On the same day the FTC proposed a new rule banning non-competes, something else major happened in the world of IP (Intellectual Property) protection, but it seemed to get lost in the noise. The Biden administration passed the Protecting American Intellectual Property Act of 2022 (S 1294). The details of this act are nicely summarized in the American Intellectual Property Law Association (AIPLA) newsletter from today by Sheppard Mullin Richter & Hampton LLP (below). My non-lawyer quickie version of this is that if a person or entity is determined by the President (who briefs him?) to have stolen or participated in the taking of a US company's trade secrets that “significantly” impact our national security, then that person or entity will be sanctioned in 5 different ways (from a longer list of optional sanctions). This is a very big deal and has major implications for the companies who might be the subject of these sanctions (having arguably not been given due process to prove innocence or guilt). And the point of the summary is well taken and agreed; the vagueness in some of the phraseology could make this very messy in practice.

However, I would like to applaud the fact that we are finally doing something at the national level about the fact that so much of our valuable IP goes out the door (and across the border to our adversaries in many cases) every day. The other side of this discussion argues that this Act doesn’t go nearly far enough. Trillions of dollars in value in the US economy are attributable to in intellectual property assets which, in the case of Critical Infrastructure industries, can hinder or help in the protection of our collective financial strength and personal safety.  So, WHY are there no requirements around identification, security, recovery and response planning, disclosure, and the impacts of such losses for the theft of these types of assets when they are so critical?  Especially considering that we’ve spent the last 15 years developing “cyber” and privacy laws that dictate security requirements, business continuity planning, notification, disclosure around personally identifiable information (PII). As discussed in an article I recently wrote (below), PII does not have nearly the same level of importance/value as the types of IP we’re talking about here. 

For publicly traded Critical Infrastructure companies in particular, there should be an expectation (dare I say “requirement”?) that the Ds & Os are educated about and briefed regularly on the risks and exposures to a company around its IP, particularly trade secrets which maintain their value only when they are “secret”. They should be able to articulate the risks, mitigation tools and techniques, and implications of loss just as they do for any other asset. Where is the legislation/regulation on this? I know we don’t want “big government” but I’d rank this issue as more important than ESG which is taking up some much bandwidth these days.

My previous blog: https://www.crownjewelinsurance.com/blog/trade-secrets-inside-critical-infrastructure

Lexology/AIPLA article: Potential Sanctions for Alleged Intellectual Property Theft on the Horizon? - AIPLA Newsstand - Powered by Lexology