ip and privacy issues

1

Breakfast for the Mind: IP & Privacy Issues

2

Key Licensing Terms ‐ Practical Tips for Licensors and LicenseesPresenter: Marlon Rajakaruna, Partner

http://www.fmc-law.com/People/RajakarunaMarlon.aspx

3

Tips on how to Ensure Your License Properly Addresses your Business Needs

4

Licensing ‐ General

• A license agreement involves granting someone rights to do certain things with something you own or have a right to pass on.

• In a license, a subset of rights is being provided to another on a temporary and restricted basis.

• Licenses are a mixture of two distinct legal regimes – the law of Intellectual Property (IP) and the law of contract

5

Types of Licensing Arrangements –Common Agreements• End User License Agreements (EULA)

• Distribution, Reseller and Value Added Reseller (VAR) Agreements

• Original Equipment Manufacturers (OEM) Agreements

• Development Agreements

• Cross‐Licensing Agreements

• Open Source Agreements

• Clinical Trial Agreements

6

Example

• An example of a license grant:– “ABC hereby grants, under all of its Intellectual Property Rights and

know‐how, a (non)‐exclusive, personal, non‐transferable, (non)‐sublicenseable, royalty‐free/royalty‐bearing, fully paid‐up, perpetual (for the term), irrevocable license to XYZ to [use, reproduce, display, perform, modify] the Software solely for the purpose of _______.”

7

Ensuring Your License Addresses Your Business Needs1) Know who you are dealing with

‐ Litigation and insolvency searches

‐ IP searches

‐ Internet

2) Describe what is being licensed – it is more than simply Schedule A

3) Beware of using U.S. or other foreign terminology indiscriminately if the license is for use in Canada

8

Ensuring Your License Addresses Your Business Needs4) Specify the rights being granted. Avoid simply stating that the Licensee can “use” the subject matter of the license

5) Include a present tense positive grant of rights: “hereby grants” instead of “will grant” or “agrees to grant”

6) Identify if the Licensee can transfer the license to a third party

7) Identify any compensation to which the Licensor is entitled

8) Exclusive vs. sole vs. non‐exclusive?

9

Ensuring Your License Addresses Your Business Needs9) Length of license: Is it “perpetual” ‐ or for a set period of time?

10) Is it “irrevocable” or are there certain circumstances when the license can be revoked?

11) Consider appropriate restrictions on the use of the subject matter

12) Restrict the Licensee’s ability to reverse‐engineer or disassemble the product licensed to the Licensee

13) Reserve any rights not expressly granted

10

Negotiating a Reasonable Allocation of Risk

11

Negotiating a Reasonable Allocation of Risk• There are 3 main sections in a license agreement that cover allocation of risk:

– Indemnification– Limitation of Liability– Insurance

12

Indemnification

• Indemnity: an agreement to cover another party’s costs, damages and expenses for certain acts.

• Licensee will seek, and most Licensors will be willing to provide, an indemnity against claims that the licensed IP or technology infringes or misappropriates a third party’s IP rights.

• Indemnification can also be sought for:– Product liability claims– Open source contamination– Personal Injury and tangible property damage– Breach of license agreement

13

Indemnification

• Exceptions or limitations to indemnity obligations that are commonly sought by Licensors:

– Jurisdictions – Patents – Obligations being subject to prompt notice and cooperation.– Where caused by Licensee’s unauthorized use, combinations, or

modifications– Use of other than a current version

14

Infringement and Continued Use

• Obligation for the Licensor to use some degree of effort to permit the Licensee to continue to use the allegedly infringing technology:

– Obtain a license to allow continued use– Modify the software to become non‐infringing– Provide a full or partial refund of license fees if neither option can be

achieved on commercially reasonable terms

15

Breach of Warranties and Remedies

• Specify remedies and ramifications for failure to achieve warranties

– Credits/Refunds– Remedial action to be undertaken by Licensor or third parties– Replacement of defective products or material

16

Licensee Indemnity

• Licensee can be asked to indemnify Licensor if Licensee’s modifications, combinations or use give rise to the claim

• Where Licensee receives a license to distribute Licensor’s IP, technology or product, Licensee could be required to indemnify Licensor for any unauthorized representations or warranties made by the Licensee

17

IP Indemnity (sample)• 1) Licensor shall, at its expense, indemnify, defend and hold Licensee including its directors,

officers, employees and subcontractors (the "Indemnified Parties") harmless from and against any action, proceeding or claim including all liabilities, losses, damages, costs, accounting of profits, and expenses (including reasonable legal fees and disbursements) associated with such action, proceeding or claim, including settlement thereof by Licensor, made against the Indemnified Parties, by a third party asserting or alleging that the Software, or any use thereof, infringes or misappropriates any patent, copyright, trade secret or other intellectual property right of any third party (collectively, the "IP Rights").

