MANAGING RISK AND PROTECTING INTELLECTUAL PROPERTY

The knowledge economy places a great onus on business leaders to assess and protect their organizations’ intellectual property. Yet throughout the public and private sectors, whether it is the world’s best-known consumer brand or Canada’s official symbol of citizenship, the protection of intellectual property is one of the least-appreciated areas of corporate governance. The issue has dramatically influenced the demands of clients in my own firm, where the practices of competitive intelligence, business investigations and market research are converging on a priority that is of international concern—valuing and protecting intellectual property. In this article, I outline the problem and suggest how corporate directors can avoid, reduce or mitigate the risks to intellectual property.

BACKGROUND

Just what exactly do we mean by intellectual property (IP)? Lawyers will say that IP means trademarks, patents and copyright and trade secrets. But those are just paper assets. Intellectual property is also the brainpower that inspires, produces and maximizes the value of those assets.

Intellectual property defines who you are as an organization and what you will become in the future—your reputation, brands, strategies, research, decision-making processes, software, client lists, e-mail communications and, not least, the employees who ride the elevators at the end of the day.

We seldom appreciate the scope and diversity of properties that require vigilance and protection, which is one reason why attacks on intellectual
property sneak up on us in subtle, clever and sometimes devastating ways. Every media day brings another example of the vulnerability of our
companies, governments and educational institutions. For example, in January 2001, Quebec taxpayers learned what it cost the public treasury to bring back university professors who had been leaving for the U.S. in worrisome numbers. A great political controversy ensued. This year, all of us will learn what equity there is in the name Toronto Hydro, when the utility goes head-to-head with retail competitors in the newly deregulated electricity market. And a read of investigative journalist Stevie Cameron’s recently released book The Last Amigo will have you wondering just how well we understand the need for governance of proprietary information in Crown corporations.

WHY WORRY ABOUT INTELLECTUAL PROPERTY?

There are at least three reasons why the protection of IP needs to be on the agenda of business leaders.

1. Intellectual Property is far more vulnerable than most organizations realize. According to the American Society for Industrial Security, the theft of IP cost North American businesses and taxpayers over $300 billion in the year 2000 (all amounts in U.S. dollars). A researcher for Fortune magazine estimated that 10 to 30 per cent of China’s entire manufacturing economy thrives on producing knockoffs of brand-name articles produced in other countries. If you are a producer or licensing agency for pharmaceuticals, foods or beverages, the value of your good name is at tremendous risk if people are poisoned by counterfeit products.

How did we become vulnerable? Perhaps it is because we don’t identify the risk to IP at a strategic level; perhaps it is because we don’t measure that risk. It is true that you can’t manage what you don’t measure. For example, does your corporation know the quantitative value of its brand equity? Does it know the quantitative impact of losing a key employee? It is certainly more than the cost of recruiting her replacement. Is IP on your list of due diligence items when considering the purchase of another company, or the value of privatizing a public entity? In my experience, most lists do not include it.

2. Counterfeiting is escalating at an alarming rate, due mainly to our growing reliance on computers and the internet to communicate.

3. Board members have a distinct responsibility to analyze and mitigate risk on behalf of shareholders. This is specified in the Toronto Stock Exchange’s guidelines on corporate governance. In 1999, a scorecard prepared by Decision Resources Inc., and issued by the Exchange, reported that four in 10 publicly listed companies had no risk management process in place. It also reported that risk management was one of the least-developed governance activities in the more than 600 organizations that had been surveyed.

What about those who do comply with the risk management guidelines? It appears from the TSE survey that there is no commonly accepted definition of risk management, even among those who practise it. Each company interprets it for its own purposes. Most focus on financial investment risks and the opportunity to hedge against currency and interest fluctuations, and fluctuating raw material costs. I am not aware of any corporation that has a risk management program for all of its intellectual property.

VULNERABILITY

How is your organization vulnerable? The most obvious place is your computer network system. Remember May 4, 2000? Some of your own employees no doubt staggered in on May 4, still groggy from a memorable date the night before, only to find an e-mail entitled “I love you.” As one of my own employees told me, “What unmarried guy under 30 wouldn’t have opened it?” That was the I-love-you virus, travelling with wicked speed through companies’ entire communication systems. Organizational leaders assume that their systems are secure because the people who sold you the security software told you it was. I doubt that such blind faith constitutes due diligence.

