China: A Discussion On Business Secret Protection From A Labor Law Perspective

From the Coca Cola recipe reserved in a bank vault in Atlantic to the recent leakage of Lao Gan Ma production techniques, business secret protection has always touched every company's nerves. Generally a company's employees have better chances of access to its business secrets than the outsiders. Thus the company's business secrets are more likely to be leaked by its own employees or ex-employees. Based on some traces, the company may conclude that the employee has infringed its business secrets and take the actions accordingly, to terminate the employment and/or to claim for compensation. However, during the litigation, the company are often caught up into an awkward situation due to the lack of sufficient evidence.

In practice, the court will examine from the following three aspects: (i) whether there exists business secret; (ii) whether the employee has conducted the act of business secret infringement; and (iii) the consequences and losses to the company. I will analyze the company's methods of relief and the relevant burden of proof in such cases from these three points based on a summary of judicial practice, in hopes to cast some light on business secret protection for the companies.

1. Business Secret and Confidential Information

In the business secret infringement cases, the court will first examine whether the information in question is qualified as business secret. In practice, the employees often rely upon the defense that the information they disclosed or leaked is not business secret in its nature. 

In accordance with Law of the People's Republic of China against Unfair Competition, business secret refers to "any technology information or business operation information which is unknown to the public, can bring about economic benefits to the owner, has practical utility and about which the owner has adopted secret-keeping measures". 

From the definition above, we can see whether a piece of technology information or business operation information may be regarded as business secret depends on whether such information satisfy the following three requirements:

(1) The information is unknown to the public;

(2) The information has value and is capable of generating benefits to its owner; and

(3) The information has been protected with physical measures.

The Interpretation from the Supreme People's Court on the Application of Laws in the Examination of Unfair Competition Case¹ provided detailed explanation on such three requirements, which will not be discussed further in this article due to the length limit.  

In addition, from the business secret definition, we may also find that business secret covers technology information and business operation information. Regulation on Prohibition against Infringement Acts of Business Secret from the State Administration for Industry and Commerce listed the technology information and business operation information protected as business secret as below: design, process, product ingredient, production craft, production method, management trick, customer list, supply intelligence, sales strategy, minimum bid and tender. In the judicial practice, the court tends to restrict the scope of business secret to the information listed as above.
 

However, the company's core business operation information and technology information is much broader than business secret. It may include private information of the company or the individual, remuneration or incentive policy, management protocol, pending information and so on. Such information may not be qualified as business secret by definition and not be recognized as business secret under the Anti-Unfair Competition Law. But it is extremely sensitive and significant to the company, and considered as "confidential information" generally. Thus it requires the company to clearly define and specify the scope of confidential information and to set up confidentiality obligation with the employees.  

In a labor dispute case of Yu VS. Company S, Yu sent the redundancy list to his own email. Company S regarded Yu's behavior as a serious violation of the company's rules and regulations as well as confidentiality policy and terminated Yu immediately. Yu argued that the redundancy list was not qualified as business secret. The trial court hold that (i) Company S required Yu to keep such secrets as recipe, business protocol, business planning, customer list, methodology, facility, manufacturer, ingredient, R&D, idea, concept, invention, discovery, written materials, or the confidential information Company S and its affiliated entity received from other parties; and (ii) redundancy list did not fall within the scope of business secret under employment contract law or the confidentiality agreement signed between Company S and Yu. The appellate court held that Company S failed to present evidence to prove Yu's behavior was serious enough to be considered as a gross misconduct since Yu did not spread the redundancy list, although it was inappropriate for Yu to take Company S's HR management information. 

In this case, the defined confidential message does not include the HR management information. The trial court took it for granted that the redundancy list fell within the scope of confidential information. The appellate court was silent on the nature of the redundancy list but focused on the fact that there was no severe consequences caused to Company S due to Yu's behavior. The result was that the company was caught up in a disadvantage situation although the employee's behavior was intolerant to an employer.  

Thus I suggest, when formulating the confidentiality policy, the company should define the nature of confidential information in general and make a clear list of the specific confidential information. The company may sort out the categories of confidential information based upon the comprehensive analysis of the information generated in the process of regular operation and specify the detailed confidential information under every category, to avoid the missing of important items that should have been protected. Therefore, the company may place the core information under the scope of confidential information as much as possible, to demonstrate the importance of such information and adopt more effective protection.

2. Direct Infringement and Indirect Infringement

The employee's breach of the company's business secret generally indicates that such employee discloses, uses or allows others to use the company's confidential information in violation of the confidentiality obligation under the employment contract or confidentiality policy. Furthermore, they include the following situations:  

(1) The employee disclosed the company's confidential information (e.g. technology secret) to a third party, such as the company's competitor or an entity operated by the employee himself, and the third party may produce and sell the products same as or similar to the company's products.