• (a) Licensee shall notify Licensor in writing within a reasonable time after the Indemnified Parties first receive written notice of any claim, action, proceeding or allegation of infringement or misappropriation;

• (b) Licensor shall be accorded sole control of the defense and of all negotiations for settlement or compromise of such claim, action or proceeding; and

• (c) The Indemnified Parties shall cooperate with Licensor in the defense and settlement of such claim, including providing to Licensor, at the expense of Licensor, such information and assistance as Licensor may reasonably request.

• Nothing in this Section 1 shall prohibit the Indemnified Parties' participation, at their own expense and with lawyers of their own choice, with Licensor in the defense of any infringement or misappropriation action should the Indemnified Parties choose to participate in such defense.

18

IP Indemnity (sample) . . . cont’d• 2) In the event that an action is brought against the Indemnified Parties which claims that the

Software infringes or misappropriates any existing IP Rights, or in the reasonable opinion of Licensor it appears likely that such an action will be commenced, Licensor shall, at its expense and without limiting its obligations under Section 1, and with minimal interruption of Licensee’s operation:

• (a) use commercially reasonable efforts to procure the right for the Indemnified Parties to continue to use the Software as contemplated by this Agreement and at no additional expense to the Indemnified Parties;

• (b) if, using commercially reasonable efforts, Licensor is unable to comply with clause (a) above, Licensor shall use commercially reasonable efforts to replace or modify the infringing Software or part thereof, within a time period acceptable to the Indemnified Parties, with other non‐infringing technology or technology components which are functionally equivalent to the infringing Software and which conform in all material respects with the specifications for the Software; or

• (c) if, using commercially reasonable efforts, Licensor is unable to comply with either clause (a) or (b) within time periods acceptable to the Indemnified Parties, the Agreement shall be deemed terminated with no liability to the Indemnified Parties and Licensor shall accept the return of all or part of the Software furnished under this Agreement and refund to the Indemnified Parties any fees paid under the Agreement related to such infringing Software.

19

IP Indemnity (sample) . . . cont’d• 3) Licensor's obligations under Sections 1 and 2 shall not apply to the extent that such

obligations arise due to:• (a) the modification by the Indemnified Parties of the Software or any portion thereof, except

where such modification is effected with the written approval of Licensor;• (b) use of Software outside the scope of use authorized under this Agreement;• (c) the specific use of the Software or any component thereof in combination with other

product(s) or other technology, except products or technology referred to in the Agreement any other documentation that describes the Indemnified Parties' intended use for the Software or in Licensor's applicable specifications or marketing documentation related to the use of the Software; and

• (d) any written designs, requirements, instructions or other input set out in writing by the Indemnified Parties and specifically complied with by Licensor and provided to Licensor by Indemnified Parties hereunder infringe or misappropriate a third party’s IP Rights.

• 4) SECTIONS 1 TO 3 STATE LICENSOR'S ENTIRE LIABILITY TO THE INDEMNIFIED PARTIES FOR CLAIMS BASED ON INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, LICENSOR WILL ONLY BE LIABLE FOR INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS OF THIRD PARTIES WHICH ARE ENFORCEABLE IN CANADA.

20

Limitation of Liability

• Licensor should include a disclaimer of implied warranties and statutory conditions

• Licensors will seek to have their indemnity obligations subject to limitations on liability. Licensees will strive for the opposite

• Licensors may seek to limit direct damages

• Licensors may seek to exclude incidental, indirect or consequential loss or damage

21


• Third party infringement claims that form the basis for indemnification will invariably include claims for indirect and consequential damages

• Possible compromise position: deem costs and damages resulting from an IP infringement or misappropriation claim to be direct damages

• Another possible compromise position: exclude breaches of confidentiality from disclaimer of consequential damages/lost profits

• See sample wording for exclusions ((a) to (d))

22


As Licensee,

• Be mindful that you are more often than not just an innocent party caught up in the web of conflict between others

• Who will a third party pursue?

• Is the Licensor financially sound enough so that it will be ableto honour its indemnity obligations?

23

Limitation of Liability (sample)• Neither party to this Agreement shall be liable to the other for any incidental, indirect or consequential loss or damage arising out of or related to the performance of this Agreement, including, but not limited to, lost profits, lost business revenue, failure to realize expected savings, other commercial or economic loss of any kind even if such party has been advised of the possibility of these losses or damages, and regardless of the form of action, whether in contract or in tort (including negligence); except that the foregoing limitation of liability shall not apply to the following:

• (a) intellectual property rights indemnity provided by the Licensor in Article X of this Agreement;

• (b) disclosure of confidential information by either party or any of its respective employees, subcontractors, vendors or agents contrary to Article Y of this Agreement;

• (c) claims for personal injury or death or damage to real property or tangible personal property to the extent caused by a party's negligence; and

• (d) losses or damages that are recoverable under any of the insurance required under Article Z of this Agreement.

