• At Kemp Little, we are known for our ability to serve the very particular needs of a large but diverse technology client base. Our hands-on industry know-how makes us a good fit with many of the world's biggest technology and digital media businesses, yet means we are equally relevant to companies with a technology bias, in sectors such as professional services, financial services, retail, travel and healthcare.
  • Kemp Little specialises in the technology and digital media sectors and provides a range of legal services that are crucial to fast-moving, innovative businesses.Our blend of sector awareness, technical excellence and responsiveness, means we are regularly ranked as a leading firm by directories such as Legal 500, Chambers and PLC Which Lawyer. Our practice areas cover a wide range of legal issues and advice.
  • Our Commercial Technology team has established itself as one of the strongest in the UK. We are ranked in Legal 500, Chambers & Partners and PLC Which Lawyer, with four of our partners recommended.
  • Our team provides practical and commercial advice founded on years of experience and technical know-how to technology and digital media companies that need to be alert to the rules and regulations of competition law.
  • Our Corporate Practice has a reputation for delivering sound legal advice, backed up with extensive industry experience and credentials, to get the best results from technology and digital media transactions.
  • In the fast-changing world of employment law our clients need practical, commercial and cost-effective advice. They get this from our team of employment law professionals.
  • Our team of leading IP advisors deliver cost-effective, strategic and commercial advice to ensure that your IP assets are protected and leveraged to add real value to your business.
  • Our litigation practice advises on all aspects of dispute resolution, with a particular focus on ownership, exploitation and infringement of intellectual property rights and commercial disputes in the technology sector.
  • We have an industry-leading reputation for our outsourcing expertise. Our professionals deliver credible legal advice to providers and acquirers of IT and business process outsourcing (BPO) services.
  • We work alongside companies, many with disruptive technologies, that seek funding, as well as with the venture capital firms, institutional investors and corporate ventures that want to invest in exciting business opportunities.
  • Our regulatory specialists work alongside Kemp Little’s corporate and commercial professionals to help meet their compliance obligations.
  • With a service that is commercial and responsive to our clients’ needs, you will find our tax advice easy to understand, cost-effective and geared towards maximising your tax benefits.
  • At Kemp Little, we advise clients in diverse sectors where technology is fundamental to the ongoing success of their businesses.They include companies that provide technology as a service and businesses where the use of technology is key to their business model, enabling them to bring their product or service to market.
  • We bring our commercial understanding of digital business models, our legal expertise and our reputation for delivering high quality, cost-effective services to this dynamic sector.
  • Acting for market leaders and market changers within the media industry, we combine in-depth knowledge of the structural technology that underpins content delivery and the impact of digitisation on the rights of producers and consumers.
  • We understand the risks facing this sector and work with our clients to conquer those challenges. Testimony to our success is the continued growth in our team of professionals and the clients we serve.
  • We advise at the forefront of the technological intersection between life sciences and healthcare. We advise leading technology and data analytics providers, healthcare institutions as well as manufacturers of medical devices, pharmaceuticals and biotechnological products.
  • For clients operating in the online sector, our teams are structured to meet their commercial, financing, M&A, competition and regulatory, employment and intellectual property legal needs.
  • Our focus on technology makes us especially well positioned to give advice on the legal aspects of digital marketing. We advise on high-profile, multi-channel, cross-border cases and on highly complex campaigns.
  • The mobile and telecoms sector is fast changing and hugely dependent on technology advances. We help mobile and wireless and fixed telecoms clients to tackle the legal challenges that this evolving sector presents.
  • Whether ERP, Linux or Windows; software or infrastructure as a service in the cloud, in a virtualised environment, or as a mobile or service-oriented architecture, we have the experience to resolve legal issues across the spectrum of commercial computer platforms.
  • Our clients trust us to apply our solutions and know-how to help them make the best use of technology in structuring deals, mitigating key risks to their businesses and in achieving their commercial objectives.
  • We have extensive experience of advising customers and suppliers in the retail sector on technology development, licensing and supply projects, and in advising on all aspects of procurement and online operations.
  • Our legal professionals work alongside social media providers and users in relation to the commercial, privacy, data, advertising, intellectual property, employment and corporate issues that arise in this dynamic sector.
  • Our years of working alongside diverse software clients have given us an in-depth understanding of the dynamics of the software marketplace, market practice and alternative negotiating strategies.
  • Working with direct providers of travel services, including aggregators, facilitators and suppliers of transport and technology, our team has developed a unique specialist knowledge of the sector
  • Your life as an entrepreneur is full of daily challenges as you seek to grow your business. One of the key strengths of our firm is that we understand these challenges.
  • Kemp Little is trusted by some of the world’s leading luxury brands and some of the most innovative e-commerce retailers changing the face of the industry.
  • HR Bytes is an exclusive, comprehensive, online service that will provide you with a wide range of practical, insightful and current employment law information. HR Bytes members get priority booking for events, key insight and a range of employment materials for free.
  • FlightDeck is our portal designed especially with start-up and emerging technology businesses in mind to help you get your business up and running in the right way. We provide a free pack of all the things no-one tells you and things they don’t give away to get you started.

