Practical Compliance
Topics generally focused on technology, law, government and management practices for small businesses and nonprofits. (Links to my Twitter and LinkedIn pages are at the end of the "Twitter Updates" sidebar, below right.)
Friday, April 19, 2019
THE POWER OF "YES IF"
Saturday, July 7, 2012
Employer Risks Related to Social Media Policies
The three reports she references can be found on the NLRB website at these links:
Memorandum 11-74: August 2011
Memorandum 12-31: January 2012
Memorandum 12-59: May 2012
The first two memos discussed various charges related to employer-employee disputes over Facebook usage. The newest memo covers seven cases where the Board evaluated employer policies on social media. In six of them, the Board found the policies overbroad, but in the seventh, the policy was upheld.
Acting General Counsel Lafe Solomon even included the validated policy as an attachment to the May 2012 memo.
With Luchka's coverage of the memo, you have a good summary, but I recommend reading the memo for yourself and especially comparing your social media policy against the one--the only one so far to my knowledge--that the Board validated. And remember: NLRB guidance is not just for employers with unionized workers!
Monday, June 25, 2012
Hyper Cybersecurity for Lawyers?
In a June 25, 2012, Wall Street Journal article, "Lawyers Get Vigilant on Cybersecurity," Jennifer Smith describes a number of security breaches and attempted hacks at law firms around the U.S. One of the scenarios describes hackers who target lawyers' smart phones to gather confidential information about the lawyers clients or legal services. While most would argue that a law firm has a duty to use reasonable means to keep all equipment provided to the firm's employees, including smart phones, free from such malware, does that also apply to the personal devices used by firm employees? What about online shared file services like DropBox, Box.com or Google Drive, where lawyers and clients can exchange documents electronically?
The Rules
Though most laws that cover cybersecurity also apply to lawyers and law firms, additional duties apply under rules of professional conduct ("ethics") and concepts of fiduciary responsibility under the law of agency. The present American Bar Association Model Rules of Professional Conduct contains Rule 1.6(a) which reads:
(a) A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is permitted by paragraph (b).
The rule language, adopted in most states as binding on lawyers admitted to practice in those states, is very broad. Two comments to the rule provide some clarity, though they were obviously written before smart phone hacking was perceived as a big risk to the legal profession. I have emphasized some key language in Comments 16 and 17 below.
[16] A lawyer must act competently to safeguard information relating to the representation of a client against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer's supervision. See Rules 1.1, 5.1 and 5.3.The rule and comments could be construed to require, depending on whether the state has adopted the ABA version of Model Rules 5.1 and 5.3, the law firm to take reasonable steps to protect client confidences regardless of whether the confidential information is transmitted via a firm-issued or employee-provided device. That is a huge expansion of the domain most firm IT departments are given and potentially significant increase in cybersecurity costs.
[17] When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the reasonableness of the lawyer's expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement. A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to the use of a means of communication that would otherwise be prohibited by this Rule.
The ABA is currently considering changes in this area. On May 7, 2012, the ABA Commission on Ethics 20/20 published several proposals that will be considered by the ABA House of Delegates this August. One Resolution and Report specifically addresses "Technology & Confidentiality." Recognizing the fast-evolving world we work in, the Commission observed:
Today, lawyers regularly communicate with clients electronically, and confidential information is stored on mobile devices, such as laptops, tablets, smartphones, and flash drives, as well as on law firm and third-party servers (i.e., in the “cloud”) that are accessible from anywhere. This shift has had many advantages for lawyers and their clients, both in terms of cost and convenience. However, because the duty to protect this information remains regardless of its location, new concerns have arisen about data security and lawyers’ ethical obligations to protect client confidences.As a result, the Commission proposed a new paragraph (c) to Model Rule 1.6:
Technology is also having a related impact on how lawyers conduct investigations, engage in legal research, advise their clients, and conduct discovery. These tasks now require lawyers to have a firm grasp on how electronic information is created, stored, and retrieved. For example, lawyers need to know how to make and respond to electronic discovery requests and to advise their clients regarding electronic discovery obligations. Legal research is now regularly and often more efficiently conducted online. These developments highlight the importance of keeping abreast of changes in relevant technology in order to ensure that clients receive competent and efficient legal services. (ABA Commission on Ethics 20/20 Report, "Introduction and Overview," p. 4, footnotes omitted.)