Electronic jokes and greeting cards, cheerfully forwarded from one employee to another, can install cookies on your computers that allow the originator to read everything typed in real time on any computer that accepts it. Technology allows vans to park outside your building and intercept all computer transactions. Laser microphones can be beamed at your office window from across the street, allowing your meetings to be “bugged” without anyone entering your building.

This high-tech glamour spotlights only one small pocket of vulnerability.

It is extraordinarily easy and commonplace for secrets to be stolen without hacking into your computers, simply by listening to people talk. Corporate spies, operating legally, get the best results by talking to your people. They take tours of your plants. They pose as potential customers. They go to the seminars you go to. They join your golf club. They date your employees. And don’t look for criminals in trench coats. There is an international professional organization called the Association of Competitive Intelligence Professionals, the majority of whose members are upstanding corporate employees. Only a few years ago, a credible story broke in the international media accusing the French government’s intelligence agency of installing listening devices in the Business Class section of international Air France flights. My colleagues and I have been hired during hostile takeover negotiations, or during acquisition investigations, to find out undisclosed information about a target company. “How do you get that kind of information?” people ask. Well, we just call up the company and ask someone we know.

Assaults on intellectual property happen around us every day. We may miss the big-picture theme, because each incident is in its own fascinating world of circumstance. To get the big-picture idea, consider intellectual property as consisting of four different types of assets: reputation, patents, copyright and trademarks.

1. Your organization’s reputation is perhaps the most intangible, least visible, and most vulnerable asset of your intellectual property. The Tylenol tampering disaster in the 1990s still lingers in the public’s memory. Perhaps you also remember the blind-side impact on Titan Technologies in the summer of 2000. Certain unethical short-sellers posted false and misleading rumours about this high-tech San Diego firm on Yahoo.com, sending the company’s stock value plummeting by $1.3 billion in a few short weeks.

2. In the area of patents, the application to patent a chemically altered little rodent called the Harvard Mouse was met with controversy and opposition in the courts. The application succeeded nonetheless. All such higher life forms are now eligible for patent consideration. Think about the new options available to your human resources manager.

3. In the area of trademarks, Canada Post is under constant attack by organizations wanting to use the word “mail” in various contexts. Canada Post seeks to protect its monopoly business domain for all things concerning the transport of public mail. In court, it recently succeeded in stopping another company from offering a service called video-mail. It has been less successful in preventing use by others of the word “e-mail,” or the name MailBoxes Etc.

4. In the area of copyright, one of the musicians in singer Sarah McLachlan’s band expressed surprise at being shut out of royalties for her songs. He observed that he had created some of McLachlan’s songs and felt entitled to a portion of the royalties. The evidence was weak and he missed the boat.

Clearly, surprises lurk around every corner when it comes to protecting the intellectual property that organizations believe rightfully belongs to them, and which increases its material value.

THE RESPONSIBILITIES OF DIRECTORS

There are three major steps that corporate governors can take to avoid, reduce or mitigate the risks to intellectual property.

1. Appreciate the materiality of the risk, and get a handle on measuring its components. When it comes to measuring the value of IP, there is a growing field of expertise, which borrows heavily from the social sciences. It recognizes that customers will ultimately decide how much value accrues to your IP, given the quality of your people, reputation, brands, proprietary products and services and corporate standards. The true value of intellectual property, when measured accurately, is likely to be much greater than that ascribed to it by the traditional accounting calculation of goodwill on the balance sheet. The first step for an enlightened organization, then, is to obtain a management and market audit of its intellectual property.

2. Insist that vigilance be institutionalized by monitoring the worldwide marketplace, auditing all security and confidentiality protections in the organization, and making security expectations clear to all employees. (Let us hope we will not see a repeat of the occasion when a CSIS employee allowed her briefcase to be lifted from the trunk of a car during a hockey game.)

3. Develop and have in place rapid response procedures to mitigate risk when theft or abuse of intellectual property occurs.

These are procedures that call for a change in culture, a transformation as profound as the shift to a customer-oriented culture that many organizations went through in the previous decade. It is an orientation to alertness, protection and swift action. The commitment to make it happen, like all leading-edge organizational changes, has to come from the top. If you are a director, it is more than a commitment. It is an obligation to shareholders.