24

Insurance

• Back‐stops some of the covenants of the parties

• Could exploitation of license lead to claims arising from death,personal injury or property (real or personal) damage?

• IP infringement insurance is generally impractical

25

Insurance

• Contractual liability coverage

• Survival

• Notice of Change

• Liability not limited by stated insurance amounts

• Verify insurance coverage

26

Common Mistakes Leading to Erosion of Intellectual Property RightsPresenter: Heather Barnhouse, Associate

http://www.fmc-law.com/People/BarnhouseHeather.aspx

27

Outline

• Due Diligence – understanding what Intellectual Property (“IP”) rights you own:

• Brief breakdown of different types of IP worth protecting

• Some general tips to know what to look for when IP is acquired

• General issues which can lead to the erosion of IP rights:• Cross Border Issues in Contracts Dealing with IP

• Bankruptcy

• Monitoring and Enforcement

28

Why Protect Intellectual Property?

• IP can establish a brand identity for a product or service

• If someone else registers rights in and to IP, prior to the owner registering, the true owner might be prohibited from using that IP in the future – notwithstanding that the inventor/owner created the IP

• It’s valuable – even if it isn’t required immediately, it’s an asset that can be sold or licensed to generate revenue

– However, from a practical point of view, need to perform a cost‐benefit analysis, i.e.: is it worth spending time and money to get a patent on something with no commercial value?

29

What IP Can Be Protected?

• Patents – registered by jurisdiction – registration required

• Copyrights – registered by jurisdiction – no registration required, but puts world on notice of rights

• Trade‐marks – registered by jurisdiction – registration not required, but puts world on notice of rights

• Trade Secrets – no registration required

30

A. General Rule: Patents

The Inventor is the first owner

MAJOR EXCEPTION:– Inventors often assign ownership rights to other entities – No rule requiring an inventor to assign patent rights to an employer– Inventions created or conceived within the scope of the inventor’s

employment

31

B. General Rule: Copyright

• The author of a work is the first owner of the copyright in thatwork (s.13.(1))

• Author is not defined but means the creator of work

• Exceptions to the general rule include:– Work made in the course of employment

• Contract of service = employment

• Contract for services = independent contractor

– Photographs and engravings– Crown copyright

• Registration not required – copyright arises automatically upon creation of work

32

Copyright ‐Moral Rights

• Authors and artists of a work receive rights known as moral rights

– Right to be associated with the work (or the right to remain anonymous)

– Right to the integrity of the work

• Moral rights cannot be assigned, but they can be waived

• Common Trap in IP Due Diligence– IP assignment agreements should deal with a waiver of moral rights to

ensure that the IP that can be assigned is assigned, and that moral rights are waived; otherwise author of work can continue to assert moral rights in and to work that may be transferred

33

C. General Rule: Trade‐marks

• General rule is that trade‐mark owners obtain rights by being the first to use the trade‐mark in a particular jurisdiction

• Registration not necessary to obtain rights in a trade‐mark, but it puts the world on notice of the claim

• Registration is good for 15 years, renewable an infinite number of times

34

D. General Rule: Trade Secrets

• Confidential information that retains its value by being confidential

– Software– Client Lists – Procedures / methods / recipes

• Protection lasts for as long as the secrecy is maintained• In Canada, no statutory rules or protection ‐ any rights or protection comes from contractual arrangements and the common law

• Common Trap when acquiring IP: need to ensure non‐disclosure agreements (“NDA”) are in place to cover the disclosure of confidential and/or proprietary information

35

Trade Secrets in Other Jurisdictions

• Outside Canada, trade secrets can have statutory protection. Many U.S. states have adopted some form of the model Uniform Trade Secrets Act

• The Uniform Trade Secrets Act defines trade secrets as information that: (i) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy

36

Tips to Maintain Patent Protection• Due to cost and time involved in obtaining patent, seek to determine whether patenting is the most appropriate method of protection:

• Software may be protected by patent or copyright– Patents can take up to five years to be processed– Will the software be obsolete in five years?– Protect via copyright and/or by keeping it a trade secret

• Cannot patent scientific theorems

• Must be prepared to invest time and other resources to monitor for infringements, and enforcing exclusive rights during life of patent or value of patent is reduced

