Reducing Risk in an Age of Digital Information

Written by Pamela Passman & Craig Moss

As new technology brings both new opportunities and threats to companies’ intellectual property assets, organizations must adapt their own systems to handle the new age of digital information, including incorporating IP protection into management systems.

Intellectual property has grown increasingly critical to competitiveness — indeed, for many companies IP is the crown jewels, accounting for as much as 75 percent of an enterprise’s total value. These intangible assets include patents, trademarks and copyrights, as well as trade secrets such as customer data, computer code and market research that provide a company a competitive edge.

At the same time, in the age of globalization and digitization of information — for all its efficiency — the risk of IP theft or misappropriation has escalated. This is especially significant for multinational companies whose suppliers and business partners operate in countries where the legal framework or enforcement is weak.

This is a challenging and ever evolving landscape, but there is much that companies can do to protect IP without retreating from global opportunities. The key is incorporating IP protections into a company’s existing management systems and, to the greatest extent practical, seeing that the policies and practices are passed on to business partners and suppliers around the world.

The problem of intellectual property theft in myriad forms peppers the daily headlines.

Counterfeiters introduce fake parts and cheaper materials into assembly or processing of products, sometimes with serious health and safety concerns for the consumer, and potential legal penalties, loss of profits and reputational damage to the company. The problem of fakes plagues many industries, including toys, automotive, pharmaceuticals and information technology.

A U.S. Senate report in 2012 described 1,800 known cases of suspect counterfeit parts in the defense supply chain, originating from more than 650 companies. “This flood of counterfeit parts … threatens national security, the safety of our troops and American jobs,” according to Senator Carl Levin, one of the report’s authors.

Trade secret theft, often committed by internal employees, but sometimes perpetrated by cyberhackers who invade information systems, costs companies by robbing them of the marketplace advantage they gained through experience, research and investment in innovation.

In a 2012-2013 assessment of trade secret theft in the European Union, the European Commission found it was a serious and growing concern. One in five EU companies surveyed reported it had suffered at least one attempted trade secret theft within the EU during the previous decade. Nearly 40 percent said the risk of trade secret theft had increased during the same period.

The European chemical industry, which is heavily dependent on process innovation — competitive information that is not covered by patents, copyrights and other IP formulations where ownership is exclusive — was estimated to be losing up to 30 percent of turnover to misappropriation of trade secrets.

Changing times call for a new model

For many companies, IP protection has long been the sole province of the legal department. But given the growing value of IP and the complexity of global operations, this approach is no longer comprehensive enough. Among its shortcomings is that legal remedies for IP theft come into play after intellectual property has been misappropriated, and the damage is already done.

The Center for Responsible Enterprise and Trade (, was founded in 2011 to establish a more comprehensive approach. The organization has drawn from insights on leading practices from companies around the world and partnered with think tanks, academics and experts on IP protection, anti-corruption, management systems and sustainable supply chains. From this work, formulated the management systems approach, which has several advantages. First, it is preventive and proactive; second, it creates awareness throughout the company; and finally, it builds on management systems that are already in place — and the expertise among existing employees.

We identify eight key elements in a robust IP protection program, which can be adapted to meet the needs of most companies and industries:

  • Policies, Procedures and Records: Policies, procedures and recordkeeping for all types of IP within an organization are the foundation of this approach. The leadership team must put systems in place to ensure that employees and third-party supply chain companies are aware of and held accountable to these policies.
  • IP Compliance Team: A team should be responsible for IP protection and it needs to be cross divisional and include representation from senior management.
  • Score of the Program and Quality Risk Assessment: Systems must be in place to assess the risks of IP theft by company employees and among third parties.
  • Management of Supply Chain and Contractors: Systems for effective due diligence and contracts that spell out IP handling and expectations are essential.
  • Security and Confidentiality Management: IT systems and corporate networks should be designed to protect IP and confidential and proprietary information kept by employees, contractors and third parties.
  • Training and Capacity Building: Businesses must offer ongoing IP protection and compliance training for employees and third parties.
  • Monitoring and Measurement: Systems should be designed to monitor the implementation of the IP protection program to ensure that it is in effect throughout contract cycles.
  • Corrective Actions and Improvements: Risk managers must develop a framework for implementing corrective actions and improvement processes when IP protection processes are not being observed or prove inadequate.

There are obvious reasons that IP theft prevention is preferable to seeking remedy after it has occurred — averting problems for consumers, reputational fallout and legal costs and lost profits, just to name a few.

Consider this real-life example: In 2010, a global consumer electronics company found that its largest licensed distributor was selling counterfeit products—comingled with legitimate items—to retailers. As the fakes malfunctioned, customers were returning them, and the electronics company had to replace them at enormous cost.

The electronics company chose to address the problem by adopting a management systems approach. They put in place new procedures to prevent counterfeits from entering the supply chain, which applied to all of its distributors. They rolled out new controls, tighter record keeping procedures, improved monitoring and training to raise awareness about the damage caused by counterfeit goods. These changes eliminated the counterfeit problem within a year, and allowed the company to preserve business relations with the distributor while avoiding the cost and disruption of legal action.

What the company put in place not only solved one counterfeiting problem but also created more robust IP protection throughout its global supply chain even where regulation and enforcement remain weak.

This approach recognizes that IP protections are a work in progress in many parts of the world. As those laws and enforcement mechanisms are improved, the management systems approach allows the private sector to play a powerful role in driving responsible business practices and bridging regulatory gaps.


Author Biographies

Pamela Passman is President and CEO of the Center for Responsible Enterprise and Trade (, and Craig Moss is Chief Operating Officer of, a nonprofit working with companies and supply chain partners to protect intellectual property and prevent corruption.