European and UK patents are not impacted by Brexit. The European Patent Office (EPO) is established under the European Patent Convention (EPC). The EPC is separate from the European Union and the UK is, now, one of several non-EU contracting states. The EPO will continue to validate “European” patents in the UK and the UK will continue to grant UK national patents.

European registered trademarks and Community registered designs are not immediately impacted. The UK has entered a transition period set to end on December 31, 2020. The UK Intellectual Property Office is creating trademark and design rights comparable to registered EU trademarks and Community designs to maintain continuity of protection in the UK. EU trademark and Community design applications that are pending on January 1, 2021, will no longer have effect in the UK. There will be a nine-month window from the end of the transition period to apply in the UK for the same trademark and design protections.

An institution’s trade secrets generally include confidential information with commercial value.  Trade secret protection may be available by common law, under state laws, or under federal law.  In addition, there may be both civil and criminal causes of action for the misappropriation and theft of trade secrets.

For instance, the Defend Trade Secrets Act of 2016 (DTSA) is a United States federal law that allows an owner of a trade secret to sue in federal court when its trade secrets have been misappropriated through “improper means.”[1]  Such “improper means” can include “theft, bribery, misrepresentation, breach or inducement of a breach of a duty to maintain secrecy, or espionage through electronic or other means.”[2]

Trade secrets can be used by institutions to protect numerous types of information.  For instance, under the DTSA, protectable trade secrets include information that “derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by, another person who can obtain economic value from the disclosure or use of the information.”[3]  Furthermore, such information can include “all forms and types of financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing.”[4]

Moreover, trade secrets can have an indefinite life, so long as they are kept secret and confidential.  For instance, under the DTSA, trade secret protection requires the owner of the trade secret to take “reasonable measures to keep such information secret.”[5]

An institution’s trade secrets can be its most valuable and prolonged assets.   However, institutions must take numerous steps in order to maintain the enforceability of their trade secrets.  Such steps include: (1) identifying the trade secrets; and (2) taking “reasonable measures” to maintain the secrecy of the trade secrets. Continue Reading Protecting Your Most Valuable Assets: How to Identify and Maintain Your Institution’s Trade Secrets

By Frank Amini, Ph.D. and Lekha Gopalakrishnan, Ph.D.

Under the U.S. Patent Act, one can patent “any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof.”[1]  Common exceptions to what can be patented include laws of nature, natural phenomena, and abstract ideas[2].

In recent years, the U.S. Supreme Court has expanded the scope of the common exceptions to what can be patented.  For instance, in Mayo v. Prometheus (Mayo), the U.S. Supreme Court held that methods of administering a drug to a patient, measuring metabolites of that drug, and deciding whether to increase or decrease the dosage of the drug are not eligible for patenting because the methods pertain to natural phenomena[3].  Likewise, the U.S. Supreme Court later held in Alice Corp. v. CLS Bank International (Alice) that a computer-implemented electronic escrow service for facilitating financial transactions was not eligible for patenting because it pertained to an abstract idea[4].

The lower courts have been relying on Alice and Mayo to invalidate many patents related to diagnostic methods and computer-implemented processes.  As result, the United States Patent and Trademark Office (USPTO) has issued numerous patent examination guidelines and supporting examples for evaluating the patent eligibility of inventions in view of the aforementioned rulings[5].

However, the previously issued USPTO guidelines were found to lack clarity, consistency and predictability in determining patent eligibility.  In fact, the USPTO has admitted that “it has become difficult in some cases for inventors, businesses, and other patent stakeholders to reliably and predictably determine what subject matter is patent eligible.”[6]  The USPTO has also admitted that “concerns have been raised that different examiners within and between technology centers may reach inconsistent results” in their patent eligibility analyses[7].

In an effort to address the aforementioned concerns, the USPTO published its “2019 Revised Patent Subject Matter Eligibility Guidance” on January 7, 2019 (“New Guidelines”)[8].  The New Guidelines modify the prior guidelines by directing the Examiners to perform a more detailed and systematic patent eligibility analysis.

The steps involved in determining the patent eligibility of inventions when one combines the prior guidelines with the New Guidelines are illustrated in Figure 1.  The steps are also described herein as Steps 1-4. Continue Reading Determining the Patent Eligibility of Inventions Under the New USPTO Guidelines

In over a decade watching cybersecurity threats evolve and organizations respond, it strikes me that every organization has to start from the basics and is challenged to retain that core focus, no matter how expansive their security programs get.  That’s why this first post in a series exploring the fundamentals of security preparedness will focus on the basics.  Let’s discuss practical steps that turn cybersecurity preparedness into more than just a risk avoidance cost center.

