Your company hires an IT contractor to develop a system that sales can use to get clients price quotes for a custom product built to their specifications on the spot rather than taking weeks. The solution gives your company a competitive advantage.
When the developer’s contract ends, a competitor hires her. Six months later, your competitor has an identical product the developer created for your company.
In order to prevent this type of IP nightmare from happening at your company, follow these tips for protecting your intellectual property when working with IT contractors.
1. Vet your contractors
First, get to know who you are contracting with before retaining or even interviewing them. Is the contractor dependable? Does the person do quality work? Can the person be trusted with the proprietary information that you entrust them with? These questions can often be answered by companies that previously worked with the contractor.
2. Require all prospective contractors to sign an NDA
Before entering into any contractual agreement with an outside contractor, or even telling the person about your project, have the contractor sign a non-disclosure agreement that commits the contractor to not share information related to your project with others. The NDA makes the contractor personally liable if they breach this confidentiality agreement.
3. Conduct a legal review of your IP before starting projects
Before employing an independent contractor, you should build into the contract as many legal protections for your project as possible. It’s wise to review the legal protection mechanisms that are available for the project and consult with legal counsel as needed.
One step is to review U.S. Patent and Trademark Office rules and regulations to see how your project can be protected from infringement.
If you will be working with an offshore contractor, it is also advisable to check the IP protection rules and regulations in the contractor’s country so you can note any differences between the country where your company is based. If there are differences, the contract should include the IP protections for your project that address the rules and regulations of both countries.
4. Document that your company owns the contractor’s work products
The contract should clearly state that all rights to the work product, including copyrights, are assigned to your company. If you fail to appropriately contract for those rights, the developer could argue that she also holds a legitimate ownership interest in the project deliverables that they helped to create for you.
“By default, the copyright vests in the author of the copyrighted work,” said Mat Kresz, attorney at KreszLaw, a technology and IP law firm. “By default, the copyright vests in the person who wrote the code. Here, that author is a third-party developer, and not the company, and thus, the copyright vests in the developer by default. However, the contract between the company and the developer could be drafted to assign the developer’s copyright in the code to the company. Tech contracts can be complex, so it is best to seek counsel on facts that specifically apply to your situation.”
5. Control access to sensitive information
Everyone working on a proprietary project may not need to know every detail about it. For example, if an individual is tasked with writing a particular software module, that person might only need to know the specifications for developing that module.
6. Use thin client workstations and secure all code in the cloud
If you are engaging a contractor to write proprietary software, you could issue the contractor a company-owned thin client workstation that stores all code she develops in a highly secured cloud workspace, with no options to store data on the workstation or to extract information by using thumb drives. Workstation use, including the use of thumb drives, can be monitored and reported on 24/7 by IT.
7. Limit the number of project team members
The fewer people who know about and work on your proprietary project, the better protected it may be. This reduces the number of people who could deliberately or inadvertently leak IP information to others outside of the organization. In addition, you might talk to HR or IT about the best way to educate your full-time employees about why it’s essential to keep IP safe.
“Well-meaning, honorable people sometimes run afoul not because they intend to cause harm, but because they do not know any better — but nonetheless run afoul, and cause turbulence,” said Kresz. “But friendly reminders may very well help. Providing training to HR and to new employees regarding what constitutes IP, and what IP belongs to the company, and repeating those trainings throughout the year helps to remind employees that the IP they encounter, use and contribute to belongs to the company.”
In addition to these tips for protecting your IP, download TechRepublic Premium’s IT consultant code of conduct in order to create a standardized ethical, professional and behavioral code of conduct for your employees, contractors and subcontractors.