(c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.In addition, the Commission proposed a substantively revised Comment 16:
[16] Paragraph (c) requires a(Again, some of these changes will apply differently if your state does not have the exact ABA version of Rules 5.1 and 5.3.)Alawyermustto act competently to safeguard information relating to the representation of a client against unauthorized access by third parties and against inadvertent or unauthorized disclosure by the lawyer or other persons or entities who are participating in the representation of the client or who are subject to the lawyer’s supervision. See Rules 1.1, 5.1 and 5.3. The unauthorized access to, or the inadvertent or unauthorized disclosure of, confidential information does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule. Whether a lawyer may be required to take additional steps to safeguard a client’s information in order to comply with other law, such as state and federal laws that govern data privacy or that impose notification requirements upon the loss of, or unauthorized access to, electronic information, is beyond the scope of these Rules. For a lawyer’s duties when sharing information with nonlawyers outside the lawyer’s own firm, see Rule 5.3, Comments [3]-[4].
If adopted by the ABA House of Delegates, each state would then decide whether to adopt some or all of the changes in their rules of professional conduct. Until adopted in a state, the ABA Model Rules are purely advisory, of course, but can be used by courts as guidance on issues of professional liability.
Pre-emptive Proactiveness
So what should a firm do? First of all, a written policy is essential. Lay out practical guidance for the employees that (a) reminds them of all the obligations that everyone--not just those with a law license--must follow, (b) points out the places of vulnerability and highest risk, much like you would warn against posting passwords on the wall by their computer, (c) explains what the firm can and will do--and what it will not do--to help protect office systems and confidential data, (d) clarifies through several examples of what information is confidential and best practices for reasonable efforts to prevent unauthorized disclosures and (e) draws a bright line wherever possible between which activities are permitted and which are not--as well as how to request an exception in appropriate circumstances.
Secondly, be very deliberate as to which employees get what hardware. Some may only need a "dumb" device that has nothing stored on it locally, but can remotely access selected online resources in limited circumstances. Others may need full-functioning tools some days and the "dumb" devices on others. If you issue full-access hardware to everyone all the time, you may have a difficult time explaining how that is reasonable or part of a prudent program to prevent problems.
Thirdly, monitor. You may find that some IT policies are too restrictive and actually lead to more risk than they limit. If staff are emailing confidential, unencrypted documents to their gmail accounts so they can work on them at home, look for a better way to support their needs that does not send them to a self-devised work-around. If some people use their personal smart phones to talk to clients or co-counsel, determine if the firm should provide a phone it can routinely scan for viruses and remotely kill if lost, or if there is another way to help the lawyers work with less risk than an unprotected smart phone that could be home to listening and keylogging malware.
Fourth, educate the clients, too. All the security in the firm won't be worth much if the client waives lawyer-client privilege by working on personal legal matters through her employer's computer or does not have a virus protection program. The blame may be hard to place without a lot of forensic review and valuable time, even if you eventually confirm that no systems at the firm led to the disclosure.
Finally, know the law. Is your firm subject to the mandatory disclosure laws when private information is disclosed through a hack? Are you obligated to take preventive measures before a problem occurs? Each state has different levels of responsibility for unauthorized disclosure of client information and some rules that traditionally have been enforced only against consumer businesses could also be used against professional services businesses (think: medical records) unless there is an express exemption.
Bottom line: start now to put "reasonable" preventive measures in place to prevent unauthorized disclosures of confidential information and to comply with state and federal data privacy laws that may govern how you store data as well as report security breaches.
Monday, April 23, 2012
Launching New Blawg
So click on over to the other blawg and take a look. I look forward to your thoughts and comments!
Thursday, March 17, 2011
Drafting Good Policies for Social Media Use at Work – Part Two
In my first post on this topic, I covered some of the risks inherent when employees participate in social media systems (“SM”) whether officially on behalf of the employer or unofficially. This post outlines guidance for crafting an atmosphere at work that embraces SM while educating and guiding employees to prevent problems and protect the employer, other employees and the public.
Basic Policy
Your organization may already have rules and regulations that apply to your industry or operations. You may even have agreements in place with each employee at hiring that cover confidentiality, protection of intellectual property and duties of non-disclosure. It may be that you already have all the official policy language you need to address the risks listed in the earlier posts should an employee cross any of those lines. Why have yet another one?
