Is It Mine? Open-Source Development and IP in the Age of AI

Intellectual Property Blog

Is It Mine?

Open-Source Development and IP in the Age of AI

The story is familiar. A key employee leaves your company and there is a concern that the employee will take trade secrets and other confidential information on their way out the door. Perhaps you hear that the employee believes all of the work the employee completed on behalf of the company during his employment is really owned by the employee because open-source software was used. These types of scenarios happen all the time and yes, there are ways to better protect your company from rogue employees taking or disclosing the proprietary information of their former employer.

But what’s an employer to do?

In today’s workplace, employees have access to more company information than ever before and as a result, employees can more easily walk away with that confidential company Data. Such a loss of a company’s secret sauce can have detrimental impact not only on the company itself and its ability to compete in the marketplace but also on the morale of the remaining employees. So how do you make sure that an employee leaves empty handed?

In addition, software companies are increasingly relying upon open-source software as a building block when developing an overall software product. Does using open-source software as part of a company’s overall software product result in software code that is free for anyone to use and for an employee to freely take when leaving an employer?

One of the best ways for an employer to protect itself from a rogue employee stealing confidential information is having a confidentiality and invention agreement with the employee which requires the employee to maintain proprietary company information as confidential and provides ownership in all intellectual property the employee creates during employment to the company. While many rights are granted to the employer by way of the employer-employee relationship, a company can maximize its rights in intellectual property by specifically addressing ownership in an employee agreement.

Such an employee agreement should state that everything created by the employee for the company is owned by the company. But what happens if the employee combines public information with proprietary company information to create a product that is a combination of the two? With the increasing use of open-source software, a frequent issue that arises is whether a company can protect software if open-source software is used in the development of a company product offering. It is common for employees to believe that since they used publicly available open-source software as part of the software code drafted for the company that the entire software code is open source.

Those employees are incorrect!

While the open-source components used are publicly available and free for anyone to use, the combination of the open-source components with proprietary software code developed by a company creates a product that is proprietary to the company under the intellectual property laws. Put another way, just because you use open-source software as part of a broader software package, does not make the entire offering unprotectable. Quite the opposite happens. The software code – as a whole – is confidential company information that cannot be improperly disclosed or taken by an employee when leaving. With such uncertainty, however, periodic reminders to employees of their confidentiality obligations, including treating source code (even if it uses open source software) as proprietary to the company, are more important than ever.

So when an employee who has access to your company’s most important trade secrets gives notice, it is imperative that the company convey to the departing employee the continuing obligation to keep confidential company information secret. This can be done by reminding the employee during an exit interview as well as a follow-up letter of the employee’s confidentiality obligations to the company. If the departure is abrupt, a letter identifying and reiterating the employee’s confidentiality obligation is a good strategy.

Taking simple precautions namely, confidentiality/invention agreements, periodic reminders of confidentiality obligations and a reminder letter when an employee departs are best practices that all companies and especially software companies whose entire business can walk out the door on a flash drive, should implement before it’s too late.

About the Author:

Jeffrey Drake is a versatile attorney specializing in a wide range of legal issues, serving as outside general counsel to corporations and emerging companies. With expertise in corporate matters, intellectual property, M&A, licensing, and more, Jeffrey provides comprehensive legal support. As a lead trial counsel, he effectively litigates intellectual property and commercial cases nationwide, bringing a business angle to legal disputes. With a background in mechanical engineering, a JD, and an MBA, Jeffrey Drake is uniquely positioned as a corporate and intellectual property attorney. He actively contributes to the field through publications, CLE courses, and speaking engagements, consistently delivering exceptional results for his clients.

Scroll to Top
As the BI space evolves, organizations must take into account the bottom line of amassing analytics assets.
The more assets you have, the greater the cost to your business. There are the hard costs of keeping redundant assets, i.e., cloud or server capacity. Accumulating multiple versions of the same visualization not only takes up space, but BI vendors are moving to capacity pricing. Companies now pay more if you have more dashboards, apps, and reports. Earlier, we spoke about dependencies. Keeping redundant assets increases the number of dependencies and therefore the complexity. This comes with a price tag.
The implications of asset failures differ, and the business’s repercussions can be minimal or drastic.
Different industries have distinct regulatory requirements to meet. The impact may be minimal if a report for an end-of-year close has a mislabeled column that the sales or marketing department uses, On the other hand, if a healthcare or financial report does not meet the needs of a HIPPA or SOX compliance report, the company and its C-level suite may face severe penalties and reputational damage. Another example is a report that is shared externally. During an update of the report specs, the low-level security was incorrectly applied, which caused people to have access to personal information.
The complexity of assets influences their likelihood of encountering issues.
The last thing a business wants is for a report or app to fail at a crucial moment. If you know the report is complex and has a lot of dependencies, then the probability of failure caused by IT changes is high. That means a change request should be taken into account. Dependency graphs become important. If it is a straightforward sales report that tells notes by salesperson by account, any changes made do not have the same impact on the report, even if it fails. BI operations should treat these reports differently during change.
Not all reports and dashboards fail the same; some reports may lag, definitions might change, or data accuracy and relevance could wane. Understanding these variations aids in better risk anticipation.

Marketing uses several reports for its campaigns – standard analytic assets often delivered through marketing tools. Finance has very complex reports converted from Excel to BI tools while incorporating different consolidation rules. The marketing reports have a different failure mode than the financial reports. They, therefore, need to be managed differently.

It’s time for the company’s monthly business review. The marketing department proceeds to report on leads acquired per salesperson. Unfortunately, half the team has left the organization, and the data fails to load accurately. While this is an inconvenience for the marketing group, it isn’t detrimental to the business. However, a failure in financial reporting for a human resource consulting firm with 1000s contractors that contains critical and complex calculations about sickness, fees, hours, etc, has major implications and needs to be managed differently.

Acknowledging that assets transition through distinct phases allows for effective management decisions at each stage. As new visualizations are released, the information leads to broad use and adoption.
Think back to the start of the pandemic. COVID dashboards were quickly put together and released to the business, showing pertinent information: how the virus spreads, demographics affected the business and risks, etc. At the time, it was relevant and served its purpose. As we moved past the pandemic, COVID-specific information became obsolete, and reporting is integrated into regular HR reporting.
Reports and dashboards are crafted to deliver valuable insights for stakeholders. Over time, though, the worth of assets changes.
When a company opens its first store in a certain area, there are many elements it needs to understand – other stores in the area, traffic patterns, pricing of products, what products to sell, etc. Once the store is operational for some time, specifics are not as important, and it can adopt the standard reporting. The tailor-made analytic assets become irrelevant and no longer add value to the store manager.