LES Global News—Reviews Book Review | By Dwight C. Olson, CLP
SECRETS
Managing Information Assets In The Age Of Cyberespionage By James Pooley Published by: Verus Press (June 30, 2015) ISBN-10: 0996391002 ISBN-13: 978-0996391009
I
n reviewing a book, I like to look at the table of contents, read the forward, scan the book, and think about the author and how I might begin. Sound familiar? I re-met James Pooley at the LESI/WIPO joint meeting that was associated with the LESI winter meeting a few years ago in Geneva. James Pooley was appointed the deputy director general for innovation and technology at the World Intellectual Property Organization (WIPO), one of the specialized agencies of the United Nations. He oversees the operation of the international patent system, as well as programs directed at the development of patent laws and innovation ecosystems, particularly with regard to small and medium-sized enterprises and universities. As James was head of the patent system there, I was intrigued with what he would have to say on managing secret information assets in his book “Secrets” in the age of cyber espionage. In the Introduction and Chapter 1 “Secrecy in the Age of the Internet” of the book, James sets the stage by describing management of secrets in the industrial age. These industrial age processes to keep information secret are going to be a bit different in managing secrets in today’s Internet information age. James touches on “Open Innovation and Global Supply Chains,” “Big Data and the Internet of Things,” and a “Million Doors to Your Data” that will require new management thinking. However, in closing of Chapter One, he reminds us that employees are “Still the Biggest Source of Loss.” In Chapters 2 and 3, Chapter 2 “What is a Trade Secret” and Chapter 3 20
“Who Owns Information” James takes us on a mental journey from the monks who stole China’s secret silkworm process to how industrial processes were controlled during the time of guilds and merchant societies. He reminds us that America’s Industrial Revolution was based on the theft of trade secrets and how the quandary of industrial espionage vs. unfair practices in the 19th and 20th centuries led to the modern robust rules of protecting commercial secrecy. James touches on “Commercial Secrecy and Common Law,” “What Makes a Secret Protectable,” and “Who Owns Information?.” In Chapter 4, he discusses “How the Law Protects Secrets” with a reminder that “the global rules on trade secrets are fairly simple: the law protects information that (1) is not generally known or very easy to get, (2) has value because it is secret, and (3) has been reasonably well protected from disclosure by the owner…. This is the standard reflected in Article 39 of the 1995 TRIPS (Trade Related Aspects of Property) … In effect it has been embraced by each of the 160 member countries of the WTO. How well it is enforced in each of those countries is another story…” He concludes this chapter with how trade secrets compare to other forms of IP protection and how secrecy can be integrated with other kinds of protection. Chapter 5 “Managing Your Information Assets” is where James starts to deal with the core message of his book: “how to manage these valuable assets, keep them safe, stay out of trouble, and maximize their utility in your business.” This chapter is what he terms “best
Licensing Executives Society International
practices in information protection” and calls attention to the current most significant 2014 publication on cyber security, the National Institute of Standards and Technology (NIST) “Framework for Improving Critical Infrastructure Cybersecurity.” As he says “So what relevance does that have for you if you run a different or smaller enterprise that perhaps isn’t essential to keeping the lights on and money flowing? The answer is that the framework was reasonably well designed and is expressed in terms that are applicable to most businesses regardless of size or sector or nationality.” James highlights the five principles of a protection plan that should drive trade secret protection. First, information should only be available to those with a need to know. Second, is simplicity. Third, you can’t keep everything secret all the time. Fourth, the greatest risk is inside, not outside. Fifth, information security is just ordinary risk management. Also, risks change with time and circumstances, so risk assessment must be a continuing process. I really appreciated his note of caution to start-up companies. “After decades in Silicon Valley, I appreciate the pressures that force new companies to triage their priorities and getting a prototype ready may seem like the only objective worth focusing on. But if in the process of pushing innovation out the door you destroy any chance of protecting the competitive advantage it represents, all of that work will serve only to power someone else’s market success.” He concludes this important chapter with his thoughts on “The Cloud,” “Training the Workforce,” Collaborations,” and “Commercializing Secrets.” SECRETS, continued on Page 21