Understanding the Risks: Eight Elements of an Effective IP Protection Program

Pamela Passman


October 1, 2013


Intellectual property is often the crown jewel of a company’s assets. As much as 75% of most organizations’ value and revenue source are derived from intellectual property, intangible assets and proprietary competitive advantages. As a result, the misappropriation of trade secrets, piracy, counterfeiting and the introduction of fake or inferior components into supply chains can have devastating consequences.

For instance, Ford Motor Co. suffered more than $50 million in losses after an engineer copied 4,000 company documents onto an external hard drive in 2006 and went to work for a competitor. In 2009, Mattel paid a $2.3 million fine and recalled more than 2 million toys after discovering that it was selling Barbie accessories, die-cast toy cars and other toys that were contaminated with lead. The problem was traced to a Chinese company that used false quality inspection documents to sell illegal lead-based paints to Mattel’s manufacturing contractors in China.

Counterfeit products have caused explosions, fires, engine failures, network crashes and, in some cases, physical injury and death. A recent U.S. Senate committee report described 1,800 known cases of suspect counterfeit electronic parts in the defense supply chain, originating from more than 650 companies. The U.S. Federal Aviation Administration has estimated that more than 520,000 counterfeit parts are installed on planes each year. The pharmaceutical sector is victim to various forms of counterfeiting, ranging from false labeling to the addition of toxic or adulterated raw ingredients. And counterfeit and pirated software can expose IT systems and information—and the systems and information of customers—to malware, trade secret theft and other costly exploits.

Overall, intellectual property theft accounts for an estimated $500 billion to $600 billion in lost sales each year, while companies lose market share, suffer reputational damage and forfeit their competitive edge. And for consumers, IP theft can present serious threats to health and safety.

In the recent PwC State of Compliance 2013 Survey, manufacturing companies ranked intellectual property as one of their top three risks, along with bribery/corruption and supply chain concerns. Meanwhile, last year, global research organization the Conference Board released the results of a survey conducted with general counsels, compliance officers and supply chain managers of global companies on the separate but related issues of corruption and intellectual property theft. Of those surveyed, 52% rated IP protection as very challenging to manage and considered trade secret theft the greatest IP risk.

There are a number of reasons that IP theft is an increasingly complicated and challenging issue. With advances in technology, the preponderance of proprietary assets—such as product formulas, customer lists, strategic plans and blueprints—are in a digital format. Unlike physical records of the past, digital information can be discreetly stolen in the absence of robust systems to protect it.

A second factor is that companies are working with suppliers and business partners who span the globe. Distance, lack of transparency in practices, and markets where the rule of law is comparatively weak all contribute to vulnerabilities in global supply chains.

Typically companies will have contracts, policies and practices in place to ensure the protection of IP internally. Employees are required to sign documents agreeing not to share confidential information, and networks include safeguards to limit access to sensitive information or alert executives when there is suspicious activity. Many companies, however, have subsidiaries and business partners operating in markets where systems are less mature, leaving them exposed to IP theft.

Some companies have resorted to fragmenting their supply chains to ensure that no single company has possession of a critical mass of proprietary and valuable intellectual property. While this approach can provide a practical means of risk management, it can also hamper supply chain efficiency.

So what systems should be in place to protect intellectual property? According to research by the Center for Responsible Enterprise and Trade (CREATe.org), eight key elements are necessary for an effective IP protection program. These guidelines should apply not only to individual companies, but to their suppliers and business partners as well:

1. Policies, Procedures and Records
Guidelines are necessary for all types of IP within an organization. A full leadership team must be aware of and promote these policies, procedures and records. There should also be systems in place for managing IP with employees and among third-party supply chain companies.

2. IP Compliance Team
A team should be responsible for IP protection and it needs to be cross-divisional and include representation from senior management.

3. Scope of the Program and Quality Risk Assessment.
Systems must be in place to assess the risks of IP theft by company employees and among third parties.

4. Management of Supply Chain and Contractors
Systems for effective due diligence, contracts, communicating IP protection policies and ongoing management of IP are essential.

5. Security and Confidentiality Management
Computers and corporate networks should be designed to protect IP and confidential and proprietary information kept by employees, contractors and third parties.

6. Training and Capacity Building
Businesses must offer ongoing IP protection and compliance training for employees and third parties.

7. Monitoring and Measurement
Systems should be designed to monitor the implementation of the IP protection program to ensure that it is effectively managed among employees and third parties.

8. Corrective Actions and Improvements
Risk managers must develop a framework for implementing corrective actions and improvement processes when a problem with the IP compliance program occurs.
Pamela Passman is president and CEO of the Center for Responsible Enterprise and Trade (CREATe.org), a nonprofit organization dedicated to helping companies, their suppliers and business partners reduce counterfeiting, piracy, trade secret theft and corruption.