World IP Day: protecting your digital assets has never been more important

World IP Day marks yet another year in an increasingly digital world. Few issues highlight the evolution of IP more than the misappropriation and misuse of digital assets. Software, data and digital content are among the most valuable assets that organisations possess.

The UK Government has, in response to the review of intellectual property and growth carried out by Professor Ian Hargreaves, published in May 2011, recognised the importance of digital assets as the foundation for the UK’s future growth. The review made 10 recommendations designed to ensure that the UK has an IP framework best suited to supporting innovation and promoting economic growth in the digital age. The UK Government is still in the process of pushing through new legislation relating to copyright law in the UK in order to implement many of Hargreaves’ recommendations.
  
In an atmosphere where the focus is on ‘Digital Opportunity’, the consensus is that businesses should be mindful of the fact that a substantial part of the value of intellectual property assets lies in their protection and enforcement, as well as their creation. With the rise in the importance of such non-physical assets, the risk of their theft or unlawful exploitation has also increased. 

From ex-employees taking valuable data with them to third party infringers copying or using content - there could be a number of different types of digital emergency. Each emergency requires a distinct approach and businesses should be equipped to react, investigate, strategise, and remedy any such emergency.

Reaction
The first hours following digital asset theft are absolutely crucial. What you do during that time will directly impact your ability to minimise the damage, as well as the extent to which you can to take legal action. This is very much a team effort, involving legal and IT, as well as key decision-makers in the company.

Clearly, the critical issue is to find the source of the attack and take action to remedy it. For example, if the attack is from external sources (ie by a hacker, bot or other malicious software gaining access to your IT systems), you will want to plug a gap in your firewall or delete malware. If the attack has come from within the organisation (ie by an existing or departing employee) then consider blocking access to certain information or disabling email accounts. 

The second step is to try and ascertain exactly what was taken and, if possible, what might have been done with the digital assets. Consider whether your IT team has sufficient expertise to carry out discreet investigations on email accounts, server logs and other areas of your IT systems which are easy to search, or whether an external forensic IT expert should be appointed at this stage. If the attack was carried out by a current or departing employee then you will need to locate all relevant devices that might hold evidence and to preserve those devices.

Investigation
It is likely that initial internal IT investigations will not provide sufficient evidence to enable you to pursue legal action and that a more in depth forensic investigation will need to be undertaken by a third party expert. This is a highly complex and specialist area and this article merely provides a short overview of the possible steps.

The type of the forensic investigation will be dictated by the extent to which your IT department is able to ascertain and obtain evidence showing (a) exactly what was stolen, (b) how it was taken, (c) by whom and (d) what might have been done with the assets taken. The type of forensic investigation will also depend on whether the attack was carried out internally or externally.

When instructing an external third party forensic IT investigator, you will need to scope out the parameters of the investigation, ie what they are looking for and where. Consider who are the relevant individuals involved and where relevant data/evidence might be located, such as specific email accounts, CPUs, laptops, handheld devices, servers, back-up tapes and other electronic storage devices. In addition, where might digital assets have been sent/how they could have been copied – personal or third party email accounts, competitors, social media, cloud storage platforms, home laptops or PCs, external hard drives and memory sticks? As investigations of this nature can be vast, you may want to limit the investigation by way of specified search terms, so that only data that correlates to one or more of the search terms is returned.

Strategy
There are a number of different ways of dealing with a digital asset emergency, and the evaluation the correct approach has to take place in the commercial and factual context. Is it likely to be a one-off incident? Could the misuse be on-going? Who are the third parties (if any) involved, and are they appropriate targets for any legal action you take? Do you know what has been taken or copied and where it is now?

