×

or

Explore
In-House Counsel

Administration of Confidential Information – Small Steps to Avoid Big Damages

Lakshika Joshi, Shivani Singh | August 2016
Administration of Confidential Information – Small Steps to Avoid Big Damages

India is presently talking about intellectual property rights more than ever. The National Intellectual Property Rights (IPR) Policy released recently is extremely concerned about generating “awareness” of intellectual property (IP) in the country. One of the seven objectives of the policy is “to create public awareness about the economic, social and cultural benefits of IPRs among all sections of society”. Stressing on “awareness” seems like a pressing need especially when just a month before release of the policy, Indian information technology (IT) sector was hit by allegations of fraudulently accessing trade secrets, resulting in a US District Court (Wisconsin) imposing a penalty of 940 million USD (approx. INR 6300 crores) on one of the most reputed IT companies of India.

The facts of the matter reveal that this may not be a straightforward corporate espionage case. TCS-Epic Systems’ lawsuit has more to do with the seemingly mundane aspects of data confidentiality: restricting internet access in client specific development centres, ensuring proper user authorization and being mindful that creative work-arounds don’t trample over intellectual property agreements.

It has become extremely essential for the companies to have awareness towards full protection and end –to-end management of confidential information, which generally can be distinguished as employee information, management information, and business information. Effective management of confidential information is an outcome of better protection through defined processes and procedures. Understanding the applicable local laws, multi-jurisdictional operating nuances and appreciation of potential for damage are essential for effective administration of confidential information.

Many IT companies operate on a ‘services’ model, i.e. the IT Enabled Services (ITES), where products are created for and on behalf of clients. The clients own IPRs created while rendering such services. India continues to be the most favoured destination for IT outsourcing services which makes protection of IP (including trade secrets and confidential information) a critical concern for the offshoring customers. Unfortunately, Epic Systems’ allegations compel us to thinks that there may be many other Indian IT companies indulging in similar acts, out of sheer ignorance or lack of awareness. Generally, incidents of data breach or unauthorised use of confidential information arise at the behest of a single employee or small group of employees who have been simply negligent of information security routine, without any specific intention to cause harm or faintest comprehension of consequences of their omission or commission- landing their employers in a billion-dollar lawsuit.

Indian IT giants have been involved in such disputes in the past too. In April 2007, Upaid, a UK based IT firm which offers solutions for payments via mobile phone, had initiated legal proceedings against Satyam Computer in Texas courts alleging fraud, forgery, misrepresentation and breach of contract involving transfer of IPRs. The litigation ultimately ended in 2009 when Satyam (now Mahindra Satyam) agreed to pay 70 million USD for settlement of all outstanding legal disputes. While Satyam’s case revolves around consequences of inadequate or ambiguous contractual terms with respect to IPRs, read together with TCS-Epic Systems legal battle, it make us ponder upon the lack of awareness and perhaps ineffective information management by Indian IT companies.

GOING BEYOND CONTRACTS

In today’s digitized world, corporate will have to go an extra mile and be as innovative as possible to ensure protection of confidential information and prevent unauthorised acts by their personnel during the course of their employment. It is crucial for the IT and software companies to ensure that not only are they are covered through proper contracting but they also have an appropriate internal management

programme to ensure adherence of these contracts. Considering the intangible nature of confidential information and its economic value, it requires employers to put in place a safeguard system within their company. Apart from signing enforceable confidentiality and noncompete covenants with the employees, several other measures mentioned hereinafter necessitate consideration. n Companies need to explicitly identify the trade secrets and confidential information involved in each project. This needs to be followed by marking the documents as per their relevance. Some identifiers maybe ‘third party confidential’, ‘distribution to be limited to a certain department’, ‘make no copies’, etc. Such an identification and marking practice not only ensures that the information is handled in a confidential manner but also helps avoiding incurrence of any liability.

