The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Intellectual Property Theft Is Not Always A Crime

See Article Here

When I read the attached article, it got my brain going. I am warning you I might geek out a bit, but I promise to try to pull it together in the end. Everyone that is employed has signed some sort of agreement that says anything you create for your employer belongs to your employer and you can’t use it in your next job to compete with your previous employer. Confidentiality, Non-Compete, Non-Disclosure, Employment agreements, etc. Most employees abide by the rules, but sometimes you hear about things like in the attached article, where employees leave a company and take everything then blatantly go use it with a direct competitor. The Company sues and here's what any good defense attorney representing the employee will argue. The Company did not protect the information like it was intellectual property (IP) therefore, it is not IP, and does not deserve protection. The law requires you to treat secret stuff as a secret. Your next question is how in the world can they make that claim, it’s obvious that stealing source code is a violation right? Nope.

It you have IP, trade secrets, etc. you must treat them like they are secret and/or confidential. This includes marking them as confidential and/or proprietary and putting technological controls in place to treat it as such. Are you preventing, limiting, and/or monitoring access to your IP? Do you prevent employees from removing IP from company systems? Do you have anything other than a signed agreement or policy? Because those other controls will now play a part into whether the court believes the information deserves IP protection. 

Tesla is suing two companies saying that former employers stole IP and are now using it in their current roles in violation of Tesla policy and IP laws. However, in the last paragraph it says that one of the employees uploaded source code to their personal iCloud account. Having the ability to upload source code to a personal iCloud account is not treating source code as secret. If it is truly IP, the cybersecurity professional in me says the employee should not have been technically able to do that.

Just makes me wonder if the Courts will see it the same way Tesla does.