By Scott Hervey

If consumers in Ontario, Canada purchase goods from you over your website, you have until July 30, 2005 to prepare to for compliance with Ontario’s Consumer Protection Act of 2002 (CPA 2002).#160 The CPA 2002 has a very long reach, similar to California’s Data Security Law (See Business Data Management Practices – Fertile Ground For Liability).#160 The CPA 2002 applies to both companies located within Ontario and companies engaging in a transaction with a resident of Ontario.

Under the CPA 2002, U.S. companies conducting business with an Ontario resident over the Internet will have to provide its name and any other name it uses to conduct business, its address, and telephone number.#160 #160The company will also have to describe the goods in a fair and accurate manner, and provide a detailed breakdown on the price charged to the consumer (cost of goods, freight, tax, etc.) and fully explain payment terms.#160 #160

Under the CPA 2002, U.S. Companies will also have to provide the Ontario resident with a copy the agreement between the parties (e.g., a purchase agreement) within 15 days and provide the purchaser with opportunity to accept or decline and to correct any errors in the agreement.

If after July 30, a U.S. company fails to comply with the CPA 2002, the Ontario purchaser will have the right to cancel the transaction within 7 days after receiving a copy of the agreement.#160 If the Ontario purchaser never receives a copy of the agreement, the purchaser then has the right to cancel the transaction within 30 days after entering into agreement.#160

By Pamela W. Bertani

#160 #160#160 #160#160 #160 Biotechnology and pharmaceutical companies – and their counsel – should take note that on January 7, 2005, the United States Supreme Court granted a writ of certiorari to review the Federal Circuit’s decision in Integra v. Merck.#160 (Integra Lifescienxes v. Merck et al. (Fed. Cir. 2003) 331 F.3d 860.)#160 The High Court will examine the scope of 35 U.S.C. �� 271(e)(1)– the statutory exemption from patent infringement for drug development testing required to obtain regulatory approval pursuant to federal law.#160 The Court’s decision could significantly impact a drug company’s ability to identify and develop new drugs and move those drugs to market. #160 #160#160 #160

35 U.S.C. �� 271(e)(1)is the so-called FDA exemption and provides, in pertinent part,#160 that making, using, offering to sell, selling or importing a patented invention is not an act of infringement if such activities are performed “solely for uses reasonably related to the development and submission of information under a Federal law which regulates the manufacture, use, or sale of drugs or veterinary biological products.”#160 Thus, if a drug company practices another company’s patented invention in order to obtain and submit information necessary to get FDA approval on their drug, then that company is exempt from patent infringement liability.#160

#160 #160#160 #160#160 #160 The �� 271(e)(1) FDA exemption permits pre-market drug approval activity conducted for the sole purposes of sales after patent expiration.#160 The express objective of �� 271(e)(1) was to facilitate the immediate entry of safe, effective generic drugs into the marketplace upon expiration of a pioneer drug patent.#160 The House Committee that initiated this provision expressly described the pre-market approval activity as “a limited amount of testing so that generic manufacturers can establish the bioequivalency of a generic substitute.”#160 The Committee further characterized the limits of the exemption, noting that the nature of the interference with a patent owner’s rights would not be substantial, but rather de minimus, and, importantly, that “all that the generic can do is test the drug for purposes of submitting data to the FDA for approval.”#160

#160 #160#160 #160#160 #160#160 To appreciate the import of the case’s outcome, it is important to distinguish between experiments employing patented inventions to create data for FDA submission (i.e., activities that are currently exempt from infringement liability); and experiments employing patented inventions to identify potentially new drugs (i.e., activities currently not exempt from infringement liability).#160 The pre-clinical experimental drug testing in Integra was not performed to supply information for submission to the FDA, but instead was performed to identify the best drug candidate that Merck would subject to future clinical testing under FDA procedure.#160 The Federal Circuit affirmed the Southern District of California’s interpretation of the exemption to cover clinical trials – but, to exclude pre-clinical trial experiments that were performed to identify potentially new drugs.#160 The Federal Circuit held that the pre-clinical trial experiments at issue in the case were not exempt from infringement under �� 271(e)(1) because the tests were not performed for the sole purpose of providing information to the FDA – but rather for the commercial purpose of identifying potentially new drugs for Merck.

