We own our business data...right?
Customer lists, supplier contacts, raw data – you “own” that stuff, right? Well, as it currently stands, maybe not…
Every day, we help businesses to manage their intellectual property (IP) rights. Generally, IP rights can be owned by a person or business, just like tangible property. While their uses and methods of protection may be different, IP rights (e.g trade marks, copyright, patents and designs) can all be owned and sold in the same way you own and sell inventory or equipment.
However, it is easy to fall into the trap of thinking that all intangible property will be considered a legally protected IP asset. The main area of concern for businesses is “data”.
“Data” can be many things in a business – customer lists, supplier contacts, raw information collected from instruments, financial figures and general purpose databases. The protection of this kind of data is vital to a business retaining its competitive edge. But as the law currently stands, data does not attract the same protection that copyrighted works do.
There have been two key cases in Australia on this point: the IceTV and Phone Directories cases. The most recent of these cases, Phone Directories (a 2010 case), found that no copyright exists in the White Pages and Yellow Pages directories, and thus the re-use of data from those directories by a third party did not constitute a breach of copyright. However, the effect of this decision reaches far beyond just telephone books.
It was stated in the case that:
“The name and address of a [person] does not relevantly “originate” with an employee who takes a note of these details from the [person]. This information is factual in its nature: it is not “created” by the person who merely records it”
What this shows is that no matter how much time and effort you may have expended in collecting certain information, the mere act of collecting and storing in a database is not sufficient to give rise to copyright protection. The case further outlines a rough test for whether copyright will apply to a compilation:
- was the work not simply a copy of information that already exists;
- was the work actually created by a human;
- was the work created through a process of independent intellectual effort by the author/s?
What does this mean for my business?
While we hope it never happens, many businesses will experience a data-related incident at some point. Whether it is a recently terminated employee downloading data before leaving, a competitor nosing around, or computer hackers stealing information, the misuse of a business’s data can be a destructive event for all involved.
Unfortunately, Australian law does not yet provide a clear method of protection for data in the same way that trade marks, patents or copyrighted works are protected.
Therefore, businesses need to take practical steps to protect their data, by:
- ensuring employment contracts contain sufficient confidentiality provisions;
- allowing employees to only access data that they need to access;
- keeping their IT security systems up-to-date; and
- ensuring important data is not available publicly unless necessary.