The incidence and seriousness of IP theft are intensifying, and many signals point to increased regulatory scrutiny and multi-jurisdictional enforcement in years to come. IP theft costs an estimated $600 billion annually in the U.S. alone.
Research from the American Intellectual Property Lawyers’ Association (AIPLA) estimates that an IP theft case will result in $700,000 to $4 million in expenses, in addition to the cost of reputational risk, lost business, and resources to investigate and enforce IP rights.
Many of these matters also occur across U.S.-Chinese borders, where unique challenges make it difficult for legal teams to follow traditional investigation workflows. For example, due to disparities in cultural attitudes and perceptions between U.S. and Chinese employees, legal holds can quickly go awry, especially if they span large groups of custodians across multiple departments. This can present serious consequences, thus extra care must be taken when communicating and executing legal holds.
China’s data privacy and security laws also increasingly drive the complexity of cross-border document collection and review. In-house legal teams must work with outside counsel and digital forensics experts with experience in the region to determine the most effective and efficient plan for navigating the web of data privacy and protection laws and regulations.
Prepare By Understanding Key Pitfalls
In-house legal teams must evaluate their risk amid the many challenges and prepare accordingly. Understanding the key pitfalls that can arise in, and following best practices for, U.S.-China investigations will significantly reduce risk.
Counsel and compliance teams must promptly identify the potential severity of the loss (e.g., IP leakage or regulatory non-compliance), take immediate steps to stop the loss, and determine what further information and action is needed.
Once a baseline has been established, and the need for an investigation has been confirmed, it is time to quickly launch next steps. These steps and topline best practices are outlined in part below, to help guide teams in developing an effective cross-border investigation work plan.
1. Carefully preserve evidence. When the team issues the legal hold and begins collecting information and data, effective communication to all stakeholders is key to avoiding interference from employees who are reacting out of malicious intent, misunderstanding or fear. Evidence must be collected and preserved with chain of custody intact and in conformity with applicable laws. Digital forensics experts will support this effort by providing onsite or remote preservation of data sources, restoration of backup media and scanning of hard copy sources within the limits of the governing laws in each affected jurisdiction.
2. Be strategic about data collection. As data is collected and compiled, evidentiary requirements and challenges must be considered. The investigation may spur legal or regulatory action in the U.S., China or both, so counsel must think about the types and forms of evidence that will be admissible in each jurisdiction. For example, evidentiary requirements are much different in China than they are in the U.S., with China relying heavily on notarized documentary evidence rather than testimony and expert opinion. Early on, the team should address the different types of evidence they will need to mount and support a viable case in multiple jurisdictions.
3. Understand the scope of privilege. The concept of legal professional privilege—and attorney work-product protection—does not exist under Chinese law. Special care should be taken to ensure proper privilege protection throughout the course of an investigation. This includes carefully considering how and to whom communications are made, who is instructing the investigation team, and which individuals within the company are being apprised or updated. Precautions to maintain privilege should be communicated promptly and clearly to the entire team and stakeholders. It is important to note that despite precautions taken, unwanted forced disclosures and governmental orders to require disclosure could potentially destroy privilege and/or complicate the discovery process.
4. Leverage advanced data insights. When investigators know where to look, they can access a wealth of information, which may provide investigators with a relationship map that highlights potential connections between employees, companies, shareholders, etc. With these insights, legal teams can analyze potential conflicts of interest, motives and other data points in support of their fact-finding.
5. Address cross-border data transfer risk. Because Chinese data transfer and state secrets laws are so strict, it is often best to keep data in China throughout the investigation and establish protections so it cannot be accessed by unauthorized parties. If data is to be transferred outside of the country, organizations must consider whether the transfer is compliant with applicable Chinese laws, which may in certain cases require a thorough review of documents before being sent to the U.S.
In the aftermath of an investigation, a company has the opportunity to strengthen processes for protecting IP, monitoring behavior and enforcing compliance. Routine audits and reporting, supported by a robust escalation process, are key, so that when IT personnel identify suspicious activity, they know to quickly run it up the chain. Teams should be trained on the company’s boundaries for what is considered suspicious and how to recognize patterns that may indicate illegal behavior.
There will never be a no-risk scenario, but proactive mitigation and a strong framework for rapid response when an issue does arise will significantly reduce risk and the overall burden of cross-border and IP-related matters.
This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.
Veeral Gosalia is a senior managing director in FTI Consulting’s Technology segment in New York. His areas of expertise include data preservation, data analysis, computer forensics, and e-discovery. He has assisted clients in understanding electronic evidence issues, including the acquisition, analysis, and production of data.
Han Lai is a managing director in the technology segment at FTI Consulting. He leads the practice in greater China and is based in Shanghai. He has 20 years of international consulting experience specializing in digital forensic investigation and cyber security breach advisory.
Jason Chang, of counsel at DLA Piper, is an international lawyer who advises clients on cross-border investigations, regulatory enforcement actions, and compliance involving the Foreign Corrupt Practices Act, U.S. securities laws, and other aspects of U.S. law.
William “Skip” Fisher is a partner within the Intellectual Property and Technology (IPT) team, based in DLA Piper’s Shanghai office. He has practiced IP law in the U.S., China and internationally for over 20 years, with an emphasis on patents and trade secrets.