Database, Database Right, Confidential Information and Trade Secrets in The UK – Valuable IP Assets

I. DATABASES and WHAT DEFINES a DATABASE (DB)?

Databases are valuable commercial IP assets which businesses are increasingly seeking to exploit. Given their inherent and financial value, together with the money and time invested in their creation.

The law protects this investment in two distinct ways:

  • under the law of copyright and the specific rules that apply in relation to databases; and/or
  • under the Copyright and Rights in Databases Regulations 1997 (the “Regulations”), which implemented into UK law the provisions of European Directive 96/9/EC on the legal protection of databases and came into force on 1 January 1998, by way of a “database right” – UK Copyright and Rights in Databases Regulations 1997.

The legal definition of a database is “a collection of independent works, data or other materials which are arranged in a systematic or methodical way and are individually accessible by electronic or other means.”

This is a wide definition which will cover traditional mailing lists and lists of customers as well as telephone directories, encyclopaedias and card indexes, experimental data compilations whether comparative or individual, whether held electronically or in paper form. A distinction to be drawn between a database and its individual components. Database right protects the collection of data, not its constituent elements.  These elements may or may not be protected in their own right separately from any protection afforded to the database as a whole.

Any software which is used in the making or operation of a database is specifically excluded from protection as a database, software instead generally being protected by copyright as a literary work.

I.1. COPYRIGHT PROTECTION FOR DB – ©

Databases are treated as a class of literary works and may therefore receive copyright protection denoted with the symbol © – for the selection and/or arrangement of the contents provided that they were recorded in some medium and were the “author’s own intellectual creation”. A database will only be original if “by reason of the selection or arrangement of the contents of the database the database constitutes the author’s own intellectual creation”.

Pursuant to UK law, copyright in a database lasts for 70 years from the end of the calendar year in which the author of the database dies. The copyright owner is the creator of the DB therefore you need to exercise caution when engaging a contractor to create a database. The contractor is likely to be the owner of copyright in the database and if a business wants to own the copyright it must enter into an agreement with the contractor which contains an assignment of copyright.

I.2. DATABASE RIGHT (DBR)

Provided a set of data comes within the definition of a database, it will qualify for protection in its own right under the Regulations (irrespective of whether it benefits from protection under copyright) if there has been a “substantial investment” in obtaining, verifying or presenting the contents of the database (the “Database Right”). Investment includes “any investment, whether of financial, human or technical resources” and substantial means “substantial in terms of quantity or quality or a combination of both“.

The maker of a database is defined as the person who “takes the initiative in obtaining, verifying or presenting the contents of a database and assumes the risk of investing in that obtaining, verification or presentation” and such person is the first owner of the Database Right.

This definition is in contrast to that of an owner in copyright since where a database is commissioned, the commissioner will usually be the “maker” and first owner of the Database Right. If the database is made by an employee in the course of employment, the employer will be regarded as the maker and therefore the owner of the Database Right subject to any agreement to the contrary.

I.3. DURATION OF DBR

Database right lasts for 15 years from the end of the calendar year in which the making of the database was completed.

Although this is shorter than the duration of copyright, if a “substantial change” to the contents of a database which constitutes a “substantial new investment”, the amended database will qualify for a new 15-year term.

In effect, this means that an indefinite term of protection is available for the many databases that are continually updated.

I.4. INFRINGEMENT OF DBR

A person infringes a DBR if he/she extracts or re-utilises all or a substantial part of the contents of a protected database without the consent of the owner. ‘Extract‘ means the permanent or temporary transfer of the contents to another medium by any means or form.  This would cover, for example, copying some or all of the contents of one database into another database(s).  ‘Re-utilise’ means making the contents of a database available to the public by any means or form.

Extracting or re-utilising a substantial part of the contents can result from the repeated and systematic extraction or re-utilisation of insubstantial parts of the contents of a database.

 

II. CONFIDENTIAL INFORMATION AND TRADE SECRETS

Confidential information and trade secrets can be amongst the most valuable assets of a business in addition to patents, trademarks and DBR.

UK has two overlapping regimes which protect business information:

– common law as confidential information; or

– a Trade Secret under the Trade Secrets (Enforcement, etc.) Regulations 2018.

These regimes are complementary to intellectual property rights protection, for example information which is confidential may also be protected against copying by copyright. The circumstances in which legal protection under the two regimes arises with practical steps that can be taken to safeguard the information.

II.1. CONFIDENTIAL INFORMATION

It is essential that businesses have in place robust measures to protect their trade secrets and confidential information. Reasonable steps that could be taken by a business may include:

  • Identifying any confidential information or trade secrets within the business, and creating a register to monitor ownership or control;
  • Limiting the use and disclosure of protected information to persons on a need to know basis;
  • Making use of non-disclosure agreements with third parties before disclosing protected information;
  • Ensuring that the company has a confidentiality policy in place, and that employees receive regular training on it;
  • Physical and electronic security to ensure that protected information is stored in a secure manner, in accordance with appropriate industry standards; and
  • Having an action plan in place in case protected information is lost or unlawfully disclosed.

II.2. TRADE SECRETS

The Trade Secrets (Enforcement, etc.) Regulations 2018 (the Regulations) were introduced to comply with the Trade Secrets Directive, a piece of EU legislation which sought to harmonise the protection of information from misuse across member states. As the UK has implemented the Regulations into national legislation the rules will continue to apply following Brexit. Trade secrets are defined under the Regulations as any information which;

(i) is secret, being not generally known,

(ii) has commercial value because it is secret, and

(iii) has been subject to reasonable steps to keep it secret.

The third point of the test is likely to be the most significant.  This will require a business to show that it had suitable measures in place to document and maintain the secrecy of its information. There exists a significant overlap between the test for a trade secret under the Regulations and the existing test in the UK for what amounts to confidential information. Trade secrets may be protected under both regimes, which are intended to operate in parallel.

However, a major difference between the common law protection of confidential information and the protection afforded trade secrets under the trade secrets regime is that unlawfully obtaining trade secrets is actionable without the need to show that the trade secrets have been either used or disclosed.

II.2.1. PRACTICAL STEPS & TRADE SECRETS

It is essential that businesses have in place robust measures to protect their trade secrets and confidential information. Example steps include:

  • Identify any confidential information or trade secrets within the business, and creating a register to monitor ownership or control;
  • Restrict the use and disclosure of protected information to a small number of persons on a need to know basis (maintain a list of these persons);
  • Use non-disclosure agreements (NDA) with 3rd parties before disclosure;
  • Ensure you have a confidentiality policy in place and employees receive regular training;
  • Physical and electronic security to ensure that protected information is stored in a secure manner; and
  • Have an action plan in place in case of lost or unlawfully disclosed of confidential information.