SM gives people power of a magnitude they have not had before. Destructive, impulsive and malicious actions have never been as easy to permanently and broadly publicize as they are now that we have linked to each other through the Internet and mobile phone networks. Do not assume everyone will connect the dots. Even if you already have all the official and legal protections in place, pull it all together in a reminder that puts each obligation into the SM context. If you do not have everything covered, fill in the gaps. Make sure everyone clearly understands their obligations.
“Friending-Friendly" Rules
Once your policies, confidentiality and non-disclosure agreements adequately cover the prohibitions and restrictions that apply to each employee, turn the opposite direction and put guidelines in place that help the well-intentioned. Rather than a list of “Do Not” items, for example, lay out the reasons for concern and points to keep in mind when communicating with others in any way that may involve or reflect on the employer or other employees. Phrase them in "Do" terminology.
There are a number of resources rich with references and examples of how other organizations have approached this challenge. Several are listed in the footnote. Among them all, there are four main ingredients for an effective, comprehensive SM policy:
1. Concern. Acknowledge the existence of SM. Some companies and organizations prefer an “ostrich approach” and essentially pretend SM is not pervasive, not used widely among their staff and poses no threats. What you don’t say CAN increase the risks to your organization, the public and your employees. Step forward and embrace reality. Make it a point to show you know and understand the power, potential and pitfalls of SM usage and that you are establishing consistent guidance that makes sense within the organization’s particular needs.
2. Community. Stress the importance of being transparent and clearly distinguishing whether you are or are not representing the organization. Leave no doubt. This is an issue of honesty to their "friends" and integrity in their online community. Give examples of how to scrub online profiles of all links to the organization, for example, and disclaimer language that you believe is sufficient and appropriate for most contexts. Explain how others may be confused by a person's role or position with the organization so they clearly see the risk. Employees of a legal department could be misunderstood as giving legal opinions, for example; those who work for a publicly-traded company might be misinterpreted as divulging hints that influence others to buy or sell stock in that company; behaving as if you have "secret" information could look like someone revealing previously non-public facts about the company; etc.
Be detailed and specific. Explain how links, logos, email addresses, lingo and job titles may divulge or mislead as to their relationship to the employer even if the employer’s name is not shown. There should also be a consistent method of “branding” officially-sanctioned SM activities so the public can easily identify those and distinguish them from others.
3. Conduct. Remind staff of the public nature of “private” postings and how online activities may be traced. Share some examples of embarrassing consequences others have endured that make an inadvertent “reply all” mistake look miniscule by comparison. Respect runs both ways and the “Golden Rule” and “Granny’s Rule”* are useful guidelines that help make your point. It is always wise to assume that your staff will NOT make the same assumptions you do. Employees are diverse in many ways other than skin color, so spell out the workplace rules that govern appropriate uses of SM during working hours, on the employer’s equipment, etc. Just because activities are permitted or even encouraged in the organization’s Wiki, for example, does not transfer to personal blogs or other non-work-related SM activities.
4. Confidentiality. What one person thinks is “confidential” or covered by your confidentiality policy may be quite different from what another thinks. Remember that people in different jobs have different perspectives and may have been taught different obligations based on their roles. This is a good place to roll it all into one statement that summarizes and refers to the restrictions and duties regarding confidentiality, professional responsibility, non-disclosure, privacy, public/non-public information, trade secrets and communication with people outside the workgroup. You might be amazed at how some never connect themselves to the bigger picture.
Someone in the IT department may not think twice about posting a question in a peer support Wiki that can expose security weaknesses or divulge trade secrets if they are not made aware of how easy it is to do. A support staff member may not be aware of how rules of professional responsibility that govern the supervisors apply to his work. Those who do not often work with the public or in a PR function may overlook the issues with commenting about a particularly problematic day at work or potentially disastrous issue they are working to contain. Trust them to do the right thing the vast majority of the time, but equip them to understand where the boundary lines are so they do not accidentally cross them.
Conclusion
Your policy documents will have more detail under each of these general areas that fit your organization’s unique needs. If you don’t already have the fundamental policies and employee agreements in place, you may need to consult legal counsel about what to do. If your employees are located in more than one jurisdiction, you definitely need to know what difference that may make on any such policy and whether you can consolidate them all into one document or need different versions.