A standard approach is to write to the infringer, requesting undertakings that they will cease the infringing activity and deliver-up digital assets in their possession. However, the downside of this strategy is that it gives the infringer notice that you are aware of the infringement or misappropriation and allows them time to delete crucial evidence or otherwise conceal the nature and extent of the infringement, or even to hide their assets.

A more aggressive approach is to initiate immediate court action to seek an injunction (see below for more detail) against the infringer, which can provide comfort that the infringement is stopped as soon as possible. However, this might not always be the most practical way forward and, in some cases, may not be necessary. This strategy means significant costs are likely to be incurred at the outset, which in certain circumstances either may not be warranted and/or which may not end up being easily recovered, depending on the nature and financial status of the defendant. 
The other option – to do nothing and see how a situation plays out – may be equally as risky, allowing the infringement to grow in scale and thus more financial, and possibly reputational damage, to be done. It is a question of knowing your defendant and assessing the possible ramifications given the nature of the incident. 

Businesses should remember that taking legal advice at the very earliest stages is likely to assist the consideration of the most effective strategy. While it might be the first digital asset emergency faced by the business, specialist lawyers will likely have seen it all before. A combination of commercial and factual understanding, and, where possible, intelligence as to the character and motivation of the infringer, along with legal experience and a knowledge of the available remedies, will improve the likelihood of the strategy adopted being both effective and cost-efficient.

Remedy
The remedies available, and the approaches possible, will depend on the nature of the digital asset emergency and, specifically, the legal cause of action that arises for the business. Just as there are many different species of digital asset, there exists a range of legal protections. 

A substantial proportion of digital assets will be protected by copyright law – from website content, including text and images, to software source code. Copyright protects, in essence, any original creative work, and it gives the owner the right to stop third parties from copying and/or distributing that work without consent. The owner will be the author and, in the case of a business, the owner will be the employer if the author is an employee. 
One of the most valuable assets of a business is usually its client list – the product of years of trading and a significant resource for future projects. These client lists will generally be databases, which are protected by law in two different ways. A database will be protectable by way of copyright law providing its structure is original and constitutes ‘the author’s own intellectual creation’. In addition, a database can be protected by the ‘database right’ where there has been an investment in obtaining, verifying or presenting its contents. 

In addition, a business can rely on its right to stop confidential information being imparted without its consent. It is a breach of confidence for someone to disclose information which is confidential in nature and which was imparted to the discloser in circumstances which should have made clear – or did make clear – that the information in question was confidential. 
Where such legal causes of action are in play, a business has a range of options when it comes to seeking remedies for a digital asset emergency. In particular, injunctive relief may be preferable, if not necessary, to stop further misuse. Injunctions can be prohibitory in nature (requiring the defendant to stop infringing), or mandatory (requiring the defendant to take a positive step such as deliver up assets or provide information). Such injunctions can be interim and urgently sought, or permanent, after a successful outcome at trial. For example, a court order can be obtained, to stop an ex-employee and his / her new employer from using a client list which has been stolen from your business (under a claim for both breach of confidence and infringement of the business’ rights in the database). If the threat of damage was imminent, then an application to court for an urgent interim injunction could be made swiftly and without taking time to get full particulars of claim drafted.

Other remedies available include search and seizure orders, where an infringement has been uncovered but the extent of the infringement is not known and the digital asset owner wishes to obtain evidence of exactly what was taken and what has been done with it. The court has wide powers to grant orders of this kind, and can also require that assets or even email accounts are frozen. Again, orders like this can be sought urgently, before issuing a claim, if there are grounds to think it is reasonable and necessary and the digital asset owner stands to suffer more if the injunction is not granted, than will the defendant will even if the injunction is wrongly granted.

Summary
Due to the extent that all companies depend on technology, there will be very few businesses which do not have to worry about misuse or theft of one or other of their digital assets. Unlike many other legal issues, digital asset emergencies are not best dealt with via a period of reflection, negotiation or discussion; instead, a prompt response will usually be required to minimise damage.

However, the nature of that ‘response’ will be dictated by the facts of the situation, the extent of the intrusion, the identity of the defendant and what assets were taken. Therefore, the exact strategy will need to be tailored to the specific circumstances and the motivations of the digital asset owner.

For further information, please contact Jeremy Harris or Emily Nuttall