If you’ve avoided implementing a holistic cybersecurity program or if you think you’ve got the basics and are ready for the next step but would like to confirm that you’re on the right track, this post is for you.

Who Should Implement a Cybersecurity Program?

Everyone – even if your company wasn’t “born in the cloud.”  All companies are now cloud companies.  Internet connectivity comes with inherent risks which can be managed, but never eliminated.  Security is diametrically opposed to ease of use and modern commerce demands you provide customers with the easiest means of purchasing and using goods and services.

What Are the Basics?

Privacy.  If you are storing, using, or gathering any information that can be used to identify an individual (and you probably are, even if it’s not your core business model), you’ve got a lot to deal with!  While compliance with international privacy laws like the GDPR gets a lot of coverage, be sure you cover the basics.

  • You need a privacy policy clearly presented to your customers. This seems pretty simple and straightforward (tell people how you will use their information and only use it that way), but once you start examining how your organization uses data you may find it to be a tangled ball and not a straight line.
  • Start by figuring out what information you’ll be gathering, where it will come from, where it will be stored, where it will go, how it will be used, and why. Poorly written privacy policies don’t just get you in legal trouble, they frustrate and irritate customers.  While properly documented privacy practices save you money and become a competitive advantage.

Governance/Compliance.  Sure compliance can seem costly and dry, but if you’ve got great security practices and don’t have them documented, you can’t tout them to your customers, use them as a shield against regulators, or make sure they are being followed as your company grows.  Customers care about security.  Governance is a way to demonstrate your organization is serious about it.

  • Develop & Document your security practices. Don’t worry about getting overly granular at first.  But consider an ISO standard or SIG-Lite so that you can set yourself up to be audited by a third party later as you grow.  Prepare your governance so it will readily align to other audit standards (NIST, HIPAA, FISMA etc.) so you can avoid sinking funds into repeating this exercise by addressing overlapping requirements the first time.
  • Be sure that your practices are written with your operational teams, not in spite of them: hypothetical best practices documented but not followed are downright dangerous. Are your practices simple but correct?  Document those.  Don’t invent standards you don’t currently meet.  Strive for better practices, but don’t commit your organization to practices you can’t readily adopt.

Security.  Even if it’s not your core focus, security is a critical part of your business.  But you can maintain a robust security infrastructure and limit your costs.

  • Use vendors for whom security is a key service, don’t do it yourself and become a security company on the side. Advanced security solutions (like high-end IPS/IDS and DDOS mitigation hardware) are only reasonably priced at an economy of scale level.  Many vendors do security all day long and benefit from seeing security issues across a variety of platforms, not just yours.  Use them.
  • Decide how you are going to handle BYOD right now. Insider threats, accidental or intentional, are still one of the greatest security risks.  If you are going to allow BYOD, how are you going to create a barrier between employee personal devices and your critical systems?  How will you prevent customer data from being stored unencrypted on an employee laptop?  Will your customers trust your BYOD policies to be sufficient?

Incident Response.  What will you do when you experience a compromise or data breach?  Are you prepared to face down an Advanced Persistent Threat like a nation-state backed squad of professional hackers?  Maybe not, but you need to be prepared to marshal the resources who can while continuing to run your business.

  • Response is the most critical aspect of cybersecurity preparedness. You won’t know exactly what you are dealing with during at least the first 48 hours.  Quickly gaining a meaningful field of view into an incident, evaluating impact, complying with obligations to notify , and repairing and re-securing your systems is essential – but also incredibly distracting to your ordinary business operations.
  • Build a clear response plan: identify a core team who will be part of any response and those team members who will be added to the incident as needed. Have a template for the incident response to help guide you. Practice a tabletop data breach scenario relevant to your business.  While you can rarely prepare for an event with specificity, you can’t afford to waste time getting a response team together.

What if I Already Have Those Covered? 

These are just some of the fundamentals.  Build detail and resiliency into your organization to help ensure you have a more granular understanding of your systems & data and that your organization can maintain a response while continuing business operations.  If you have a response team identified: prepare the back-up team to eliminate single-points of failure in your personnel.  Personnel silos are one of the most common risks.  Do you have a common set of practices any employee can follow?

Where Do I Start If I Don’t? 

Start with response.  It is the backstop to failures in any of the other areas and will help you to build a collaborative team which can address the other organizational challenges in a way that brings value to the company.