Social media has been here long enough that no one seriously expects it to go away anytime soon. Rather than obstruct or block SM use, proactively educate your staff and address the risks, responsibilities and rewards of appropriate social media usage and you will more likely benefit from risk containment as well as employee confidence in your leadership.
_______________________________
* The "Granny Rule:" If you wouldn't want Granny to see it online, don't post it.
Monday, March 14, 2011
Who Owns the Copyright in Work Created While Employed? (cont'd)
1. Who owns what?
2. How will the employer “pay” for the creator’s rights?
3. What is covered by the agreement?
4. What duties does each party owe to the other?
5. What about work product the employer sells to others?
6. How will each address exceptions?
7. When does the IP rights agreement start and end?
8. How will disputes be handled?
9. What happens if the parties can’t resolve a dispute themselves?
In that post, I covered the first four. Now, I will address the rest.
What about work product the employer sells to others?
When one person sells the work of another who is the author of some or all of the work, the author is generally still entitled to compensation unless the author has given up that right. Not so for “works made for hire.” Because the copyright is automatically given to the employer, the author can not revoke or claim an interest in the rights without an express conveyance from the employer or a written agreement with the employer at the time the work was created (17 USC 203(a)).
A clearly-worded written agreement at the outset can allocate any rights that will not be exclusive to the employer (exceptions) and any rights reserved by the employee.
How will each address exceptions?
Some agreements attempt to cover everything the author creates during the employment term, whether or not related to the employer’s business. Those are likely not enforceable beyond what is reasonably tied to the employer’s business or created using the employer’s tools, equipment or proprietary processes, without special "consideration" to pay for works created outside the scope of employment. Others are less clear about work authored at home after work hours, for example, or in concert with others who are not employees of the same employer.
Better to be clear. Describe the works that are deemed included and then list the exceptions. Are some rights world-wide, for example, while others only have a limited geographical license? Are they exclusive rights, meaning no one else can have them at the same time? Are there rights reserved to the author for certain limited uses?
It is difficult to anticipate every possible future event, so provide a mechanism for each party to notify the other that a particular work is included in or excluded from the agreement’s scope.
When does the IP rights agreement start and end?
Unless the work is "prepared by an employee within the scope of his or her employment; or
". . . “the parties expressly agree in a written instrument signed by them that the work shall be considered a work made for hire” (17 USC 101) (1)), or the author transfers the copyright with “an instrument of conveyance, or a note or memorandum of the transfer, is in writing and signed by the owner of the rights conveyed or such owner's duly authorized agent,” (17 USC 204(a)) (2)), the author retains full rights. Parties can agree to buy or sell their respective rights in intellectual property at any time, whether the works already exist at the time of the agreement or are created in the future. Designate the specific starting date and describe when it terminates.
Address the rights that will survive termination of the agreement and those that expire with it so that both sides know their obligations even after they part ways. For any that continue after they separate, be clear on the term, geographical scope and relative priority of the rights.
How will disputes be handled?
If one party disagrees with the other’s interpretation or application of some part of the agreement, what is the preferred method of documenting the concern and the resolution? Are specific people or documents required? Will the procedures produce a result for future reference if needed?
Most agreements address litigation restrictions, but many fail to outline informal dispute resolution procedures or emphasize that they are preferred or even required before either party may begin legal action. You don’t have to go as far as a binding arbitration clause, but you can still guide disputes through a pre-litigation attempt to resolve them.
What happens if the parties can’t resolve a dispute themselves?
As with pre-nuptial agreements, where the pre-wedding couple dislikes thinking about divorce at the beginning of their marriage, employers and new employees dislike thinking about litigation when they are about to enter their “honeymoon phase.” Even so, it is important to nail down the laws that will apply to the agreement, the place where any legal action must be filed and any other variables that may change the terms of the agreement down the road as circumstances change. You need predictability and confidence that a provision in the agreement will not be turned on its head should one party relocate to another jurisdiction with different laws and legal procedures.
Here is where you can insert the arbitration clause, if desired. Also address venue, applicable rules of procedure and law and how costs of litigation will be divided if one party prevails over the other in the litigation.
Other Issues
This post does not address the issues that come up when an author conditionally grants a license to another who then breaches the license terms or fails to warn a subsequent purchaser of the original license terms. I discussed some of these risks in an earlier post, but there are many more to cover at another time.
