For Indian businesses, trade secrets & confidential information is a top priority. Companies place a high value on protecting their trade secrets and private information because of their impact on the company’s competitiveness and valuation. Given their secretive nature, however, watching them legally may be difficult. This leaves them open to theft from dishonest workers, hacking from cybercriminals, and espionage from competitors.
As a consequence of the digital transformation, which many businesses are experiencing, new threats have emerged. Employees regularly change employment, bringing with them important private knowledge.
Cyber espionage dangers concerning trade secrets & confidential information are growing at an alarming pace. While the legal system now harshly punishes the theft of private information, businesses must remain watchful for indicators of wrongdoing and build their defenses appropriately.
Legal Protection of Trade Secrets in India
At the outset, there is no specific statute in relation to trade secrets per se. However, the essence of trade secrets is derived partly from the Indian Contract Act 1872. It includes recourse in the event of a breach of non-disclosure agreements and the exposure of sensitive information. The law of equity also provides certain safeguards against the inappropriate disclosure of private information. Specific remedies may be sought if such information is exploited without authority.
Further, the aspects of trade secrets can also be found in the provisions of the Indian Penal Code, Intellectual Property Laws such as the Copyright Act, 1957, the Designs Act. Notably, India is a signatory of the Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPs) and this agreement defines minimum standards for all WTO members.
Protecting Undisclosed Information: Examining TRIPs Agreement Stipulations
Section 7 of the TRIPs stipulates ‘Protection of Undisclosed information’ and what information comes under this category is defined under Article 39 (2) of TRIPs as follows:
“..2. Natural and legal persons shall have the possibility of preventing information lawfully within their control from being disclosed to, acquired by, or used by others without their consent in a manner contrary to honest commercial practices so long as such information:
(a) is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question;
(b) has commercial value because it is secret; and
(c) has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret.”
In view of the foregoing, one must continue to strengthen their defenses against the theft and abuse of any valuable information which would fall under the abovementioned category.
Case study 1: Stealing Customer Data: Examining Burlington Home Shopping vs. Rajnish Chibber
In Burlington Home Shopping Pvt. Ltd. Vs. Rajnish Chibber, 1995(15)PTC 278(Del), the Defendant was at one time an employee of the plaintiff. On severing relationship with the Plaintiff the Defendant had established himself as a competitor by entering into mail order shopping business. The Defendant also managed to get a copy of the database, an otherwise guarded secret of the Plaintiff and started making use of the same for the purpose of establishing relationship with the Plaintiff’s customers.
The Delhi High Court compared the data of the Plaintiff and Defendant and held that the Defendant’s data are a slavish imitation of that of the Plaintiff and held that a strong prima facie case of infringement by the Defendant of the Plaintiff’s copyright has been made out to the satisfaction of the Court.
Case study 2: Misappropriating Confidential Information: Examining Diljeet Titus vs. Alfred Adebare
The Delhi High Court in Diljeet Titus and Ors. vs. Alfred A. Adebare and Ors., 2006 (32)PTC 609 (Del) held that “the plaintiff has clearly established a prima facie case in respect of the rights in the material taken away by the defendants. In my considered view, the balance of convenience lies in favor of the plaintiff and against the defendants. The defendants are free to carry on their profession, utilize the skills and information they have mentally retained and they are being restrained only from using the copied material of the plaintiff in which the plaintiff alone has a right.”
It was further held that “The defendants having worked with the plaintiff cannot utilize the agreements, due diligence reports, list of clients and all such material which has come to their knowledge or has been developed during their relationship with the plaintiff and which is per se confidential.”
It is pertinent to note that the Delhi High Court observed , “There is no dispute that the work falls within the definition of literary work within the meaning of Section 2(o) of the Copyright Act as the definition includes computer database.”
Practical Tips for Protecting Trade secrets & Confidential information
Trade secrets and sensitive data in India need both legal and practical protection measures from businesses. Here are a few pointers:
1. Confidentiality Accords
Employees, contractors, partners, and third parties who have access to confidential information should sign legally binding non-disclosure agreements (“NDA”). The agreement has to specify what information is considered secret, who may and may not access it, who may not disclose it, and what the consequences of doing so are. It’s a good idea to renew NDAs regularly.
2. Controlling Who Sees Private Information
It is essential that only those who have a legitimate business need to know to get access to confidential information. It’s important to develop data categorization methods, individual user passwords, and VPN protection. It is important to revoke access for a departing employee.
3. Encryption and Password Security
The first line of defense for digital data is safeguards like passwords, multi-factor authentication, and encryption. Protecting the privacy of sensitive information and conversations requires strong encryption. Logging and monitoring access is a must.
