All questions

Intellectual property and data protection

Fintech endeavours may use a combination of patents, copyrights, trade secrets and trademarks to secure and protect their intellectual property rights.

Regarding patent protections, fintech companies' inventions often involve methods practised using computer technology. As such, it is important to consider the patentability of such methods. While patent protection of methods at first may appear broad, recent court decisions have narrowed it considerably. In Alice Corporation Pty. Ltd v. CLS Bank International, the Supreme Court held that certain claims in a patent were ineligible for patent protection because they constituted an abstract idea. Under United States law, abstract ideas are not patentable. Furthermore, claiming the use of a generic computer implementation failed to transform the abstract idea into patent-eligible subject matter. Thus, under Alice, methods that simply require an otherwise abstract method to be performed on a computer will not be considered patent-eligible subject matter. It is important for fintech businesses to consider this restriction when evaluating how to protect their intellectual property. Their business models, as concepts, or proprietary operations carried out by software may not be eligible for patents.

In terms of copyright, software code and certain works within software applications, such as original visual design elements and original text are protected. Copyright prohibits others from making or distributing copies a firm's software without permission. Copyright does not prohibit others from independently developing similar software.

Finally, fintech companies can protect their inventions and innovations, particularly the source code in computer programs, through trade secret law. Unlike patents and copyright, trade secrets do not expire. Since trade secrets are primarily protected by state law, there is a patchwork of different laws protecting trade secrets across the United States. However, in 2016, the Defend Trade Secrets Act created a federal cause of action for trade secret misappropriation. Fintech companies should be aware that trade secrets must be continuously guarded by them from public disclosure and do not protect against independent development by another party.

Fintech companies may also use trademarks in order to prevent others from using their names or other signifiers, such as logos, or from using names or logos that are confusingly similar. Trademarks do not protect business models or proprietary technology, but they may be valuable in establishing and protecting a brand identity or positioning a firm within a market.

i Ownership of intellectual property

Ownership rights in inventions originate in the inventor. Whether the inventions are ultimately protected by patent or trade secret, the inventor is the initial owner of such intellectual property. Similarly, ownership in copyright originates with the author of the copyrighted work, unless the copyrighted work is a work made for hire, in which case, provided certain formalities are followed, the employer or entity that commissioned the work is considered its author for purposes of copyright ownership.

Every fintech company should take steps to make sure that it owns the intellectual property created by its employees or contractors, or otherwise generated by or for its business. To do so, a firm may insert an intellectual property assignment clause into all contracts with employees and contractors. Such a clause acts as an assignment of, and requires the employee or contractor to assign, all rights to the firm in any inventions, works or other intellectual property made during the engagement or in the course of employment. This clause may also specify that any copyrightable works made by the employee or contractor during the term of engagement are, by agreement of the parties, works made for hire with the authorship attributed to the firm. Similar provisions may be included in agreements with service providers.

Such agreements with employees and independent contractors may be drafted such that the salary or payment acts as consideration for the assignment of intellectual property. Under US law, no additional compensation must be paid to inventors or authors.

In addition, in order to protect trade secrets or other proprietary information of the firm, such contracts may contain confidentiality provisions that obligate the other party to maintain the confidentiality of all proprietary information received or generated by them in the course of employment or during the engagement.

ii Privacy and data protection

In the United States, there is no national data protection law, and no single or centralised authority is charged with jurisdiction over privacy and data protection issues. Rather, the United States has taken a sectoral approach, with a variety applicable federal and state laws, and numerous federal and state agencies have authority to make and enforce rules in this area, depending on industry and context.

For fintech firms, applicable federal laws include the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the Federal Trade Commission Act (FTC Act) and the Electronic Communications Privacy Act (ECPA). Obligations under such laws vary, from obligations to provide adequate notice of a firm's data practices, to maintaining appropriate security measures for individuals' financial information, to specific requirements for the use of consumer credit reports. The rules that may apply to a firm may depend on the nature of the firm and the type of data that it handles, and may be affected by other contextual factors. (Fintech firms that maintain an online presence should also be aware of the Children's Online Privacy Protection Act, and those that interact with health data should be aware of their obligations under the Health Insurance Portability and Accountability Act.)

Similarly, numerous federal agencies have authority to enforce privacy and data protection rules, and agencies with applicable jurisdiction may vary by firm, based on the nature of the firm and the data it holds. Key federal agencies charged with responsibility in this area include the SEC, OCC, CFTC, CFPB and FTC. Most if not all of these regulators have stated that cybersecurity is a pressing and systemic concern deserving of investment and scrutiny. In addition, states' attorneys general have authority to bring suits against firms in order to enforce state privacy and data protection laws.