• Once patent protection is obtained, the registration agency (CIPO/USPTO) does not undertake any independent monitoring and/or enforcement activities. The onus is on the owner of the IP to perform these functions

37

Tips to Maintain Copyright Protection

• Copyright markings or notices (the © symbol) are not required under Canadian law, but serves as evidence of ownership, brings the concept of copyright to the notice of inadvertent infringers. Notices may be required to maintain rights in some jurisdictions outside of Canada

• Registration of copyright is not necessary, it arises when the work is created. Registration at CIPO does not create any new rights, but creates evidence of a claim of ownership and a presumption of ownership in any copyright dispute. It is helpful in establishing damages to be awarded in any dispute

38

Tips to Maintain Trade‐Mark Protection• Continuous use of trade‐mark, non‐use can cause loss of rights• Use trade‐mark properly – generic use can cause loss of rights• Always capitalize at least the first letter of the trade‐mark• Do not pluralize trade‐marks• Do not use trade‐marks as a verb• Do not change the appearance of a design trade‐mark• Use proper marking (® for registered, TM for unregistered)• No generic use of trade‐mark• No use of the trade‐mark by others without license and control (see s.50(2) presumptions if public notice is given)

• Monitor in‐house and outside use of the trade‐mark• Do not ignore infringements• Maintain distinctiveness of trade‐mark – Distinctiveness is the ability of a trade‐mark to distinguish the products and services of one owner’s mark from those of another, therefore, AVOID CONFUSION!

39

Tips for Protecting Trade Secrets

• Confidentiality clauses and NDAs are crucial to protecting trade secrets– Avoid the mistake of assuming an NDA is “standard” and then execute it

without careful legal review– NDAs should ensure that confidential information remains confidential for an

appropriate length of time– It should also address the return of files, client lists, and other confidential

information upon termination or expiration of the agreement

• Oral disclosures of information, or information garnered by observation, should be addressed in addition to documentary disclosure

– Agreements often require a written summary of an oral disclosure before it is protected as confidential information. This process is rarely followed in practice even if contractually required

40

Protecting Trade Secrets (cont’d)

• Marking of documents can help establish some protection

• Ensure confidential information is only disclosed to individualswith a need to know the information – not a wide distribution

• Internal security procedures are necessary– Physical and network security– Storage of information– Entry and exit interviews– Disclosing information on a need‐to‐know basis– Proper arrangements with independent contractors

41

General Issues to Prevent Erosion of IP Rights• Once a company has rights to certain IP, there are a number of mistakes or pitfalls that can affect or lead to the erosion of the IP rights:

(a) Cross Border Issues;

(b) Bankruptcy; and

(c)Monitoring and Enforcement

42

A. Cross Border Differences in Contracts Dealing with IP • Remember that IP rights are geographically bound ‐ a US patent or trademark license for use in Canada is useless without a corresponding Canadian registration

• Beware of blindly using forms or precedents ‐ to the extent that they originate in the US, they likely will not reflect differences between the two countries' legal systems

• Fighting for an IP infringement indemnity for US patents is a wasted effort when the licensed IP is used only in Canada

• Consider the wisdom of agreeing to US law governing a license where the subject matter is used only in Canada (and thus governed by Canadian IP statutory regimes)

43

Cross Border Differences

• US copyright does not afford the same general moral rights protection (there is some protection in visual arts and state legislation). US agreements often do not address moral rights or improperly include them in IP assignments. Canadian agreements need to provide for obtaining signed waivers from the authors or a representation and warranty from the company that this has occurred

44

Cross Border Differences• Joint ownership has different connotations in the US and Canada

• In Alberta you should be disclaiming statutory conditions, not implied warranties

• The Uniform Computer Information Transactions Act applies in some states and needs to be disclaimed, but there is not a Canadian equivalent

• Shortening a limitation period is commonly found in many US licenses, but is not valid under Alberta's Limitations Act

• Agreeing to comply with applicable US export legislation creates additional liability with respect to laws not otherwise existing for Canadian licensees. US export control legislation may not be consistent with Canadian law or public policy

45

B. Bankruptcy Issues Affecting IP Rights

• A trustee in bankruptcy generally has the ability to disclaim executory contracts – agreements where obligations remain to be fulfilled

• Exclusive licenses are essentially assignments of rights amounting to a transfer of property (and thus out of the bankrupt’s estate)

46

Bankruptcy – US Considerations

• The US has addressed the ability of a trustee to disclaim executorycontracts by amending the Bankruptcy Code. If a Licensor rejects a license, the Licensee can elect to either: (1) sue for breach and attempt to recover damages as an unsecured creditor; or (2) continue to enjoy the license and continue to pay the applicable license fees or royalties (anything requiring action from the Licensor like support or receiving updates and upgrades would cease)

