Janice Kuang Capener and Luo Jun face 18 counts stemming from the alleged theft of a significant amount of proprietary information from Orbit Irrigation Products. In 2009, Capener, who had been an Orbit employee for six years, was fired by the company. Before leaving, she downloaded sales and pricing information.

With the assistance of Jun, who owned Zheijian Hongchen Irrigation Equipment, Capener established her own company, Sunhills International. The two conspired to undercut Orbit's prices and blackball Orbit among Chinese manufacturers, according to the indictment.

In the other case, Yihao "Ben" Pu is charged with numerous counts of trade secret theft from Chicago-based hedge fund Citadel, for which he had previously worked as a programmer. According to the Chicago Tribune, Pu stole computer code used by the firm to develop trading strategies.

As both of these cases illustrate, companies with sensitive information should take steps to ensure that their document protection standards are sufficient to prevent the threat of insider-driven trade secret and intellectual property theft.

However, despite these concerns, many firms fail to implement proper document protection strategies. While there are many reasons for these shortcomings, one significant cause is the prevalence of several myths regarding data security methods.

To encourage companies to pursue better document security practices, a leading cybersecurity firm recently released a report debunking a number of myths concerning data encryption, one of the foremost forms of data protection.

One of the most significant myths noted is that enacting data encryption will decrease the performance of a company's computers. According to the report, this myth has its basis in the past, when computer processors were less powerful and encryption was a significant drain on their resources. Nowadays, computing technology has improved to the point that most users will not be able to detect any performance degradation while encryption is in effect.

The PROTECT IP Act
One of these laws was sponsored and largely written by Senator Patrick Leahy of Vermont. The legislation, called the PROTECT IP Act or Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property, was designed to solve many of the problems that were present without the use of document protection and other forms of digital rights management.

Previous laws have been debated and passed in the United States and internationally that sought to deal with piracy and standardize document DRM. However, many of them failed to adequately address the activities of people who frequently broke the law online.

Enhanced powers
The bulk of the Protect IP Act, or PIPA, was an authorization of expanded powers for federal regulators and the U.S. Justice Department. Essentially, PIPA would have provided the government with the ability to remove and disable access to websites known to make illegal copies, counterfeit goods and other products available that violated established copyrights.

What's more, liability for copyright infringement was the responsibility of the host, as well as any websites and domains that possessed links to those pages. This could result in a massive breakdown in the structures of many free services such as Wikipedia and Twitter.

Making real changes
Proponents of PIPA (and the House of Representative's mirror legislation, the Stop Online Piracy Act) argue that without actionable powers or teeth on a law, it's impossible to police the world wide web. The cost of sending attorneys to comb the internet looking for copyright infringement is too high even for most large organizations, and some enforcement needs to take place to keep copyrights safe. PIPA failed to pass, so for the time being, companies should stick to the only proven formula for protecting sensitive materials and copyrighted media – document DRM.

However, there are many reasons people aligned themselves against the legislation and whose efforts culminated in the January 18 blackouts. In part two, we'll examine their arguments as well as some possible solutions or middle ground both parties may be able to agree on.

The study, ordered by the Office of the Privacy Commissioner of Canada, surveyed more than 1,000 companies from various industries. It found a wide range of security practices, with most businesses demonstrating security vulnerabilities in at least one area. For example, approximately half of participating companies that store personal information on personal devices, including tablets, smartphones and USB sticks, do not use any form of encryption.

Additionally, only 55 percent of participants have established controls in their organizations to ensure that employees use hard-to-guess passwords, and more than a quarter do not require employees to change passwords at regular intervals.

Security experts widely recommend that workers use both encryption and complex password protection whenever sensitive information is at risk. Numerous studies have found mobile devices containing company or customer information to be one of the biggest security vulnerabilities affecting businesses today.

Without these document protection measures, a lost or stolen mobile device can be accessed by unauthorized individuals, potentially leading to a data breach. And as Privacy Commissioner Jennifer Stoddart notes, while encryption may require a bit of time initially, "the impact on day-to-day functions is almost nothing," IT World Canada reports.

Conducted by Amarach Research, the study surveyed 1,000 workers across Ireland, Silicon Republic reports. The results revealed that many employees engage in behavior which can put their company's data at risk. For example, 12 percent of respondents admitted to taking an employer's contact list with them when they left the company. Additionally, 18 percent store work-related data on USB drives and 19 percent email work documents to their personal accounts.

As these figures demonstrate, many Irish firms can improve their document security procedures. Industry experts widely recommend implementing education policies designed to inform workers of the threat of data loss and how to avoid high-risk behaviors.

Additionally, a recent IDC report advocated increased use of encryption tools among companies to deter insider threats. If sensitive documents are encrypted, then unauthorized employees will be unable to access the stored information, protecting it in case the employee attempts to steal intellectual property.

