Home > News > ‘TOP SECRET’ – Protect your confidential information

‘TOP SECRET’ – Protect your confidential information

Spread the love

Information is considered to be confidential if three essential conditions are met, namely (i) the information is imparted under an obligation of confidence, (ii) there is a relationship of confidence between the discloser and the recipient of the information, and (iii) the unauthorised use or disclosure of the information by the recipient would cause real damage to the discloser. In the current business environment, confidential information in the form of client lists are attractive assets – and are therefore worth protecting.

Recent court proceedings have illustrated circumstances of alleged misuse of confidential information, and highlight the importance of actively managing the confidential information owned by a business.

Example 1

In the first example, (Wilson Parking Australia 1992 Pty Ltd v Rush 2008) a (former) employer sought urgent interlocutory relief to restrain its former employee from using certain confidential and commercially sensitive documents, data and other information relating to its car parking operations in the employee’s new role with a direct competitor. The former employee’s terms of employment included terms relating to confidentiality obligations.

There was evidence before the Court to suggest that the former employee had accessed and used the confidential information of his former employer to advance his position with his new employer. The use of the confidential information was alleged to have caused detriment to his former employer. Pending determination of the matter, the Court made orders for the (former) employee to deliver up the confidential information, as well as be restrained from approaching or soliciting certain car parking operations operated by his former employer. This matter is still the subject of legal proceedings.

Example 2

In the second example (Luxottica Retail Australia v Grant & Ors 2009), an employee of a retail optometry business had access to a broad range of documents, some of which incorporated confidential information of her employer. The employee’s conditions of employment specifically included obligations relating to confidential information.

Prior to resigning her position and beginning a new role with a competitor optometry business, the employee forwarded emails from her work computer to her personal email address. Four of these emails allegedly contained confidential information of her (then) employer. Further, the employee forwarded one of these emails – containing confidential information – to her husband’s email address. The (former) employer brought court proceedings alleging that this transfer of emails was in breach of the employee’s terms of employment. The Court found that as the employee had forwarded the emails while she was still employed she had not “used or disclosed the confidential information.” However, the Court did award nominal damages (of $10!!) for breach of her contract of employment in light of the email forwarded to her husband.

While the above examples are restricted to their facts, there are some “TOP SECRET” steps you can take now to protect the confidential information in your business. Our first 5 “TOP SECRETS” are:

TOP SECRET STEP 1 – Mark Your Information as “Confidential”

By clearly marking your sensitive business information as “CONFIDENTIAL”, this clearly puts any person using the information on notice that you consider the information to be subject to obligations of confidentiality. In the above example of the employee optometrist, there was some suggestion “she had not been told the document was confidential”..

Although marking a document as “CONFIDENTIAL” is not determinative – in that the information still needs to meet the three elements mentioned above – the Courts will take the marking into account when deciding if the information is confidential.

TOP SECRET STEP 2 – Make Sure Agreements Address Confidentiality

Obligations Before you disclose your confidential information to authorised persons, we strongly recommend the authorised person has provided written acknowledgement of their obligation to keep the information confidential. For employees or independent contractors, these obligations can be included in the relevant employment agreements for engagement, while for business associates having access to your confidential information we would suggest a separate Confidentiality Agreement/Non-Disclosure Agreement.

TOP SECRET STEP 3 – Limit Access to Your Information

If your information is “CONFIDENTIAL” then it should be treated as such. Methods include limiting access to authorised persons; having password protection associated with the (eg) document; recording who has access to the document; and ensuring the information is only discussed in appropriate surrounds. In a recent (anecdotal) example, confidential news of a round of redundancies in an organisation became public knowledge because it was discussed during a mobile telephone call on a packed train.

TOP SECRET STEP 4 – Identify How Your Information May be Used

If a recipient has access to your confidential information, there should be clear guidelines on how the information may be used and where it can be stored. For example, can the information only be used on a certain project or on your business premises? In the case of the optometrist employee, there was evidence to suggest that the employer should have been aware she had received and sent emails from her personal email as the employer had not initially provided her with a work email. Do you have employees operating in a similar manner?

TOP SECRET STEP 5 – Make Sure Recipients are Aware of Their Obligations, Including the Return of Your Information

While the recipients of your confidential information may make written undertakings to keep the information confidential, we recommend you have systems in place to continuously remind recipients of their obligations, and ensure the information is returned and/or destroyed when it is no longer required. For the above car parking employee example, this approach may have assisted in re-iterating the inability of the former employee to use the information in his new role.

Author: Noelene Treloar