Category: Cybersecurity & IP

Categories
Cybersecurity & IP

6 Most Common Mistakes that lead to IP loss in China

6 most common mistakes SMEs & entrepreneurs do that result in IP loss in China:

UPDATE: this article is outdated. we have the new version on our new website here.

1. Understanding the IP Legal Landscape.

Many of the “complaints” are made by senior executives who actually do not clearly understand the complexities of IP, nor the mistakes their own companies may have made in protecting it. For example, filling a weak patent application or failing to register their IP at all ( an all-too-common mistake)*

2. Not preparing the way in advance.

Well known IPR lawyer in China, Dan Harris, in his article Protect Your IP From China: It Is Possible? states that your IP has value, and if it can be copied with minimum effort, it will be copied. You must, therefore, prepare for this reality in advance.

3. Believing that since the company has done what is necessary to secure its rights in North America and Europe, there is nothing special they need to do in China. This is a BIG mistake.

When we asked former lawyer Dan Harris, what’s the most common mistake regarding IP loss in China, apart from legal issues, he answered that biggest and most frequent mistake lawyers see is on the IT side where foreign companies/start-ups hire a bunch of people in China to write code. These foreign companies do not form a company in China and do not hire coders as employees. In other words, everything these companies do is illegal. Then, years later when the software is done, Chinese partners just walk off with it and there is nothing the foreign company can do about it because the entire operation was illegal in the first place.

4. Not knowing how to keep your trade secrets safe.

Firstly, what is considered a Trade Secret in China?

In China, a trade secret is any non-public information with actual or potential commercial value which is guarded by confidentiality measures. In order for the information to be a trade secret, it must:

1

What is a Trade SECRET?

Be non-public – it must not be known by the general public or by competitors;

2

What is a Trade SECRET?

Have actual or potential commercial value – it must give the owner a competitive advantage or be capable of generating economic benefit;

3

What is a Trade SECRET?

Guarded by confidentiality measures – the owner must take reasonable measures to protect the confidentiality of the information.

It is information that your competitors would want to know and would give them a commercial advantage.

Trade secrets may include recipes or formulas, know-how, the status of products or services under development, valuable business information such as customer lists, cost and price information, suppliers and contractors, contract terms, marketing strategy and plans, etc.

What you need to know about Trade Secrets in Mainland China:

China, like most other countries, provides a legal framework for the protection of trade secrets, and the law provides for remedies in the case that your trade secrets are unlawfully disclosed. Unlike some other forms of IP rights such as patents and copyrights that have a finite term, trade secrets can theoretically enjoy an infinite term of protection as long as the trade secret remains just that – a secret. However, once the information becomes public information, it no longer enjoys any legal protection. As a result, prevention is the golden rule when it comes to protecting your trade secrets, because once the secret is out, there is usually very little that can be done. Keeping trade secrets safe involves using a combination of physical, technical and contractual barriers.

“ Many firms choose to keep their competitive edge by opting not to patent their inventions and trying instead to keep them as trade secrets”

5. Not adopting preventive measures to protect IP loss.

Us-china business council has some great tips on adopting preventive measures and best practices for IP protection in China.

Most important points would include:

  • Register your IP in China.
  • Utilize information technology tools to track and protect information: Consider tracking data flows and employee file transfers (both paper and electronic), engage internal stakeholders such as the human resources department in early conversations about developing and implementing policies that monitor employees in this manner.
  • Closely monitor or prohibit the use of flash disks, portable hard drives, laptops, cell phone cameras, and other devices that could be used to capture and transmit sensitive information.
  • Establish IT mechanisms to limit employee access to sensitive information, such as separate computer terminals or specialized passwords.

6. Underestimating the importance of proper IT systems to protect IP loss in China.

Bigger companies have their own established IT teams overseas that might be or may not familiar with IT challenges in China, especially with the GFW (the Great Firewall of China). In the article How to choose a right IT company in China, we discuss more closely what every SME should look for when setting up their new IT infrastructure in China.

According to Niels-Uwe Behrens, an IT expert long established in the Chinese IT sector, underestimating the importance of the role of IT in IP protection is a very common mistake:

“ I have been working in IT in China for more than 20 years, but it never stops surprising me how many companies have completely unsecured and open IT systems.”

We asked Niels about the current state of IT security awareness in China: In my experience, I would say that roughly 80% of SMEs in China have at least one or more security issues that could be breached by amateur opportunistic hackers. But in most cases it is not the hackers to be worried about, even though 50-80% of the world’s IP hacks are traced back to China.

“In my experience, there are 2 types of SMEs in China: The first type take security seriously, their IT is set up properly and in a secure way, and their corporate culture prevents any IP leaks.

The second type is less concerned and chooses not to pay much attention to a proper IT set-up since it works as it is. These companies usually adopt the attitude of “real hackers go after big corporations, not small SMEs like us” or “we don’t have any data of such importance that we should encrypt and be overly concerned about security”.

When we think of IP theft we all tend to imagine that there must be some secret hacker organizations that go inside servers rooms and steals secret data in an action movie like fashion. But in reality, everything is much more simple than that. In most cases, especially in China, most trade secrets are stolen by the employees, former or current, who have access to corporate emails or even data server on their personal laptops. In most cases these laptops are not encrypted and can be easily stolen or hacked. Once someone has access to your corporate email or access to the main server, all your important data are at risk of getting out in the open.

This kind of data leaks can be used and will be used to publish your trade secrets or even out-compete your business. Eventually, this event will be registered as one of IP theft cases that are growing ever since 2005.

In China employee fluctuation can sometimes reach up to 75% annually, therefore, tendency of data leakage is very high. In Chinese mentality, it is very common that once employees get fired, they feel some sort of ownership of the work they have been doing for the company, and sometimes even devices like laptops or computers have been taken from the workspace. It’s is also very common that entire databases are copied to USB flash drives and later on used to start new businesses and compete with a former employer.

For security reasons bigger foreign companies tend not to use Chinese social media, such as Wechat, Baidu Cloud or QQ, for file sharing or chatting, since these are constantly monitored by the Chinese government. It is better to keep your most important IP and communications isolated securely in your own private server, maintained by yourself or a trusted third party.

To maintain safe and reliable IT systems many SMEs are turning to managed service arrangements. From HR point of view, it is much cheaper and more effective to outsource most of the technology hassles to dedicated foreign IT experts, rather than looking for own IT specialists. For an economical monthly fee, these SMEs get a whole IT team responsible for maintaining and updating their systems with the latest security patches.

Regardless of your approach to IT security, keep in mind that organizations are increasingly dependent on technology, and it is, therefore, important to be as proactive as possible to keep technologies up to date and secure important data from both external and internal threats that tend to increase every year.