"How can my intellectual property be protected when outsourcing?"
"How can I feel secure about my business secret when working with an outsourcing vendor?"
These are common questions people have when they first work with an outsourcing software development company. If you select the right trusted software development partner, you don't need to worry about having your ideas stolen.
Gaining our clients' trust is one of our top priorities while working on an outsourced project. That's why we've prepared a list of actionable items regarding intellectual property (IP) to make you feel more secure about partnering up with an outsourced software development company.
An overview of intellectual property rights
What are intellectual property rights?
Intellectual property involves a collection of intangible assets owned and legally protected by a person/company from use by others without consent. In outsourcing software development, these assets could be business processes, inventions, source code, UI/UX design, specifications, employee details, and even customer data. Most intellectual property legal rights expire after a certain period of time. Everyone may use them without restrictions if the holder doesn't renew their IP rights.
Types of intellectual property rights
Although there are many different types of IP rights, in this blog scope, we will mention four main categories of IP rights, consisting of patents, copyrights, trademarks, and trade secrets.
- Patents: According to the U.S. Patent and Trademark Office (USPTO), a patent is a type of limited-duration protection granted by the Government for a person/company to exclude others from offering for sale, making, using, selling, and importing an invention. An invention (or discovery) is a solution to a specific technological problem, which may be a product or a process. More importantly, it needs to satisfy three main criteria: it has to be new, not obvious and have industrial applicability.
- Copyrights: A copyright is a type of IP protection that gives the creator of an original work exclusive rights to it for a limited time. Copyrights can also protect your software code, the images, texts and videos on your firm’s website, or in sales materials, manuals, customer databases, suppliers’ lists, and other databases. You should keep in mind that copyright doesn't cover the idea and information itself but only the form or manner in which they are expressed. Although you don't need to register to own a copyright, it is required if you want to sue for copyright infringement.
- Trademarks: The legal recognition of trademarks includes safeguarding your company's brand, logo, business name, domain name, slogan, and even sounds or expressions from use by others. It helps to distinguish your product/service from similar products/services of other competitors in the market.
- Trade Secrets: Trade secrets refer to critical, confidential information because they help business owners make a significant amount of profit and give them an edge over their competition in their industry. This information can involve technical data, user data, internal processes, research data, patterns, and techniques that are not in the public domain. No formal government protection is granted; each business is responsible for guarding its own trade secrets. The Google algorithm and the Coca-Cola recipe are two well-known examples of trade secrets.
What are Intellectual Property Risks?
IP is one of the most valuable assets of any organization. When you transfer your IP, covering the idea, know-how, source code (if it exists), hardware, and any information necessary to a potential external partner to build new software, it likely poses risks. Let's take a look at the table of IP risks below.
|Internal IP risks||External IP risks|
- Patent registration: The first IP risk with software development is the likelihood of failing to register a patent. Due to strict U.S. instructions on patent eligibility, it is getting more challenging to get a patent for software solutions. Many organizations are working to address problems related to their solutions and build their invention differently from others to qualify for patent registration. Otherwise, they can lose their exclusivity and a competitive edge when their product is released to the market.
- Unauthorized disclosure by employees: From within the organization, this is owing to employees' negligence and lack of awareness concerning intellectual property. Employees could also deliberately transfer, misuse, or sell the valuable intellectual property of a firm to competitors, such as its software code, confidential information, or customer lists.
- Soft IP risks: These arise from 'soft IP', such as trademarks, copyrights, and domain names. One of these risks is a business hasn't yet registered its trademarks or domain names in its country of operation from the initial stages. Defending the company's intellectual property becomes challenging if other companies utilize these brand names. Cybersquatting is another risk with domain name registration. You should defensively register similar, identical, or dilutive domain names as yours to prevent this risk, e.g., starbucks.com vs. starbuck.com or startbuck.com.
- Failure to meet renewal deadlines: IP protection is not perpetual everywhere around the globe. Protection must be renewed according to the law at set periods. When the time comes, IP owners who don't renew the registration of their rights to protection risk losing the protection they have so far had.
