Current Topics

#Employment

How to keep company business secrets safe when employee leaves

Articles

Author

Kiran Radhakrishnan

17-May-2018

15841 Total View        

Articles
These situations can be a huge setback for companies, in some cases leading to heavy losses. One example is the Stellar Information Technology v Rakesh Kumar & Ors dispute in 2016, which was heard by Delhi High Court

In order to maintain a competitive edge in an era of globalization and increasingly liberalized markets, businesses stay on top by protecting the innovative ideas, proprietary information, internal workings and mechanisms that give them advantages over their closest rivals. Numerous companies have been faced with disgruntled or greedy former employees who have divulged confidential details to competitors or disseminated information for public consumption as payback for perceived injustices.

 

These situations can be a huge setback for companies, in some cases leading to heavy losses. One example is the Stellar Information Technology v Rakesh Kumar & Ors dispute in 2016, which was heard by Delhi High Court. The plaintiff’s contention was that the former employees were making use of confidential data and trade secrets to secure business for their new company and approach their existing customers.

 

Kolkata High Court recognized the growing importance of trade secret protection and enforcement in the 2015 cases of Hi-Tech Systems & Services v Suprabhat Ray and Fairfest Media v ITE Group. The ruling in these decisions suggested that courts can be persuaded to enforce secrecy clauses post-termination of an agreement.

 

This suggestion raises questions. Is a person who has signed a non-disclosure agreement (NDA), or a confidentiality agreement with an employer, bound by the agreement even after he or she is no longer employed by the company? Can an employer prevent a former employee from using its confidential information for competitive advantage in his or her new employment?

 

If there is no contract/confidentiality agreement/NDA signed between the employee and his/her former employer, nothing can deter a departing employee from disclosing confidential information.

 

Protecting information and preventing its disclosure is pretty much the essence of a confidentiality agreement. It is imperative that the agreement be specific and detailed, yet sharp and lucid. An agreement that is too broad could be declared void by courts, while one that is too restrictive could be deemed unenforceable.

 

Therefore, it is pertinent for companies to find the right balance and ensure that its interests are well protected. The repercussions of misuse of confidential information could include fraud, the destruction of careers or other violations.

 

While it is up to an individual employer to determine the information that needs to be protected by employee confidentiality agreements, the agreement should ideally include the following:

 

Restricted information. This includes highly sensitive or valuable information, both proprietary and personal, and/or a trade secret that if disclosed to unauthorized individuals, entities or society could have a significant impact on the business’s legal/regulatory obligations, or on its financial, commercial or economic status, customers, franchises, distributors, bankers, partners, associates, affiliates, service providers, patrons and clients.

 

This information includes financial data, major product and marketing plans, or merger and acquisition information before it is released to the public. A “trade secret” can be formulae, technical know-how or a peculiar mode or method of business adopted by an employer that is unknown to others (see Ambiance India v Shri Naveen Jain, Delhi High Court, 2005).

 

Internal information. This is information that an employer determines has the potential to provide a competitive advantage, or that would have a significant impact on the business if disclosed to unauthorized individuals. This information is only meant for internal access and circulation and is protected from external access. Information about or belonging to customers, employees and businesses that the company is obligated to protect cannot be divulged outside the organization.

 

Unauthorized access could hamper the company’s operations, result in losses, provide significant gains to a competitor, cause a major drop in customer confidence, customer base, etc. Internal information includes standard operating procedures, customer data, pricing strategy, commission payout or profit-and-gain details, business financial records, all company developed software code, departmental memos, training material, policies, work instructions, guidelines, investment options, transaction data, productivity reports, disciplinary reports, contracts, service level agreements, etc., that if released to an unauthorized party would cause damage to the business.

 

With sufficient effort or through illegal acts, rivals may access trade secrets (confidential information). However, if the “trade secret” or information owner proves that reasonable efforts were made to keep the information confidential, it remains a trade secret and is legally protected (see Emergent Genetics India v Shailendra Shivam, Delhi High Court, 2011).

 

Digitally sensitive information. This includes data stored, captured, transferred or encrypted, using technology fully or partially, where the loss or illegal sharing of the data could adversely affect business interests, the conduct of a company or the privacy of individuals. It also includes transactional records, client media and electronic transmissions from and to clients, customers, distributors, suppliers, service providers, consultants and agents.

 

India’s economic market is yet to have separate legislation solely dedicated to the protection of confidential information and trade secrets from transgression and commercial exploitation by machiavellian and opportunistic individuals and entities. Instead, the safeguards that are in place are found in common law practice.

