Confidentiality in the Digital Age: The Singapore approach

Brief facts 

The plaintiff, a fund management company, brought a claim against its former Head of Investor Relations, alleging that the defendant had breached his contractual and equitable obligations of confidentiality. In the days surrounding the defendant’s resignation and before his last day of employment, the defendant accessed and downloaded a significant volume of confidential documents from the plaintiff’s Google Drive onto his personal MacBook. These documents included commercially sensitive investor, client, and employee data and internal business information. The defendant retained these documents after the termination of his employment. These actions came to light when the plaintiff conducted an IT audit after the defendant’s resignation. 

The plaintiff claimed that the defendant’s conduct violated the confidentiality clauses in his letter of appointment and also breached his equitable duty of confidence by infringing upon the plaintiff’s wrongful loss interest. 

Court’s findings

The High Court found in favour of the plaintiff, and held that the defendant had breached both his contractual and equitable duties of confidence owed to the plaintiff. 

Contractual duties

The High Court found that the defendant had breached his contractual duties of confidentiality imposed by his letter of appointment. This contract imposed an obligation on the defendant to, upon termination of his employment, return to the plaintiff all information relating to the plaintiff’s business in his possession or under his control. By retaining confidential documents beyond the termination of his appointment, the defendant had breached his employment contract.

The plaintiff also claimed that the defendant was in breach of another provision in his employment agreement, which stipulated that he would not misuse or reveal to others any confidential information that came within his knowledge during his employment. The High Court found that Clause 3 was not relevant for the purpose of this claim, given that it pertained to misuse or disclosure, and not access and retention of confidential information. 

Equitable duties

The High Court held that contractual and equitable obligations can arise at the same time. In this case, given that the letter of appointment did not clearly define the specific scope of his contractual obligations, equity could “step in” to impose an obligation that the defendant ought not to have downloaded and accessed confidential information for non-work purposes.

The High Court reiterated the law that applies to an equitable claim for breach of confidence:

1. First, the Court will determine the relevant interest that the breach of confidence claim seeks to protect:
   1. Wrongful gain interest, where the defendant has benefited from unauthorised use or disclosure of confidential information.
   2. Wrongful loss interest, which protects the confidentiality of the information per se, which is loss suffered as long as a defendant’s conscience has been impacted. 
2. To establish either wrongful gain or wrongful loss interest, the plaintiff must first prove that the information in question has the necessary quality of confidence, and that the information was imparted in circumstances that imported an obligation of confidence. 
   1. In the case of wrongful gain interest, the plaintiff must additionally prove that there was an unauthorised use of the information in question.
   2. In the case of wrongful loss interest, once the above is proven, it will be presumed that the conscience of the defendant has been impinged. The presumption may be rebutted if the defendant proves that his conscience was not affected.

On the facts, the High Court found that the defendant had breached his equitable obligations of confidence by infringing upon the plaintiff’s wrongful loss interest. In particular, the Court held that: 

1. The plaintiff’s information has the necessary quality of confidence given that it was stored in a Google Drive that was “relatively secret and inaccessible to the public”.
2. The information was provided to the defendant in the context of their employment relationship, which are circumstances that imported an obligation of confidence. 
3. The defendant failed to rebut the presumption that his conscience was impinged when he downloaded and retained the confidential documents. The High Court was not convinced by the defendant’s claims that he did so to search for his payslips and to retain evidence to lodge a complaint against the plaintiff; these could be done without the need to download and retain confidential documents. 

Remedies 

The High Court ordered for the deletion of the Google Drive cache files from the defendant’s personal MacBook, under the supervision of the plaintiff and/or its forensic experts and solicitors. The High Court also directed that damages be assessed for the defendant’s breach of contractual and equitable obligations of confidence. 

However, the High Court refused to issue an injunction to prevent the defendant from using or disclosing the plaintiff’s confidential information. It considered the risk of misuse of confidential information as minimal, particularly given that the confidential information had little relevance to the defendant’s new job.  

Key implications

This decision affirms that the law continues to evolve in response to the challenges posed by data management in this digital age. It is notable for several reasons.

First, it reinforces the dual legal framework – contract and equity – that protects confidential information in the context of employment relationships. The High Court articulated a test for imposing an equitable duty of confidentiality when there is already an express contractual obligation. Generally, if the contract clearly defines the scope of the obligation, equity will not “step in” to impose wider obligations unless not doing so would offend a reasonable man’s conscience. 

Second, this decision reflects the High Court’s willingness to uphold the sanctity of confidential relationships even after the termination of an employment relationship. It shows the judiciary’s keen awareness of the realities of digital data handling, where data storage is no longer kept within the physical boundaries of the office or the temporal boundaries of the employment contract.

Third, the remedies in this case show that the High Court is willing yet measured in safeguarding confidentiality of information even in the absence of misuse. Employers need not wait for actual misuse to occur before seeking redress against its former employees; the act of unauthorised retention per se could suffice to establish liability. Yet, given the lack of evidence and low risks of misuse, the High Court refused to grant an injunction and opted for a targeted and supervised deletion order. This is a proportionate and practical remedy that ensures the protection of the employer’s interest without being overreaching. 

What this means for businesses

While cloud-based data storage tools like Google Drive can provide immense convenience and benefits for businesses, they can also complicate data access and compliance. To safeguard your business’s interest, it is important to implement robust IT management policies to securely manage confidential digital data, including access controls, offboarding or exit protocols, and forensic audit policies. It is also important to reinforce expectations of data handling to employees through training and internal policies.

In addition, it is important to draft clear and robust confidentiality clauses in employment contracts. Vaguely-worded clauses may leave room for equitable duties to supplement the contract, but could potentially lead to uncertainty and prolonged litigation.

At Hogan Lovells, we have a dedicated data, privacy and cybersecurity practice that offers comprehensive legal services to help your company stay protected. From drafting robust contracts to advising on suitable company policies, we provide practical solutions to help your company implement strong confidentiality safeguards. If you require assistance, feel free to reach out to the authors or your usual Hogan Lovells contact. 

Authored by Charmian Aw and Hsiao Tien Tan.