Conclusion
With a well-written agreement that both parties understand, many disputes can be prevented and those that do arise can be managed. Think through the situation from both sides, use plain language whenever you can, and get solid legal advice before you sign. With those and some luck, you should be able to avoid problems down the road.
Wednesday, March 9, 2011
For The Children
(1) there is a need to provide equal access to the system of justice in our Nation for individuals who seek redress of grievances; (2) there is a need to provide high quality legal assistance to those who would be otherwise unable to afford adequate legal counsel and to continue the present vital legal services program; (3) providing legal assistance to those who face an economic barrier to adequate counsel will serve best the ends of justice and assist in improving opportunities for low-income persons consistent with the purposes of this Act. (4) for many of our citizens, the availability of legal services has reaffirmed faith in our government and laws; (5) to preserve its strength, the legal services program must be kept free from the influence of or use by it of political pressures; and (6) attorneys providing legal assistance must have full freedom to protect the best interests of their clients in keeping with the Code of Professional Responsibility, the Canons of Ethics, and the high standards of the legal profession. (2)
The bill passed with bi-partisan support in the House of Representatives (276 to 95) and the Senate (75 to 18) and was signed by President Nixon on July 18, 1974. (3) It has enjoyed strong bi-partisan support for over 30 years.(4) LSC Works Aided by a legion of volunteer lawyers who donate some of their time to and through pro bono programs, these paid staff know that “injustice anywhere is a threat to justice everywhere.” (5) They work full-time to help as many people as they can in civil legal matters that high-income families will likely never have but would have the resources to address timely and completely. LSC is the single largest provider of civil legal aid for the poor in the nation. Designed on a “conservative” agency model, LSC distributes 95% of its funding to 136 non-profit law firms who hire the staff and work on the unmet legal needs in their communities. (More here…) Today, in the race to hastily slash the federal budget, Congress is considering huge cuts and potential elimination of the Legal Services Corporation. Hopefully, those scenes will not occur here our representatives will reconsider and see the savings LSC’s grant recipients deliver in exchange for their funding.
Keep LSC Working If you work in the legal profession, you can help by contacting your U.S. Representative and showing your support for this program. Make your local legal aid program your "charity of choice." Tell your friends and family why you believe in "equal justice under law" or recite the Pledge of Allegiance that ends with "...and justice for all" and ask them to write or call.
Better yet: ask them to do it for the children. They can't fight this themselves.
NOTES
1. George Washington to Edmund Randolph, September 28, 1789
2. Legal Services Corporation Act, 42 U.S.C. 2996
3. Library of Congress Legislative Histories.
4. Remarks to New Mexico Bar Association reception in Albuquerque, Oct. 20, 2008.5. From “Letter from a Birmingham Jail,” April 16, 1963 (4th paragraph).
Thursday, March 3, 2011
Who Owns the Copyright in Work Created While Employed?
The Copyright Act of 1976 (17 USC Section 101-810) (1) gives ownership rights of music, text, artwork, computer code and other such "original works of authorship" (17 USC Section 102(a)) to their authors by default with a few exceptions. (2) No registration by the original author is necessary. One of the exceptions is the so-called “works for hire” exception (more accurately called “works made for hire”) defined in 17 USC Section 101), that gives at least co-ownership of the authored work to the author and the one who paid to have it created.
You can see how someone who hires a sculptor, for example, to create a specific work of art would expect to have some ownership in the creation he paid for. In the technology sector, this issue comes up most often with respect to software code written by employees (3), contract employees and others who perform work that is accumulated into the final software product. Copyright protection extends to copyrightable expression within a computer program, but not to ideas, program logic, algorithms, systems, methods, concepts or layouts (17 USC Section 102(b)) which typically fall under the U.S. patent law (see 35 USC Sections 100 and 101 , e.g.).
Ownership of a copyright can generally be transferred only with "an instrument of conveyance, or a note or memorandum of the transfer, is in writing and signed by the owner of the rights conveyed or such owner's duly authorized agent" or by operation of law. (17 USC Section 204(a)). While many employers have new hires sign an agreement at the start that clearly states the employer will own everything the employee creates while working there, some still do not take this simple, pro-active step. And non-traditional workers pose special challenges.
