Women in IP Law: panel examines divided infringement, cyber-risk

Intellectual Property and Technology News

In September, DLA Piper hosted its tenth annual Women in IP Law CLE program at the Four Seasons Silicon Valley. Over 100 attendees enjoyed a celebratory cocktail reception and networking opportunity following a panel discussion about cutting-edge issues in the IPT space.

This year's topics were "Divided Infringement and Section 101: A Potential Collision Course?" and "Cybersecurity: Managing Cyber-risk and Enterprise Governance." The event was co-sponsored by our long-time partners for this program, ACC-SFBA and Leading Women in Technology (LWT).

Speakers were Jennifer Chaloemtiarana (General Counsel, Castlight Health), Katie Nolan-Stevaux (Senior Technology and Litigation Counsel, Genentech), Erin Gibson (San Diego), Rena Mears (San Francisco), and Dr. Erica Pascal (San Francisco). Licia Vaughn (San Diego) directed the program.

Many attendees were IP counsel for Bay Area companies, such as Box, Cisco Systems, Gilead Sciences, Juniper Networks, NetApp, Qualcomm Technologies, Samsung, Symantec, Varian Medical Systems and VISA International.

The patent panel kicked off the discussion by reviewing Section 101 and how recent Supreme Court and Federal Circuit cases have altered the landscape of subject matter eligibility. The discussion focused on the broad effects these changes have had on the validity of existing patent claims, the scope and breadth of patent claims that may now be obtained, and the value of patent rights for existing and future licenses.

To address subject matter eligibility concerns, patentees may seek to include additional steps in the claims. But this avenue, as the panel then discussed, can have ramifications down the road when pursuing patent infringement. When more than one entity is involved in carrying out the claims of a patent, direct infringement may be more difficult to prove. The panel noted that keeping in mind "who" carries out each of the claim steps can be key. '"Who'" may determine (1) the parties to be named in the suit; (2) the party to identify as the direct infringer to form the basis for direct and indirect infringement claims; (3) the scope of discovery needed to show direction and control by a single party, and (4) claim construction for terms that will be crucial to attributing each step to the identified direct infringer. For an in-depth analysis on this, please see Dr. Pascal's related article.

Next, the cybersecurity risk management panel opened with a brief overview of the current cyber landscape, reminding attendees that cybersecurity – at its heart – is risk management. To keep up with the threat landscape, panelists said, enterprise-wide governance is vital. Companies should consider appointing a cyber-risk management team encompassing stakeholder departments (not least, IT and Risk Management) and led by a recognized member of senior management. The cyber-risk team should establish cross-departmental ownership and review the development of incident response protocols. The team should meet regularly and report to the full board or a board committee. Its review should establish evaluation criteria and metrics for cyberthreat risk management efforts, threat landscape assessment (including updates on threats and defenses at peer entities), and suspicious activity reporting. The operational cybersecurity team should routinely conduct vulnerability and penetration testing, adopt appropriate defensive ad detective controls (e.g., white-listing, logging and monitoring), and effective incident response procedures. The cybersecurity program must emphasize cybersecurity preparedness, role-based training and periodic reviews and updating of evolving legal requirements reviews. Panelists stressed the importance of knowing the data and addressing third-party risk, such as supply chain and vendor risk management strategies. For more information, please see DLA Piper's Cyber-Incident/Data Breach Response Emergency Checklist