In a cross-organization IT shared services arrangement, two or more companies partner to provide the shared technology infrastructure or services. While there are several benefits to such agreements, there are risks that need to be understood and addressed. One of the most significant risks relates to the ownership and protection of intellectual property (IP). \n\nIn a traditional services arrangement, where a customer partners with a vendor, the "battle lines" are clearly drawn. Typically, either the customer or the vendor owns the IP. Most often, the service provider owns any intellectual property developed during the relationship unless the IP is developed exclusively for the customer. But ownership is not as clear when services are shared across multiple organization. Accordingly, it is critical that participating companies negotiate who is responsible for developing IP for the partnership and who will own it later. \n\nYou Build It, You Own It\n\nGenerally, independent contractors such as vendors, service providers and consultants own IP they develop. Although there are some differences between patents and copyrights, employers own\u2014or at least have the right to use\u2014IP developed by their employees. \nTo read more on this topic, see: From Cloud Computing to Shared Services: Why CIOs Are Taking a New Look at Sharing IT Infrastructure and Applications and Where Are the Legal and Intellectual Property Bodies Buried in Open Source Adoption?\n\n\n\nIf multiple companies are involved, the lack of an agreement may unintentionally result in partners owning new IP jointly, depending on whether one partner develops most or all of the IP in question. This is determined based on the relationship between the new IP and the core technology of each company. \n\nFor instance, employees of one participant may contribute to the development of IP that more properly relates to or is derivative of technology owned by another participant. Joint ownership can lead to uncertainty and complexity regarding each party's rights to use, license, sell and otherwise exploit this jointly developed IP, as well as their respective obligations if the IP is later found to infringe on the intellectual property rights of a third party.\n\nTherefore, an agreement should specify which company or companies own the IP, along with any applicable license rights and each company's indemnity obligations. Additionally, if the IP is to be jointly owned, the parties should describe whether they must account to each other for profits they derive from it. The parties must also consider the ownership rights of any vendors involved. There may be valid reasons for a participant other than the one whose employees developed the IP to own it, or at least share rights to use it. In such cases, the owner would need to grant the participant a written license.\n\nThe participants in a shared services relationship may decide to form a separate company. In this scenario, they will need to decide on the percentage of the new company that each owns, who controls management and who is responsible for day-to-day operations. The parties also need to consider an exit strategy for when the shared services relationship terminates, including the sale or distribution of the developed IP assets. \n\nProtecting Confidential Information\n\nWhile any developed IP will often be software or some other tangible work product, the participants also need to consider how they will handle confidential information and trade secrets. Generally, such information is protected because its value depends on it not being generally known. However, these protections require the owner of the confidential information and trade secrets to take reasonable precautions to prevent disclosure. Most companies are also subject to data privacy laws. \nWithout such measures, if the confidentiality or secrecy of the information is compromised, the legal protections also may be compromised or lost entirely. This threat is of particular concern in a cross-organization shared services model.\n\nCompanies that share services should at least require that each participant takes steps to protect the confidentiality and secrecy of the other company's information. Such measures include requiring nondisclosure and confidentiality agreements, implementing privacy and security procedures to safeguard pertinent data and educating employees about their obligations to protect sensitive information. Ensuring that these procedures are included in the agreement and implemented by each party increases the likelihood that each company's confidential information and trade secrets will remain protected. Failing to do so may result in loss of protection for what may very well be the most important assets of the business as well as subject the company to third-party claims.\n\nIn summary, companies entering into a cross-organization shared services relationship need to carefully consider ownership and protection of IP brought to or developed during the relationship. Failure to specify each party's respective rights and obligations in writing will substantially increase the risk of uncertainty and disputes between the participants. Written agreements should be used to document IP ownership, as well as the use and protection of that IP. \n\nChanley T. Howell is a partner and Manfred A. Perera is an associate with Foley & Lardner. They are members of the firm's Information Technology and Outsourcing practice group.