On top of those, add the challenges that come when the employer sells the work product of the author. Government procurement regulations often require vendors to release some or all of their rights to any intellectual property (“IP”) included in the deliverables. (See standard Federal Acquisition Regulation clauses 52.227-14 through 52-227-20, for example or Policy Notification 49 in Canada, which many state, provincial and local governments pattern their own rules after.) Commercial purchase agreements generally have similar provisions.
And finally, there is more often these days than in the past a challenge that comes when the employee modifies or incorporates work authored by others who may not be employed by the same employer. The ease with which a programmer can find and incorporate “open source” software components exposes the employer to potential claims of people the employer never intended to involve in a project. The employee is also potentially at risk.
Preventing Disputes
Employers and employees can prevent a lot of problems by clarifying their rights in writing at the beginning. Here are some things to keep in mind when creating an agreement that covers copyrights (and most other intellectual property rights) between employer and employee or to define contract services.
1. Who owns what?
2. How will the employer “pay” for the author’s rights?
3. What is covered by the agreement?
4. What duties does each party owe to the other?
5. What about work product the employer sells to others?
6. How will each address exceptions?
7. When does the IP rights agreement start and end?
8. How will disputes be handled?
9. What happens if the parties can’t resolve a dispute themselves?
In this post, I will cover the first four. The rest will be in a later post.
1. Who Owns What?
Most of the time, the parties come together with rights in work product created before they associate. Employers need to know what the employee already owns and the employee needs to list in detail the pre-existing work before work begins so there is no question about the date of creation or the applicability of the employment agreement’s terms. It is important that the employee list any liens or other claims against any of her work and to show that those claims will not apply to work created for the employer.
Describe the parties, indicating who is employer and who is employee, and that the future works subject to the agreement will be made within the scope of the employee's duties. Be sure to address the potential claims of third parties to any of the pre-existing work, especially if any of them work or have worked for the hiring employer or if the new employee may have potential claims by a previous employer to any work she claims. Then describe what rights the employee will surrender to the employer and the exact date and time, including time zone, the employer’s rights will begin. Be specific. Each of these can be a source of disagreement later.
2. How will the employer “pay” for the author’s rights?
An essential element of a valid contract is the “consideration.” One party must give something of value to the other for the second party’s deliverable. Consideration does not have to be in cash, however. Depending on the circumstances, consideration may be the extension of a job offer, or giving up a valuable right or an obligation to do or refrain from doing something in the near future, for example. State clearly what the consideration is and that the parties agree it is sufficient consideration for the future IP rights surrendered by the employee as well as the employer's right to re-sell the work authored by the employee without further compensation.
3. What is covered by the agreement?
This seems intuitive until you dig into the possible scenarios. What about work done after hours though on the employer’s equipment? Or at home after hours on the employee’s own equipment? Can the employee perform the same type of work for others? Can she add to pre-existing works that do not relate to the employer’s business? Address as many scenarios as you can but also include guidelines for the parties to raise and address unforeseen situations in a pro-active manner. It may be wise to include a provision where everything is deemed surrendered unless excepted by separate written agreement prior to creation.
4. What duties does each party owe to the other?
Initially, there are duties of disclosure. Is the employee bound by any nondisclosure or non-competion agreement? Does the employee know of any potential claims by others to his work? Does the employee hold rights in IP used or also owned by potential competitors?
Next, there are duties during the employment or contract term. Has the employee used the work of others in his work? If so, there should be an itemized list of the source, all applicable license terms, where you can get a copy of the license and how the license was acquired. The employee should be required to get permission before incorporating any works of others and should be on notice of potential consequences for violating that clause.
In the second post on this topic, I will cover the remaining five points.
______________________________________
1 Though this discussion focuses on the Copyright Act of 1976 in the United States, as amended through 2009, the guidelines are generally applicable to other intellectual property issues such as patents, trademarks, and service marks. Those types of IP rights have other concerns, however, that are not addressed here.
2 It is important to note that this post discusses ONLY the United States Copyright Act and works created solely within the United States. Other laws may apply to works from other countries and the U.S. has signed treaties and international commitments related to the protection of intellectual property rights around the world.
3 The question of when a person is an “employee” for the purposes of the “works for hire” exception will be the subject of a later post, since it is complicated and deserves discussion.