#160 #160#160 #160#160 #160#160 From both a scientific and economic standpoint, the issue of whether pre-clinical trial experiments are exempt from patent infringement liability is significant because pre-clinical trial testing often involves the use of what are known in the industry as “tool patents.”#160 Tool patents cover inventions that help companies identify potential new drug candidates.#160 Tool patents are useful primarily for two purposes – facilitating and expediting drug research to identify new candidate drugs; and facilitating downstream safety-related experiments on those potentially new drugs – both of which no doubt benefit us all.#160 The royalties that companies currently receive from issued tool patents encourages further research and development of these kinds of inventions.#160 If the Supreme Court reverses the Federal Circuit, and brings pre-clinical testing into the �� 271(e)(1) safe harbor from infringement liability, then the value of tool patents will become virtually nil, since companies could practice the patented inventions without paying corresponding royalties.#160 Conversely, if the Supreme Court affirms the Federal Circuit and excludes pre-clinical testing from the �� 271(e)(1) safe harbor, companies that wish to use another company’s tool patents for new drug development must maintain the status quo and continue paying royalty fees.#160 The United States Patent and Trademark Office has issued approximately 8,000 to 10,000 tool patents to date – the Court’s anticipated decision will determine the fate of their value.

#160 #160#160 #160#160 #160 As expected, the proponents and opponents of expanding the �� 271(e)(1) exemption are polarized.#160 On the one hand, Merck and its supporters argue that �� 271(e)(1) exempts drug development activities even before a drug is identified for potential FDA approval.#160 Obviously, this statutory construction leaves companies free to use existing tool patent inventions without paying royalties or being subject to infringement liability.#160 On the other hand, Integra and its supporters contend that such a construction of �� 271(e)(1) is contrary to Congress’ intent in passing the statute, which was to have a de minimus effect on existing patent rights while allowing competitors to complete regulatory testing, using patented technology while such patents are still in effect, which in turn would facilitate market entry upon expiration of the corresponding pioneer patent.#160

#160 #160#160 #160#160 #160#160 Several major biotechnology and pharmaceutical companies have obtained the Supreme Court’s permission to file amicus curiae briefs, including Wyeth and Eli Lilly.#160 The next article in this series will examine arguments advanced on both sides of the issue via those brief.#160 The outcome of the case – either way – will impact significantly new drug development from both a scientific and economic point of view.

Pamela W. Bertani is an associate in Weintraub Genshlea Chediak Tobin & Tobin Sproul’s Intellectual Property group.#160 Her practice includes providing advice in obtaining various forms of intellectual property protection, including patent, trademark, and copyright protection.#160 Ms. Bertani is a member of the United States Patent Bar, and her practice also includes both patent litigation and prosecution.

By Audrey Millemann

#160 #160#160 #160#160 #160#160 #160A recent decision by the Federal Circuit Court of Appeals is a victory for Microsoft Corporation and clarifies an issue of invalidating prior art.

#160 #160#160 #160#160 #160#160 #160In Eolas Technologies Inc. v. Microsoft Corporation (Fed.Cir. March 2, 2005), the University of California and its exclusive licensee, Eolas Technologies Inc., sued Mircrosoft for patent infringement.#160 The invention is a method of using a Web browser in an interactive environment.#160 The plaintiffs alleged that Microsoft’s Internet Explorer infringed the patent.