The first, Suibin Zhang, was previously a Silicon Valley engineer working for Netgear. In 2005, shortly before beginning a new job with Broadcom, Zhang used his position and Netgear's customer relationship to gain access to technological trade secrets owned by Marvell Technology, a Broadcom rival.

According to prosecutors, Zhang downloaded a large amount of proprietary knowledge from Marvell's Extranet without any legitimate rationale. According to the Chicago Tribune, Zhang faces up to 10 years in prison.

Recently, Wen-Long Huang pled guilty to charges of trade secret theft and faces similar potential penalties. According to 7th Space Interactive, Huang illegally downloaded product data sheets from Jet Products, his employer and a developer of environmentally friendly buildings.

In both of these incidents, it is possible that superior document protection practices, such as encryption software and PDF protection, could have prevented the thieves from accessing and stealing the intellectual property.

As these incidents illustrate, many healthcare organizations need to take greater steps toward improving their document protection practices.

Speaking to Becker's Hospital Review, health IT expert David Finn recently said that one of the key steps healthcare organizations should take is tailoring their data protection strategies.

"The right data protection entirely depends on who needs the data and how it is used," he claimed. If a piece of information is stored for recordkeeping purposes and will never be exchanged, for example, it may not require the same level of endpoint security protection as does a file containing sensitive patient information which will circulate among doctors.

Similarly, Finn argued that document security should reflect the sensitivity of the data protected. Encryption may not be necessary for a research presentation document, but is quite possibly a wise security practice for patient records, he explained.

By failing to apply varying degrees of document security to different types of data, healthcare organizations risk under-protecting sensitive information, which could lead to a data breach.

However, that doesn't mean there aren't occasional overhauls of copyright law and intellectual property protection. One of the most significant additions to both American and international legal canon (that is still largely followed by the international community) is the Digital Millennium Copyright Act (DMCA) of 1998. It is a codification of the findings of the World Intellectual Property Organization (WIPO) and sought to formalize many of the points of two agreements – the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty. It was drafted into five sections, or titles, and was signed into law by President Clinton in 1998.

Title I
The initial portion of the Act implemented the WIPO treaties and expanded upon the number of nations that were included in their purview. The Berne Convention, which was previously the benchmark for international copyright law and document protection, did not include many countries that would subsequently become involved with the WIPO.

Title II
This legislation next limited internet service provider (ISP) liability for digital copyright infringement. This is still a contentious issue today, and forms much of the basis relating to the need for document DRM and other intellectual property protections. If the companies that provide internet access aren't forced to police what files they're facilitating, there are few organizations with the authority to do so. Therefore, companies must take their own steps to ensure the security of the content they produce.

Titles III-V
The next three sections of the DMCA include an assortment of minor protections and regulations. For instance, Title III ensures that copying during the course of maintenance and repair to computer systems isn't punishable under the law, while Title V includes an update to the Vessel Hull Design Protection Act that keeps international copyrights of ship designs safeguarded against theft and copying.

This law allows some redress for companies that have had their products stolen and used improperly and largely ignores a lot of the piracy that is common today. While international groups and governments are currently struggling to give businesses better tools for securing content, it is beneficial for the time being to use PDF security and other measures that will prevent the illicit use of documents and media. 

In February, a Virginia-based firm was struck by hackers. According to ABA Journal, the hacktivist group Anonymous targeted the firm for its successful representation of a U.S. Marine staff sergeant. The hackers infiltrated the law firm's email system and subsequently released confidential information from the case onto YouTube and other internet channels. Additionally, the cyberattackers disabled the company's website.

This attack fits into a trend, identified by numerous cybersecurity experts, in which hackers' attention is shifting away from difficult, high-reward targets, such as financial institutions, to more easily-accessible organizations and individuals. Lacking the cybersecurity defenses of banks and credit unions, many companies are relatively easy prey for cyberattackers, who can then sell the stolen information or use it to commit identity theft and fraud.

To avoid losing sensitive information to hackers, law firms should consider implementing greater document security protocols. By using PDF protection, for example, an organization can store its files in a format that is unreadable by unauthorized individuals, protecting the stored data even in the event of a data breach.

Li was a Sanofi employee for nearly five years before initiating her theft. Highlighting the need for companies to implement effective document security protocols to protect their intellectual property from both external and internal threats, Li accessed Sanofi's database and downloaded trade secrets regarding chemical compounds over the course of six months. Li transferred this information to her personal home computer via flash drives and personal email.

At the time of the theft, Li was a co-owner of Abby Pharmatech, a U.S. subsidiary of Chinese chemical firm Xiamon KAK Science and Technology. According to the Asbury Park Press, Li made more than 6,000 stolen compounds available for sale on Abby's website. Sanofi estimates that it lost millions of dollars due to the proprietary information theft.

In order to protect themselves from trade secret theft, industry experts widely recommend that companies pursue document security policies that include data encryption and strict access management.