Skip to content

Archive for


Do a Patent Search Before Starting the Application

Before the expense of preparing and filing a patent application is incurred, a patentability search is ordinarily advisable. Such a search will disclose whether any existing patent anticipates the invention or any combination of patents would make the invention obvious to one skilled in the art (i.e., “prior art”).  Information about the applicable prior art can be used to make the threshold determination as to whether or not additional resources should be invested in applying for a patent and is also a valuable tool for drafting the strongest possible patent application.  There are obviously significant costs associated with conducting an extensive patentability search and the most common approach is to limit the scope of the search to issued patents and to relevant pending patent application that have been published.  This not only reduces the expense of the search it is also in line with the volume and type of work that the examiner of the application will eventually do since examiners typically limit their own search activities to issued patents.  If the applicant can identify the frame of reference that the examiner is likely to use it is easier to craft disclosures in the application that anticipate issues that might be raised by the prior art.

Although collections of United States patents or patent abstracts are maintained by some libraries around the United States, patents typically are not arranged by subject matter or otherwise conveniently indexed, which prevents a thorough search from being made. Accordingly, the search should be made at the PTO’s offices in Arlington, Virginia, which has a public search room where all of the patent issued by the United States have been classified according to an elaborate classification system which includes several hundred major classes, with possibly several hundred subclasses within each major class.  Many of the patents are cross-referenced into a number of subclasses. In addition, the PTO offers online access at its website to separate bibliographic and full-text patent databases.  The full texts of patents issued after 1976 are available at the website and can be searched, as can application filed after March 15, 2001.  Unfortunately, while earlier patents can also be viewed at the website and searched by number and current United States classification, it is not possible to do a full text search.  This can be an important limitation, which also applies to other websites that also provide time-limited patent databases, since there are often disclosures in older patents that can have a significant impact on the patentability of a new invention.

While inventors wishing to conduct their own searches can do so using the resources described above, the complexity of the classification system deployed by the PTO makes it extremely difficult to persons lacking the necessary experience to perform a sufficiently extensive search of the prior art.  In addition, some knowledge and understanding of the patent laws is necessary in order for the search to be an effective tool in determining whether or not the prospective invention has a good chance of winning a patent.  For these reasons, therefore, it is recommended that inventors engage the services of someone who is an experienced professional patent searcher located at the PTO.  Normally, a patentability search is conducted by the patent attorney sending a description of the invention to the patent searcher. The patent searcher will look through the patents in the relevant subclasses and present the patent attorney with the more pertinent patents. From this information, the patent attorney can give an opinion as to what feature or features might be patented and some estimate of the probability of obtaining patent protection.

The PTO search is a fairly good indicator of patentability. However, if the invention is of sufficient importance, a broader search may be in order. For example, it might be desirable to search the technical literature to ascertain whether the invention has already been disclosed in some technical article even though it has never appeared in the patent literature. Also, it might be advisable to extend the patent search into published foreign or international patent applications. This is commonly done by conducting what is called an “international search” at the Patent Office at The Hague, where the patents of a number of nations are on file.

The content in this post has been adapted from material that will appear in Technology Management and Transactions (Fall 2008) and is presented with permission of Thomson/West.  Copyright 2008 Thomson/West.  For more information or to order call 1-800-762-5272.


Universities Remain Good Source for R&D Support

Universities have long been a valuable source of the basic research which is required in order for industries to grow, mature, and remain competitive. However, by its very nature, university research does not produce results which can immediately be used for commercial purposes. In most cases, additional research work will be needed in order to determine whether products with an adequate level of commercial potential can be produced. Accordingly, any relationship involving university technology necessarily involves a good deal of patience and appreciation of the risks associated with the development process.

Business relationships between universities and the private sector have been in place for some period of time, although there have been a number of changes in the forms of the relationships. A pattern was established in 1948 by the Massachusetts Institute of Technology when it began a program which allowed various companies to pay an annual fee in order to obtain the right to interface with research scientists on campus, obtain advance word of scientific breakthroughs, and visit the campus. Other universities, such as Stanford University, created “research parks” on land owned by the university as a place for technology-driven ventures to organize and commence operations. Also, major corporations began to enter into long-term joint research arrangements with universities and their affiliated hospitals.