A few years ago, our firm defended a client against a claim of patent infringement.  As it turned out, our client had disclosed its confidential information to a potential business partner during a pre-collaboration exploratory meeting, which the potential business partner then used to obtain the patent they were asserting.  Luckily, our client had insisted on putting a non-disclosure agreement (NDA) in place before the meeting and had clearly marked the information as being confidential.  Because of these precautionary measures, not only were we able to invalidate the patent, but we also won a breach of contract counterclaim based on the unauthorized use of the confidential information.

If you are exploring the possibility of collaborating with another company, you are likely going to exchange confidential information with that company so you can evaluate what they have to offer and they can evaluate what you have to offer.  Although necessary, these types of exploratory meetings can be a trap for the unwary.  Below are a few measures that should be taken to protect your confidential information before, during, and after any such meetings.

  • Before the meeting, identify your confidential information as compared to publicly available information.

Broadly speaking, confidential information encompasses any information that provides a competitive advantage and is not publicly known.  Thus, any non-public information that has actual or potential economic value should be protected.  When in doubt, assume the information has value and take measures to guard its secrecy.  Once identified, clearly mark your materials, such as by labeling documents as “confidential” or putting a footer on each slide of a presentation indicating its proprietary status.

  • Before the meeting, know what protections, if any, are in place for your confidential information.

Make sure NDAs have been signed by everyone that will be attending the meeting.  If multiple parties will be attending, you may need a multi-party NDA.  It is a good idea to send NDAs in advance to allow the other side to review and, if needed, edit the NDA.  Know the parties who have signed NDAs and what disclosures are covered by those agreements.  For example, some NDAs are one way–i.e., they only protect disclosures from one party to the other and not vice versa.  Also, some NDAs may be subject-matter specific–i.e., only protecting certain categories of information.

  • Before the meeting, know the scope of what you will disclose.

Determine in advance what confidential information must be shared, may be shared, and should not be shared and stick to the plan. If no NDA is in place, avoid disclosing any confidential information. If, for business reasons, you have a need to share information without having an NDA in place, share the information at a sufficiently high level that, even if someone knows the objectives and results of your solution, they will not know how those objectives and results are achieved.

  • At the meeting, know your audience before you disclose.

If, at the meeting, there are attendees who are not subject to an NDA, have those parties sign an NDA or do not disclose confidential information.  It is perfectly normal to delay the start of a meeting in order to have all attendees sign an NDA.  If confidential information is inadvertently disclosed to a party that has not signed an NDA, be sure that party knows you consider the information to be confidential and then follow up with an NDA after the meeting.

  • At the meeting, keep records of the attendees and the information discussed.

Maintain records of the parties that attended the meeting and what confidential information was provided to them.  Be sure you identify confidential information in the manner required by the applicable NDA.  For example, if confidential information is disclosed orally, some NDAs require a written follow-up indicating what information is confidential.  Even if not required by the NDA, it is a good idea to send a follow-up email broadly outlining what confidential information was disclosed.

  • At the meeting, be aware of confidential information received from another party.

If possible, avoid receiving confidential information from the other side.  If you do receive confidential information, send a follow-up email narrowly stating what you received—do not use open-ended language, but do end with “and nothing else.”  If you receive an email from the other side stating what confidential information was disclosed to you, review the list and send an email agreeing with the list or narrowing the list, as appropriate.

  • Remember that an NDA is intended to be a temporary arrangement while the parties evaluate each other.

If you choose to partner with a company on a project, establish a more formal relationship via a joint development agreement or other appropriate contract that specifically addresses ownership of intellectual property.

Here at Winstead, we are fortunate enough to have two lawyers that were selected for inclusion in The Best Lawyers in America® 2018 in Trademark Law, Stan Moore and Cathryn Berryman.  Before answering the question What are Trademarks?, I thought it would be a good idea to get their insights on trademark best practices.

Stan Moore:  Most businesses have trademark issues, whether they know it or not.  With trademarks, ignorance is not bliss.  Businesses can lose their hard-earned goodwill based solely on inaction–either failing to protect their own trademarks or inadvertently using someone else’s trademarks.  A little effort upfront can save you years of heartache.

Cathryn Berryman:  When starting a new company or releasing a new product, why pick a name that is going to cause you problems down the road?  The time to pick a good name is at the outset, before any marketing dollars have been spent.  You would be surprised how many times clients fall in love with a name and fail to heed our advice when we recommend against using that name–even though they had not yet spent any money on advertising.  More often than not, it ends up costing the client a lot more money to protect the name, money that could have been saved if they would have picked a better trademark at the outset.

