Recently, a US jury found Tata Consultancy Services (TCS) and Tata America International Corp guilty of stealing trade secrets and confidential information from Epic Systems, an American company. The amount of damages, awarded was a whopping $940 million, including $700 million as punitive damage.
Epic Systems is a Wisconsin based company and is a leading provider of software to the healthcare industry. Epic maintains a web portal called the “UserWeb,” which contains information regarding its products, training material and other documents detailing Epic’s software. TCS, on the other hand, has only recently entered the market for healthcare software.
As per the district court order here, the main issue that Epic raised was that the defendants (TCS and TCS America) had accessed its web portal without authorization while servicing a mutual client, and then used this information to develop their own competitive hospital management system software called “Med Mantra”.
As detailed in the order, the employees of TCS has unauthorisedly gained access to Epic’s UserWeb and had downloaded and emailed documents from this portal. The fake account that was created was shared among TCS employees, who together, downloaded around 6,000 documents and more than 1,600 unique files.Epic stated that the documents were a result of 30 thirty years of research and development.
However, TCS argued that access to the web portal and to these documents was necessary to complete the project for Kaiser (a mutual client) and therefore the information was not improperly used. Epic alleged that information has been passed on to other employees who were involved in the Med Mantra project, however, this was denied by TCS. TCS has denied stealing confidential information and plans to appeal this judgement.
In the past, as blogged about here, Satyam too was involved in a dispute regarding IP rights in relation to a US company which had outsourced software development to Satyam. While the Satyam case was more related to inadequate contractual provisions regarding transfer of IP rights, both these cases bring into perspective the lack of IP management by Indian software companies. As pointed out in our previous post, since IT firms continue to remain service providers, they should ensure that not only are their contracts clear but also ensure that they have management in place to ensure that the terms of the contract are being adhered to. In the present case, TCS had entered into a Standard Consultancy Agreement with Epic which provided for the requirement to maintain confidentiality. Though TCS had in place security safeguards at its offshore development centres, in that, they had authorised only certain employees as well as certain computers which were security enabled for use etc., they still retained certain computers that allowed access to the internet from which the employees had allegedly unauthorisedly accessed the Epic’s web portal. Epic on its part too, seems to have loosened security, because it did not deny access to the TCS employee who created the fake account on the false pretext of being an “employee” of Epic, which it could have done.
This case can also be contextualise, within the Indian legal framework dealing with misuse of confidential information and breach of confidence. Misuse of confidential information can be protected either – i) expressly through a contract or 2) even impliedly by equity.
Usually, contractual obligations bind employees/contractors not to disclose confidential information that was communicated to them during the course of their employment/project, and such contracts also usually provide for a certain duration of non-compete.
However, even in the absence of an express contractual obligation to maintain confidentiality, courts in India, have imposed an implied duty to maintain confidentiality. As followed in the case of V V Sivaram v. Foseco India Limited, 2006 133 CompCas 160 Kar -“crux of the case is that confidential information pertaining to the company is made known to employees of the company and contractors only in connection with the business of the company, and for the purpose of aiding the company in running its business. That the law imposes an obligation on the employees of the company to maintain confidentiality of all such information. This obligation is independent of any other contractual obligation that may be imposed expressly by the company”.
As stated in the case of Saltman Engineering Co. v. Cambell Engineering Co. (1948) RFC 203), a case relied on by several High Courts while deciding cases of breach of confidence, provides a simple three step test to decide when an obligation of confidentiality can be imposed. The three situations are as follows –
1. The information must be confidential in nature.
2. The information must have been communicated in circumstances importing an obligation of confidence. However, if the confidential information is communicated publicly or communicated in other such circumstances, this negates the duty of keeping the material confidential.
3. There must be unauthorised use of the information to the detriment of the person communicating it. This is based no the principle that a person who receives information in confidence shall not take unfair advantage of it.
This equitable requirement of keeping information confidential, even in the absence of an express contract, has been developed to protect the unauthorised use of the research and development of the who person who has created the information. It seeks to prevent third parties and especially competitors from “spring-boarding” from the time and money already invested, in order to gain unfair advantage over the competitor.
Sorry to see a shoddy post on SpicyIP. The facts as mentioned are grossly wrong. Please revise at the earliest.
@Sunil Phatak- It would be quite helpful for Spicy IP I am sure if you told them what exactly required to be changed, and what was “grossly wrong” instead of hollow statements.
I think what is interesting in this case, is that although TCS had screened its employees and their actions, segregating who worked on the epic deal and who worked on the MedMantra deal, what they were possibly lax about was the fact that the computers that were being used by the employees were the “same”. Also interesting to note whether a lack of due care exercised by Epic in anyway reduces this Ginormous amount.
In India, large companies in the it and internet sector, are allegedly bribing ntro employees to steal the memory of small business owners without a legally valid reason, without any kind of compensation , using brainwave reading technology. These companies are specializing in demonizing the harmless small business owner without any legally valid proof, so that it is difficult to get any kind of help.
The memory is the intellectual property of the small business owner, yet it is stolen repeatedly since 2010. Is there any lawyer who can help end this IP theft from small business owners, who are then held virtual prisoners, their correspondence diverted and stolen.