#160 #160#160 #160#160 #160#160 #160Microsoft argued that the patent was invalid as anticipated and obvious, and also unenforceable.#160 In particular, Microsoft contended that the patent was invalid under 35 U.S.C. section 102(g), that the invention was previously invented by another and not abandoned, suppressed, or concealed.#160 The previous invention was a Web browser called “Viola”, whose code had been demonstrated by its inventor to Sun Mircosystems at least seven months before the reduction to practice of the University of California’s invention.#160 Microsoft also asserted the defense of inequitable conduct based on the inventors’ failure to disclose the Viola Web browser to the Patent and Trademark Office during patent prosecution.

#160 #160#160 #160#160 #160#160 #160The district court for the Northern District of Illinois found that the Viola inventor had modified the code after disclosing it to Sun Microsystems and that the modification constituted an abandonment of the original invention.#160 Based on this finding, the district court granted judgment as a matter of law in favor of the plaintiffs on Microsoft’s defense of invalidity, and precluded Microsoft from presenting any evidence of the Viola Web browser to the jury.#160 The district court also rejected Microsoft’s inequitable conduct defense.#160 The jury found that Microsoft infringed the patent and awarded over $520 million in royalties to Eolas Technologies.#160

#160 #160#160 #160#160 #160#160 #160On appeal, the Federal Circuit vacated and remanded the district court’s decisions on invalidity and inequitable conduct.#160 The appellate court found that “abandoned, suppressed, or concealed”, within the meaning of section 102(g), exists in two situations:#160 active concealment (a deliberate withholding of the invention from the public); and conduct from which abandonment, suppression, or concealment can be inferred (such as unreasonable delay in publicly disclosing the invention).#160 The court found that the inventor of the Viola web browser did not either actively conceal, or delay in disclosing, his invention.#160 In fact, the Viola inventor did just the opposite.#160 The inventor disclosed his invention to Sun Mircosystems without a nondisclosure agreement, and, three weeks later, posted the modified code on the Internet.#160 The court held that the district court had erred in finding that the modified code was a different invention and that the original invention had been abandoned.#160

#160 #160#160 #160#160 #160#160 #160According to the court: “the law does not punish an inventor for attempting to perfect his process before he gives it to the public.#160 In fact, reasonable experimentation is frequently encouraged.”#160 (Citation omitted).#160 The court further stated that “[C]reating an improved version of an invention does not in any sense abandon the original invention….Improvements may enhance an invention prior to disclosure or patent application.#160 If improvements caused loss of the original invention under the erroneous rule adopted by the district court, the public would lose the benefit of diligent efforts to produce a more useful product.”

#160 #160#160 #160#160 #160#160 #160The court further held that the Viola inventor’s demonstration constituted a public use under section 102(b).#160 The district court had incorrectly relied on its finding of abandonment of the invention to hold that the Viola inventor’s demonstration was not a public use under section 102(b).#160 The appellate court stated that abandonment under section 102(g) is irrelevant to a determination of whether a disclosure constitutes a public use under section 102(b).

#160 #160#160 #160#160 #160#160 #160Lastly, the appellate court also held that the district court had erred in rejecting Mircrosoft’s inequitable conduct defense.#160 Based on its conclusion that the Viola Web browser was not prior art under section 103(g), the district court had found that the patent inventors were not obligated to disclose the Viola Web browser to the PTO because it was not material to patentability.#160 Because the Viola Web browser was prior art, the court remanded the case to the district court to consider the patent inventors’ conduct in failing to disclose the Viola Web browser to the PTO.

Audrey Millemann is a shareholder in Weintraub Genshlea Chediak Tobin & Tobin Sproul’s Intellectual Property and Disputes, Trials and Appeals sections. A business litigator and registered patent attorney, her practice focuses on intellectual property, unfair competition and antitrust matters.

By Scott Hervey

Businesses own and acquire vast amounts of valuable consumer data; they stockpile this information on networked servers and exchange it with affiliates or third parties subscribers.#160 Recently, national and state regulators have focused on how businesses manage this data.#160 In the wake of the large scale identity thefts from ChoicePoint, Inc. and Bank of America Corp. these issues are now under a white hot light.#160 Businesses and their counsel should pay attention to how consumer data is collected and managed, and how security breaches are responded to.#160 This is not a task for the IT department to handle on their own; corporate counsel needs to be involved.

