Insider Theft of Trade Secrets in India: Employee of Captive R&D Subsidiary Accused of Source Code Theft (and What You Need to Know About Protecting Your Trade Secrets Abroad)
October 9, 2009 by Bierce & Kenerson, P.C.
In a global economy, which risks are greater: theft of trade secrets by a service provider or theft of trade secrets by an employee of a foreign subsidiary? How can a global enterprise contain such risks in either case? The story of theft of source code by an employee of an Indian research and development center highlights the need for proper strategies for risk mitigation in the face of the inherent risks of human nature.
Indian R&D Center, Site of Source Code Theft.
On August 4, 2004, Jolly Technologies, a division of U.S. business Jolly Inc., publicly reported that one of its employees at its Mumbai, India R&D center had misappropriated key ports of source code being developed along with confidential documents. The trade secrets relate to one of its key products for the labeling and card software for the print publishing industry.
Profile of a Thief and a Theft.
Jolly Technologies was new to India. Its center was established only three months prior to the trade secret theft. The employee alleged to have stolen the trade secrets was a new hire. The theft was done by simply uploading the source code to her Yahoo account.
Consequences to the R&D Center.
Jolly reportedly shut down its R&D center immediately to assess and contain the damage. It also sought assistance from Indian police to deal with the matter as a criminal act. The company’s investment may be a loss, and it may need to expend further resources to prevent the use by its competitors and other third parties of any stolen source code.
Security Precautions.
The theft shows how simple it is for any person with Internet access to misappropriate trade secrets.
- Data Export Controls on Internet Access.
Internet access may be essential to virtually all knowledge-economy employees, so management may consider that shutting off Internet access may be impossible. The Affaire Jolly suggests that software development might need to occur in an environment that allows employees access to information but does not allow them to transfer certain types of information from a company computer to anyone via the Internet. The advent of network administration software, XML metatags, html, virus sniffers and spam blockers may introduce technology that allows a company to prevent the transfer of source code to unauthorized Internet addresses.- Segregation of Function.
Most software development projects start with modules and build into integrated suites of modules. In the manufacturing sector, complex trade secrets may be protected by separating multiple manufacturing processes into separate functions and separating the component processes. This can be done by either putting the component processes into different operations or by separating subassemblies from final assembly. Software development could be structured similarly, though segregation of function reduces efficiency. Background Checks.
The new hire at Jolly Technologies might have been investigated for a possibly criminal background. But background checks probably do not help with curious employees interested in studying stolen code or restructuring it for possible other purposes.
Legal Precautions.
The trade secret theft also highlights the weakness of national legal systems where, in the case of India, courts have historically taken a decade to decide civil disputes. Whether establishing a foreign captive service subsidiary or hiring a foreign service provider, the legal environment and legal precautions are critical to risk management.
- Statutory Protection for Trade Secrets.
Most countries hosting R&D centers or outsourcing service centers are members of the basic international conventions on the protection of intellectual property. Even China, by adhering to the World Trade Organization, now officially grants intellectual property rights under the WTO Agreement on Trade-Related Intellectual Property right (“TRIP’s”). India has long been a member of the Paris Convention on Industrial Property and protects copyrights, patents and trade secrets. As the Affaire Jolly demonstrates, it is not sufficient to have a legal right. You need to have a credible forum for enforcing those rights. - Contractual Commitments.
Well-advised enterprises require their employees by contract to abide by various policies and procedures, including respect for intellectual property rights and trade secrets of the employer and third parties doing business with the employer. Contractual commitments are a basic requirement of any IPR protection. - Security Surveillance.
Jolly’s security surveillance, by an internal audit, discovered the theft. Pre-emptive security precautions cannot prevent fraud or theft, but surveillance can discover it. - Risk Mitigation after the Theft.
After the horse has left the barn, how do you get it back into the barn? In a global digital economy, the only solution might be to find some way to tag the digital works, just as ranchers did for their cows in the 1880’s.- Court Systems.
Indian courts now have a commercial part that is intended to accelerate adjudication. It is not clear whether the Mumbai courts offer any real adequate forum, and even adjudication of civil liability does not automatically result in enforcement of a money judgment. Access to court systems are so fundamental to investors and employers that the issue should become one of diplomatic entreaty (as the U.S. has done with China), investor due diligence, and recommendations by intermediaries such as trade associations (such as Nasscom and ITAA), venture capitalists, private equity funds and investors and multinational enterprises and their advisors such as international business lawyers and business process and sourcing consultants.. Ratings on access to judicial systems should be part of the due diligence in all international operations.
- Court Systems.
Other Measures.
Insurance may be available, but the consequential loss may be too high for a fair premium.
Conclusion.
In captives and outsourcing, IPR protection needs practical and legal protections. Blatant misappropriation will continue as a matter of human nature, so risks can only be mitigated. Effective methods of mitigation will continue to evolve. Technology and IP lawyers should be consulted before international operations are launched.
Outsourcing Law & Business Journal™: May 2009
May 27, 2009 by Bierce & Kenerson, P.C.
OUTSOURCING LAW & BUSINESS JOURNAL (™) : Strategies and rules for adding value and improving legal and regulation compliance through business process management techniques in strategic alliances, joint ventures, shared services and cost-effective, durable and flexible sourcing of services. www.outsourcing-law.com. Visit our blog at http://blog.outsourcing-law.com for commentary on current events.
