Cloud computing offers multiple benefits to businesses, especially small- and medium-sized entities. Files in the cloud can be accessed on multiple devices without requiring a local copy stored on your device. Further, cloud servers can provide a decrease in overhead, as you are not responsible for maintaining and upgrading a physical server.
Nonetheless, due to cross-border data transmission and the potential for security breaches, cloud computing presents challenges for safeguarding and enforcing intellectual property rights.
Trade Secrets and Confidential Information
Use of cloud-based infrastructure can put trade secrets and other confidential information stored in the cloud at risk. You should make efforts to understand your business’s risk profile by considering all details associated with your cloud service provider (CSP), including the CSP’s policies with respect to encryption, subcontracting, disaster recovery and service agreement termination.
Moreover, you should consider independent action to reduce the risk of misappropriation and misuse of confidential information, including, for example, encrypting sensitive information before transferring it to the cloud.
In line with the above, the Canadian Centre for Cyber Security (CCC) recently released four sets of guidelines applicable to any organization seeking to secure cloud-based services: Security categorization addresses how to determine the potential injury from security threats and select the appropriate solution for your organization; Defence in depth addresses how to utilize a layered security approach; Security assessment and authorization addresses how to assess and review both CSPs’ and your own organization’s security controls; and Cryptography addresses how to utilize and manage cryptography when moving to a cloud-based platform.
Whether you move to a cloud-based environment with a systematic approach—like that outlined in the CCC guidelines—or a more fluid approach, understanding the risks involved will allow you to properly utilize your own resources and choose the CSP that is best positioned to protect your data.
Widespread use of cloud-based infrastructure may complicate enforcement of computer-related patents. For example, infringement of a patented system, method or process may occur across multiple server locations and involve multiple parties. If no single party is responsible for all infringing activity, then there may uncertainty as to your ability to obtain relief.
In Canada, as a specific example, courts appear open to the idea that the collective actions of multiple parties—whether cooperating explicitly or by tacit agreement—may constitute patent infringement (termed “infringement by common design”). However, to date, no Canadian court has found infringement on these grounds.
Territoriality raises additional considerations. The risk of infringement occurring entirely in another jurisdiction can be addressed by filing your patent application in multiple jurisdictions. Alternatively, you could file a single patent application under the Patent Cooperation Treaty (PCT), which grants applicants the option to seek protection in all PCT member countries.
However, the extent of patent protection is less certain where part of the infringing activity occurs in one jurisdiction and another part occurs in a different jurisdiction. Even if your invention is patented in each jurisdiction in which part of the infringement occurs, your legal recourse may be limited depending on the nature of your invention and the laws of the country in which you pursue enforcement.
Finally, copyright infringement of material stored in the cloud also raises territoriality concerns. Although various international agreements provide that the copyright in a work created in one member country is enforceable in others, there are still differences in the copyright laws of individual jurisdictions – activity that infringes copyright law in one member country may not infringe copyright law in another.
For example, if the unauthorized reproduction of a copyrighted work involves data located in multiple jurisdictions, there may be uncertainty as to which jurisdiction’s law should apply and whether the reproduction ultimately constitutes infringement.
If you are concerned about intellectual property issues relating to cloud computing, you should retain professional counsel with expertise in intellectual property law. Professional counsel can provide proper guidance on obtaining and enforcing intellectual property rights, including how to address the uncertainty and complexity of cloud-related matters.https://www.heerlaw.com/appointment
Although cloud computing introduces challenges for intellectual property protection, these challenges need not impede your adoption of cloud-based technology or your ability to assert your intellectual property rights.
ABOUT THE AUTHORS: Christopher Heer and Sarah Halkyard
Christopher Heer is the owner and founder of Heer Law. He is an intellectual property lawyer, registered patent agent, registered trademark agent, and is also certified as a specialist in intellectual property law (patent) by the Law Society of Ontario.
Sarah Halkyard left a career in software engineering to pursue intellectual property law to help innovators protect their creations. She studies law at the University of Calgary. She is a member of the International Law Society and the Association of Women Lawyers.