US judge questions Epic's damage amount in TCS case

The court has also questioned Epic's assumption that Tata Consultacy Services used the information for the creation of a competitive product

Even before the federal jury slapped a $940-million fine on India’s largest information technology (IT) services provider Tata Consultancy Services (TCS), District Judge William M Conley had raised doubts on the amount of damages Epic Systems was asking for.

Epic, a Verona-based electronic medical records vendor, had filed a lawsuit against TCS and its US subsidiary, Tata America International, in US district court in Madison, for allegedly stealing “trade secrets, confidential information, documents and data” from it.

Read more from our special coverage on "TCS"

• Fine notice on TCS raises key issues
• Centre ropes in TCS to find solution to Deonar garbage pile-up
• Top 6 companies add Rs 37,414 cr in mcap; TCS lead gainer
• Its all about being digital: TCS
• TCS named official tech partner for Virgin Money London Marathon

In its Tuesday’s order, Conley had said: “It is ordered that Epic’s present damages proffer is rejected without prejudice to further order of this court.”

The 14-page order also raises a question on the way Epic had come to the amount as damages. “Under the theory, Epic opted to pursue, its principal damages expert, Thomas Britven, purports to derive the value of TCS’ unjust enrichment or unfair taking by using Epic’s cost of researching and developing the confidential information, including trade secrets, as a ‘proxy’ for TCS’ avoided research and development costs. As a starting point, Wisconsin courts typically reject plaintiff’s costs as a basis for awarding unjust enrichment damages.”

The court has also questioned Epic’s assumption that TCS used the information for the creation of a competitive product. It also raised the question on how Epic has managed to come to a value of its damages. “Epic appears to have proffered no evidence as to the value of the use of its confidential information by TCS’ testers (at least on a timely basis), nor a reasonable measure of the possible value of any marketing comparisons done to date. Indeed, even if the court were to emphasise the need for the jury to only award damages arising out of actual, present injuries (not future, speculative injuries), (1) there is nothing in the expert’s methodology that allows for a reasoned reduction from his bulk number (though he might have opined on how the jury could meaningfully do so).”

It further said: “And (2) what proof of a concrete, existing competitive injury could there be when TCS has nothing but an experimental product in the US and no proof of one in Europe, while Epic has no proven presence in Asia, Africa or the Middle East (if the jury can even consider damages outside the US). Instead, Epic swung for the fences by asking its damages expert to assume far broader use of its confidential information than the facts now support.”

However, a closer look reveals the case does not seem to be one of trade secrets or theft of confidential information but internal compliance, data confidentiality and unauthorised access. As one report from Kotak Institutional Equities points out: “Several employees of Indian IT companies may be having access to documentation and user-manuals of third-party products used by clients given their involvement in implementation, customisation and testing of such products. Now that Indian IT has embarked upon own platform development, it needs to adequately protect itself in cases where there is a conflict of interest (that is, a company is building in-house platforms that compete with third-party products that it may be implementing/testing for its clients). This calls for strengthening of legal clauses in the contracts with clients/third-party product vendors and internal compliance (especially sharing of access between onsite/offshore team members).”

The real problem

According to the judge’s order and US media reports, this is what happened: TCS was selected by Kaiser Permanente (an integrated managed care consortium) to test Epic Systems' electronic health records product in its IT environment. TCS was given UserWeb portal access to documentation (that contains user manuals etc) so far as it pertained to testing of the product. This meant that TCS’ offshore centres would be providing testing support whenever there was product release or a major upgrade from Epic.

Since the support was offshore, as part of the agreement, TCS was to make sure the data confidentiality aspect was taken care of. This means, computers would not have access to USBs and no internet access to employees - two modes that could be used for data transfer and sharing. According to some of the reports filed in the US, TCS had some computers that had access to USB as well as internet.

According to the court order, TCS employees that needed access to UserWeb directly were helped by Kaiser’s employees to download release notes. This via-route was used because Epic did not allow TCS access to its UserWeb.

According to a report in The Wire, the problem starts when an employee who had earlier worked with a Kaiser client and had access to Epic’s UserWeb. The employee continued to access Epic’s UserWeb, as it allowed him and his team to work faster, in violation of the confidentiality agreement.

Epic has alleged TCS employees downloaded 6,477 documents containing information that could be used to benefit Tata’s own health care software, Med Mantra.

However, there is one point that goes against Epic. According to reports, the employee had updated his registration details as he moved to TCS as an employee, informing about him not working with Kaiser any more. Epic did not reply to his update, which allowed him to access Epic’s UserWeb even after his exit.

Also, the documents that the TCS employees had allegedly downloaded could be technical and user manuals of various modules of Epic’s product lines.

There is one more point that raises questions. Epic’s products line is directed largely towards US markets (and has virtually no presence in other markets), while TCS’ presence is in the emerging markets.

Status
Reduction in award judgment will be announced in the next six to eight weeks, following which the parties can file an appeal within 30 days after the judgment is filed. TCS is expected to appeal against this judgment in the Chicago Federal Court.

The quantum of financial damages is yet to be known, but TCS will have some immediate impact:  “This does not appear to be a case of intellectual-property infringement. However, possible unauthorised access of documents by TCS employees does not reflect well. This incident will attract negative press for TCS. Competition will not miss a chance to highlight this to TCS’ client base,” said a note from Kotak Institutional Equities.