To protect its data and better compete in the market, an organization must treat its data as an intellectual property. That means understanding the different intellectual property regimes and their accompanying requirements. In addition, organizations should also consider intangible property rights that provide other means of protection (e.g., trespass to chattels and conversion). This article briefly describes those intellectual property protections and intangible property claims available in the United States.
Data as a Trade Secret
Trade secret law in the United States is generally addressed through the Uniform Trade Secrets Act (UTSA) as adopted by the states. On the federal level, U.S. trade secret protection was provided through the Economic Espionage Act, later amended by the Defend Trade Secrets Act, which introduced a means for private entities to sue for trade secret misappropriation. Although differing between state and federal laws, a trade secret is generally defined as information that:
- Derives independent economic value from being secret
- Is subject to reasonable efforts to maintain such information’s secrecy
To protect data as a trade secret, organizations should ensure reasonable efforts are in place to maintain the secrecy of their data. To this end, organizations should limit data disclosure to employees on a need-to-know basis and bind them to confidentiality and restricted use obligations. Confidentiality agreements will also provide a fail-safe claim for breach of contract in the event any data are not deemed trade secrets but are nonetheless improperly disclosed. Finally, organizations must be aware that while trade secret protection may be perpetual, it can be destroyed by disclosure. So, other protections should be considered.
Copyright Protection: Data Compilations
Under the Copyright Act of 1976, copyright protection covers original works of authorship fixed in a tangible medium. Under U.S. Supreme Court precedent, the originality requirement has a low bar and requires just a “modicum of creativity.” And if a work meets this threshold and is protected under the act, the owner is entitled to the exclusive rights to make copies of and distribute, perform, display, and create derivative works of the copyrighted work.
Because copyright protection requires originality, raw data is not copyrightable. But the U.S. Supreme Court has held that data compilations can meet such requirement through the coordination, selection, or arrangement of the compilation. Of course, any copyright protection would be significantly limited on this basis. So, organizations should consider the extent of their coordination, selection, and arrangement of their data compilations to determine the scope of their copyright.
Patent Protection: Database-Related Inventions
U.S. patent law makes “any new and useful process, machine, manufacture, or composition of matter, or … improvement thereof” eligible for patent protection. In addition to being useful and meeting the eligibility requirements under Section 101, the invention must also be novel and non-obvious to a person of ordinary skill in the art.
So, raw data or a data compilation will likely be ineligible for patent protection under U.S. patent law. Database-related inventions may, however, be patentable if the above statutory requirements are met. Because computer-implemented inventions have additional hurdles to overcome under evolving Supreme Court and Federal Circuit precedent, organizations should discuss the patent eligibility of any database-related invention with legal counsel on a case-by-case basis.
Non-IP Intangible Property: Trespass to Chattels and Conversion
Some states protect data like any other form of property, such that traditional tort principles apply. For example, in certain states, data owners may bring a claim(s) for trespass to chattels or conversion.
- Trespass to chattels is generally defined as the use of property without the owner’s permission that results in damages. So, where a person uses or accesses an organization’s network without authorization to view data owned by their employer or another that damages the organization, then that person may be liable for damages for trespass to chattels.
- Conversion is generally defined as the taking of the property of another with the intent to deprive the owner of that property. So, if a person, with the requisite intent, takes the data of another (e.g., from a website via data scraping software), then the person may be liable for damages for conversion.
Organizations have a variety of legal tools to protect their data. Each tool used in isolation is probably not enough, but by incorporating policies that ensure their data meet the eligibility requirements under the various legal regimes, coupled with an effective enforcement strategy, organizations can ensure they have the broadest legal protection from competitors.