The former CEO and chief operating officer of the Taiwanese biotech firm Eden Biologics—which changed its name from JHL Biotech in February—have been convicted in the US of stealing trade secrets from Genentech. The executives, Racho Ivanov Jordanov and Rose Lin, join staffers Xanthe Lam and Allen Lam, who were convicted on related charges in July. According to the indictments, the four worked together starting in 2009 to steal manufacturing protocols and other proprietary information from Genentech about its drugs Avastin, Herceptin, Pulmozyme, and Rituxan. Xanthe Lam worked at Genentech from 1986 to 2017.
The Department of Justice press release is pretty detailed as to what exactly happened:
According to the plea agreement, Jordanov hired former Genentech employees to work at JHL Biotech, several of whom he learned surreptitiously brought, without authorization, confidential and proprietary documents with them from Genentech to JHL Biotech.
The company used only some of the stolen documents, but Jordanov tolerated this practice by the employees of JHL Biotech and made no effort to discourage its employees from using the documents or information they brought with them. The employees Jordanov hired provided the Genentech documents and information to JHL Biotech, which, at times, allowed the company to cheat, cut corners, solve problems, provide examples, avoid further experimentation, eliminate costs, lend scientific assurance, and otherwise help JHL Biotech start-up, develop, and operate its business secretly using the intellectual property and scientific know-how taken from Genentech.
Jordanov admitted that he suspected that some or all the stolen information was brought to JHL Biotech in violation of relevant Genentech non-disclosure agreements and employment contracts, but he made no effort to verify whether that was true.
I've thought about this stuff before. Makes you wonder if companies have thought about ways that their documents leave the company, and how to track them...
The most thorough compartmentalization and access tracking gets implemented at CROs - they have obligation to protect the IP of their clients. But it is soul-crushingly cumbersome, it prevents information sharing within the company, it kills the initiative and it will not prevent the theft is someone is motivated to screw her employer.
ReplyDeleteOne thing that the company can do is to include employment contract provisions that will dramatically penalize any misuse of the internal documents, and then require the employees to take refresher courses once a year, to remind them of their obligations to their employer and the potential cost of failing to do so.