• There are some problems with the US approach – it purposefully excludes trademarks (because ongoing quality control is necessary) and anything requiring positive actions from the licensor is lost, including support

47

Recent Amendments to Bankruptcy Legislation (Canadian Position)• Under recent amendments to Canadian bankruptcy legislation, much of the US approach has been adopted. 65.11 (7) of the Bankruptcy and Insolvency Act reads:

– If the debtor has granted a right to use intellectual property to a party to an agreement, the disclaimer or resiliation does not affect the party’s right to use the intellectual property — including the party’s right to enforce an exclusive use — during the term of the agreement, including any period for which the party extends the agreement as of right, as long as the party continues to perform its obligations under the agreement in relation to the use of the intellectual property

48

Unsettled Points‐ Bankruptcy

• Intellectual Property Rights are not defined, so it is unclear if trade‐marks are excluded as they are under US legislation

• Neither is it clear whether trade secrets are included

• Moreover, the new provisions relate to restructuring, not to actual bankruptcy proceedings

49

Bankruptcy – Consideration for Software

• Escrow agreements provide the source code to software to allow one to fulfill support obligations oneself, but they must be carefully drafted to avoid being disclaimed by the licensor as well (i.e. transfer of ownership, non‐executory). Even if the source code is provided, one needs a license to make use of such code which must also meet the tests to escape the effect of bankruptcy

50

Monitoring and Enforcement

• Remember that CIPO/USPTO are not the IP police – they do not monitor how IP is being used or stop infringement

• Resources need to be devoted to monitoring for IP infringement and/or misappropriation

– Determine who in the organization will be responsible to monitor– Large organizations often will have a watch service to continually

monitor use of their IP

• Cost Perspective– need to factor in anticipated costs/resources to monitor and enforce IP rights once IP rights are established – ongoing and necessary

51

Intellectual Ownership Property IssuesPresenter: Craig McDougall, Partner

http://www.fmc-law.com/People/McDougallCraig.aspx

52

Intellectual Property Ownership Issues

1) When do ownership issues arise?

2) Is ownership necessary? Pros and cons of ownership – are you asking for something that you do not need?

3) Do you own the IP? Think again.– Contractors– Employees– Moral rights

4) Joint and Co‐Ownership – avoid the “can’t figure it out now, we will get to it later" approach

53

1) When do IP Ownership Issues Arise?

• Part of due diligence for financing or acquisition

• Development agreements with contractors

• Development projects involving employees can also raise issues

• Licenses where a licensee may: (i) modify or create derivative works or improvements to the IP being licensed; (ii) integrate the licensed IP into a new product; (iii) or develop new IP using or incorporating the licensed IP

• Cross‐licensing agreements

54

2) Is Ownership Necessary?

• Is IP ownership necessary or even desirable? Ownership may entail onerous responsibilities– Applications, prosecutions, registrations, renewals and maintenance

– Ongoing costs of protecting IP against infringement by others

– Defending against infringement claims brought by others• A sufficiently broad license grant may provide all necessary rights without the burden of ownership, provided that the owner can adequately protect the IP

55

3) Do You Own the IP?

• Answer depends on whether it is protected by copyright or patent, who created it (employee or contractor), and what agreements are in place

• For copyright, the general rule is that the author or creator ofa work owns the copyright in that work. One of the key exceptions to the rule is a work made in the course of employment, where the company owns the copyright in absence of an agreement to the contrary

56


• For copyright, the general rule is that the author or creator ofa work owns the copyright in that work. One of the key exceptions to the rule is a work made in the course of employment (other exceptions relate to photographs, Crown copyright)

• For patents and inventions, there is no presumption that the invention is to be owned by or assigned to the employer. If thisis to occur, it must be pursuant to an agreement between the inventor employee and the employer

57


• Even if a company owns the copyright in a work, it must address moral rights. Moral rights give the author of a work (not the owner) the right to the integrity of the work and the right to be associated to the work by name

• Moral rights cannot be assigned and must be waived by the author. Moral rights waivers should be included in the employee invention disclosure and assignment agreement

58


• There is no presumption of ownership in favour of a company that hires a third party to create something (regardless if it is protected by copyright or patent). Unless the agreement clearly indicates that the company owns the resulting work product, and the intellectual property rights in such works are assigned to the company, ownership of the work product remains with the third party. If the agreement is silent on ownership, at best the company can expect an implied license to use the work product

59

4) Joint or Co‐Ownership

• IP ownership is often a complex and controversial topic in contractual negotiations. To avoid complexity and maintain good relations, parties often agree to avoid the issue by agreeing to joint ownership. However, beware the danger of deferring difficult conversations