- Flaws in drafting IP rights: One critical internal IP risk is the flaws in drafting limiting IPRs' enforceability. For example, startups often lack funding and are likely not to allocate enough resources for IP filings. As a result, they will try to manage the costs by either trying to draft application documents in-house or opting for cheaper but unqualified outside service providers. This leads to a poorly written IP that uses conflicting terms and even has legal invalidity, leading to cause unintended results in a suit.
- Inherited risks: Organizations involved in business combination arrangements like takeovers, mergers, acquisitions, etc., are prone to this category of risks. When companies need to consider acquiring, taking over or subsuming another entity, they should be concerned with due diligence on the entities' IP or exposure to 3rd party owned IP. This way, you can avoid IP risks without acquiring huge financial implications.
External IP risks
- Open source software licenses: The IP risk related to computer software is using available source code with a public license. The copyright owner has the authority to issue a license to study, modify, or distribute the program. Copyright infringement can happen when a programmer utilizes open source software without adequately crediting the creator or otherwise violates the license terms and restrictions. Thus, your vendor needs to ensure that they have not infringed on the IP of open source software by putting it into your software if needed.
- Infringement of the company’s IP by third parties: The primary risk that an IP owner faces is that of third-party infringement (whether the other party owns or does not own any IP). It may originate from entities like IP holding companies, patent assertion entities, non-practising entities (NPEs), and others. The party engaging in the infringement capitalizes on the goodwill of the IP owner for its own gain. Meanwhile, the legitimate IP owner may suffer from poor sales and reputational damage due to sub-standard products in the market.
- Activities of contractual partners: In some cases, many businesses enter into a contract with suppliers, developers or even collaborate with other organizations to develop a specific project. One or more of such partners might have used the IP of another company in an unauthorized manner, thereby exposing the other partners or the eventual owners of the project to liabilities. It is essential to carefully analyze every contract forming the basis of involvement with other partners. This way, you can ensure that it has suitable provisions on IP, its use, ownership, and even indemnity against unexpected infringement actions.
How to protect your intellectual property when outsourcing software development
Do your due diligence on a vendor
It is essential to conduct due diligence on a software development vendor before agreeing with them, especially if working with contractors overseas. Choosing a good software outsourcing partner is a many-step procedure. Below are some suggestions to help you find an outsourced contractor that fits your needs and protects your trade secrets:
- Examine the vendor's reputation, technical resources, and compatibility with your corporate culture. You can find them based on their website, portfolio, testimonials, and past clients' references via well-known platforms like Clutch.co, GoodFirms, and so on. Reputable vendors will have no issue providing you with all the details you request.
- Examine the vendor's ability to protect intellectual property against accidental, negligent, willful misappropriation, misuse, sabotage, loss, or theft.
- Talk to the vendor about its data security, intellectual property protection program and its references. In addition, you should confirm the vendor's internal processes to ensure whether they sign any subcontracted to a third party and, if so, they need to take measures to protect your IP.
- Consider how your IP will be protected by the laws of that country and the legal remedies available to you for the breach of your IP rights, especially if working with contractors abroad.
- Discuss with the legal representation of the vendor online to ensure you are speaking with the right person and that they are an authorized representative with the power to act on behalf of the organization you deal with.
- Visit the vendor's place of business to physically confirm security measures are in place if at all possible and build a strong relationship with the vendor.
Sign a Non-Disclosure Agreement (NDA) with the vendor and their employees
When you're developing software, signing a non-disclosure agreement (NDA) from the get-go can be an additional layer of protection that guarantees that all shared assets will remain confidential between you and your service providers. Also, vendors typically have a back-to-back NDA signed by their employees, who have access to your source code and other IP assets. Hence, they know what cannot be shared or kept by them, including software development and technical data, to third parties. An NDA is a great way to protect intellectual property, as it can be enforced even after the project has been completed.
Use the legal framework applicable to IP in your country
The legal framework and available measures to protect intellectual property rights differ from country to country. For example, companies in the United States must adhere to both the Constitution and the rules set out by the U.S. Patent and Trademark Office (USPTO) and the U.S. Copyright Office. Meanwhile, European Union countries must comply with the EU Directive 2004/48/EC on IP. Or businesses in Canada must follow the Canadian Intellectual Property Office (CIPO) on the enforcement of IP rights.
