Misappropriation of Customer Data of Online Job Bank Constitutes Trade Secret Infringement
Online job banks continue to play an important role in the employee recruitment market, due to their convenience along with the accelerating growth of the Internet. A typical business model of job banks is to offer their online space for job applicants to upload their resumes for free, in order to collect as many resumes as possible. Afterwards the job banks will edit these resumes as per their customer database requirements, publish them, and subsequently provide access to the authorized members, usually recruiters or human resource managers. If these recruiters want to browse and review the customer database owned by the online job bank, they are required to pay user fees and a contract with the job bank will be necessary. As a preventative measure, the job bank will prohibit recruiters from providing their member accounts, passwords, and from disclosing customer data to any unauthorized third party. Recruiters who violate the contract terms are liable for breach of contract. Let’s take a look at the liability of any unauthorized third party who obtains the customer data from the existing job bank members, in this case, recruiters.
In a recently released Judgment of the Intellectual Property Court, the Court opined that the customer data of a job bank should be deemed as a trade secret. If customer data is misappropriated to a third party, the third party has infringed upon the trade secrets of the job bank and is criminally liable. The facts in this judgment are summarized as follows:
Recruitment Firm A and Job Bank D have signed into a contract in which A undertook a consideration not to provide its member account and password to any third party. However, A provided its member account and password to the employees of Company B and Company C to publish recruitment messages on the job bank’s website. Since the available positions published by B and C did not seem to be the manpower A would need, Job Bank D investigated this matter and found that the contact information in the said recruitment messages belong to the employees of B and C. Obviously B and C accessed to D's customer data by means of A's member account. Therefore D filed a lawsuit claiming trade secret misappropriation and infringement against A, B and C.
Article 10 of the Trade Secret Act stipulates as follows:
“Any of the following acts shall be deemed as a misappropriation of trade secrets:
(1) To acquire a trade secret by improper means;
(2) To acquire, use, or disclose a trade secret as defined in the preceding
item knowingly or unknowingly, due to gross negligence;
(3) To use or disclose an acquired trade secret knowing, or not knowing due to gross negligence, that it is a trade secret as defined in item one;
(4) To use or disclose by improper means a legally acquired trade secret; or
(5) To use or to disclose without due cause a trade secret to which the law imposes a duty to maintain secrecy.”
As such, to constitute trade secret infringement, the appropriated information must be a trade secret and it must be acquired, disclosed or used in any of the 5 listed circumstances. In this judgment, the Court held that either the existence of a legal relationship between the parties or actual damages incurred is not a necessary factor for trade secret infringement. According to Judgment No. 97-Appeal-968 of the Supreme Court in 2008, the burden of proof upon the plaintiff can be lowered to balance the burden of proof borne by both parties, since it is not easy to acquire evidence of trade secret misappropriation.
According to Article 2 of the Trade Secret Act, trade secrets as defined by law shall fulfill the following 3 factors: “non-publicity”, “economic value” and “secrecy.” In this judgment, the Court held that recruiters must contract with job banks to acquire their own accounts and passwords in order to review the customer data, so that the customer’s data is protected and is not voluntarily available to the public. The customer’s data has economic and commercial value since job banks must spend significant amount of resources collecting and editing the customer data, as well as maintaining their database. The Court also found that the job bank D did take reasonable methods to protect the secrecy of its customer data since only contracted members have access to their database. Therefore, the customer’s data, in the job bank’s possession, can be identified as trade secrets.
In addition, according to Paragraph 2, Article 10 of the Trade Secret Act, the ‘improper means’ stipulated in Item 1, Paragraph 1 of this Article shall mean “theft, fraud, coercion, bribery, unauthorized reproduction, breach of an obligation to maintain secrecy, inducement of others to breach an obligation to maintain secrecy, or any other similar means.” In this judgment, the court further opined that whether the defendants B and C are competing with the plaintiff D is not necessary to be discussed by the Court, because the aforesaid provision does not limit the person subject to trade secret infringement to be a competitor of the owner of the trade secrets misappropriated. The court ruled that since A violated its contractual obligation by offering its member account information to B and C to facilitate B and C misappropriating D’s trade secrets, A, B and C all infringed upon D’s trade secrets and are jointly liable to D.
This judgment is valuable because the Court acknowledged that the customer data of a job bank must be regarded as trade secrets, and confirmed that an unauthorized third party has infringed upon the trade secrets of a job bank if it uses another person’s account and password to appropriate the customer data of the job bank.