POLICIES FOR EMPLOYEE PERSONAL USE OF BUSINESS EQUIPMENT

INTRODUCTION
It is common for employees to use business software for personal projects, but this can be risky from a legal point of view. Even though this kind of use might be helpful for employees, it can cause problems with intellectual property, data security, and liability. Understanding these risks, applicable case law, and practical remedies is crucial for organisations seeking to reduce harm and protect their assets.
The Copyright Act of 1957 in India has very strict rules that can make these actions into a business asset or a crime.

THE DOCTRINE OF "WORK MADE FOR HIRE" AND IP OWNERSHIP
The biggest risk is losing ownership of a personal project. According to Section 17of the Indian Copyright Act, 1957, the employer is usually the first owner of any work created during employment under a contract of service. Although an employer is generally the first owner, a "Contract of Service" transfers this right to the employer if the work happens during employment.

MISUSE OF DIGITAL ENTRUSTMENT BNS UNDER SECTION 316
The amendment of the Information Technology (IT) Act, 2000, to the Bharatiya Nyaya Sanhita (BNS), 2023, demonstrates a contemporary revision in the Indian criminal law on the misuse of digital resources.
The legal risk is separated under the IT Act. Section 43 provides means of pursuing civil damages as a result of unauthorised accessing or obtaining data. These actions are a crime under section 66 when performed with a dishonest or fraudulent purpose, such as creating a rival product using company software. [1]
The BNS, 2023, adds to this by setting up the principle of entrustment in Section 316 (Criminal Breach of Trust). In this case, the employee is granted the right, legally, to use software licenses to work only. These valuable resources should not be used to carry out personal projects, lest they give rise to criminal charges.

Similarly, Section 303 (Theft) has been expanded by judicial interpretations to incorporate the misplaced transportation of intangible digital property in an unscrupulous manner.[2]
This is anchored in Abhinav Gupta v. State of Haryana (2008)[3], in which the court refused to grant anticipatory bail to a staff member who sent confidential company design information to a third party, stating that custodial interrogation was necessary to understand how the digital theft had been committed, is certain to make intangible property just as subject to protection as movable property.

VICARIOUS LIABILITY AND SHOP RIGHTS
The employer can still have a Shop Right when an employee manages to prove that he or she is the owner of the IP. It is a non-exclusive, royalty-free license to the employer to use the invention by implication since it was devised with the use of company resources. Also, there is the principle of vicarious liability (respondeat superior), which implies that the company is liable for the actions of its employees conducted within the framework of their work.
In State Bank of India v. Shyam Devi[4], the Supreme Court made it clear that the extent of vicarious liability can be limited, especially when the employer must be performing business when the act is carried out to hold him or her liable under vicarious liability. But when the personal project of an employee on company software includes the illegal scraping of data or copyright violations, the boundaries of business scope become very thin, which presents an invitation to litigation to the employer.

DATA PRIVACY AND WORKPLACE SURVEILLANCE
Mixing personal projects with company software effectively waives an employee's expectation of privacy. Under Indian law, the Digital Personal Data Protection Act (DPDPA), 2023, allows for the processing of personal data for "certain legitimate uses," which includes the prevention of corporate espionage or system misuse.
According to the International Labour Organisation Research, with the growing digitalisation of the workplace, ubiquitous surveillance is becoming a normal working practice, leaving the worker incapable of asserting privacy of the personal data held on the corporate servers.
This is also exacerbated by the fact that whilst most jurisdictions offer general rights of privacy, they give inadequate or sporadic protection of such rights, when such rights conflict with the right to protect their licensed software environment by the employer.

CONCLUSION
To mitigate the "double-edged sword" of digital productivity, organisations must implement robust IT usage policies and explicit intellectual property assignment clauses to eliminate ownership ambiguity. Conversely, employees should strictly segregate personal ventures from corporate infrastructure to avoid criminal breach of trust under the BNS. Ultimately, obtaining a written "No Objection Certificate" (NOC) remains the most effective safeguard for protecting a "side hustle" from being legally absorbed as a corporate asset.

Frequently Asked Questions (FAQs)

1. Can employees use company software for personal projects in India?
While employees may technically be able to use company software for personal projects, doing so can expose them to serious legal risks. Such use may violate employment contracts, intellectual property policies, and even attract civil or criminal liability under Indian law.

2. Who owns intellectual property created using company resources?
Under Section 17 of the Copyright Act, 1957, the employer is generally considered the first owner of works created during the course of employment. Even where the employee claims ownership, the employer may acquire rights over the work if corporate resources were substantially used in its creation.

3. What is the "Work Made for Hire" doctrine in Indian copyright law?
The "Work Made for Hire" principle provides that creative works developed in the course of employment belong to the employer unless there is an agreement stating otherwise. This doctrine aims to ensure that intellectual property generated through employment remains a corporate asset.

4. Can misuse of company software lead to criminal liability under the BNS and the IT Act?
Yes. Unauthorised use of company software or data may result in civil liability under Section 43 of the Information Technology Act, 2000, and criminal liability under Section 66 when accompanied by dishonest or fraudulent intent. Additionally, misuse of entrusted digital resources may attract charges of criminal breach of trust under Section 316 of the Bharatiya Nyaya Sanhita, 2023.

5. What is a "Shop Right" and how does it affect employees?
A Shop Right is an implied, non-exclusive, royalty-free right that allows an employer to use an invention or creation developed with company resources, even if the employee is considered the owner of the intellectual property. This doctrine prevents employees from excluding employers from using innovations created through corporate facilities.

6. Can employers monitor personal projects stored on company systems?
Yes. Employees generally have a reduced expectation of privacy when using corporate infrastructure. Under the Digital Personal Data Protection Act, 2023, organisations may process data for legitimate purposes, including preventing misuse of company systems and protecting proprietary information.

7. Can a company be held liable for an employee's unlawful activities conducted through company software?
Potentially, yes. Under the principle of vicarious liability, employers may face legal claims arising from acts committed by employees during the course of employment. Although liability is not automatic, misuse of company software can expose organisations to costly litigation and reputational harm.

8. How can employees protect their side projects from becoming company property?
Employees should keep personal projects entirely separate from company infrastructure, devices, and software. Obtaining a written No Objection Certificate (NOC) or a clear agreement from the employer regarding ownership rights is one of the most effective ways to prevent personal ventures from being absorbed as corporate assets.

© 2025. All rights reserved.