EXAMPLES
- A privileged user intentionally shares unrevealed assets with a retailer outside of secure systems in an attempt to gain a competitive advantage.
- A privileged user intentionally shares unrevealed assets with fans during an online exchange in which their identity is known, in support of or defense of an upcoming entertainment or product release.
- A privileged user intentionally shares unrevealed assets with fans to counter an incorrect and/or unsubstantiated prior leak.
- A privileged user intentionally shares unrevealed assets for self-gain or retribution.
PREVENTATIVE CONTROLS
- Licensee workflows should be arranged to allow content privileges to be “leveled up” as employees gain experience and tenure, rather than being bestowed upon hire.•All users with access to sensitive IP should be trained on the accepted use of social media upon hire and regularly thereafter, with attention paid to fan interaction online.
- Even at the level of trusted staff, sensitive information should be segregated to the smallest number of users possible to meet business need.
- Licensee should have clear policies use of IPin employee and freelance personal portfolios.
- The storing of sensitive IP locally on employee devices should be limited to business necessity.
BEST PRACTICES
- Prohibit or discourage employees from engaging in online or in-person discussion relating to IP they have any privileged association with, even if the discussion does not immediately infringe upon restricted IP.
- Prohibit or discourage employees holding any privileged IP knowledge from engaging in consumer/fan complaints or suggestions, and instead enforce a policy of directing these communications to a party with no IP privileges.
DETECTIVE CONTROLS
- Sensitive IP assets should be accessed through a system that logs and tracks views, previews, and downloads, regardless of the privilege level of the employees accessing.•Sensitive information should be fragmented and delivered to employees targeted upon business need, rather than delivered whole to multiple employees, when possible.