So, if this is something every business needs to address, what exactly are trademarks and what makes for good ones?  Put simply, trademarks are source identifiers.  They can be any combination of words, phrases, symbols, or designs, that identify the source of goods or services and distinguish those goods or services from others.  When choosing a name for a new business or a new product, the goal should be to select a strong trademark, i.e., one that is highly distinctive.  Not only are strong trademarks easier to register, they are also easier to enforce.

The strongest trademarks are fanciful or made-up words invented by the owner to be used as a trademark, such as Starbucks®, Altoids®, and Polaroid®.  The next strongest trademarks are arbitrary trademarks, which are real words that are completely unrelated to the product or service they represent.  A good example is the use of the common word “Apple” for computers.

On the opposite end of the distinctiveness / descriptiveness continuum, the weakest trademarks are generic terms or common names of products and services, which are never registerable and nearly impossible to enforce.  For example, “apple” cannot be registered for apples (the fruit).  Marketing budgets would be wasted trying to promote a generic term and years of continuous use would result in little, if any, value being created.

In the middle of the continuum are trademarks that are either suggestive or descriptive of the products or services they represent.  In general, suggestive trademarks are registerable and enforceable, while trademarks that are merely descriptive are not.  A descriptive mark is one that describes the intended purpose, function, or use of the goods.  Suggestive marks suggest, but do not describe, the qualities or characteristics of a product .  The Ford Explorer® SUV is a great example because it suggests what the owner may do with the vehicle without being descriptive.

However, a word of caution–be careful when choosing a suggestive mark because if it is too suggestive, it will be considered descriptive.  Descriptive terms may not be enforced as trademarks absent proof of acquired distinctiveness.  To acquire distinctiveness, a trademark owner must show that, after years of usage and marketing, consumers recognize the name and associate it exclusively with the products or services it represents.

Before adopting a proposed trademark, a search should be conducted to ensure there is no likelihood of confusion between the proposed trademark and any trademarks already used by others.  It should be noted that the trademarks do not have to be identical to be considered confusingly similar. For example, trademarks that are phonetically equivalent, are visually similar, produce the same meaning or create the same general impression in the mind of a consumer might be confusingly similar.  Even if two marks are similar, a likelihood of confusion will exist only if the two marks cover commercially related goods or services.

Finally, trademark owners should constantly police their marks.  If unauthorized uses of a mark go unchecked, the trademark becomes diluted and loses its distinctiveness.  Also, if the trademark becomes so famous that it begins to be used to refer to the actual product, the mark may become generic and, thus, unenforceable.  Xerox has been battling against this problem for decades.  The Xerox® photocopier was such a revolutionary product, it became a victim of its own success–the trademark itself started to become a noun to describe photocopiers, generally.

In summary, a strong trademark is vital to the brand building process.  The ability to protect your mark should inform trademark selection.  The difficulty for the new brand owner is to determine where a given mark lands on the continuum.  The further along the continuum one moves, the less the mark will protect the brand.  Adoption and use of weak trademarks leads to problems that many owners may never overcome.  First, registration is difficult, if not impossible.  Second, even if a registration is obtained, enforceability is less certain.  These are costly yet easily avoidable risks.

The term moral rights in the United States typically refers to the right or ability of creators of certain works of visual art (e.g., paintings, drawings, prints, sculptures, and photographs) to control the eventual fate of such works.  In Europe and elsewhere, an artist’s moral rights are much broader and not limited to visual art.  Moral rights protect the personal and reputational, rather than purely monetary, value of a work to its creator.  The right of attribution and the right of integrity (i.e., right to prevent revision, defacement, alteration, or distortion of the work, regardless of who owns it) are two primary rights of authors of works of visual art that are protected in the U.S. under various federal and state laws including protection through an amendment in the U.S. Copyright Act by the Visual Artists Rights Act (“VARA”) of 1990 (17 USC § 106A).  These rights are not transferable by license or assignment, but can be waived in writing by the author.

The moral of the story–when acquiring a copyrighted work, don’t forget to have the artist waive any moral rights in the work.

The Patent Trial and Appeal Board (PTAB) dismissed three inter partes review (IPR) proceedings involving the University of Florida based on sovereign immunity.

