• About us
    Who We AreStaff DirectoryBoard of DirectorsHall of FameMember AwardsStrategic Plan / Annual ReportsCommittees/CommunitiesCode of EthicsEducational FoundationEquity, Diversity & Inclusion
  • Advocacy
    IP IncentivesIPIC SubmissionsIPIC Intervention Policy
  • What is IP?
     IP BasicsWhy Use a ProfessionalOwn it. CampaignHow to Become an AgentIndigenous Traditional Knowledge
  • Education
    Certification ProgramsCourses & EventsAnnual ConferenceMentorship Program
  • Resources
    COVID-19 UpdatesNewsCIPRFind an IP ProfessionalIPIC Job Bank2019 Compensation StudyMedia KitIP Assist
  • Membership
    Your profession. Our purpose.Join NowMember BenefitsMember CategoriesMember Referral ProgramInsurance Program: IP Agent Insurance
  • 0
  • FR
Mark D. Penner
Fasken Martineau DuMoulin LLP (Toronto)
,
Gerald Kerr-Wilson
Topics
Share

Tips & Tricks For Managing IP Risks Associated With Mobile Devices During COVID-19

Published on May 15, 2020

As a result of the COVID-19 pandemic, remote access has now become a life line for maintaining an organization’s ability to conduct business. As a result, “bring your own device” (“BYOD”) policies should be top of mind for both employer and employees. While different organizations will approach BYOD from different perspectives, each and every organization requires some form of BYOD strategy.

Organizations are now accepting BYOD as the new “normal”. Some may fail, however, to appreciate the risks that can arise with an employee’s use of their mobile device. To address these risks, organizations should review, update and revise accordingly the remote access, security and other policies in response to the increased use of personal mobile devices that access an organization’s information technology. Where there are no such policies and procedures, while not ideal, now is the time to adopt procedures and policies governing the use of personal mobile devices for work related activities.

It is important that while conducting these reviews, companies not overlook the specific and unique IP risks that these personal mobile devices and remote access present. To assist with company’s risk IP mitigation strategies, we have put together a list of key considerations to address. The following is designed to provide some suggestions and guidelines on how to strategically manage and reduce the associated IP risks.

It’s Not Just About Email Anymore

Smart phones, tablets, PCs and laptops are now being used for work in addition to personal uses. Common office software and applications for word processing, spreadsheets and multi-media presentations are being used to take work outside of the office. As a result, employees may be using their own hardware and software, in all likelihood purchased for personal use, for commercial use. There is also the ability of the employee to create and disseminate information outside of the normal protections of the workplace (e.g. restricted access, firewalls, etc.). With employees being able to create, use and disclose information across multiple platforms, there are a number of IP ownership and disclosure issues that arise.

Software vendors tend to licence their products with a number of price points and/or restrictions depending on the nature of the licence. For example, the same word processing program may be available under a student licence for $50, a home licence for $100, a small business licence for $250 and an enterprise site licence that allows for installation on 10 workstations for $5,000.

In each case, the licence will define the permitted uses of the software. Any use of the software that is not permitted may be a breach of the licence and an infringement of copyright. A breach of a license term between the employee and the software vendor may also be of concern to the employer because, under provisions of the Canadian Copyright Act, the employer may be “authorizing” the employee to infringe.

Virtually every business will also produce, own, and use a wide variety of assets and resources that are created internally and may be protected as a trade secret and/or under IP legislations such as the Canadian Copyright Act and Patent Act. These assets can include software, marketing plans, databases, instruction manuals, employee handbooks, audiovisual materials for use in social media or traditional broadcast, web materials and photographs.

Employees may be creating, using and disseminating these materials via their personal devices. In the BYOD environment, therefore, company assets may be passing outside of the corporate firewall and residing on the personal devices of employees or on non-company servers. The ability of cloud storage, for example, provides a particularly efficient manner for the control over the publication or dissemination of trade secrets to be lost.

What Are the IP Risks of Not Addressing These Concerns?

If an employee is doing work for their employer with their own personal software that is licensed to that employee for non-commercial activity, the employee is in breach of the conditions of licence attached to the software and potentially liable for copyright infringement. If the employer knows that the employee is using a program on their personal device for work-related tasks and also knows that this device is not covered under their own licence for the software, the employer could be found to have “authorized” the infringement. In Canada, a software vendor could elect to recover statutory damages of between $500 and $20,000 per work.

For copyrighted works (e.g. software), the first owner of copyright on any material produced by an employee in the course of their employment is, by default, the employer ─ regardless of where and how that material was produced. There is one gap, however, as this provision does not apply to independent contractors.

In the context of patentable invention, the employee is more akin to an independent contractor. Unless there is a written agreement to the contrary or the employee is specifically hired to invent, any invention developed by the employee is the property of the employee and not the employer.

