Knowledge drives the companies to gain competitive edge over the similarly placed companies in the market. Generally, IP knowledge gets a protection under patent law to enable the company to take preventive or enforcement measures against any violation of IP rights. It well is understood that IP knowledge is not sufficient to all practical aspect relating to working of the invention. The knowledge workforce of the company rest with the engineers and other key technicians who are engaged in day to day working of the production line activities. These ‘knowledge workers’ are experts in the field but they also acquired additional knowledge and skills on the job. It is pertinent to note that the employers would share certain trade secrets with the employees during the course of his employment. Most of this knowledge is treated as trade secret by the employer and the every employee is bound under the contract of appointment not to disclose such company information to any other person during the time they are working with company and even after they leave the job. The benchmark principle of trade secret law is that so long as employer take reasonable measures to preserve the secrecy of such information he can take action against the employee who has left their company and joined the rival company. However, courts treat this acquired knowledge of an employee as “an employee’s general knowledge, skill, and experience” which cannot be protected as a trade secret. The reason for adoption of this logical approach to keep “an employee’s general knowledge, skill, and experience” outside the purview of Trade secret law by courts is to preserve the rights of the employee to progress and continue working in their profession. This leaves the employer in a fix to share or not to share such secret knowledge with employee. The resultant dilemma is a paradox under the implementation of trade secret law. In one way the secrecy law encourage employers to share the trade secrets with the employees and in another way it leaves the employer to loose the benefit this information protection as it will becomes part of the employees’ unprotectable “general knowledge, skill, and experience.” Google remote car data theft highlight this aspect when Anthony Levandowski, the pioneering self-driving car engineer, was charged with 33 counts of theft and attempted theft of trade secrets from Google. Levandowski downloaded sensitive files relating self-drive car technology from Google and transferred them to his personal laptop in the months preceding his departure from Google. It was alleged that Levandowski downloaded 14,000 files from Google before he quit Google to join Uber. Although Uber and, Waymo, [A self-driving car spinoff of Google] reached an out of court settlement in a civil lawsuit over the dispute in February 2018 it left many question relating to trade secret law and right of the employee to change the job. Consequently, in the criminal case Levandowski was charged for the trade secret theft. He was sentenced to 18 months in prison with a fine of $95,000 with an order to pay $750,000 in restitution to Waymo. In this US case the key civil and criminal aspects of the trade secret intellectual property were taken to culmination of conviction of the former employee.
According to a recent reported news four former employees of an India-based pharmaceutical firm were arrested by Cyberabad’s Cyber Crime Police unit after allegedly stealing data including sensitive details pertaining to drug manufacturing from their former employer and they were allegedly using the purloined data to manufacture drugs illegally in Visakhapatnam. This case highlight how a pharma company is susceptible such theft by former employees. It will take some more time to know the how such criminal cases will proceed in India but one thing is certain that many companies in India are susceptible to such misappropriation. It is still not clear if the misappropriated data was so valuable, whether firm had taken preventive steps to secure it to stop the theft of such sensitive data. It is also not clear whether that firm has filed a civil suit relating to claimed intellectual property over the sensitive data but they would surely take legal steps to defend its trade secrets.
In Indian context, coincidently, data theft was in limelight for the different reasons. One reason being the qualification of data as IP and another being non personal data being kept under trade secret fold. The Ministry of Electronics & Information Technology (MeitY) constituted a Committee of Experts to deliberate on a Data Governance Framework. Eight Member committee headed by Shri Kris Gopalakrishnan [Co-Founder Infosys] was appointed to deliberate on a framework to regulate non-personal data and intellectual property rights (IPR) related to data. In its December 2020 report committee extensively discusses intellectual property rights (IPR) over the data. The committee acknowledged that Indian law does not recognise a “property right” (means absolute ownership right) for data, but it recognise a limited “proprietary rights” to be exercised over its use. The Committee recognised copyright law and trade secrets protection as the two predominant sources for such rights. Though this report deliberated and devolved upon on the Data Governance Framework but it did not covered the cyber theft of trade secret of sensitive data of the companies. This leaves the companies to look for civil and criminal remedies available under section 378 of IPC (theft) read with Section 22 of IPC (defines movable property). The words moveable property are intended to include corporeal property of every to the earth description, except land and things attached or permanently fastened to anything which is attached to the earth. This creates difficult situation for data which by nature is intangible and it would fall outside the purview of the definition of theft. If data is stored in medium like hard disk or CD and such medium is stolen it would be cover under the definition of theft. Any electronic transmission of data being in intangible would not constitute theft under section 378 of IPC. Section 43 (b) of the Information Technology Act, 2000 (IT Act, 2000) provides protection against unauthorised downloading, copying, extracting information, data or a database and under section 66 it imposes heavy civil compensation which could run into crores of rupees. Any person who dishonestly, or fraudulently indulge any activity as referred in Section 43, he would be liable to pay penalty upto Rs.5, 00,000/-, or Imprisonment upto 3 years, or both. Though information technology law was enacted to address the growing cybercrimes including data theft but there are many difficulties to tackle such data theft as stated above when former employees are involved in the misappropriation of data. We do not know how the pharma case as stated above would proceed but the former employees may try to argue this with doctrine of an employee’s general knowledge, skill, and experience and the right of outgoing employee to change job and progress in the profession based on the skill, knowledge and experience acquired during the previous employments. It would take some more time in India to get clarity on implication of trade secrecy of data and its misappropriation. Last but not the least ‘knowledge workers’ are backbone of every company and they invariably share their knowledge, skill and experience with their employer and the employer are required to share their trade secrets for smooth working of the processes within the company. It would be wise to take an expert advice to protect your sensitive data from misappropriation before your data gets stolen illegally.