 

COVENANTS AND RESTRICTIVE COVENANTS

All contracts, agreements and covenants are governed by the Indian Contract Act, 1872. A covenant in an agreement that is contrary and contradictory to the principle of section 27 of the contract act and in violation of principles in article 19, protected and guaranteed under the constitution of India, are restrictive covenants in law and not enforceable.

 

In accordance with provisions in the constitution and the contract act, courts have generally held that the right to livelihood of the employees must prevail in spite of an existing agreement between the employer and the employee.

 

Courts have consistently refused to enforce post-termination non-compete clauses in employment contracts, as “restraint of trade” is impermissible under section 27 of the contract act, and have held them as void and against public policy because of their potential to deprive individuals of their fundamental right to earn a living. However, in the case of Niranjan Shankar Golikari v The Century Spinning and Manufacturing Company, the Supreme Court observed that: “Restraints or negative covenants in the appointment or contracts may be valid if they are reasonable.”

 

In VFS Global Services v Mr Suprit Roy (2008), Bombay High Court established the principle that a restraint on the use of trade secrets during or after the cessation of employment does not amount to a restraint on trade under section 27 of the contract act and can be enforceable under certain circumstances. The validity of such restrictive covenants is tested on the standards of reasonability – involving considerations of duration and space of the restriction in question.

 

There are broadly two kinds of restrictive covenants in operation during the term of employment and these are non-compete and non-disclosure of confidential information. While it is a settled position of law that restrictive agreements bind current employees in lawful employment of the employer throughout the duration of the contract, the position of law regarding validity of such restraints on employees after termination of the contract is more contentious and adjudicated before courts.

 

In Wipro Limited v Beckman Coulter International, Delhi High Court laid down four basic commandments for restrictive covenants:

 

1. Restrictive covenants during the term of a contract would not normally be regarded as being in restraint of trade, business or profession unless they are unconscionable or wholly one-sided;

 

2. Post-termination restrictive covenants between employer and employee restricting an employee’s right to seek employment and/or to do business in the same field as the employer would be in restraint of trade and therefore void;

 

3. Courts take a stricter view in employer-employee contracts than in other contracts, the reason being that in employer-employee contracts, the norm is that the employer has an advantage over the employee; and

 

4. The question of reasonableness, and also the question of whether the restraint is partial or complete, is not required to be considered at all whenever an issue arises as to whether a particular term of a contract is or is not in restraint of trade, business or profession.

 

Concerns of employers and employees relating to protection of confidential information, non-disclosure and non-solicitation have yet to be addressed in legislation and therefore parties have recourse to judicial interpretation and common law. There are varied opinions within the judiciary when it comes to developing apposite standards of assessment for addressing these evolving, antagonistic, employment-related issues that concern confidentiality and non-solicitation.

 

TAKING REMEDIAL MEASURES

The meaning of the words “confidentiality” and “privacy” is practically identical. Indian law, which is derived from British and European law systems, has accepted the concept of breach of privacy in the notable cases of Kharak Singh v Union of India and Govind v State of MP, which elevated the right to privacy to the coveted and protected level of a fundamental right under Indian law. The right to confidentiality was also given importance by Mumbai High Court in Beyond Dreams Entertainments v Zee Entertainment Enterprises (2015) and Urmi Juvekar Chiang v Global Broadcast News (2008), and Delhi High court in Independent News Service v Anuraag Muskaan (2013).

 

In the absence of a specific law for breach of confidentiality, the following laws are being applied for data and privacy protection, and misuse of confidential information:

 

1. Information Technology Act, 2000 (amended in 2008). Sections 43(a) to (h) of chapter IX and sections 65-74 of chapter XI of the act deal with issues relating to the payment of compensation in civil, and punishment in criminal, cases where there has been wrongful disclosure and misuse of personal data and violation of contractual terms in respect of personal data. The act creates personal liability for illegal or unauthorized use of computers and computer systems, and data stored there.

 

2. Indian Penal Code (IPC). Although the IPC does not specifically address breach of data privacy and breach of confidentiality, any misuse of confidential information is punishable under the IPC, as a criminal breach of trust under section 405.

 

3. Constitution of India. Article 300A provides that no person should be deprived of their right to property except by the authority of law. But the main point is that it can only be claimed against the state, or against a public entity such as a company or bank. Even though article 21 recognizes the right to privacy as a fundamental right, data protection is yet to be included in one of the three lists in schedule VII of the constitution. However, entry 97 of list 1 does include “any other matter not enumerated in list II and list III”. So it is up to parliament to legislate on privacy, since it can be interpreted as any other matter not enumerated in list II and list III.