It's crucial to pay attention to the legal framework of the country where the vendor operates and understand how your intellectual property rights will be handled. Thus, it is advisable to seek legal counsel or choose a trustable software vendor before executing an outsourcing agreement.
Draft a comprehensive Master Service Agreement
A master service agreement (MSA) is when two parties agree to a contract that will settle most details and expectations for both parties. It covers the scope of services, the terms of a partnership, each party's commitments, Payment conditions, Terms of termination, IP provisions (ownership, disclosures, etc.), Dispute resolution, Liabilities and liability indemnification, Warranties/guarantees (if applicable) and many more.
Without an MSA, customers and the business can still handle problems, but there are big concerns that might derail the contract. Drafting an MSA before a specific contract enables companies to focus on their contractual issues and facilitate easier contract negotiations, like the time frame and the price, for when the contract arises.
Inquire about how a potential software vendor operates
You need to verify your software development vendor to ensure their IP procedures are safe and trustworthy. The questions listed below can help you identify whether your vendor follows the proper processes that will protect your IP:
- What agreements do they have in place with their employees and consultants?
- Is any of their work subcontracted? If so, how do they safeguard their IP?
- Do they use the proper online tools for project management?
- Where do they store their servers and source code? Is there a backup support mechanism in place if something happens at a local office?
- How do they communicate and share documents as a team?
- How do they ensure that data and documents are taken from employees who leave the company?
- Do they permit employees to use their personal devices and email, or do they require staff to use just company-authorized resources?
- What security policy applies to laptops and internet access?
- Are there policies in place for remote workers?
Restrict server and data access
Another way to protect your IP when outsourcing to other parties is to limit server and data access. You should ensure that data is kept on your servers and doesn't reside anywhere other than your cloud. Before the project kicks off, transition processes should also be discussed, e.g. source code needs to be stored on your company's account on GitHub, Gitlab, BitBucket, or other similar platforms. Limiting server, API, and data access allow the development team to work remotely via your cloud services and access what's necessary to accomplish the requested tasks. More importantly, you also can closely watch everything they do and have documented proof of the security or data breach.
How we protect our client's IP at Enlab Software
At Enlab, we take the client’s confidentiality, intellectual property, and data security as our topmost priority.
In terms of ownership, the client is the only one having ownership rights to the software, the code, and the design. We always ensure that your source code and data are stored on the cloud or your servers.
When it comes to data privacy, we only use customer data to the extent required to plan and execute the project. Appropriate security policies and techniques are implemented and followed to secure your data. Non-disclosure agreements (NDA) are signed along with the contract before going into the project. We are obliged not to disclose your data to third parties without written consent from your side. Every client is welcome to visit our office to inspect the security environment.
Regarding security procedures, we work towards preserving any exchange of information performed during the project as confidential and bound to that project. Our data security and protection procedures include:
- A dedicated private network.
- Remote access to the client’s servers.
- Project-based IP segregation.
- In-house information security policies.
- Regulations awareness and compliance.
We will also adhere to your privacy policies and regulations. Besides, we develop and continually update the plans on how to manage compliance breaches and educate our employees on how it is critical to comply with the clients’ security regulations.
The corporate world is evolving. Whether companies are a start-up or a vast conglomerate, they are now relying on their intangible assets for growth and survival. As a result, it is not surprising that most businesses no longer underestimate the value of intellectual property in their financials. When outsourcing software development worldwide, protecting your company's intellectual property is critical. Your IP matters, but trust matters more— we know this. So, we always encourage our clients to take the appropriate legal steps to ensure their rights are adequately protected. We hope this sharing can help you understand more about intellectual property and step-by-step to lessen IP risks when working with a software development vendor.
- Andrew Rapacke, 5 Ways To Protect Your IP When Outsourcing Development, arapackelaw.com, 2021.
- Tomasz Bąk, How to Protect Intellectual Property when Outsourcing?, www.softkraft.co.
- Jason Chow, 5 Ways to Protect the Intellectual Property of Your Software, youteam.io, 2021.