Federal and State Regulations

There are a number of Federal regulations that address the protection of electronic data.#160 The Sarbanes-Oxley Act, a federal law implemented to address corporate fraud, requires that companies establish and implement “internal control” procedures that provide reasonable assurance to prevent or allow for the timely detection of unauthorized acquisition, use or disposition of company assets that could have a material effect on the financial statements.#160

The recent ChoicePoint situation exemplifies how data loss or theft can have a material effect on a company’s financial statements.#160 The Chicago Tribune (March 14, 2005) reports that ChoicePoint Inc. is suspending sales of consumer information to small businesses in the wake of the security breach that allowed hackers to take personal information of about 145,000 people. The Tribune reported Chief Executive Derek Smith as stating that the decision to halt sales to small businesses follows “the response of consumers who have made it clear to us that they do not approve of sensitive personal data being used without a direct benefit to them.”#160 According to the Tribune, ChoicePoint’s 17,000 small-business customers accounted for about 5 percent of its annual revenue of $900 million. As a result of suspending sales to them, ChoicePoint said it expects a decline in revenue this year of $15 million to $20 million.

In addition to Sarbanes, several federal agencies have issued data management regulations to the financial industry in connection with the implementation of the Gramm-Leach-Bliley Act (GLB).#160 These agencies include the Federal Trade Commission (the Safeguard Rules), and the Treasury Department (Interagency Safety and Soundness security guidelines).#160 Generally, the regulations mandate that regulated companies institute processes for responding to data intrusion and that they be consistent with the best practices and part of an overall information security plan.#160

The healthcare area has nearly identical statutory requirements under the Health Insurance Portability and Accountability Act (HIPPA).#160 The HIPPA guidelines specifically require that “documenting and reporting incidents, as well as responding to incidents, are an integral part of a security program.”

California Goes Further

Although Sarbanes, HIPPA and the GLB contend that companies should have data management and control processes in place and that these processes should reflect “best practices,” they do not give any guidance on what the processes should entail.#160 #160The state of California recently implemented legislation that, in the wake of recent events, appears to provide this element.#160 (In support of the proposition that California’s data security laws establish the minimum requirements for internal control processes,#160 California Senator Dianne Feinstein, in response to the ChoicePoint situation, introduced a bill that is similar to California’s Data Security Law (AB 1950)).

AB 1950, California’s Data Security Act, was enacted on September 29, 2004.#160 This new law applies to companies that own or license unencrypted personal information about California residents and it requires these companies to “implement and maintain reasonable security procedures and practices for that data.”#160 #160 The law applies to companies located both inside the state and out (and possibly outside of the U.S.); the jurisdictional nexus is the ownership or possession of a Californian’s “personal information.”#160 The “personal information” which, if owned or licensed, triggers compliance with this new law is: name and Social Security number; drivers license number; financial account information; medical information; and other private information.#160

The Act also requires companies that disclose the above personal information to vendors or other non-affiliated third parties require by contract the third parties implement and maintain reasonable security procedures and practices that are “appropriate to the nature of the information” provided, and protect the information from unauthorized access, destruction, use, modification or disclosure.#160 Obviously, any business affected by California’s Data Security Act that discloses personal information to non-affiliated third parties should also include other provisions, including but not limited to an indemnity provision, in their contracts.

The crux of the Act revolves around providing California residents with notice of a breach in the security of the database in which their personal information is housed.#160 The Act requires companies to#160 disclose any breach of the security of the system to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.#160 The section also provides that “any person or business that maintains computerized data that includes personal information that the person or business does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.”

