An interesting article by David Mlaver from McDermott Will & Emery looking at a recent case in the U.S. which looked at IP rights and security measures around databases.  Databases have many different component parts, from the data itself, the code behind the database, the logic that runs through the database, the user interface as well as the schema.  Intellectual property rights vary according to the component, therefore businesses whose IP is contained within databases need to make sure that they are protected legally and practically.

This U.S.-based case, Digital Drilling Data Systems, LLC v. Petrolink Services, Inc., Case No. 19-20116 (5th Cir. July 2, 2020) (Duncan, J.) provides an interesting look at a few of these, specifically looking at the database schema.  Not being a lawyer, I cannot comment on the legal arguments, that the author provides useful insights into, but from a forensic perspective when there are allegations of IP theft we look for evidence to support or refute the overall allegations across multiple components.

This can include:

  • Analysing the raw data between different systems to look for evidence of the data originating from the same source - this could include typos and the percentage of data contained within both systems;
  • Analysis of the underlying code and schema to look for similarities or differences, including but not limited to naming conventions, use of comments and programming logic; and
  • Identifying additional evidence on the computer system(s) used to develop the systems, which could include indications of how and when the systems were developed.

In this case, as well as the security circumvention issue that enabled the system to be copied, the court looked at copyright and found that: “[T]o prove copyright infringement, a plaintiff must establish (1) ownership of a valid copyright; (2) factual copying; and (3) substantial similarity.”  

It is important therefore to ensure that sufficient work is performed and conclusions drawn across these different factors, which I would imagine would not be too dissimilar in other jurisdictions.

Businesses need to ensure appropriate legal and practical measures are adopted when designing their database systems to ensure that they can be adequately protected.  It is also worthwhile performing a thorough forensic investigation, should the worst happen to ensure that evidence is gathered to support a legal case, should that be the path followed.  

If you would like to know more on how we manage this process, please contact me.