It has been estimated that over 5,000 technology-based companies have been launched in the United States since 1980 based on technology discovered and/or developed by universities and that more than half of these companies have survived. Many of these survivors were eventually acquired or merged with established firms.  The majority of those companies have been in close proximity to the universities from which there technology emerged and it is estimated that companies started based on university research have contributed to the creation of more than 260,000 new jobs since 1980.  University patenting exploded from just 495 issued patents in 1980 to 3,278 in 2005.  In 2005 28,349 current licenses were in place, each representing a one on one partnership between a company and a university.  The trend continued in 2006 when more than 3,000 United States patents were issued to universities and hospitals, and nearly 5,000 new patent license agreements were executed.  A great majority of the licenses issued by universities are going to small companies.  American universities contribute $40 billion annually to the American economy. According to the Association of University Technology Managers, over the past nine years approximately 3,600 new products were introduced from 1998 through 2006 as a direct result of university research in a broad array of fields including medicine, public safety, food and agriculture, new materials, semiconductor devices, education, and communications; 527 new products were introduced in 2005 alone–and 3,641 new products since 1980. University research helped create whole new industries like biotechnology and is now a leader in the rapidly growing field of nanotechnology.

Financial support for university research has continued to grow.  Historically, most of the funding that universities received for their research activities came from the public sector, primarily from agencies and departments within the federal government.  For example, of the $38 billion invested in university research in 2003 only a small fraction–$3 billion—came from industry sources and much of that money went to university medical schools for clinical trials.  Federal support for university research was generally driven by national priorities such as defense and helped to support a research portfolio that delicately balanced basic and applied research.  Unfortunately, however, federal support for research and development activities, including funding for universities, has been declining in recent years and this trend is expect to continue as the burden from non-discretionary commitments—Social Security, Medicare, and Medicaid—creates increasing pressure to reduce the discretionary budget from which academic federal research and development is primarily funded.  As a result, the funding sources for academic research in the United States are expected to diversify in the future with industry expected to play an important and somewhat controversial role.  In fact, while the federal government financed more than 60% of all research and development activities in the United States in 1965, by 2006 the pendulum had swung in the opposite direction as 65% of the research and development funding in that year could be traced to private sources and only 35% to the United States government.

Even when industry funding represented a relatively small contribution to support of university research and development activities many top universities could point to industry partnerships as important benefactors.  For example, 16% of the 2006 research budget at MIT, which does not have a medical school, came from industry sources. UC Berkeley, also without a medical school, received 6% of its 2007 grants from industry ($32 million of $504 million total) and received a pledge of $500 million from British Petroleum, which is not included in the $504 million previously mentioned, to be spent over 10 years to support alternative energy research led by Berkeley.  Today, the range of industry-academia relationships has grown to be as broad as the imaginations of businesspeople and university officials will permit including standard industry-sponsored research agreements, exclusive license agreements, non-exclusive licensing programs, “spin offs” with equity interests for the university and the researchers involved in the development of the technology that is essential to the business plans of those companies, and grants and gifts.

The content in this post has been adapted from material that will appear in Technology Management and Transactions (Fall 2008) and is presented with permission of Thomson/West.  Copyright 2008 Thomson/West.  For more information or to order call 1-800-762-5272.


Royalty Stacking Provisions

A “royalty stacking” provision refers to a commonly used term in license agreements where the a licensee of patented technology who intends to manufacture products under the license also expects that it will be necessary to obtain additional licenses from other parties who own rights in related, or actual or potentially overlapping, technologies.  A royalty stacking provision allows the licensee to control and hopefully reduce the cumulative cost of all the licenses—the “main” license and the additional third party licenses—by offsetting royalties paid under the third party licenses against the amount of royalties that would otherwise be due under the main license.  For example, the licensee may commit to paying a 10% royalty to the main licensee; however, if it turns out that the licensee must pay a 2% royalty to another party for a license deemed necessary for the licensee to manufacture and sell the products that generate royalties for the main licensee the royalty stacking provision might call for a reduction of the main licensee royalty rate by the amount payable for the other license (i.e., 10% – 2% = 8%).  This offset procedure is necessary in order for the licensee to be able to justify the overall costs associated with manufacturing the products and avoid the situation where the amount of the total accumulated royalty payments reduces the licensee’s margins to the point where it simply doesn’t make sense to engage in the manufacture of the products.

