Trade Secrets in the Cloud

Dr. Victoria Longshaw and Dr. Elizabeth Houlihan

The recent hacking scandal in which dozens of celebrity photos were leaked from iCloud, Apple’s cloud storage facility, is a stark reminder of how difficult it is to protect Confidential Information in the age of the Internet.

However, cloud services are not limited to photograph depositories, but include Web-based e-mail and any decentralised IT infrastructure technologies making use of the Internet, many of which are used by commercial entities. As such, cloud computing has become the norm for many businesses, and owners of Confidential Information rely heavily on the security measures put in place to protect their trade secrets. While Cloud providers generally have standard terms and conditions that apply to all of their customers, these may or may not include a contractual undertaking to keep information confidential and to ensure that their staff do so too.

The growing storage of Confidential Information in the cloud, and the complex relationships and contractual obligations surrounding such activity, is fast outstripping the laws that are intended to regulate it in many countries. Moreover, in Australia, the courts have had little opportunity to consider how a damages claim may be approached for the breach of Confidential Information relating to an invention for which an Applicant has not yet obtained enforceable Patent rights.

Protecting Confidential Information in Australia

 

  • Equitable Action for Breach of Confidence

Australian law provides an action under the equitable Doctrine of Confidence. However, for a person or business entity to be able to apply for an injunction, or to support a claim of damages for disclosure of Confidential Information, they must first meet onerous evidence requirements.

In an action seeking damages for breach of confidence, the relevant Confidential Information must have been specifically identified as confidential; the information must have the necessary quality of confidence; it must have been given or received to import an obligation of confidence; and there must have been unauthorised use or disclosure of the information.

  • The Privacy Act 1988 and Australian Privacy Principles (“APPs”)

Recent privacy law reform has resulted in the amendment of the Privacy Act 1988, which now includes a set of 13 new harmonised privacy principles regulating the handling of personal information by Australian and Norfolk Island government agencies and private sector organisations with an annual turnover of less than $3 million dollars.

These principles, effective from 12 March 2014 and called the Australian Privacy Principles (“APPs”), cover the collection, use, disclosure and storage of personal information. Personal information is defined as “information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not.”

The Privacy Act 1988, and APPs, which regulate the inter alia collection and storage of personal information, may not immediately appear to be relevant to the protection of Confidential Information in the course of business. However, many companies regard the identity of their credit providers, suppliers and customers as Confidential Information, the secrecy of which is crucial to their bottom line.

The recent privacy law reforms provide recourse to the Office of the Australian Information Commissioner (“OAIC”), which investigates privacy complaints. Furthermore, civil penalties apply to credit reporting bodies inappropriately using or disclosing Confidential Information and reporting bodies must take reasonable steps to protect information from misuse, interference, loss, unauthorised access, modification or disclosure. The OAIC has issued extensive guidance as to what these “reasonable steps” include, many of which are more than what many businesses, and cloud storage providers, are currently doing to protect Confidential Information.

Some Practical Measures

  • In circumstances where Confidential Information relating to an invention, for which a Patent Application has not yet been filed, is disclosed without the consent of the inventor or owner, Patent protection may still be obtained in Australia. Australia, fortunately, has a grace period in which to file a Patent Application should there be any unauthorised public disclosure of the invention. However, such a Patent Application must be filed within twelve (12) months of the unauthorised disclosure.
  • In the event that a Patent Application is filed by a third party for an invention relating to the Confidential Information, entitlement Proceedings under section 36 of the Australian Patents Act 1990 may be filed. Under this section, a person who believes that they are entitled to any Patent rights resulting from the Patent Application filed by another person is entitled to change that Patent Application and claim ownership of it. If the Commissioner is satisfied that the invention has indeed been invented by the Applicant in section 36 Proceedings, the Patent Application may be assigned to that person. However, the Australian Patent Office has not yet had the opportunity to consider entitlement Proceedings in circumstances where disclosure of Confidential Information has occurred due to a cloud storage security breach, and the evidence required to satisfy the Commissioner may be difficult to obtain.
  • A business can take precautionary steps by clearly dating and leaving documents as confidential, for instance by including the word “confidential” on top of each document, electronically password protecting the documents, and splitting any Confidential Information into separate documents, stored in different locations. This is to assist in establishing evidence for any equitable action for breach of confidence, should it be required in the future.
  • If a cloud computing service provider must be used, it is a good idea to carry out due diligence on what security the cloud provider has in place, as well as assess the terms and conditions of any cloud provider before signing up for it, and entrusting Confidential Information to its care. While it is not always possible to negotiate contractual measures, it is worth assessing the risks of proceeding without certain privacy protections and liability undertakings being put in place. It goes without saying that any electronic files should be encrypted before being uploaded to any cloud storage service, and it is important to ensure that the cloud storage service encrypts files during transmission using an HTTPS connection, or secure link.
  • Where the Confidential Information to be stored relates to personal information, it is worth bearing in mind that the collection of personal information is governed by the Privacy Act 1988, information collecting and reporting bodies must take substantial steps to protect the information given to them, and a complaint may be filed with the OAIC for any breach of APP obligations under this legislation.