• Avoid agreeing on joint ownership unless you also agree on how the joint or co‐owners can deal with the jointly or co‐owned IP. Admittedly in doing so, you will become embroiled in the complexity you hoped to avoid

60

4) Joint or Co‐Ownership

• Be careful when dealing with foreign companies who may be more willing to embrace joint ownership. Their IP regimes may have different limitations on joint owners, or even no limitations

• When dealing with co‐ownership or joint‐ownership at common law, we are generally talking about patents and copyrights

61

4)Joint or Co‐Ownership

• What rights does a party have to use the jointly or co‐owned IP? Is consent required from the other joint or co‐owners to exploit the IP or license it to third parties? To assign all one’s rights to a third party? Is there a duty to account to other joint or co‐owners for such activities?

• In the absence of an agreement detailing the rights, the parties’ rights at law will vary depending on whether it is a patent or copyright, and whether we are talking about Canada or the US (other jurisdictions have rules different from both countries)

62

4) Joint and Co‐Ownership

• Registration and prosecution– Primary and secondary responsibilities– Foreign filings – Costs

• Defense– Primary and secondary responsibilities– Costs

• Enforcement– Primary and secondary (differences in jurisdictions)– Costs and benefits from enforcement

63

Privacy: Business ImpactsPresenter: Tom Sides, Partner

http://www.fmc-law.com/People/SidesTom.aspx

64

Topics

• Cross‐border Privacy Issues

• Managing Privacy Compliance in Business Transactions

• Doing Business with Government: Getting "FOIP'd"!

65

Sources of Canadian Privacy Laws• Alberta Personal Information Protection Act (“PIPA”)

– Purpose : Private sector, provincial legislation that governs the collection, use and disclosure of

personal information (“PI”) by organizations in a manner that recognizes the individual’s right to have

his/her personal information protected and the organization’s need to collect, use and disclose

personal information for purposes that are reasonable.

– BC and Quebec have also enacted private sector privacy legislation

• Personal Information Protection and Electronic Documents Act (“PIPEDA”)

– Purpose: Private sector, privacy legislation that sets out ground rules for the management of personal

information in the private sector. It balances an individual's right to the privacy of personal

information with the need of organizations to collect, use or disclose personal information for

legitimate business purposes. (Applies to federal works, undertakings and businesses, and to private

sector organizations in Nfld., NS, PEI, NB, Ontario, Manitoba, Sask. and the Territories)

66

Sources (cont’d)

• Freedom of Information and Privacy Act (Alberta) (“FOIP”)

– Purpose: Provides individuals with the right to request access to

information in the custody or control of public bodies while providing

public bodies with a framework within which they must conduct the

collection, use and disclosure of personal information.

– Federal Privacy Act and other provincial “FOIP” statutes

• Health Information Acts

– Alberta, Saskatchewan, Manitoba and Ontario – separate legislation

– BC’s PIPA applies to private sector health entities only, while PIPEDA applies to

private sector health entities in rest of country

67

Privacy primer

• “Personal information” – information about identifiable individual

• Consent is key principle – express, implied, knowledge, opt‐out/opt‐in

• Starting premise . . . collection for a necessary purpose• Basic principle: privacy legislation requires that PI not be collected, used or disclosed without that individual’s knowledge and consent . . . except in limited circumstances

• Privacy legislation also gives individuals the right to access and correct their PI held by organizations that are subject to it

• Security safeguards and retention limitations

68

Cross‐border Privacy Issues

69

Canada – PIPEDA

Transferring PI outside of Canada

• The flow of information across provincial and international borders is

governed by PIPEDA, e.g. outsourcing data storage

• Under PIPEDA, organizations may transfer PI outside of Canada

• Note the difference between ‘transfer’ and ‘disclose’. “A transfer for

processing is a "use" of the information; it is not a “disclosure.“

– Important distinction since “disclosure” requires consent

• If transferred PI is not being “used” for the purpose for which it was

originally collected … additional consent required

70

Canada – PIPEDA cont…• Organization transferring PI is accountable for ensuring that the PI is adequately protected

while it is stored and/or accessible by an organization in another country

• Organizations should ensure that the receiving organization has security measures in place to

protect the PI that are comparable to those prescribed by PIPEDA

– Enter into agreement – confidentiality, security of PI, monitoring and ongoing regular audits /

inspections by the transferring organization

• Transferring organizations must advise customers that their PI is being stored in another

jurisdiction and that while stored in that jurisdiction it may be accessed by its courts, law

enforcement and national security authorities

– US Patriot Act concerns . . . but similar rights for Canadian authorities: see Proceeds of

Crime (Money Laundering) and Terrorist Financing Act, the Department of Immigration

and Citizenship Act, and the Canadian Security Intelligence Service Act

71

European Union: Safe Harbor Act / Data DirectiveTransferring personal information outside of the E.U.