The terms of any royalty stacking provision should reflect the mutual commercial agreement of the licensor and the licensee as to the proper allocation of costs associated with third party licenses and it is the task of the draftsman to be sure that the agreement is clearly reflected in the agreement and that there is no ambiguity as to how the understanding of the parties will be administered.  From the perspective of a licensee that has undertaken a full commitment to manufacturing the licensed products the appropriate thing for the licensor to do is to make a fair and reasonable contribution to the costs associated with necessary licenses from third parties since the licensor will ultimately benefit substantially from the licensee’s decision to undertake the risks and other expenses of the manufacturing process.  The licensor, of course, would probably prefer to eliminate a royalty stacking provision completely.  However, this may not be practical in many instances and in those situations the parties should look for creative ways to reasonably limit and control the applicability of the royalty stacking clause.  Among the approaches that are commonly proposed are the following:

  • Placing a cap on the amount of royalties that are subject to the royalty stacking provision, thereby limiting the erosion in the main licensee’s royalty rate.  Using the above example to illustrate, the parties may agree that the aggregate royalty rate for “other licenses” cannot exceed 3%, which means that the main licensor’s royalty percentage cannot fall below 7%. 
  • Delaying the application of the provision until the overall royalty burden on the licensee reaches an agreed minimum threshold and then requiring that royalties be reduced pro rata for all of the licensors not just the main licensor.  In the example above if 10% is the minimum threshold and the other licensor demands 2% the royalty stacking provision with the main licensor should limit the reduction in the main licensor’s royalty rate to its pro rata share of all required royalties (i.e., 10%/12% time 10%, or 8.33%).
  • Including a floor on the reduction in the main licensee’s royalty rate which means that regardless of how many other royalty obligations the licensee might have the royalty rate for the main licensee after taking into account the royalty stacking provision will not drop below a specified minimum percentage.  In general, parties licensing “main” technologies rarely permit their base royalty rates to be reduced by more than 50% (i.e., 5% in the example from above).
  • Limiting the types of third party licenses that would be covered by the royalty stacking provision and/or requiring the licensee to consult with the main licensor before agreeing to any royalty arrangements that might fall under the scope of the provision.  For example, royalties payable under cross licenses might be excluded—or carefully scrutinized at the very least—on the grounds that their primary benefit to the licensee is settlement of a business dispute as opposed to facilitating production of the licensed product.

Before finalizing a royalty stacking provision the parties should have an honest and complete discussion about the economics confronting the licensee with respect to aggressively marketing the licensed products.  It is important for the main licensor to understand the licensee’s cost structure and for both parties to evaluate what “other licenses” are absolutely needed for commercialization of the licensed product and which would simply be “nice to have” and possibly foregone if the costs become excessive.  For example, the main licensor may argue that a royalty stacking provision should only apply when it becomes necessary to pay royalties to third parties for rights that would otherwise be infringed by the manufacturing activities of the licensee.  In any event, the decision about whether a royalty stacking provision is necessary, and the scope of such a provision if it is included, is strongly dependent on the licensee’s projected margins for the licensed product—lower margins mean more pressure to include such a provision while higher margins make it more difficult for the licensee to argue for such a provision.

In some cases the parties may decide that it is just too premature at the time the license agreement is originally signed to craft a royalty stacking provision that will make sense once all the other licensing requirements have been identified.  In that case the agreement may simply stipulate that the parties will return to negotiations on the issue at a later date once they have a better idea of the earnings potential of the licensed product and the arrangements with third parties that may be necessary.  In any event, when and if a royalty stacking provision is included in the agreement the parties should make sure that it is clearly written and should go through specific examples to be sure that the words in the contract will lead to the economic solution that the parties reasonably anticipate.

The content in this post has been adapted from material that will appear in Technology Management and Transactions (Fall 2008) and is presented with permission of Thomson/West.  Copyright 2008 Thomson/West.  For more information or to order call 1-800-762-5272.