Construing relative terms in Australian patent claims: when expert evidence does not assist

Dr Victoria Longshaw and Dr Nigel Parker

In a recent decision, Fei Yu trading as Jewels 4 Pools v Beadcrete Pty Ltd [2014], the Federal Court of Australia dismissed an appeal by Fei Yu trading as Jewels 4 Pools, and it distributors (“the Appellants”), against the primary Court’s decision to uphold Beadcrete Pty Ltd’s (“the Respondent”) Australian Patent No. 733668, and confirmed infringement by Fei Yu, and it’s distributors.

This decision provides a useful construction of the relative term “average” as used in the claims of the patent at issue. The way in which the court approached the interpretation of this relative term is relevant to Applicants prosecuting Patent Applications in Australia.

The Patent

Australian Patent No. 733668 relates to surface finishes for pathways, walls, swimming pools and other structures. The claimed invention is directed to aggregate mixes which include glass beads mixed in a matrix of cementitious material. Beadcrete Pty Ltd had observed difficulty in using glass beads, either alone or with other aggregate materials such as semiprecious stones etc. in such aggregate mixes, as the glass beads tended to lack the required porosity or toughness to establish an effective bond with a matrix material. The glass beads also tended to impart alkalinity.

In solving this problem, Beadcrete Pty Ltd had claimed an invention having glass beads of varying sizes with an average particle size within the range of 1.5 to 4.5 mm, and having a size distribution defining a major component of beads within a relatively large incremental size range and a minor component of beads in a smaller incremental size range, the weight of the beads in the larger incremental size range being greater than those within the small incremental size range.

Validity Issues

On appeal, the Appellants argued that the majority of the claims were unintelligible, incapable of infringement, and invalid because the claim referring to the particle size distribution did not identify a “specified midpoint.” The appellants also argued that the claims lacked novelty in light of prior art which, it was asserted, disclosed the addition of large beads within the size distribution cited in the claims.

Expert evidence was submitted as to the meaning of the word “average.” This evidence was provided by an engineer who specialised in the construction of swimming pools. However, the Appellants did not suggest that the expert’s evidence was directed to the meaning of technical or scientific terms, or to unusual or special meanings.

The Respondents adopted an approach to claim construction which depended upon the term “average particle size,” submitting that the meaning of the word “average” had to be determined within the context of the definition of the particle size distribution. That is, that there were to be larger and smaller glass beads. Four meanings of the word “average” were advanced, each meaning providing a possible method for assessing the average size of particles in a sample of aggregate.

The primary judge had not been convinced that the expert for the appellants was a skilled addressee in the art, and further considered that the term “average particle size” was not a technical term requiring expert evidence, stating that it was for the Court to construe the claim. The judge concluded that an average particle size could easily have been determined by a person skilled in the art by simply identifying the weighted average particle size based on the weight distribution of different sizes of particles. The primary judge observed that “it would have been inconceivable to those skilled in the art of mixing an aggregate into a cementitious matrix to form a surface finish that they would concern themselves with the absolute number of glass beads or the absolute size of any particular glass bead, be it the largest or smallest, in any given matrix.”

The primary judge also held that the prior art did not anticipate the claimed invention because it failed to teach that there could be a particle size distribution in which there were more larger sized beads than smaller sized beads.

The Court of Appeal agreed with the primary judge’s conclusions, and upheld the patent.

The Appellants construction case, alleging that the integer citing “a particle size distribution” must be construed in isolation from other integers in the claim, was considered by the Court of Appeal to be fundamentally flawed. The Court reiterated that the meaning of each claim must be determined by reference to the words, in the context of the specification as a whole.

The infringement order was also upheld, and infringement by the respondents confirmed pursuant to section 117 of the Patents Act 1990. Section 117 provides that patent infringement occurs where a product is supplied by one person to another, in circumstances where the use of that product by that person would infringe that patent.

Take-home message

This case is a useful reminder to Patent Applicants and Patentees in Australia, that although experts may give evidence as to the meaning which those skilled in the art would give to technical or scientific terms and phrases, it is for the Court to interpret words bearing ordinary meanings. Furthermore, integers cited in a patent claim will be interpreted within the context of other integers in that claim, and within the context of the specification as a whole. In such circumstances, the submission of expert evidence as to the meaning of a relative term used in the claims, and which has an ordinary meaning, will not assist.