Beyond ownership issues, the ability of the employee to easily disclose prematurely a patentable invention or other pieces of confidential information of the employer can have a negative impact on company assets. If an employee discloses the invention, then the ability to obtain patent protection and any possible trade secret protection may be lost. Just imagine what would happen to the owner of the formula for a famous soft drink if it was disclosed via social media.

As such, potentially important company assets may flow out of the company’s hands as a result.

What Can Companies Do to Mitigate These IP Risks?

Companies should develop and implement clearly written and easily accessible BYOD policies for the identification and mitigation of potential IP risks. Once the policy has been developed, it should then be incorporated into the company’s daily business practices and procedures. Companies should also endeavour to effectively communicate these policies to their executives, employees and independent contractors. Once the policy has been developed, it should be updated on a regular basis as technology will likely change over time and may present new risks that had not been considered previously.

With an effectively conceived and implemented policy, companies can reduce the IP risks associated with BYOD. At minimum, an effective BYOD policy should address and provide for the following:

  • Provide employees with appropriately licensed copies of software if they are using their devices for business purposes;
  • Require employees to submit their devices for periodic audits and indicate when/how to report and track devices when in use, lost or stolen;
  • Establish clear guidelines for when and how devices may be wiped (e.g. employee termination, lost or stolen device) and when/how employees should back up personal data (e.g. photos, music, videos, etc.);
  • Define “acceptable use” from the company’s perspective, develop a white list and a black list of approved and prohibited software/apps and indicate whether technology will be used to enforce such policies;
  • Establish policies to explain and address confidentiality and privacy concerns and the need for effective enforcement of each;
  • Establish a security policy for all devices (e.g. password logins, lock screens, etc.);
  • Establish a recommended approach to content storage (cloud vs. device); and
  • Clarify ownership of any developed copyrighted works, patentable inventions (e.g. particular software apps) or data and provide for employees/contractors to execute written assignment agreements to that effect.

Companies need to identify and manage the IP risks associated with employees’ BYOD. By having effective IP risk management in place, companies can avoid the potential losses, headaches and costs associated with inappropriate use of ubiquitous mobile devices (e.g. possible costs of “authorizing” IP infringement claims). The costs of not providing effective IP risk management tools are too great to ignore.

*This article was originally published on the Fasken Martineau DuMoulin LLP website. To view the original article, please click here.

Related Articles

May 12, 2023

Tips and Tricks for Effective Virtual Advocacy

Ryan Wong
As a junior IP litigator, I find myself having a lot of questions about what it means to be an effective advocate in these “modern” times. I am among the first cohort of students to cut my teeth as a 2L summer and articling student wholly during the COVID-19 pandemic. As a result, my legal experience has been one of constant adjustments. I’ve witnessed our profession’s incredible ability to adapt and react to unprecedented times.
TopicsEmerging Leaders Committee
May 5, 2023

Practice Tips for Emerging IP Practitioners Looking to Work In-House

Anastassia Trifonova
Today's emerging IP practitioners have a wide range of career options. While IP work was traditionally handled exclusively by law firms, more and more businesses are now seeking IP specialists to complement their in-house legal teams. As organizations strive to optimize their internal legal resources, IP lawyers and agents alike can bring valuable expertise to the table. This article aims to provides helpful tips for IP professionals who are looking to succeed in-house.
TopicsEmerging Leaders Committee
April 24, 2023

Join IPIC & its Educational Foundation in recognizing World IP Day 2023 on April 26th

Kevin Shipley, Nicole Mantini
The theme of this year’s World IP Day is an important reminder that many segments of Canadian society do not have equal access to the necessary resources and tools to thrive in our profession. IPIC has been focused on raising awareness and working to make meaningful, positive change in respect of these issues. Since 2019, IPIC's Educational Foundation’s [Patent & Trademark Institute Educational Foundation (PTIEF)] mandate has been to encourage education and scholarship in the IP field with a focus on promoting diversity and inclusion among IP professionals and removing barriers to access for members of under-represented groups interested in pursuing educational opportunities in the IP field.
TopicsFoundation Committee EDI Educational Foundation

MISSION

Our mission is to enhance our members’ expertise as trusted intellectual property advisors, and to shape a policy and business environment that encourages the development, use, and value of intellectual property.


VISION

Our vision is for IPIC to be the leading authority on intellectual property in Canada, and the voice of intellectual property professionals.

LATEST TWEETS

Twitter feed is currently not available

CONTACT US

360 Albert Street, Suite 550
Ottawa, ON K1R 7X7

T 613-234-0516
E admin@ipic.ca

LAND ACKNOWLEDGEMENT

The IPIC office is located in Ottawa, on the traditional, unceded territories of the Algonquin Anishinaabeg people.

©2021 Intellectual Property Institute of Canada, Ottawa, ON
Designed by Ottawa Web Design driven by Member Management Software