[Patentpractice] Interesting notice from USPTO re data breach

[Carl Oppedahl]

On 4/29/2024 3:08 PM, Patent Lawyer via Patentpractice wrote:
>
> But I still think it has to be reported to the client.
>
Yes but what is the "it" that must be reported?

The arrival of the Notice from the CIO?  The problem with getting all 
riled up about the arrival of the Notice from the CIO is that it is very 
likely meaningless.  It probably got sent to you not because some third 
party saw your client's invention title, but because you yourself 
recorded an assignment during the data leak interval of 7 weeks.

Let's suppose you have 20 clients.  You will have recorded an assignment 
during this data leak interval for maybe one of those clients.  That is 
the client for which the Notice will arrive from the CIO.

But meanwhile, the other 19 clients may have had their invention titles 
viewed because some third party keyed in your client's application 
number at Assignment Center.  Maybe they did it by accident, maybe they 
were plugging in random application numbers on purpose just to see what 
would get displayed.   And then they had the self-control not to click 
"submit", so it never got logged.  But those clients would not have 
received the Notice from the CIO because the revelations were not 
followed by somebody clicking "submit".

Seems to me that all patent clients whose patent applications had not 
yet been published during the data leak interval need to be told about it.

Now what exactly should be communicated to those clients (regardless of 
whether or not any Notice arrived from the CIO)? Is it enough simply to 
hand over to the client a copy of the Notice from the CIO?  Surely that 
is not enough!  The Notice from the CIO fails to disclose that the USPTO 
did not log the cases where a third party saw your invention title and 
then did not click "submit".  The Notice dissembles and mischaracterizes 
the consequences of the leak.  It just barely avoids outright falsehoods 
about several aspects of the leak.

What should really get communicated to clients is probably a more 
accurate report about the situation.  Not merely the Notice.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://oppedahl-lists.com/pipermail/patentpractice_oppedahl-lists.com/attachments/20240429/75c806f3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4514 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://oppedahl-lists.com/pipermail/patentpractice_oppedahl-lists.com/attachments/20240429/75c806f3/attachment.p7s>