Is It Mine?
Open-Source Development and IP in the Age of AI
The story is familiar. A key employee leaves your company and there is a concern that the employee will take trade secrets and other confidential information on their way out the door. Perhaps you hear that the employee believes all of the work the employee completed on behalf of the company during his employment is really owned by the employee because open-source software was used. These types of scenarios happen all the time and yes, there are ways to better protect your company from rogue employees taking or disclosing the proprietary information of their former employer.
But what’s an employer to do?
In today’s workplace, employees have access to more company information than ever before and as a result, employees can more easily walk away with that confidential company Data. Such a loss of a company’s secret sauce can have detrimental impact not only on the company itself and its ability to compete in the marketplace but also on the morale of the remaining employees. So how do you make sure that an employee leaves empty handed?
In addition, software companies are increasingly relying upon open-source software as a building block when developing an overall software product. Does using open-source software as part of a company’s overall software product result in software code that is free for anyone to use and for an employee to freely take when leaving an employer?
One of the best ways for an employer to protect itself from a rogue employee stealing confidential information is having a confidentiality and invention agreement with the employee which requires the employee to maintain proprietary company information as confidential and provides ownership in all intellectual property the employee creates during employment to the company. While many rights are granted to the employer by way of the employer-employee relationship, a company can maximize its rights in intellectual property by specifically addressing ownership in an employee agreement.
Such an employee agreement should state that everything created by the employee for the company is owned by the company. But what happens if the employee combines public information with proprietary company information to create a product that is a combination of the two? With the increasing use of open-source software, a frequent issue that arises is whether a company can protect software if open-source software is used in the development of a company product offering. It is common for employees to believe that since they used publicly available open-source software as part of the software code drafted for the company that the entire software code is open source.
Those employees are incorrect!
While the open-source components used are publicly available and free for anyone to use, the combination of the open-source components with proprietary software code developed by a company creates a product that is proprietary to the company under the intellectual property laws. Put another way, just because you use open-source software as part of a broader software package, does not make the entire offering unprotectable. Quite the opposite happens. The software code – as a whole – is confidential company information that cannot be improperly disclosed or taken by an employee when leaving. With such uncertainty, however, periodic reminders to employees of their confidentiality obligations, including treating source code (even if it uses open source software) as proprietary to the company, are more important than ever.
So when an employee who has access to your company’s most important trade secrets gives notice, it is imperative that the company convey to the departing employee the continuing obligation to keep confidential company information secret. This can be done by reminding the employee during an exit interview as well as a follow-up letter of the employee’s confidentiality obligations to the company. If the departure is abrupt, a letter identifying and reiterating the employee’s confidentiality obligation is a good strategy.
Taking simple precautions namely, confidentiality/invention agreements, periodic reminders of confidentiality obligations and a reminder letter when an employee departs are best practices that all companies and especially software companies whose entire business can walk out the door on a flash drive, should implement before it’s too late.
About the Author:
Jeffrey Drake is a versatile attorney specializing in a wide range of legal issues, serving as outside general counsel to corporations and emerging companies. With expertise in corporate matters, intellectual property, M&A, licensing, and more, Jeffrey provides comprehensive legal support. As a lead trial counsel, he effectively litigates intellectual property and commercial cases nationwide, bringing a business angle to legal disputes. With a background in mechanical engineering, a JD, and an MBA, Jeffrey Drake is uniquely positioned as a corporate and intellectual property attorney. He actively contributes to the field through publications, CLE courses, and speaking engagements, consistently delivering exceptional results for his clients.