Confidentiality law

Related services

Contents

Confidentiality law

The law of confidentiality is useful in the commercial world as it recognises that certain information that has been divulged in circumstances imposing an obligation of confidence should be protected.

A business may want to disclose confidential information in the following circumstances:

  • As part of exploiting that information commercially, for instance, by licensing it to third parties
  • As part of negotiations in relation to a commercial transaction, project, venture or collaboration
  • To its employees so that they can carry out their role properly

Breach of confidentiality does not depend on an express contract between the parties (although non-disclosure agreements are often used to ensure certainty) and it has the following three elements:

  • The information must be confidential in nature.
  • The information must have been disclosed in circumstances imposing an obligation of confidentiality.
  • There must have been an unauthorised use or disclosure of the information, either threatened or actual, to the detriment of the party that gave it

Confidential in nature

For information to be of a confidential nature, it must have "the necessary quality of confidence".

Merely describing a document as confidential will not of itself turn information that is not inherently confidential into confidential information.

Information that is public knowledge clearly does not have the necessary quality of confidence. Secret formulae, on the other hand, clearly do. Information that is not very different from that which is in the public domain or which can, with some effort, be pieced together from what is in the public domain is less easy to classify. It is not impossible for information that is not very different from public domain information to be treated as confidential, but some thought and effort must be added to existing public domain materials to create something new that confers a confidential nature upon the information before it will benefit from protection.

Commercial information protected under the law of confidential information can take many forms, e.g:

  • Formulae which are not capable of being analysed in the final product
  • Processes
  • Business methods (until they are used in public)
  • Financial information
  • Statistical information
  • Customer lists
  • Plans, sketches and drawings
  • New inventions while the filing of a patent application is pending
  • Business plans
  • Computer programs

This includes information that may be protectable under copyright or patent (and so can protect patentable subject matter before its publication), but it also extends to much wider categories of information, including:

  • Unpatentable (i.e., minor) improvements to a product or process
  • Other commercial information, such as customer lists or details of contacts or information in invoices regarding customer names and the amounts they were paying

Obligation of confidentiality imposed

In the absence of an express contractual term imposing confidentiality, there are a number of circumstances that can give rise to an obligation of confidentiality. The most obvious ones are between solicitor and client and doctor and patient.

The relationship between employer and employee can also create confidentiality obligations. Every employee is considered to be under a duty to keep their employer's secrets. This duty also applies to ex-employees, but to a lesser extent.

Information available to employees during the course of their employment falls into one of three legal categories of confidentiality:

  • The trivia of the business is not confidential and cannot be made so. Employees cannot be required to keep such information secret even while they remain employed. This category includes all information about the business or industry which is available to the public, either generally or on demand, as well as custom and practice in the trade.
  • An employer can require an employee to keep information which has some confidential element secret while the employee remains employed. However, its confidentiality may either not be maintained afterwards or may be maintained only for a limited period.
  • A genuine trade secret remains confidential both while the employee remains in employment and after the employee has left. Such information may be capable of being kept confidential indefinitely.

These principles apply also to a consultant.

An obligation of confidentiality may also be implied from the circumstances in which disclosure is made. The test used to determine whether the circumstances will give rise to an obligation of confidentiality is whether, at the time of receipt of the information, the circumstances were such that a reasonable person would have realised that the information was being given to them in confidence.

In the absence of a written confidentiality agreement, a business disclosing information should state expressly that that information should be treated as confidential. The recipient should then be aware of their obligations.

Loss of protection through use or disclosure

Usually, disclosure of confidential information to the public at large will mean that the information is no longer confidential. However, this may not always be the case. For example, in one case, which concerned information that had been published on a newspaper's website for a short period, the court said that where material was generally available on the internet, it would be likely to lose its confidential character, but that very limited circulation and only partial circulation, perhaps in some remote or expert site that was not generally available to the public without a great deal of effort, might not result in a loss of confidentiality.

