Case 2: An IT Firm, recently learned that one of its former top level employees, who had resigned to join a competitor had stolen proprietary data and information belonging to the IT Firm before he resigned.
The IT Firm, as part of its routine process upon the resignation of an employee, conducted a forensic analysis of the systems used by the said ex-employee. The Company discovered that the employee had, without authorization of the Company, used a personal USB and had accessed and transferred several documents and presentations from his office laptop on to his personal USB, which proprietary data and information belonging to the IT Firm.
Use of strong data usage policies were needed even before COVID19 situations of lockdown and work from homes. Now companies will be required to review their existing policies and Employee Agreements, as work from home also mandates accessing of proprietary data of companies from private homes and possibly from personal devices.
Such situations further aggravate the alternate possibility also – that employees may be victimised in some instance – either due to misunderstanding or when they leave and join competitors or when they set up businesses, which become strong competition for the parent company.
Effective Employee Agreements, which are balanced and fair; data policies including on use, retention and return; IT Audits; Cyber hygiene are just some of the aspects that companies and businesses will require for protecting their proprietary data on one hand and also for employees to avoid vexatious litigations on the other for alleged data thefts.
For such violations the Information Technology Act, 2000 (as amended) (“IT Act”) provides both civil and Criminal remedies under S.43(b) IT Act.
It is important to know that removing of proprietary data without the consent of the owner is a civil violation and commission of the same act with dishonest or fraudulent intent is a Criminal offence. It may be work done by the employee or created by the employee whilst working for the company or business or employer. It does not give the employee the right to remove such content. Similarly employers cannot initiate vexatious actions merely to scuttle competition. Such vexatious actions can also be contested through counter claims.
Know your law and your rights and ensure that data is not illegally removed. Prevention in such cases is the best remedy and if inspite of preventive measures a breach occurs, file your complaint. – you can do this online on cybercrime.gov.in . Protect yourself and protect others. Be A Cyber Saathi!