On the other hand, when you have a small amount of ultra-secret, non-shared information to protect from prying eyes, the task is fairly straightforward: encryption or data masking, two- or three-factor authentication and embedded access controls you get from a tool like WatchDox or Tripwire. The latter tools represent the future of electronic IP protection, says Kalember. "The protections must be embedded in the IP in a frictionless way for the users. Otherwise, it's just the whack-a-mole routine we've been doing for years."
These decisions—what to count as IP and how and to what degree to protect it—should flow from your business objectives, according to Evan Falchuk, chief strategy officer for Best Doctors.
"The way you focus those efforts has to fit into your business. Our business is to make sure people get the right medical care. We have to have a brand that people know and recognize and trust. They need to feel completely secure when they share information with us. We ask, 'What does it take for our business to win?' Our strategies flow from that," says Falchuk.
So, as mentioned above, Best Doctors focuses on supporting its brand name with its IP protection, though it uses comprehensive IT security technologies and practices, including requiring all new employees to sign a nondisclosure agreement. And everyone has to leave behind a clean desk when they go home for the night, part of Best Doctors' attention to seemingly minor details.
Many companies turn to the experts—lawyers, generally—for help educating staff and getting their commitment to protect IP. Jeff Feldman of Feldman Gale is often called in to do IP counseling for employees. Seminars covering IP basics can help the organization immunize itself against the virus of IP leakage, which can take benign-looking forms.
[Also read about the basics of internal investigations]
An in-house patent lawyer at a healthcare company laments the collegial way doctors tend to share data. "It's like an academic environment—they're just trying to further the cause of medicine. But they don't understand that the company has shareholders, and the company has to make investment decisions for its shareholders," he says. This attorney does training based on real-life scenarios, telling people, "Don't let this be you."
Feldman's bugaboo is idea misappropriation. He has seen too many instances where a former employee tries to claim credit for the idea behind a product or service. He also cringes when content and entertainment companies have no clear-cut idea-submission policy.
"Follow the lead of Google and Facebook and have a policy: 'You send me an idea, it's mine,'" he advises. Eliminate the implied duty of confidentiality right out of the box, and avoid claims down the road.
Sign up for CIO Asia eNewsletters.