In addition to data security, California also regulates the way in which certain information belonging to a Californian can be used.#160 As part of the Data Security Act, California has implemented restrictions on the use of certain information in direct marketing.#160 If a business discloses “personal information” to third parties, and knows or reasonably should know that the third parties used the personal information for the third parties’ direct marketing purposes, then the business is under certain document retention and disclosure requirements.#160 The disclosure requirements include establishing a mailing address, electronic mail address, or a toll-free telephone or facsimile number where customers may request (and businesses must provide ) a written list of the categories of personal information disclosed by the business to third parties for the third parties’ direct marketing purposes during the immediately preceding calendar year, as well as the names and addresses of all of the third parties that received personal information from the business for the third party’s direct marketing purposes during the preceding calendar year.

What qualifies as “personal information” triggering the above disclosure requirements?#160 It is the following: name and address; electronic mail address; age or date of birth; names of children; electronic mail or other addresses of children; number of children; the age or gender of children; height; weight; race; religion; occupation; telephone number; education; political party affiliation; medical condition; drugs, therapies, or medical products or equipment used; the kind of product the customer purchased, leased, or rented; real property purchased, leased, or rented; the kind of service provided; social security number; bank account number; credit card number; debit card number; bank or investment account, debit card, or credit card balance. payment history; or information pertaining to the customer’s creditworthiness, assets, income, or liabilities.

The law also requires companies to have a “Your Privacy Rights” section on its webpage and describe these rights to the user.#160 A company can’t, as part of its “Terms of Use” or any other contract, require users to waive their rights.#160 Any such waiver is void as against public policy.#160 Any customer injured by a violation of the above provisions may bring a civil lawsuit and recover damages, as well as attorneys’ fees and costs.

It’s Time To Take Data Management Seriously

In addition to the above, a company has additional laws, rules and requirements it must meet in connection with the acquisition, management and use of consumer information.#160 The laws and regulations discussed above hardly scratch the surface.#160 Companies and their counsel are encouraged to take a hard look at data management protocols and take steps to come into compliance with existing Federal and State requirements.

By#160 Pamela Winston Bertani

Pamela W. Bertani is an associate in Weintraub Genshlea Chediak Tobin & Tobin Sproul’s Intellectual Property group.#160 Her practice includes providing advice in obtaining various forms of intellectual property protection, including patent, trademark, and copyright protection.#160 Ms. Bertani is a member of the United States Patent Bar, and her practice also includes both patent litigation and prosecution.

It is a well known fact that federal funding recipients have been notoriously non-compliant with Bayh-Dole Act disclosure requirements, and federal agencies have been lax in enforcing those requirements.#160 But, the Federal Circuit’s recent Campbell Plastics opinion should serve as a serious wake-up call for federal fund recipients that do not believe in the prospect of losing – completely – title to valuable patent rights.#160 Universities, small businesses and other entitles receiving federal funding to conduct research, which results in patentable inventions, could very well forfeit valuable patent rights in those inventions if they fail to comply strictly with Bayh-Dole Act disclosure requirements.#160 The Federal Circuit’s Campbell Plastics case makes clear that noncompliance could result in patent rights being stripped away under these circumstances, even if reporting noncompliance did not harm the funding agency.#160

Campbell Plastics Engineering & Mfg., Inc. v. Brownlee (Nov. 10, 2004) 389 F.3d 1243. Congress enacted the Bayh-Dole Act approximately 25 years ago to encourage United States innovation by giving inventors an incentive to create valuable technology using federal funding. (35 U.S.C. �߬� 200-212.)#160 Under Bayh-Dole, persons or entities receiving federal funding are allowed to apply for patents rights to corresponding inventions, so long as those persons or entities comply with specific disclosure requirements spelled out in the Act at 35 U.S.C. 202 and corresponding Federal Acquisition Regulations (“FARs”).#160 Pursuant to the Bayh-Dole Act, each government contract entered into under the Act must contain provisions that require the contractor to disclose each discovered invention to the federal agency providing funding within a reasonable time after the invention is discovered, and – importantly – the federal government may receive title to any such invention not disclosed within a reasonable time.#160 The Act not only provides nonprofit organizations and small businesses the right to elect title to an invention created with federal funding, but also gives the government the right to a royalty-free license to the invention when the contractor elects to retain title.