Insights by Bierce & Kenerson, P.C., Editors. www.biercekenerson.com
Vol. 9, No. 5 (May, 2009)
___________________________
1. Contingency Planning for your Supply Chain: Business Continuity in a Pandemic.
2. Humor.
3. Conferences.
___________________________
1. Contingency Planning for your Supply Chain: Business Continuity in a Pandemic. The risk of a pandemic has become a realistic possibility, following the SARS outbreak in China a few years ago and the “swine flu” outbreak in Mexico in 2009. Business contingency planning should include not only the possibility of a pandemic but also the impact of a pandemic upon the supply chain including business operations performed by independent contractors (such as outsourcers and suppliers) and affiliates (captives and joint ventures). In a pandemic, 40% of the population (both workforce and customer universe) could be idled. Now is the time to develop contingency plans and obtain updated contingency plans from those in your extended supply chain.For the full article, click here.
2. Humor.
Cloud Computing, n. (1) multi-nodal virtualization of servers across a network; (2) numbers crunched in heaven; (3) IT services provided by supernatural forces.
Pandemic, n. (1) viral inspiration for Software as a Service, Cloud Computing, Work at Home Agents, telecommuting and virtualization of the global enterprise and its supply chain; (2) human resource roulette.
3. Conferences
June 3, 2009, Global Sourcing Council (GSC)’s Conference on Global Sourcing After the Meltdown: In Search of Sustainability, New York, New York. Sustainability has become more then politically correct slogan in global PR campaign. Sustainability-driven leaders harness the market potential for green products and services, especially in the times of global crisis.
The 2009 Sustainability in Global Sourcing Summit will examine how corporate sustainability creates stockholder value through the supply chain, especially in the area of global social responsibility. This event will serve as a forum for thought leaders from the business, academic and political arenas to:
- Challenge the pre-recession assumptions of global growth based on short-term results driven by the quarterly reporting system Propose a framework of aligning economic growth with sustainable social development
- Redefine the role of global sourcing after the global crisis
This conference can earn you 11 CLE (Continuing Legal Education) credits. For more information, click here.
June 7-9, 2009, IQPC’s 3rd Annual Shared Services Exchange, Miami, Florida. This is an invitation-only gathering for VP and C-Level senior executives made up of highly crafted, executive level conference sessions, interactive “Brain Weave” discussions, engaging networking opportunities and strategic one-on-one advisory meetings between solution providers and delegates. With a distinguished speaking faculty from Coca-Cola, CIGNA, American Electric Power, AOL and Safeway, amongst others, the seats at the 2009 Exchange are limited and filling up quickly. We have limited complimentary invitations available for qualified delegates for a limited time. Please give us your reference ‘Outsourcing-Law’ when inquiring. There are solution provider opportunities also available for companies who want to be represented. You can request your invitation at exchange@iqpc.com or call us at 1866-296-4580. Visit our website.
July 27-29, 2009, IQPC’s 7 th Annual Procure-to-Pay Summit, Boston, Massachussetts. Leveraging current opportunities around corporate spend management whilst minimizing the impact on A/P, the 7th Procure-to-Pay Summit is expanding on its previous success and featuring new additions to the program, including: in-depth coverage of various AP optimization approaches: centralization, outsourcing and automation; new emphasis on strategic sourcing and global procurement; new techniques and tools for maximizing supplier relationships in procurement and efficiently expediting supplier payments in AP. For more information, please click here.
September 22-23, 2009, American Conference Institute’s 7th Annual Advanced Forum on E-Discovery and Document Management, Philadelphia, Pennsylvania. Be a part of the leading cross-industry e-discovery and information management forum for corporate counsel, litigators, and technology professionals. At a time when most companies are striving to reduce costs and trim staff, the burdens of e-discovery can be crippling. What’s more, court-imposed sanctions for e-discovery failures could very well place you on the losing side of bet-the-company litigation. Given the complexity, variety, and evolving nature of information management and communication technologies, it comes as no surprise that corporate and outside counsel often find themselves at a loss as to how to manage the e-discovery process. However, neither opposing counsel nor the courts are going to have any sympathy for those who stumble over e-discovery hurdles. Thus, it is imperative that you take the lead in ensuring that your company is well-positioned to manage the demands of e-discovery. For more information, please click here.
September 28-October 2, 2009, IQPC and SSON 13th Annual Shared Services & Outsourcing Summit, Chicago, Illinois. Join us at the 13th Annual Shared Services & Outsourcing Summit this fall, the can’t-miss event for all professionals involved with shared services and outsourcing, at every stage of adoption. This customizable program provides the key strategies that you can bring back to your organization, with areas of focus in:
- Planning & Launching Shared Services Finance Transformation Measurement & Process Excellence HR Transformation
- Smart Contracting for Mature BPO Deals
Our Shared Services series attendees agree – the content from just one event vastly accelerates experiential learning and provides the necessary networking opportunities to benchmark against peers. Visit the website for more information, including webcasts, podcasts, articles and other resources.
******************************************
FEEDBACK: This newsletter addresses legal issues in sourcing of IT, HR, finance and accounting, procurement, logistics, manufacturing, customer relationship management including outsourcing, shared services, BOT and strategic acquisitions for sourcing. Send us your suggestions for article topics, or report a broken link at: webmaster@outsourcing-law.com The information provided herein does not necessarily constitute the opinion of Bierce & Kenerson, P.C. or any author or its clients. This newsletter is not legal advice and does not create an attorney-client relationship. Reproductions must include our copyright notice. For reprint permission, please contact: publisher@outsourcing-law.com . Edited by Bierce & Kenerson, P.C. Copyright (c) 2009, Outsourcing Law Global LLC. All rights reserved. Editor in Chief: William Bierce of Bierce & Kenerson, P.C. located at 420 Lexington Avenue, Suite 2920, New York, NY 10170, 212-840-0080.