4. Marking Confidential Documents Clearly
Trade secrets contained in paper form should be clearly labeled as such to avoid their unintentional disclosure. Information requires safekeeping before and after disposal. Labeling emails regarding sensitive information is important.
5. Repeated Inspections and Testing
There has to be a system in place to check who has access to sensitive information and who hasn’t. Unauthorized data copying or downloading are warning indications that should immediately activate warnings and prompt action.
The secret is to set up many layers of security, including legal contracts and technological restrictions. However, labeling too much information as private might have the opposite effect and decrease adherence. It’s best to strike a middle ground.
Best Practices for Trade secrets & Confidential information Management
Companies need to take preventative efforts, such as instituting strong trade secrets & confidential information management, in addition to reactive measures against theft. Examples of good procedures are:
1. Physical Security of Premises
To ensure the safety of sensitive information, it is important to set up physical access controls such as guards, cameras, fingerprint scanners, and visitor records. Hosting data centers with restricted access is essential for server safety. It’s important to archive and discard old documents safely.
2. Robust Cybersecurity Policies
Data encryption, safekeeping, authorized access, and constant monitoring are all vital components of a solid cybersecurity strategy. Proactively identifying vulnerabilities requires the implementation of regular cybersecurity audits, penetration testing, and redundancy systems.
3. Training Employees on Handling Sensitive Data
Workers need frequent training on recognizing and handling sensitive information by policy. They need to know about encryption specifications, access limitations, and possible consequences for carelessness or abuse. It is important to emphasize confidentiality requirements both when recruiting and after leaving.
4. Confidentiality Clauses in Employment Contracts
In employment contracts, there should be an exclusive clause on what constitutes confidential information and the enforcement of the confidentiality clauses even post-termination.
5. Institutionalizing a Culture of Secrecy
Establishing a culture of secrecy via incentives, training, and rules promotes compliance. Overclassification, however, has its drawbacks. It is necessary to evaluate the definition of a trade secret periodically. The reason for granting access should be need-to-know.
6. Centralized Trade Secret Management
Improved uniformity results from centralized trade secret classification, monitoring, and protection procedures. Implementing access assessment protocols before disclosing data to external parties mitigates the possibility of data leaks. Designating custodians establishes responsibility.
Robust regulations, access restrictions, and a deeply established culture of secrecy are the cornerstones of a successful trade secret protection program. When it comes to trade secrets, prevention is preferable to treatment.
Monitoring Misuse And Legal Recourse
Trade secret abuse might nevertheless happen due to employee carelessness or unanticipated security breaches, even in the presence of strong preventative measures. Businesses must look for red flags and be ready to take legal action if required.
1. Looking Out for Red Flags
Unexpected changes such as a competitor’s quick financial success, evidence of illegal access or data downloads, and questionable staff actions might all point to a leak. Audits of forensic security may reveal theft after it has occurred.
2. Examining Potential Leaks
Any suspicion of trade secret theft or leakage should be investigated immediately internally. Analysis of both physical and electronic access records is required. Forensic specialists should confiscate and examine impacted systems and devices to identify any illegal data transfer, copying, or access.
3. Sending Notices to Cease
Sending a cease and desist letter asking that the receiver of sensitive data cease using it, return or delete the relevant material, and identify the identity of any third parties to whom they may have passed the information is appropriate if the recipient exposes it without consent.
4. Filing Criminal and Civil Cases
Individuals can initiate legal proceedings seeking injunctions and damages if they believe that someone has stolen or exploited their confidential materials. The Indian Penal Code 1860 allows for the pursuit of criminal prosecution for theft, data theft, and copyright violations.
5. Differential Dispute Settlement
Arbitration, mediation, and out-of-court settlement agreements offer a faster and less public way to resolve trade secret issues compared to the prolonged litigation process. However, a solid legal claim needs a foundation.
There is never a completely zero danger of trade secrets. Because of this, it’s important to maintain a state of alertness at all times and to have backup plans in case legal action becomes necessary. Early identification and prompt action when leaks happen, are the signs of the test.
To sum up, strong trade secrets & confidential information security is essential to a company’s capacity to compete, succeed, and survive in India. Businesses must use all available legal protections under employment law, contract law, and specific laws. The judiciary’s previous pro-employee views give way to tighter trade secret protection.
Indian businesses must have comprehensive training programs, access restrictions, cybersecurity measures, and nondisclosure agreements. They need to keep an eye out for any indicators of leakage and be ready to take legal action immediately if necessary.
Corporate success in today’s fiercely competitive environment depends on knowing how to handle trade secrets. Since information is instantaneously available, possessing and skillfully using knowledge is the real competitive advantage. In addition to legal safeguards, organizational vigilance is necessary to secure this important company asset.
Author: Nitin Abhishek, Trademark Attorney.