• The Safe Harbor Act requires that organizations in the E.U. that send PI (customer data,

employee information, etc.) outside of the E.U. must ensure the receiving country has an

‘adequate level of protection’ in place

• If there is no ‘adequate’ privacy legislation in the receiving state, the E.U. organization is

not permitted to transfer PI

• The privacy standards under PIPEDA are considered adequate for the purposes of the

E.U.’s Safe Harbor Act;meaning PI may be exchanged between E.U. member

organizations and Canadian organizations legislated by PIPEDA

• In Alberta, PIPA is viewed as ‘substantially similar’ to PIPEDA; therefore, it would be

‘adequate’ legislation under the E.U.’s Safe Harbor requirements

72

United States – Safe HarborTransferring PI from the E.U. to the U.S.

• Privacy law in the U.S. is governed by state law, which makes it difficult to

gain compliance under the E.U.’s Safe Harbor Act

• U.S. and the E.U developed a Safe Harbor Agreement:

– Enables U.S. organizations to comply with the E.U.’s Safe Harbor Act.

– U.S. based organizations may be deemed ‘adequate’ under the Safe Harbor Act

despite the lack of ‘adequate’ privacy legislation in their jurisdiction

– U.S organizations must demonstrate that they have in place ‘adequate’

measures to protect the PI being transferred by the organization in the E.U. to

the U.S. based organization

73

Managing Privacy Compliance in Business Transactions

74

Disclosure During Business Transactions

• Reasons for Disclosure:

– The transfer of PI may be necessary when conducting corporate due diligence in order

for organizations to assess the viability of a business transaction. e.g. acquisition / sale of

a business

– The need for consent may impede the business transaction

• PIPA permits parties or prospective parties to a business transaction to collect, use,

or disclose PI without the need for consent if:

– the parties have an agreement where the collection, use and disclosure of information is

restricted to the purposes of the business transaction, and

– the information is necessary for the parties to determine whether they want to proceed

and complete the business transactions

(PIPA, section 22(3))

75

Defining Business Transactions

• “Business transactionmeans a transaction consisting of the

purchase, sale, lease, merger or amalgamation or any other

type of acquisition or disposal of, or the taking of a security

interest in respect of, an organization or a portion of an

organization or any business or activity or business asset of an

organization and includes a prospective transaction of such a

nature.”(Section 22(a) of PIPA)

76

Permissible Disclosure

• In reference to a “party” under PIPA this includes a “prospective party”:

Generally, this is referring to a party that enters into due diligence at the

initial stages of a business transaction

• Information disclosed may consist of personal information related to:

AgentsContractorsAssignorsShareholders, etc

EmployeesCustomersDirectorsOfficers

77

Disposing of Information

• If a business transaction does not proceed or is not completed, any PI still in the possession of the parties involved in the transaction must either be destroyed or returned to the party that disclosed the information(PIPA, section 22(4))

78

Disclosure Under PIPEDA

• Currently, PIPEDA does not permit the disclosure of PI during the course of business

transactions. A strict interpretation requires the organization to obtain the consent

of the individual

• Currently, for an asset sale that includes PI, such as customer lists or employee

data, consent of all affected individuals to the transfer of their PI is required

• In contrast, a share sale transaction— where no specific assets are transferred —

does not require consent

– This imbalance within the law in addressing, in essence, the same transactions, has

required some legal gymnastics as well as some stretching of concepts, such as implied

consent, albeit with the approval of the federal Office of the Privacy Commissioner

79

Disclosure Under PIPEDA (cont’d)

• The practice of companies disclosing PI in an electronic, password protected data room is likely informed by the fact that the chance of complaint is small, rather than any legal argument of implied consent

80

Proposed Amendments Under Bill C‐29

• Bill C‐29 (2nd Reading: October 2010) is a response to a 5 year mandatory

review of PIPEDA (2007). It contains a number of significant amendments.

Not in force yet

• Business Transactions Exemption: Organizations will be permitted to

collect, use and disclose PI without the knowledge or consent of an

individual, if done pursuant to an agreement, for the purposes of:

– conducting corporate due diligence with respect to prospective

business transactions or concluding transactions

81

Bill C‐29 cont…

• Specifically, business transactions under Bill C‐29 include:

– the purchase, sale or other acquisition or disposition of an organization or a portion of

an organization, or any of its assets;

– the merger or amalgamation of two or more organizations;

– the making of a loan or provision of other financing to an organization or a portion of an

organization;

– the creating of a charge on, or the taking of a security interest in or a security on, any

assets or securities of an organization;

– the lease or licensing of any of an organization’s assets; and

– the arrangement between two or more organizations to conduct a business activity

other than the processing of personal information.