(2) The employee disclosed the company's customer list to a third party and the third party took away the company's commercial opportunity and make transaction with the company's customer.

(3) The employee sent the company's confidential information to a private email address or downloaded such information to a portable device, or did something alike, leaving the confidential information out of the company's control.

(4) The employee made a third party have access or potential access to the company's confidential information to which such employee had confidentiality obligations.

Under the first two situations, the employee has caused material damage to the company, which is often regarded as a direct infringement. While under the last two situations, the employee has not caused material damage to the company yet, which is often regarded as an indirect infringement. In practice, the employee always manage to cover their behaviors carefully, which makes it difficult for the company to prove the employee's act of violation. 

Article 5 of Regulation on Prohibition against Infringement Acts of Business Secret from the State Administration for Industry and Commerce stated as below:

If the owner is able to prove the information adopted by the defendant shares likeness or similarity with the owner's information and to prove the defendant has access to the owner's business secret, the authority of administration for industry and commerce may recognize the defendant's act of violation when the defendant is unable to prove the information used has been obtained in a legitimate manner or refuses to do so.

The provision above is usually referred to as the "exposure plus similarity" test. In terms of direct infringement, the "exposure plus similarity" test may apply to prove the employee's act of violation. However, for indirect infringement, such test cannot be applied because the employee did not actually use the company's business secret. In judicial practice, the court tends to recognize direct infringement as act of violation of the company's business secret while shows different attitudes towards indirect infringement. 

However, there are many cases of indirect infringement in practice. For example, the employee carried home the transaction agreement signed by himself on behalf of the company, or the employee disclosed his own system access to the other employee who has not been authorized. 

In a labor dispute case of Ye VS. Company N, Ye downloaded Company N's business secret to a mobile hard drive, which belonged to his colleague Zhang. Zhang carried the mobile hard drive out of the company, without any knowledge. Company N thought that Ye violated his confidentiality obligation and his behavior was a gross misconduct accordingly, and terminated Ye immediately. The appellate court held that (i) Ye's obligation under the confidentiality agreement signed between him and Company N included "not to carry or move out of the company any confidential information, in hardcopy or in digital form" and "not to duplicate confidential information without authorization"; (ii) Ye's behavior of downloading was a breach of confidential obligations. The appellate court supported Company N's termination. 

Thus I suggest, in formulating and perfecting the confidentiality policy, the company should define the act of breach in advance, especially for the indirect infringement. The company should listed all the forbidden behaviors as much as possible and enhance the employee's confidentiality obligations in its internal regulations and confidentiality policy for a better protection of its business secret. In addition, the company may examine the execution of confidentiality policy on a regular basis to identify the leakage danger in time and preserve evidence properly, for the avoidance of any loss caused to the company due to inappropriate use of its business secret.

3. Damage and Scope of Compensation

Where the company requires for compensation of the damage, the company should provide proof of damage it suffered accordingly. In the termination case, the court may examine whether the termination is reasonable in light of the degree of loss caused to the company by the employee's misbehavior.
 

In regards of the scope of compensation, Article 17 of the Interpretation from the Supreme People's Court on the Application of Laws in the Examination of Unfair Competition Case stated that the compensation scope for the infringement of patent may be referred to in recognizing the compensation amount for the breach of business secret. Article 60 of the Patent Law regulated that the compensation amount for patent infringement should be calculated on the basis of the loss the patentee suffers or the benefit the infringer gains; if such loss or benefit cannot be determined, a reasonable amount of multiple patent licensing fees may be referred to.

In practice, the company always has difficulty in proving the loss, especially indirect loss and it is often controversial in recognizing the scope of the loss. For example, in a labor dispute case of Liu VS. Company Z, Liu secured a transaction with Company Z's client on behalf a competing company while employed by Company Z. However, the court held that the transaction was not actually performed and there was no loss caused to Company Z accordingly; thus the court dismissed Company Z's request for compensation. 

In another case of business secret infringement, Wu downloaded Company A's top business secret to an unauthorized hard drive and thus put some significant projects in the danger of suspension at any time. Company A had to change the business secret protection strategy and apply for patent in advance instead. Company A claimed for the compensation of previous project costs amounted to RMB 20 million as well as attorney's fees, notarization costs, translation costs and etc. The court held that Company A failed to provide evidence to demonstrate its project cost and only supported attorney's fees, notarization costs and translation costs in an amount of RMB 120,000 in total. 

Thus, I suggest, in formulating and perfecting the confidentiality policy, the company should specify the consequences for the breach of confidentiality and the scope of company's loss in such cases. In addition, along with the confidentiality policy, the company may set up non-competing obligation with core employees to prevent them from joining competitors, which may lead them to leak the company's business secret and solicit the company's customer. Comprehensive prevention will build up better protection for the company against actual loss.

Footnote

1 Fa Shi [2007] No.2.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.