The USPTO sent out email messages today reporting what it calls a “Data Security Incident”. It turns out that the USPTO, which promised it would keep the “where you sleep at night” domicile addresses of trademark applicants safe and secure, instead revealed all of the “where you sleep at night” addresses in all of the USPTO’s APIs and bulk data products by which data miners collect data from the USPTO, over a period stretching from February of 2020 to March of 2023.
Astonishingly, CIO Jamie Holcombe tells us that he “fixed” the problem.
Of course to fix the problem, he would have had to somehow claw back all of that “where you sleep at night” information that got downloaded by data miners over that three-year period. Instead, all he accomplished was closing the barn door after the horse was gone.
At my firm we now face the unwelcome task of informing our clients that their private domicile addresses have fallen into the hands of the public. I wonder if Mr. Holcombe will reimburse our firm for this work.
At least two of our clients who provided their domicile addresses to the USPTO, relying upon the USPTO’s promise that it would keep the domicile addresses secret, were people who had reason to worry about their personal privacy. Without going into unnecessary detail, imagine for example that a victim of domestic abuse might very much want to keep certain persons from being able to find out where they live. I wonder whether Mr. Holcombe will cover the cost of these people having to move to a new domicile address.
I don’t think the PTO has yet understood how seriously some applicants view their privacy concerns. As we all know, there’s no way to claw back any of the personal information that the PTO negligently made visible.
Recent events where this “data security incident” issue – which apparently was known since Feb. 24, 2023 – does not appear to have been raised at all:
Director Vidal testified to the House Judiciary Subcommittee on Courts, Intellectual Property, and the Internet on April 27, 2023
TPAC public meeting on April 28, 2023
TPAC fee setting hearing on June 5, 2023
I can understand not announcing the “data security incident” until the software had been updated to eliminate the error. But if the error was fixed by April 1, as indicated in Vidal’s letter, why delay reporting it to the CAFC and affected applicants until June 9?