  • An express communication with regard to confidentiality of information and data, as identified and marked, must be made to all employees deployed on the project. It is advisable to provide another list of information not covered by confidentiality obligations for better understanding of the internal users and stakeholders within an organization.
  • Companies need to be judicious in granting access to confidential information. The number of employees accessing confidential information need to be limited and logs should be maintained for keeping record of access at any point in time.
  • Employees need to be trained and regularly updated on information security guidelines and policy of the organization by the in-house counsels. Such training sessions need to be crafted and moderated uniquely for each internal department depending on the nature and extend of information handled by them. This allows establishment of a culture of information security within the organisation and makes the employees understand the legal consequences of any breach at an individual and organisational level. There is merit in meaningful background checks to be performed on employees.
  • The information security guidelines’ education and training can be complimented by periodic tests and refresher modules for the employees. Conducting information security audits is recommended for organizations where business and clients are spread across jurisdictions.
  • Establishing robust disciplinary process for any kind of breach works as an effective way of creating a culture of compliance within the organization. It also creates a deterrent and goes a long way in establishing company’s credibility.

    • Beyond regulatory sanctions, legal consequences, loss of goodwill and decline in market share, confidential information needs effective management as it adds to a competitive advantage. Trade secrets and confidential business information add to economic benefit and is critical for functioning of a company.

    Managing confidential information has to be part of companies’ fundamental policies and not a onetime activity. Corporates should appreciate the potential costs and the implications of not having a strong confidential information management system. As business grows, well established rules and processes for development, management, distribution, protection and enforcement of confidential information need to be looked into proactively. Effective measures need to be adopted for establishing an ecosystem to administer confidential information in a manner such that it not only mitigates the risks of a breach and saves the company from potential damages but also adds to the credibility and brand value of the organization.

About Author

Lakshika Joshi

Lakshika Joshi is General Counsel and Head of IP Licensing at Nucleus Software. She is responsible for overall legal function and steering the Company towards newer age IP models. Lakshika is a commercial lawyer specializing in IPR and transactional matters with experience across ICT, Media, Broadcasting, Internet, Publishing, Music, Entertainment, Newspapers, Software and IT industry.

Shivani Singh

Shivani Singh is a commercial lawyer with a keen interest in IP laws. Interplay between technology and law has always fascinated her. Presently, she is an inhouse counsel at Nucleus Software where apart from handling advisory functions and contractual negotiations, she plays a role in developing company’s licensing strategies.

Related Articles

The Legal Luminary and Visionary Leader Who Shaped Andhra Pradesh’s Future

The Legal Luminary and Visionary Leader Who Shaped Andhra Pradesh’s Future

Lex Witness Bureau

Readers’ Feedback – May 2025

Readers’ Feedback – May 2025

Lex Witness Bureau

GC’s are often involved in Shaping Corporate Culture, Ethics, and Governance, Aligning Legal Objectives with Broader Business Goals

GC’s are often involved in Shaping Corporate Culture, Ethics, and Governance, Aligning Legal Objectives with Broader Business Goals

Lex Witness Bureau

Latest Edition

May 2025

Subscribe Us

Advertisement

About Witness

For over 10 years, since its inception in 2009 as a monthly, Lex Witness has become India’s most credible platform for the legal luminaries to opine, comment and share their views. more...

The Lex Witness Summits Legacy

The Grand Masters - A Corporate Counsel Legal Best Practices Summit Series

www.grandmasters.in | 8 Years & Counting

The Real Estate & Construction Legal Summit

www.rcls.in | 8 Years & Counting

The Information Technology Legal Summit

www.itlegalsummit.com | 8 Years & Counting

The Banking & Finance Legal Summit

www.bfls.in | 8 Years & Counting

The Media, Advertising and Entertainment Legal Summit

www.maels.in | 8 Years & Counting

The Pharma Legal & Compliance Summit

www.plcs.co.in | 8 Years & Counting

Explore Further!

We at Lex Witness strategically assist firms in reaching out to the relevant audience sets through various knowledge sharing initiatives. Here are some more info decks for you to know us better.

Copyright © 2020 Lex Witness - India's 1st Magazine on Legal & Corporate Affairs Rights of Admission Reserved