As background, the University of Florida Research Foundation filed a suit in state court alleging breach of a licensing agreement.  Medtronic subsequently brought a counterclaim seeking a declaratory judgment of non-infringement on the patent of the licensing agreement and attempted to remove the case to a federal court or the U.S. District Court for the Northern District of Florida.  However, the suit was remanded to state court due to Eleventh Amendment immunity from suit in a federal forum (Univ. of Fla. Research Found., Inc. v. Medtronic PLC , N.D. Fla., No. 1:16CV183-MW/GRJ, July 15, 2016).

Covidien-Medtronic also pursued three IPRs involving the University of Florida patent (Covidien LP v. University of Florida Research Foundation Inc., Case Nos. IPR 2016-01274; -01275, and -01276 (PTAB January 25, 2017)).  However, the PTAB dismissed holding the Eleventh Amendment extends to IPRs.

YouTube is a well-known video sharing website that allows users to view, upload, share, rate, and comment on videos.  Generally, the user streaming the video from YouTube cannot download, copy, or save the video.

Stream ripping allows users to save streamed media from websites, such as YouTube. provides an online stream ripping service that allows users to convert YouTube videos to MP3s.  In particular, “the only thing you need is a YouTube URL. We will start to convert the audiotrack of your videofile to mp3 as soon as you have submitted it and you will be able to download it.” (

In the complaint filed Sept. 26, 2016, various record labels allege that has reproduced and distributed their copyrighted sound recordings without authorization (UMG Recordings, Inc. et al. v. PMD Technologie UG et al., Case No. 2:16-CV-07210, in the U.S. District Court for the Central District of California).

Outer space exploration has been expanding.  For instance, since 1998, the International Space Station has served as a platform for scientific research and discoveries in space within modules that are operated by the space agencies of the United States, Russia, Europe, Japan, and Canada[1].  Moreover, efforts are underway to build spacecraft that can transport astronauts on deep space missions to Mars and beyond[2].

The aforementioned efforts require the use of many innovative technologies and products in outer space.  Therefore, an issue that arises is how to protect inventions that may be exploited in outer space (i.e., space-related inventions).  Based on numerous national laws and international agreements, a recommended route is to seek patent protection for space-related inventions in countries and regions that have registered space objects (e.g., space station modules, space shuttles, or spacecraft).  Such countries and regions primarily include: (1) Canada; (2) China; (3) Europe; (4) Japan; (5) Russia; and (6) the United States[3].

According to international agreements and national laws, the country in which a space object is registered retains control and jurisdiction over that space object, including patent jurisdiction[4].  For instance, an international agreement pertaining to the use of the International Space Station indicated that patent jurisdiction over an activity that occurs in or on an International Space Station module is deemed to have occurred in the territory of the country in which the space station module is registered[5].  Likewise, according to U.S. patent laws, “[a]ny invention made, used or sold in outer space on a space object or component thereof under the jurisdiction or control of the United States shall be considered to be made, used or sold within the United States.”[6]

Accordingly, the United States, Russia, Canada, and Japan would each have exclusive patent jurisdiction over activities conducted in their respective space station modules on the International Space Station.  Likewise, a European country or court may have patent jurisdiction over activities conducted in an International Space Station module that is registered to the European Space Agency.  Similarly, China may have patent jurisdiction over activities conducted in a Chinese spacecraft.

In summary, strategies for the protection of inventions that could be exploited in outer space are dictated by a set of complex national laws and international agreements.  A broad interpretation of the aforementioned laws and agreements indicates that the attainment of patents in countries that have registered space objects could help maximize the protection of such space-related inventions.

[1] See NASA’s website entitled “Research & Technology on the Space Station.”  Also see NASA’s website entitled International Cooperation.”
[2] See NASA’s website entitled “NASA’s Journey to Mars.”
[3] See United Nations’ Register of Objects Launched into Outer Space.
[4] See Article VIII of United Nations’ Outer Space Treaty (signed on December 19, 1966).  Also see World Intellectual Property Organization’s website entitled “Patent Expert Issues: Inventions in Space.”  Also see United Nations’  Convention on Registration of Objects Launched into Outer Space  (entered into force on 15 September 1976).  Also see 35 U.S.C. 105 (a).
[5] See Article 21 (Paragraph 2) of the Agreement Among the Government of Canada, Governments of the Member States of the European Space Agency, the Government of Japan, the Government of the Russian Federation, and the Government of the United States of America Concerning Cooperation on the Civil International Space Station (Signed on January 28, 1998).
[6] See 35 U.S.C. 105 (a).