Trademark Licensing Arrangements

One way that a manufacturer can expand the geographic scope of its marketing and sales activities is by entering into a Trademark License Agreement with a distributor that is active in a region where the manufacturer’s products are not currently available.  Under the terms of the agreement the manufacturer-licensor licenses the right to use the trademark to the distributor-licensee in a specified geographic territory in which the licensor is not currently using the mark but for which the licensor has the legal right to do so on its own or through licensees.  One of the most important concerns of a licensor in this context is ensuring that the licensee is obligated to maintain the quality of the goods bearing the trademark that the licensee intends to distribute in the territory and the licensee takes all reasonable steps necessary to protect the licensor’s rights in the trademark and avoid abandonment of the mark.

The basic issues and terms that need to be addressed in any trademark licensing arrangement include the following:

  • Identification of the subject matter of the license including the registration number and description for each mark and copies of the logo marks of the licensed trademarks;
  • Identification of the products with which the licensed trademarks can be used;
  • Identification of the markets (e.g., geographic territory) in which the licensed trademarks can be used (i.e., the markets in which products bearing the licensed trademarks can be marketed and sold);
  • Description of the licensee’s obligations under the agreement including compliance with applicable laws and regulations, maintenance of quality of the licensed products, standards of use of the licensed trademarks, and commitment to use best efforts with respect to manufacture and marketing of the licensed products;
  • Description of the consideration to be paid by the licensee for the license including any licensing fees and royalties payments based on sales of licensed products;
  • Description of licensee’s obligations relating to maintenance of books and records and licensor’s rights to audit such books and records and conduct inspections of processes used by licensee to comply with its obligations relating to use of the licensed trademarks and quality of licensed products;
  • Restrictions on licensee’s ability to assign or sublicense the license;
  • Procedures to be followed in the event of any actual or potential third party infringement of the licensed trademarks;
  • Representations and warranties from the licensor regarding ownership of the licensed trademarks and right to assign, the absence of any pending infringement claims and the absence of any other licenses of the licensed trademarks that would be inconsistent with the rights granted to the licensee;
  • Indemnification of the licensor by the licensee against claims made against the licensor based on or arising out of any manufacture, sale, or use of the licensed products (including products liability claims), based on the licensee's infringement or violation of any third party rights as a consequence of use of the licensed trademarks in accordance with the terms of the agreement, or based on or arising out of any violation of the agreement by the licensee;
  • Indemnification of the licensee by the licensor against claims made against the licensee based on or arising out of any third party claim that licensee's use of the licensed trademarks infringes the rights of such third party (except to the extent the claim relates to a matter for which the licensee is obligated to indemnify the licensor), based on or arising out of any third party claim that the registration of the licensed trademarks or the ownership rights of the licensor therein are invalid or unenforceable or the agreement is invalid or unenforceable against the licensor, or breach of any of the representations and warranties made by the licensor under the agreement;
  • The term of the license, renewal procedures, rights of both parties to terminate the agreement for cause, and procedures for orderly cessation of business following termination or expiration of the license; and
  • Miscellaneous provisions include notice procedures, governing law, dispute resolution procedures, integration clauses, and procedures for amendments and waivers.

The content in this post has been adapted from material that will appear in Technology Management and Transactions (Fall 2008) and is presented with permission of Thomson/West.  Copyright 2008 Thomson/West.  For more information or to order call 1-800-762-5272.


Entrepreneurship and Innovation

Any attempt at starting a new business, regardless of the size of the firm or the sophistication of its products or services, falls squarely within the definition of entrepreneurship and generally carries the same levels of risk and stress for the persons involved in the process.  Entrepreneurship programs launched and administered by governmental agencies and non-profit organizations are primarily geared toward “small businesses” that often rely on readily available technologies and their goal is to ensure that interested persons have access to basic information about starting a business, complying with applicable laws and locating financing sources.  Proprietorships and small firms with less than 20 employees have always been an important part of the economic landscape and this should continue in the future as technology, such as the Internet, makes it easier for entrepreneurs to put their business ideas into practice and quickly and efficiently reach prospective customers and other business partners.

An important niche within the entrepreneurial community, which has been readily filled by universities, focuses on new business formation for the purpose of identifying, developing and commercializing relatively risky and unproven technologies and business processes.  The study of entrepreneurs and their firms that are involved in these sorts of activities is referred to as “entrepreneurship and innovation.”  A number of different definitions and explanations of “innovation” have been offered by academicians and commentators.  For our purposes, it is useful to think of innovation as the process of successfully acquiring and implementing new ideas within a business organization.  As suggested by this formulation, new ideas can be developed and created internally, or can be borrowed or purchased from other organizations.  New ideas are not confined to new products and services, but also include new or improved processes that enhance productivity or reduce costs associated with manufacturing or distributing existing products.  Put another way, innovation involves firms doing new things in new ways to increase productivity, product development, sales and profitability, including finding new ways of identifying the needs of new and existing clients and making and marketing products that satisfy those needs. 