FAR 52.227-11 derives from the Bayh-Dole Act statutory scheme and provides, inter alia, the detailed timeline for invention disclosures, and the format in which those disclosures are to be made to funding agencies.#160 For instance, FAR 52.227-11(c) requires disclosure of each subject invention within two months after the invention is disclosed to the contractor’s patent personnel, and that each disclosure be made via detailed written reports.#160 FAR 52.227-11(d)(1) expressly states that upon government request, a contractor will convey patent title to the federal government when that contractor fails to disclose the subject invention within the timeframe and format requirements specified in FAR 52.227-11(c).

Campbell Plastics profiled what has become a prototypical federal funds recipient that carelessly disregarded its Bayh-Dole reporting requirements – but this time lived to regret it.#160 In 1992, Campbell Plastics entered into a contract with the United States Army to develop certain components of an aircrews protective mask.#160 The government contract incorporated the FAR 52.227-11 reporting requirements.#160 Between 1992 and 1997 Campbell Plastics submitted to the Army a series of piecemeal disclosures, which neither substantively nor procedurally complied with the Bayh-Dole/FAR reporting requirements.#160 The reports were not submitted in the proper format, and did not disclose the very invention, developed with federal funds, to which Campbell Plastics ultimately obtained patent title.#160 Rather, the Army became aware of the invention only after the Patent and Trademark Office forwarded the patent application to the Army for a statutory security determination.#160 The patent application issued on April 20, 1999, expressly reserving for the Army a royalty-free license, and a week later Campbell Plastics notified the Army in writing of the issued patent.#160

The Army demanded title to the invention for Campbell Plastics’ failure to comply with its Bayh-Dole reporting requirements, and the Federal Circuit affirmed an administrative decision awarding the Army title.#160 The Federal Circuit likened its analysis to a breach of contact claim, and found that the plain meaning of the

FARs was clear, unambiguous, and breached by Campbell Plastics’ noncompliance.#160 The Court also found that the plain-meaning interpretation of the contract was buttressed by policy considerations behind the Bayh-Dole Act.#160 According to the Court:

[W]hile Congress clearly intended to promote the commercialization and public availability of inventions made in the United States by United States industry and labor, and to encourage maximum participation of small business firms in federally supported research and development efforts, it also provided the government with certain aforementioned rights to the inventions and sought to ensure the safeguard of those rights by requiring government contractors to disclose subject inventions.

Sound policy is promoted by the rule of strict compliance with the method of disclosure demanded by the contract.

The Court concluded that Campbell Plastics’ piecemeal disclosures did not adequately disclose the subject invention under the parties’ contract, which entitled the Army to invoke forfeiture proceedings and obtain title to the patent.#160 Importantly, the Court also found that the Army was not required to show harm from Campbell Plastics’ reporting noncompliance in order to obtain patent title.#160 According to the Court, FAR 52/227-11(d) vests discretion in the government in determining whether to invoke forfeiture when an invention has not been correctly disclosed to it, and harm is not a requirement for the government to obtain title under these circumstances.

This case is important because it signals a new – stricter – approach to enforcing Bayh-Dole Act disclosure requirements, and conceivably all other requirements set forth in government contracts.#160 Apparently gone are the days of careless disregard for compliance with these requirements.#160 The Federal Circuit’s tone in Campbell Plastics is sharp and succinct – its rulings clear and to the point – comply or lose your patent rights.#160 Thus, a word to the wise – take your Bayh-Dole Act reporting requirements (and all funding contract provisions) seriously and comply in a timely manner – otherwise risk irrevocably losing title to corresponding patents.