Protecting intellectual property in collaborative environments

As products become more complex, firms need to collaborate more with each other and also with their clients to be able to deliver new more capable systems. The need for collaboration centrally involves the sharing of information, ideas and designs. Information and communication technologies (ICT) have become powerful tools to facilitate collaboration among firms, and between firms and their customers. They can enable increased productivity, allow for streamlined management of joint projects, and help research teams to communicate and share information.

At the same time, knowledge assets are becoming increasingly important in determining firms' competitiveness. With firms investing large amounts on research and development and depending on innovation for their survival, the knowledge-based assets - intellectual property (IP) - thus generated are increasingly valuable. These two trends can collide.

The same tools that make it easier to collaborate may also endanger the firm's control over the designs and technology that it has generated after much effort. In other words, collaboration may jeopardise the protection of intellectual property. This article addresses the challenges to the management of knowledge assets that collaboration between organisations can generate, particularly when such collaboration is facilitated by the use of ICT via 'shared digital environments' (SDEs).

IP can be defined as any legally protected product of the intellect that does not exist in a tangible physical form and yet may have commercial value. Information is IP, if you think of it in terms of 'data that makes a difference' to corporate performance.

The effective management of IP can yield significant benefits. For instance, protecting IP can help a company gain competitive advantage through a temporary technological lead, or it can raise entry barriers for market followers. Intellectual property can provide sustainable business advantages, because unlike material assets, which decrease in value as they are used, IP assets often increase their value with use.

Protecting IP should not therefore be seen as a specialised function better left to IP specialists such as patent attorneys and copyright experts. Instead, it should be seen as an important element of corporate strategy.

When different organisations collaborate in the development, manufacture and support of complex products, the use of advanced ICT can greatly facilitate this process, through the creation of shared digital environments.

However, managing IP in SDEs poses problems that are different in nature and scope to those of managing IP within individual firms. The whole idea of SDEs is to make it easy to use, replicate and access information. Data is stored and accessed through a system over which the original owner of the information may have little control. This can increase the risk of data that conveys valuable IP leaking to competitors. However, ICT can also offer tools for tracking and managing the use of IP, providing a key tool for helping to protect it.

Three key challenges for protecting IP within SDEs

Dealing with 'background information'

Background information refers to the wide range of pre-existing proprietary information that a company brings to a collaborative project. These will need to be integrated with technology brought by other firms or specifically developed for the project, so other firms may need to have access to such background information. By sharing background information through SDEs, firms run the risk of inadvertently leaking commercially sensitive information. Such information not only includes technical data about specific components, but also designs, design techniques or other processes that are not usually protected through a patent, but rather through being kept secret.

Access to draft results

Another potential problem relates to the early release of 'foreground information': information developed during the course of the project. This is a concern that applies particularly to the use that the client may make of information to which it can have access by virtue of its participation in the SDE. The client is likely to have rights of use over such foreground information whenever it has funded its development.

The concern from the point of view of the contractor who has generated the information relates to the possibility that, through an SDE, the customer may access data that is still being worked on. This raises two potential problems:

• First, work-in-progress foreground information may include commercially sensitive information on company techniques and processes that will not be present in the final data packs delivered to the customer.
• Second, there may be liability issues derived from the customer accessing and using data that is still in draft form but that may not be ready to be delivered to, and used by, the customer.

Divergent legal and regulatory contexts

In projects involving partners in different countries, systems for controlling access to data via an SDE may have to cope with different legal and regulatory requirements. Collaborating companies have to ensure that access by other partners to data on an SDE does not violate national export control regimes.

Furthermore, the IP regimes of collaborating partners may be different from each other, thus making the situation even more complex.

Establishing corporate-wide IP management policies

Before firms become involved in the use of SDE in collaborative projects, they need to be clear about their approach to protecting their IP. Any approach to protecting the firm's IP within a collaborative environment is unlikely to succeed in the absence of a clear corporate IP management strategy.

Despite the widely acknowledged importance of IP, most organisations do not have a strategic approach to protecting their IP, and senior management often lacks commitment to this vital challenge.