In his book, Innovation and Entrepreneurship, Peter F. Drucker forcefully promoted the interrelatedness of entrepreneurship and innovation and the need for entrepreneurs to recognize and learn the disciplines and principals of innovation and practice them in the planning for their ventures:  “Innovation is the specific tool of entrepreneurs, the means by which they exploit change as an opportunity for a different business or a different service.  It is capable of being presented as a discipline, capable of being learned, capable of being practiced.  Entrepreneurs need to search purposefully for the sources of innovation, the changes and their symptoms that indicate opportunities for successful innovation.  And they need to know and apply the principles of successful innovation.”  Drucker believed that entrepreneurship could be understood as a systematic process and that opportunities for successful entrepreneurship could be uncovered through purposeful innovation and exploration of identified sources of innovation including incongruities, process needs, industry and market structures, demographics, changes in perception, new knowledge and unforeseen events.

Certainly there are important and obvious differences between launching a small shoe repair shop and developing and commercializing a cutting-edge pharmaceutical product to fend off cancer; however, those who link entrepreneurship and innovation believe that any new venture, be it a separate start up business or a product development project within a large company, can increase its chances for success by understanding and applying the principles that have been gleaned from studies of what has been referred to as the “innovation process”.  Of course, while opinions vary on exactly what that process might be it has traditionally flowed sequentially through the following phases: idea generation, concept development, resource acquisition, ramp up and launch.  Studies have shown that many the elements required for successful innovation are constant across industries and business activities and include an emphasis on product innovation, a strong customer orientation and a firm commitment to high quality reliable service.  Presumably these findings can be effectively deployed by all entrepreneurial ventures; however, it is should be understood that additional innovation strategies may be required in response to specific competitive factors in particular industries.

Others who have studied whether it is possible to differentiate “entrepreneurs” from small business owners have concluded that merely conceiving a new business was not sufficient to qualify as entrepreneurship and that the term was appropriate only for those persons who identified and created combinations of resources for the purpose of seeking profit and growth and then pursued those goals through innovative behavior and the implementation of creative management practices.  This position is consistent with the perspective taken by those who believe that strategy, rather than the personal characteristics of the founders and senior managers, is the most important and accurate predictor of whether or not a new firm will be successful in achieving its goals with respect to profits and growth.  For persons in that camp the entrepreneurial event is a moving target composed of parts that are in constant motion.  While certain personal characteristics of the founders and other members of the senior management team are important, particularly their leadership skills, it is their ability to develop and execute the appropriate strategy that is the most crucial success factor.

The content in this post has been adapted from material that will appear in Business Transactions Solutions (Winter 2008) and is presented with permission of Thomson/West.  Copyright 2008 Thomson/West.  For more information or to order call 1-800-762-5272.



Compliance Checklist for Privacy & Data Security Laws

In devising procedures for compliance with applicable privacy- and data security-related laws and regulations, the following transaction checklist may be helpful:

  1. Determine the scope of the laws and regulations applicable to the company, including whether the business activities of the company require collection of information from consumers and/or fall within specialized regulated areas such as financial services or health care;
  2. Review the steps that should be followed in order to develop a privacy and data security compliance program;
  3. Designate a chief privacy officer and invest sufficient resources to staff a privacy compliance unit and procure the necessary technology to implement an effective privacy and data security program;
  4. Consult applicable laws and regulations to develop a definition of the nonpublic personal information that must be covered by the company’s privacy and data security compliance program;
  5. Conduct an assessment of the information previously collected by the company and the current and projected collection activities of the company to create an inventory of where nonpublic personal information is collected, used, stored and transferred;
  6. Prepare and implement privacy-related policies and procedures, including general privacy policies and notices and procedures for collection and use of nonpublic personal information;
  7. Establish training programs on privacy-related compliance issues for employees, contractors and other agents of the company;
  8. Prepare and implement security requirements for nonpublic personal information, including information security policies and procedures;
  9. Prepare procedures and contractual documents with respect to handling of the company’s nonpublic personal information by business partners and outside service providers;
  10. Prepare and implement procedures for proper and effective disposal of nonpublic personal information that is no longer needed by the company to conduct its business activities;
  11. Establish procedures for investigation and notification of security breaches; and
  12. Establish and follow procedures for regular audits of the effectiveness of the company’s privacy and data security compliance program.