82

Impact of Bill C‐29

– Brings PIPEDA in line with PIPA in Alberta and B.C.

– Organizations should review current standard

form NDA’s used in business transactions in order

to address the PIPEDA amendment (once

proclaimed)

– Post‐closing notification to individuals that PI had

been disclosed

83

Doing Business with Government: Getting "FOIP'd"!

84

FOIP – Third Party Notice

• Examples . . . Third Party Notice from public body to business:

– Private sector organization enters into an agreement with public body

– Tendering process: unsuccessful bidders may request to see all or part

of successful bidder’s tender

– Application for government grants

– Government body prepares report

• The Third Party has 20 days to respond to public body (often extendible)

85

FOIP – Third Party NoticeTo be withheld from disclosure, the information must meet all three of the criteria in FOIP (Alberta)‐Question to ask: will there be harm to the business interests of a third party?Three criteria are:1. The information is a trade secret or commercial, financial, labour relations, scientific or technical

information of a third party.2. The information was supplied, implicitly or explicitly, in confidence. There must be evidence that

the information has been consistently treated in a confidential manner.3. One or more of the following harms will occur if the information is disclosed.

The disclosure of the information will:• harm significantly the competitive position or interfere significantly with the contractual or other

negotiations of the third party;• result in similar information no longer being supplied to the public body where it is in the public

interest that similar information continues to be supplied. This does not apply where astatute or regulation requires that the information be supplied;

• result in undue financial loss or gain to any person or organization; or• reveal information supplied to, or the report of, an arbitrator, mediator, labour relations

officer, or other person or body appointed to resolve or inquire into a labour dispute.

86


• Protecting Third Party Information from Disclosure

– Information management procedures that evidence a consistent

practice of treating information as confidential

– Ensuring shroud of secrecy if disclosed to others

– Asserting confidentiality of information when submitted to

government body

• Contemporaneously identifying potential for harm if disclosed

– Making the case for trade secret status for information disclosed

87


Marking Information as Confidential

• Blanket claim of confidentiality risks lack of credibility

• Similarly, exaggerated claims of “harm” will be viewed with suspicion by public body

• If practicable, not disclosing confidential information to public body may be best option

• Include confidentiality legend on documents containing confidential information:

– The information contained herein is confidential [financial/scientific/commercial/technical/labour

relations] information and is supplied on that basis. The information also contains trade secrets of

and organization and its disclosure could reasonably be expected to cause material financial loss to

the organization [and to prejudice its competitive position, or to interfere with contractual

negotiations]. In the event that you intend to disclose all or any part of the information, we should

be advised at [ ], to the attention of [ ], so that the organization can make appropriate detailed

representations to you about the nature of the information

88


Responding to Third Party Notice

• Mere recitation of non‐disclosure based on stated harm without

rationale invites further enquiry from public body and potential refusal

• Make it easy for the FOIP officer to adopt your organization’s rationale

for non‐disclosure

• The organization has right to appeal to the Commissioner the public

body’s decision to disclose to applicant

. . . but why resort to appeal, especially since onus is reversed, if matter can be dealt with at FOIP officer level?

89

Privacy resources

•Fraser Milner Casgrain LLP

•Web‐site information:– www.privcom.gc.ca (Federal Privacy Commissioner)– www.oipc.ab.ca (Alberta’s Information and Privacy Commissioner)

– www.psp.gov.ab.ca (Alberta Government’s web‐site regarding privacy in the public sector)

Questions? Thank You!

Tom A. Sides 780.423.7138 tom.sides@fmc‐law.comCraig T. McDougall 780.423.7398 craig.mcdougall@fmc‐law.comMarlon Rajakaruna 780.423.7281 marlon.rajakaruna@fmc‐law.comHeather A. Barnhouse 780.423.7215 heather.barnhouse@fmc‐law.com

http://www.fmc-law.com/People/SidesTom.aspx

http://www.fmc-law.com/People/McDougallCraig.aspx

http://www.fmc-law.com/People/RajakarunaMarlon.aspx

http://www.fmc-law.com/People/BarnhouseHeather.aspx

The preceding presentation contains examples of the kinds of issues companies dealing with IP and privacy issues could face.If you are faced with one of these issues, please retain professional assistance as each situation is unique.

ip and privacy issues

Business

indemnification indemnity

perpetual fortheterm