IP-IT POLICY FOR TECHNOLOGY ENABLED COMPANIES IN INDIA: HOW FAR ENFORCEABLE? AND BEST PRACTICES
Need for an IT -IP Policy
While running a small business we need plenty of time for personnel management. Those things range from client meetings to project completion. The best possible solution you have is to engage employees to handle each segment of work independently. Companies adopt this technique to carryout their tasks unless or until it is evident that a major problem exist. For that reason it is necessary to give the employees of a technology enabled company a feeling of ownership and autonomy towards the institution they are employed with. In order to act accordingly the employees need to know the rules and regulations of the company.
Typically, a company has many rules and regulations in relation to working time; leave sanctioning, health benefits etc. But with the coming of globalization and research and technology growth within the country and abroad it is highly recommended to have a well planned company policy that covers company's Intellectual property rights and Information technology.
Every company, small or large, within or outside the country that uses computers should have a written policy to enlighten its employees and individuals engaged with its business on computer and Internet usage. Intellectual Property of a company is its intangible knowledge generated by research and technology using the company's resources which needs to be protected from commercial exploitation. IP is an outcome of intellectual output from the unique research and industrial consulting of the company which is an exclusive product to be protected under a well crafted IP-IT policy.
Indian IT Industry
Indian software Industry had been able to perform so well in the global competition, as compared to other industries, going from a mere US $150 million in 1991-92 to a staggering US $ 5.7 billion (including over $4 billion worth of software exports) in 1999-2000. Since 1991 the annual growth rate of India’s software exports has been consistently over 50 percent. Presently, Indian companies export software and services to nearly 95 countries around the world. This aspect throws light into the necessity of a comprehensive and effective IT -IP policy for IT companies in India.
Information Technology Act 2000
In India, the Information Technology Act of 2000 is considered as the master legislation in the area of information technology that provides regulations for the use of computers, computer networks, computer systems, electronic data and information, its development and usage. The legislation has provided legality for the use of electronic contracts and electronic formats along with together with other aspects such as electronic authentication, digital signatures, cyber crimes and liability of network service providers. As the use of IT and IT related companies increased tremendously, crimes related to the use of those technology also increased.
Cyber crimes
A cyber crime can occur when an unlawful act has been committed by an individual by using a computer as a tool or a target or as both. Computers can be used as a weapon or to attack other computers. Some of the illegal activities in which criminal misuse of information technology includes are unauthorized access and hacking, Trojan attack, Email and IRC related crimes, denial of service attacks etc. In India Cyber Laws or Internet Laws regulate these activities. In recent times we have heard lot of cyber crimes being done by professionals by using computers and electronic gadgets as a media.
Considering the present scenario in cyber crimes it has become highly essential to provide adequate protection to entities like IT company's and financial institution's database. Government, realizing the inadequacy of the existing IT Act had made different proposals to amend the existing Act and finally Information Technology Amendment Bill of 2008 was passed by both the houses of the parliament. The Act had also considered computer related privacy issues and protection of stored data. The introduction of "The Personal Data Protection Bill" in 2006 has also provided regulations for protection of personal information.
Companies and Contract Laws
Indian companies mostly rely on Contract Laws as a useful tool to protect their information and Intellectual property rights. Today's corporate companies have to deal with several similar companies and clients, their agents including partners in the course of their business endeavors. Most important is to deal with their employees. It is essential to have an IT -IP Policy that can be followed by each entity or personnel who deals with the Institution. The company's IT - IP Policy shall be made in accordance with the existing laws of our country. Contracts and agreements such as Non-Disclosure Agreements, Anti-circumvention Agreements, user license agreements, and referral partner agreements are some of the few types of agreements which are basically entered into by companies while doing their business.
Breach of contract and breach of confidentiality can be evoked as a major ground while dealing with an infringement of any such agreements under Contract Laws. An employee shall be made aware of the importance of an employment contract along with the existence of an IP-IT policy and nondisclosure and confidentiality clauses while entering into a contract with the employer company. These agreements and understanding between the employer and an employee will cater the smooth functioning of an IT firm or a corporate company in a most efficient manner.
Major Sections in IT Act 2000 and its Sanctions
Section 43 of the IT Act deals with unauthorized access to computers including downloading, copying of protected data etc imposing a punishment up to one crore. Section 65 deals with protection of computer source codes. This section imposes imprisonment or fine which may extend to 2 lakhs. Section 66 provides protection against hacking. The punishment involves imprisonment of three years or a fine up to two lakh or both. Section 70 deals with the protection of data in a protected system. A protected system shall be any computer network or system which a government by official gazette declared as protected. The punishment shall be imprisonment which may extend to 10 years and fine. Section 72 safeguards privacy and deals with breach of confidentiality of the data. Punishment extends to two years imprisonment or fine extending to one lakh rupees or both.
The Act has brought tremendous changes in the existing cyber law of the county yet there exist shortfalls which actually give a way for cyber criminals to smear up electronic trails and evidence by providing them bail as a matter of right. Majority of the crimes under the Act are bailable offenses which can ultimately turn our country to a cyber crime paradise of the world.
Best Practices:
Considering all these aspects Indian IT companies shall provide due importance to protect their Information Technology resources and Intellectual Property rights. It is advisable to prepare a comprehensive IT-IP policy that covers all aspects related to usage of IT resources of the company, as well as to protect its Intellectual Property rights. The policy shall be prepared in accordance with the Information Technology Act, contract laws and law of confidence and common law practices.
Submitted by
Vinitha Prasannan
Sources:
http://www.cyberlawsindia.net/
http://www.indianembassy.org/indiainfo/india_it.htm
http://www.cyberlaws.net/itamendments/index1.htm