The content in this post has been adapted from material that appears in Business Transactions Solutions and is presented with permission of Thomson/West.  Copyright 2008 Thomson/West.  For more information or to order call 1-800-762-5272.


Entrepreneur’s Personal Skills Assessment

Research indicates that the likelihood of success for a new venture is linked as much to the knowledge and characteristics of the founders as it is to the product or service being sold.  To see if you have what it takes try and answer some of the questions listed below in order assess whether you have the personal skills to be an entrepreneur.  Be sure to ask trusted friends and business colleagues to review the worksheet questions with you to provide candid and unbiased feedback.

  • Are you a self-starter?
  • Are you self-motivated and able to persevere and keep yourself moving forward and try new solutions?
  • Do you believe in yourself and feel confident about your professional and personal skills and your ability to leverage them successfully in your new business?
  • Are you willing to work harder than you've ever worked before and for long hours without the security of a steady paycheck and no promise of ultimate success?
  • Are you healthy and do you have a regular program of exercise and diet in place that will sustain your energy level?
  • Are you willing to take responsibility for situations, make tough decisions on your own, and accept the risks of failure with respect to such decisions?
  • Are you creative and innovative and consistently able to find new ways of doing things?
  • Do you know your strengths and weaknesses?
  • Have you identified the values—honesty, service, quality, innovation, teamwork—that you believe will be most important for the operation and success of your business and have you prepared a brief description of how each of the chosen values will be used in the business?
  • Do you know what is really important to you and are you clear about the ethical values you will refer to when making decisions about your business and your actions?
  • Do you have the business skills you need to run a business?
  • Do you have managerial experience?
  • Have you worked in a business like the one you want to start?
  • Have you thoroughly researched your business and its industry?
  • Do you have the technical skills you will need to operate your particular business?
  • Have you evaluated your experience and talents with respect to the key skills and knowledge necessary for operating a business—planning, product or service knowledge, financial management and budgeting, marketing, sales, and recruitment and management of human resources?
  • Have you created a plan for obtaining information or assistance with respect to those skills and knowledge as to which you lack experience and/or talent?
  • Do you have business partners or advisors who can compensate for your weaknesses?
  • Are you a good planner and do you have the vision to see in advance the steps and tasks that it takes to get something done?
  • Are you a good listener and do you take the time to listen to and really understand what others may be thinking or feeling?
  • Can you deal effectively with other people and do you enjoy maintaining relations with others?
  • Are you an effective leader, motivator, and communicator?
  • Are you willing to delegate authority and responsibility to others?
  • Do you project a professional image to your customers and other business partners?
  • Can people trust what you say and that you will do what you say you will do?
  • Do you have the skills and other resources necessary to perform an adequate feasibility study of the key concepts underlying your idea for a new business?
  • Have you established and follow a plan for continuously monitoring events and changes in your target market?
  • Do you belong to a trade association or other business organization that provides you with opportunities to meet with other entrepreneurs and executives in your industry?
  • Do you belong to local clubs and organizations that provide opportunities to meet prospective business partners and create a positive image in your community?

The content in this post has been adapted from material that will appear in Business Transactions Solutions (Winter 2008) and is presented with permission of Thomson/West.  Copyright 2008 Thomson/West.  For more information or to order call 1-800-762-5272.


Information Security Policies and Procedures

While financial institutions have long been subject to federal and state law requirements relating to protection of nonpublic personal information gathered from consumers, it is now clear that businesses of all types will be subject to similar regulations in the future.  For example, California law requires that companies that own or license unencrypted personal information about California residents must implement and maintain reasonable security procedures and practices for that data.  The California statute does not specify the required level of security, other than to say that it must be "appropriate to the nature of the information" to protect the personal information from unauthorized access, destruction, use, modification or disclosure, including prohibitions on disclosure of such information to unaffiliated third parties unless such parties contractually agree to maintain reasonable security procedures.  As such, more and more companies will need advice on how to comply with personal information security requirements, including preparation and implementation of appropriate policies and procedures.  The need to provide assistance in this area is even more acute given that consumers have become increasingly sensitized to the risks of identify theft and have become more adamant in their demands that the companies from which they procure goods and services demonstrate that they are committed to protecting personal information they receive from their customers.

