4/24/2020 IP and data protection for fintech businesses in USA - Lexology

Register now for your free, tailored, daily legal newsfeed service.
Questions? Please contact [email protected]
Register

IP and data protection for ntech businesses in USA

USA May 14 2019

All questions
Intellectual property and data protection
Fintech endeavours may use a combination of patents, copyrights, trade secrets and trademarks to secure and protect
their intellectual property rights.
Regarding patent protections, fintech companies' inventions often involve methods practised using computer
technology. As such, it is important to consider the patentability of such methods. While patent protection of
methods at first may appear broad, recent court decisions have narrowed it considerably. In Alice Corporation Pty.
Ltd v. CLS Bank International, the Supreme Court held that certain claims in a patent were ineligible for patent
protection because they constituted an abstract idea. Under United States law, abstract ideas are not patentable.
Furthermore, claiming the use of a generic computer implementation failed to transform the abstract idea into patent-
eligible subject matter. Thus, under Alice, methods that simply require an otherwise abstract method to be performed
on a computer will not be considered patent-eligible subject matter. It is important for fintech businesses to consider
this restriction when evaluating how to protect their intellectual property. Their business models, as concepts, or
proprietary operations carried out by software may not be eligible for patents.
In terms of copyright, software code and certain works within software applications, such as original visual design
elements and original text are protected. Copyright prohibits others from making or distributing copies a firm's
software without permission. Copyright does not prohibit others from independently developing similar software.
Finally, fintech companies can protect their inventions and innovations, particularly the source code in computer
programs, through trade secret law. Unlike patents and copyright, trade secrets do not expire. Since trade secrets are
primarily protected by state law, there is a patchwork of different laws protecting trade secrets across the United
States. However, in 2016, the Defend Trade Secrets Act created a federal cause of action for trade secret
misappropriation. Fintech companies should be aware that trade secrets must be continuously guarded by them from
public disclosure and do not protect against independent development by another party.

https://www.lexology.com/library/detail.aspx?g=e7e3c3d4-b651-4623-a472-5bc8653fd016 1/3
4/24/2020 IP and data protection for fintech businesses in USA - Lexology

Fintech companies may also use trademarks in order to prevent others from using their names or other signifiers,
such as logos, or from using names or logos that are confusingly similar. Trademarks do not protect business models
or proprietary technology, but they may be valuable in establishing and protecting a brand identity or positioning a
firm within a market.
i Ownership of intellectual property
Ownership rights in inventions originate in the inventor. Whether the inventions are ultimately protected by patent or
trade secret, the inventor is the initial owner of such intellectual property. Similarly, ownership in copyright
originates with the author of the copyrighted work, unless the copyrighted work is a work made for hire, in which
case, provided certain formalities are followed, the employer or entity that commissioned the work is considered its
author for purposes of copyright ownership.
Every fintech company should take steps to make sure that it owns the intellectual property created by its employees
or contractors, or otherwise generated by or for its business. To do so, a firm may insert an intellectual property
assignment clause into all contracts with employees and contractors. Such a clause acts as an assignment of, and
requires the employee or contractor to assign, all rights to the firm in any inventions, works or other intellectual
property made during the engagement or in the course of employment. This clause may also specify that any
copyrightable works made by the employee or contractor during the term of engagement are, by agreement of the
parties, works made for hire with the authorship attributed to the firm. Similar provisions may be included in
agreements with service providers.
Such agreements with employees and independent contractors may be drafted such that the salary or payment acts as
consideration for the assignment of intellectual property. Under US law, no additional compensation must be paid to
inventors or authors.
In addition, in order to protect trade secrets or other proprietary information of the firm, such contracts may contain
confidentiality provisions that obligate the other party to maintain the confidentiality of all proprietary information
received or generated by them in the course of employment or during the engagement.
ii Privacy and data protection
In the United States, there is no national data protection law, and no single or centralised authority is charged with
jurisdiction over privacy and data protection issues. Rather, the United States has taken a sectoral approach, with a
variety applicable federal and state laws, and numerous federal and state agencies have authority to make and
enforce rules in this area, depending on industry and context.
For fintech firms, applicable federal laws include the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting
Act (FCRA), the Federal Trade Commission Act (FTC Act) and the Electronic Communications Privacy Act
(ECPA). Obligations under such laws vary, from obligations to provide adequate notice of a firm's data practices, to
maintaining appropriate security measures for individuals' financial information, to specific requirements for the use
of consumer credit reports. The rules that may apply to a firm may depend on the nature of the firm and the type of
data that it handles, and may be affected by other contextual factors. (Fintech firms that maintain an online presence
should also be aware of the Children's Online Privacy Protection Act, and those that interact with health data should
be aware of their obligations under the Health Insurance Portability and Accountability Act.)
Similarly, numerous federal agencies have authority to enforce privacy and data protection rules, and agencies with
applicable jurisdiction may vary by firm, based on the nature of the firm and the data it holds. Key federal agencies
charged with responsibility in this area include the SEC, OCC, CFTC, CFPB and FTC. Most if not all of these

https://www.lexology.com/library/detail.aspx?g=e7e3c3d4-b651-4623-a472-5bc8653fd016 2/3
4/24/2020 IP and data protection for fintech businesses in USA - Lexology

regulators have stated that cybersecurity is a pressing and systemic concern deserving of investment and scrutiny. In
addition, states' attorneys general have authority to bring suits against firms in order to enforce state privacy and data
protection laws.

Shearman & Sterling LLP - Jordan J. Altman and Reena Agrawal Sahni

https://www.lexology.com/library/detail.aspx?g=e7e3c3d4-b651-4623-a472-5bc8653fd016 3/3