An IP management policy should establish company-wide procedures for identifying and using corporate IP, whether it is formally protected or not. Any corporate IP management policy needs to sit at the interface of IT strategy, commercial and contractual policies, and engineering and design practices.

Awareness of the importance of IP management has to permeate the whole organisation.

Four key features are needed to nurture a culture of IP protection:

• leadership from the top;
• the continuing development of a coherent strategy;
• communication of the strategy and its procedures, and;
• company-wide accountability for protecting IP.

Training in the use of the various technical applications and procedures for IP management is one way of communicating management's commitment to IP management. Training in, and induction to, the firm's procedures for protecting IP is likely to be most effective when accompanied by the development of an 'accountability culture' - making the protection of IP a responsibility for all concerned. Importantly, training has to be conducted systematically as part of a company-wide policy: training sessions conducted on a project-by-project basis cannot substitute for a comprehensive program.

Senior management needs to realise that IP should be viewed as an asset that needs to be protected by a thorough strategy. It needs to develop a firm familiarity with the IP issues raised by the growth in collaborative work, and make IP management a strategic management priority. These actions will be instrumental to effective and successful IP management throughout the organisation.

The importance of top-level commitment to corporate-wide IP management policies cannot be emphasised enough. This is the bedrock of IP protection on which any involvement in SDEs must sit: the main responsibilities for establishing effective ways of protecting IP in SDEs lie with senior management.

Safeguarding intellectual property in shared digital environments

Firms need to pursue deliberate policies in order to protect their IP when becoming involved in collaborative projects, especially when projects involve the use of SDEs. There are various things that firms can do in order to protect their IP in such situations.

Using available contractual tools

Contractual conditions may help in IP management by clarifying the rights of all partners to a contract, including those in charge of establishing the ICT infrastructure on which an SDE will rely. Contractual requirements can be quite specific, defining, for instance, procedures and rules regarding the management of the SDE, and the marking and segregation of the data the SDE contains.

Achieving clarity from the start

With appropriate investment, ICT networks not only facilitate collaboration within and across organisations, but also provide tools for improved IP management. They can achieve this through the capacities they can provide to audit and trace large amounts of technical documents. Existing tools are already quite robust, but several problems remain with their use.

Collaborating firms

The biggest challenges to collaborative IP management in an SDE are:

1. Agreeing on the ICT tools that are to be used to monitor and track the information shared through the SDE;
2. Agreeing on how to use these tools - establishing strict user procedures on data sharing, access to, and control of, the use of data; and,
3. Managing the SDE system throughout the collaborative partnership - establishing procedures to ensure continual robustness of the system, its security and functionality, and adherence to user procedures.

Managing data sharing in SDEs: two models

There are two main models that can be followed to set up an SDE. One approach is to segment the data in the central database into different folders. Each participating organisation will have access only to its own set of folders. This can slow down collaboration among suppliers, however. If a company needs data from another supplier, it will have to request it from the SDE manager who, after following an established set of procedures, will 'post' the information in a folder accessible to both suppliers. These approaches are operationally cumbersome and could cause data replication across folders.

The danger with data replication is data fracture; that is, the data in one folder could be changed or updated without the same data being changed in another folder, thereby ending in two versions of the same data.

The alternative is to administer the system by tagging each data element with information including its origin, commercial confidentiality markings, and security and other access restrictions, and then linking the access rights of individuals to the tags. This requires a parallel identity and access management system, in which all individuals must have proof of identity to log on to the system. Access will depend on the individual's organisation, role within the organisation and any other factors, like nationality, with a bearing on the definition of his or her access privileges.

Such a 'data level' management system would allocate access rights automatically thus eliminating the need for a manual management of access privileges. The building blocks (technologies and procedures) to set up such a system exist.

Technical solutions are not a panacea. To implement effective IP management, both public and private organisations must be clear about what IP they seek to protect, how to protect it and the corresponding risks in the absence of effectual IP management. Indeed, we have already learnt that while there are systems to monitor and track the information shared through an SDE, strict procedures on data sharing must be established. Such procedures cannot be effectively established in the absence of commitment from senior management.