Advertisment

Did Pune data leak case accused defy NDA?

author-image
CIOL Bureau
New Update

PUNE: Another leak, another law suit but not the same question. With the surfacing of the $13 million data leakage case against a Pune female employee where she allegedly shared confidential source code with her hubby and others, there is possibly an aperture that companies need to re-look or work on.

Advertisment

Non Disclosure Agreements (NDAs) that companies sign with their employees for ensuring confidentiality of client data, are vital areas of attention and not completely devoid of lacunae, as some experts felt.

"Companies usually lack on three fronts. They neglect to obtain proper copyright protection for their codes and software, they do not obtain proper NDAs from their personnel. And they do not have comprehensive security policies," opined Rohas Nagpal, president, Asian School of Cyber Law.

Does it mean that better and more stringent NDA machinery should be in place at IT companies and may be companies are lacking on this front? Dr. Ganesh Natarajan, vice chairman, Nasscom, however is of the view that overall NDAs in the industry are valid and rigorous enough, having been properly established with Indian and US lawyers.

Advertisment

“I can not comment on the specifics of the company in question.” Does the incident throws the pall of insecurity and breach of confidence again on Indian IT firms on data confidentiality? Natarajan disagreed, "There would always be some rogue employee in any firm and thus a possibility of few and far between incidents of some leakage too. The incident has no untoward implications for the industry."

In the given case, a software engineer was arrested for allegedly leaking confidential information of her employer, 3 DPLM, and source code, via email to her husband and others. As per initial news reports, the company is now suing the woman, who had resigned before the breach was discovered, for about $13 million.

Accused software engineer Anjali Sharma's custody was extended until December 28 by a judicial magistrate on Wednesday after the assistant public prosecutor contended that the company was pressing for damages.

Advertisment

Sharma was working as a developer with the Hinjewadi-based 3 DPLM, which had tied up with a French company to create interop software. Reportedly, it was in September 2007, when company officials noticed that Sharma, who had since resigned from the firm, had transferred vital data on the company and source code to her husband and others.

3DPLM Software Solutions Limited is a 70:30 joint venture between Geometric Ltd., a specialist in Product Lifecycle Management (PLM) software development and Dassault Systèmes that is a leading player in 3D PLM solutions. The company covers work on product development, industrialization, maintenance, documentation, and market support for products like CATIA, ENOVIA VPLM, ENOVIA SmarTeam, ENOVIA MatrixOne, DELMIA, SIMULIA, and SolidWorks. Meanwhile, nobody from 3DPLM could be reached for comment.

The case can be under the purview of Section 65 that deals with source code matters. "Without going into the facts of this particular case, I can say that in general, such cases are covered by section 65 and 66 of the IT Act. In some cases, provisions of the Copyright Act and Indian Penal Code may also apply," added Nagpal.

Advertisment

The suit filed by the company is reportedly for around $13 million. Does that mean that contracts between the service provider and the customer account for such liabilities? Natarajan explains that normally accountabilities depend and vary as per negotiations and liabilities are limited not crossing the value of contract in general.

There can be however cases of unlimited liabilities. But Indian firms have good practices on provisions and liabilities, he maintains. The legal angle on this point goes thus. "Without going into the facts of this particular case, I can say that in general, the customer can claim damages from such a company. But this depends to a large extent on the terms of the contract between the company and its customers," said Nagpal.

There is a rising trend in data theft incidents across the globe. According to the KPMG Forensic's Fraud Barometer, there has been more fraud (£653m) in the first six months of 2006 than in the whole of the most recent years. Last year, data thefts emerged in cases like HSBC Electronic Data Processing India Pvt Ltd (HDPI), apart from a controversial sting operation on BPO data theft.

© CyberMedia News

tech-news