligned on the strategy.
Stay tuned for Part Two of our Risky Business blog post where we discuss how to approach IP risk management when it comes to the risk of patent infringement claims.
You May Also Be Interested In: Risky Business: IP Infringement is a Two-Way Street
About Natalie:
As President of Stratford Intellectual Property, Natalie Giroux leads a team of IP Strategy experts in delivering end-to-end IP strategy and implementation services which include a full service patent agency and IP consultancy to lean in as trusted strategic advisors. With over 25 years of experience, Natalie has helped numerous companies identify and navigate the risks of IP strategy, including managing patent litigations and providing vision and leadership to companies looking to establish a culture of innovation. In 2020, the team at Stratford launched the IP Strategy Academy as a resource for SMEs looking to increase their IP literacy and risk awareness.
You can get in touch with Natalie here.