A special situation arises where someone receives information in confidence that could be ascertained by reverse engineering, or, by a process of compilation from public sources. The information will continue to be protected for a limited period. The duration of the protection will be limited to the time it would take someone to reverse engineer or compile the sources.

This is known as the 'springboard' doctrine and the idea is that nobody should be able to get a head start over others by misusing information that they received in confidence.

For example, construction drawings for many products could be produced by dismantling a sample and preparing drawings from the elements. Despite this, the construction drawings themselves remain confidential for a period, as the recipient can cut out the intermediate stages that competitors would normally have to go through and so obtain a springboard. The measure of the springboard would be the time taken to reverse engineer the sample.

Similarly, unencrypted information remains confidential, even though it could be lawfully reconstituted by someone decrypting the encrypted version of the information. The time taken to decrypt would be a measure of the springboard received by someone who had direct access to the unencrypted information.

In another case, the court decided that an ex-employee, who copied and retained various documents and information belonging to his ex-employer, including thousands of contact details and sales figures, acted in breach of confidence. The court said that the ex-employee's activities amounted to a classic springboard operation as the claimant's database was an important tool, providing an immediate base which the ex-employee could use to start up his rival business.

If, on the other hand, the information publicly available suffices so that no additional work needs to be done on it, then the recipient of the confidential information gets no springboard and so will not be restrained from using it.

Breach of an obligation of confidentiality

An obligation of confidentiality can be breached by either:

  • Disclosing confidential information to others
  • Using the confidential information for an unauthorised purpose

The law of confidential information is not restricted to preventing unauthorised disclosures of confidential information. A person who has received information in confidence must not make use of it to the prejudice of the person who disclosed it without first obtaining their consent.

A threatened unauthorised use or disclosure of confidential information can sometimes be prevented by an injunction.

Enforcement

Although the original recipient of information may owe a duty to the owner of the information to keep that information confidential, the obligation of confidentiality will not necessarily extend to a third party who acquires the information from the original recipient. This is particularly true if the third party does not know that the information is confidential. In these circumstances, it is possible that the third party can use or disclose the information as they wish, even though the original recipient of the information breached the duty they owed to the owner by disclosing the information to the third party. However, if such third party acquires or receives information in circumstances in which he or she knows such information is confidential, or later becomes aware of that fact, such third party may also be bound by the obligations of confidentiality.

There are exceptions to the general principle that knowledge is normally required. For example, if a person who misuses a claimant's confidential information does so in the course of their employment by a third party, then the third party can be liable to the claimant for breach of confidence without knowledge of their employee's misuse based on the principle of vicarious liability.

Remedies

The remedies for breach of confidence consist of injunction (or, in Scotland, interdict), damages, or an account of profits, and delivery up or destruction of documentation containing the relevant information.

The courts are willing to issue and continue injunctions in certain cases and are the first choice of remedy if the disclosing party discovers the recipient's intentions before the breach of confidentiality takes place.

Injunctions are, however, of little or no use once the information has been disclosed or used. In general, the remedy for past misuse of confidential information will be a financial one (damages or an account of profits).

An account of profits and an award of damages are alternative remedies. A claim cannot be made for both. There are circumstances, however, where a claimant cannot choose an account of profits as the remedy, but is, instead, restricted to an award of damages.

Where damages are awarded, the usual measure of damages is that the defendant should compensate the claimant for the loss which the defendant has caused the claimant. If the claimant would have used the information themselves to earn profits, the correct measure of damages is that the claimant should receive fair compensation for what they have lost. If, on the other hand, they would have licensed or sold the information to others, the correct measure of damages is the market value of the confidential information on a sale or licence between a willing seller and a willing buyer.

Public policy

Public policy can override an implied or express duty of confidentiality.

While there is, on the one hand, a public interest in preserving the right of organisations and individuals to keep their affairs private and their information confidential, the court will, on the other hand, examine individual cases carefully if it appears that this interest may be outweighed by a wider interest in making the information available to the general public. If such a case is made out, the discloser will be able to raise a successful defence to a claim that they have revealed confidential information in breach of contractual obligations.