 

4. Copyright Act, 1957. Section 2 of the Copyright Act, 1957, protects databases that come under the purview of the definition of the term “literary work”, while section 63B of the act provides that any person who knowingly makes use on a computer of an infringing copy of computer program will be punishable for a minimum period of six months and a maximum of three years in prison.

 

5. Information Technology Rules, 2011. The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, provide procedures to be followed by corporate entities when storing or handling personal information or sensitive information. Section 5(4) states that a body corporate or any person on its behalf holding sensitive personal data or information should not retain that information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force. Section 5(5) provides that the information collected should be used for the purpose for which it has been collected.

 

CONFIDENTIALITY AGREEMENTS

Confidential information is one of the most valuable possessions of any business. Every business has information that it considers fundamental to its success. In the marketplace, a business’s competitive edge may lie in possessing or developing certain information that is above and beyond that of its competitors. Employers should ensure the company’s interests are safeguarded in a confidentiality agreement without being regressive or intrusive, while complying with the law and respecting the fundamental rights of employees.

 

STAGE 1: PRE-EMPLOYMENT CONFIDENTIALITY AGREEMENT

1. A detailed NDA must be issued to the prospective candidate prior to their resignation from the current job and before accepting the employment offer, providing employees sufficient time to understand how they are expected to deal with the confidential information of the company during and after employment with the employer. Consideration should be provided to the employee whereby 80% of the consideration agreed upon would be paid monthly during the tenure of employment and the remaining 20% accumulated during the tenure of employment paid upon conclusion or cessation of the employment contract.

 

2. The NDA must be referred to in the employee’s appointment letter and must have have a detailed, clear and strict confidentiality and privacy clause, while having a detailed and proper non-regressive non-compete clause, even though it may be very difficult to implement or enforce.

 

STAGE 2: POST-EMPLOYMENT CONFIDENTIALITY AGREEMENT

As most of the embezzlement of trade secrets transpires when an employment association between an employer and employee is concluded, the need for developing effective techniques for conserving the concealment of company trade secrets and averting the movement of business is critical. One of the purposes of post-employment techniques is to prevent the departing employee from poaching the ex-employer’s clients.

 

1. A detailed and elaborate confidentiality agreement must be entered into immediately between the employee and the employer upon submission of resignation by the employee, which will be in force until such time as the confidential information becomes public by wilful revelation by the employer. This agreement should clearly set out the list of documents or information that are categorized as restricted information, internal information, client confidential data or digitally sensitive information, along with their importance and impact on business when misused.

 

An undertaking should be demanded from the employee prohibiting use of the company’s confidential information for gaining any direct or indirect competitive and/or financial advantage on the company, either for the employee or a third party.

 

2. The employer must develop and implement a non-solicitation agreement that clearly mentions that the employee is prohibited from establishing contact, either directly or indirectly, personally and/or electronically with any of its customers, clients, distributors and business patrons within a specific geographic region or location and for a set timeframe, and from using confidential information of the employer in a manner that is detrimental to the growth, sales, finance, commerce, brand value or goodwill of the employer.

 

3. A mechanism should be created where ex-employees are provided with an avenue to seek permission from a former employer to reconfirm, in case of any doubt, before they disclose or share any information pertaining to the former employer with any third party.

 

Proper enforcement of an NDA starts long before the breach or threat of breach, and before an agreement is signed. Both pre and post-employment confidentiality agreements can help in proper enforcement of an NDA, and help the employer in protecting information. Non-disclosure/confidentiality agreements only work if they are developed after understanding the legalities involved coupled with realistic exclusions, while reserving the option of seeking injunctive remedies.

 

TIPS TO PROTECT YOUR INFORMATION

1. Ascertain and prioritize confidential information based on value and confidentiality.

 

2. Apprehend and study the movement of information, understanding how, where and when it is modified, processed or distributed. After analysing information flows, susceptibilities become visible. Then, perform a risk assessment on these vulnerabilities.

 

3. Formulate appropriate access, usage and information distribution guidelines.

 

4. Implement a monitoring and enforcement system. Establish control points to monitor information usage and traffic. Verify compliance with distribution policies and take enforcement action for violation of those policies.

 

5. Train employees on how to handle confidential, private and sensitive information.

 

6. Label confidential information as a practical discouragement for misusing confidential information.

 

7. Insert non-disclosure provisions in employment agreements. If a company has confidential information that is particularly sensitive, it should be clearly identified in the employee’s employment contract.

 

8. Create, develop, implement and practise workplace privacy policy.

 

9. Put in place a social media policy.

 

10. Use physical and electronic security methods.


KIRAN RADHAKRISHNAN is legal counsel, India and South Asia, at Diverse India Hygiene Pvt Ltd. He can be contacted at Kiran.rk@outlook.com