When establishing appropriate compliance strategies and information security procedures for collecting personal information, companies should:

  • Establish internal guidelines and policies that assure the uninterrupted security of nonpublic personal information.
  • Create and implement employee training measures and supervision systems to ensure that personal information is protected during day-to-day handling and use.
  • Establish and continuously evaluate information security systems that include adequate protective physical safeguards and technological measures in support of information security policies.
  • Inform all business partners and service providers that handle personal information of their responsibility to ensure that their policies, procedures and practices maintain a level of security consistent with the company’s own information security policies.
  • Establish procedures for disposal of personal information in a secure manner and in keeping with the approved records retention schedule and the company’s overall policy objective of minimizing the risk of loss or unauthorized access, use or disclosure of such information.
  • Implement plans for conducting an independent assessment of the effectiveness of the policies and procedures that have been put in place by the company for the protection of nonpublic personal information.

The process of developing an appropriate and effective set of information security procedures is a time-consuming process that requires participation and support from various functions within the company, including sales, accounting, credit, human resources and information technology.  In order to make sure that the programs and procedures are effective companies must designate an employee or employees to coordinate the information security program.  In addition, senior management should be publicly committed to the initiative based on the realization that information security has become a globally recognized element of business ethics policies and practices for companies in a wide range of industries. 

The content in this post has been adapted from material that will appear in Business Transactions Solutions (Fall 2008) and is presented with permission of Thomson/West.  Copyright 2008 Thomson/West.  For more information or to order call 1-800-762-5272.


Privacy Policies and Notices

Every business, regardless of its size or line of business, should prepare, adopt, disseminate and follow appropriate policies and procedures with respect to protecting the privacy rights of its customers, employees and business partners.  One of the cornerstones of the privacy program is a comprehensive privacy policy or notice that is made available to customers and other parties from whom nonpublic personal information may be collected.  At a minimum a comprehensive policy or notice should include the following:

  • An explanation of the reasons that the company collects personal information from its customers and other parties;
  • A description of the specific types of personal information that the company regularly collects from its customers and other parties including examples of activities and transactions that will typically include information collection;
  • A description of how the personal information collected by the company may be used in the company’s day-to-day activities and in the course of providing products and services to its customers;
  • When applicable, a discussion of how personal information is collected and used when customers purchase gift cards and use other online services;
  • A statement that information that visitors to the company’s web site voluntarily disclose in a public fashion is public and not subject to the protection obligations assumed by the company;
  • A description of when and how the company discloses personal information and the steps that must be taken by customers and other parties to restrict such disclosures;
  • A description of the measures taken by the company to protect personal information collected from customers and other parties;
  • A description of the procedures which customers and other parties can follow to access their personal information to verify the accuracy of such information;
  • A statement regarding the suitability of website content for children and other information required by federal and state laws regulating online marketing of products and services to minors;
  • Instructions regarding how answers can be obtained to any further questions a customer or other party might have regarding the company’s privacy policy.

Statutes and related regulations play a significant role in the form and content of privacy policies and procedures and organizations must be mindful of the industry-specific requirements to which they may be subject.  For example, financial institutions publish their privacy principles in the form of a privacy notice that must be delivered to consumers that have a sufficient level of business contact with the institution.  The form of the privacy notice for a financial institution is determined in large part by the requirements of the federal Gramm-Leach-Bliley Act and financial institutions, such as a bank, will generally prepare a lengthy form of notice that includes additional information that may be of interest to consumers regarding the protection of the private information.  Health care providers and health plans should draft their privacy notices to conform to the requirements of the federal Health Insurance Portability and Accountability Act of 1996.

The content in this post has been adapted from material that will appear in Business Transactions Solutions (Fall 2008) and is presented with permission of Thomson/West.  Copyright 2008 Thomson/West.  For more information or to order call 1-800-762-5272.