A New Approach to Breach of Confidence
Article by Ronald JJ Wong and Arthur Chin.
I. Executive Summary
1. If a person copies, stores or circulates confidential information without permission, but not use it to another person’s detriment, would the person be liable for breach of confidence? Prior to this landmark decision by Singapore’s apex court, the answer was “No”.
2. The law had required unauthorised use to the detriment of the owner of the confidential information. This meant that owners of confidential information such as employers, business owners, and indeed any ordinary individual, had often faced practical and evidential difficulty while seeking relief against people who stole or possessed confidential information.
3. In a highly digitalised world where the procurement, storage and transfer of confidential information can be done with a few clicks on a computer, the law must ensure that legally recognised interests are sufficiently protected. Hence, the decision in I-Admin (Singapore) Pte Ltd v Hong Ying Ting and others [2020] SGCA 32 (“I-Admin (Singapore)”) is welcomed in changing the law on confidentiality to evolve with the times.
4. In I-Admin (Singapore), the Court of Appeal (the “CA”), in a decision delivered by Sundaresh Menon CJ, re-examined the three well-established elements in the tort of breach of confidence. In concluding that the current laws do not sufficiently safeguard owners of confidential information against their “wrongful loss interest”, the CA propounded the modern approach as a comprehensive framework to place greater emphasis on the interests of owners of confidential information. At the outset, since the law on copyright was not substantially addressed and expounded on, we will focus our analysis and comment on the law of confidence.
II. Material Facts
5. The appellant is I-Admin (Singapore) Pte Ltd (“I-Admin (SG)”), a Singapore incorporated company in the business of outsourcing services and systems software – specifically payroll administrative data processing services (“Payroll Systems”) and human resource information systems (“HRIS”). I-Admin SG’s Payroll Systems are used extensively in Asia. Moreover, the company also operates a number of wholly owned subsidiaries, including I-Admin (Shanghai) Ltd (“I-Admin (Shanghai)”).
6. The four respondents in this appeal are the former employees and related parties of the employees:
a. the first respondent is Mr Hong Ying Ting, a former employee of the I-Admin (SG) (the “First Respondent”);
b. the second respondent is Mr Liu Jia Wei, a former employee of I-Admin (Shanghai) (the “Second Respondent”);
c. the third respondent is Nice Payroll Pte Ltd, a Singapore incorporated company that provides payroll outsourcing services and HR management functions (the “Third Respondent”); and
d. the fourth respondent is Mr Li Yong, an investor of the third respondent (the “Fourth Respondent”)
(the “Respondents”).
7. The genesis of the dispute took place in 2009 when the First and Second Respondents felt that I-Admin (SG)’s software were flawed and inadequate to perform the necessary tasks it was programmed to complete. The two disgruntled respondents then embarked on a personal venture to develop a payroll software to address the shortcomings. Subsequently in March 2011, the Fourth Respondent agreed to invest in the First and Second Respondents’ efforts. The parties duly incorporated the Third Respondent with the Fourth Respondent appointed as its sole director and shareholder.
8. Later, the First and Second Respondents left I-Admin (SG) and I-Admin (Shanghai) respectively to work for the Third Respondent. They were also appointed as the Third Respondent’s directors and were allotted shares in the company.
9. It was only in February 2013 that I-Admin (SG) came across the Third Respondent’s website and found that the payroll and HR systems substantially overlapped with the geographical scope of its services. A business profile search at the Accounting and Corporate Regulatory Authority revealed that the First and Second Respondents were directors of the Third Respondent. I-Admin (SG) then instructed Nexia TS Technology Pte Ltd (“Nexia”) to conduct forensic investigations into the Third Respondent.
10. I-Admin (SG) commenced Suit 585/2013 against the Respondents and applied for an Anton Pillar Order (“APO”) against the Respondents. After executing the APO at the Third Respondent’s premises, Nexia discovered confidential materials belonging to I-Admin (SG) which include source codes, client materials and software and hardware technical platforms stored on the Third Respondent’s servers and the First Respondent’s computer. Moreover, the First and Second Respondents also circulated some of I-Admin (SG)’s materials in a number of emails.
11. This formed the basis of I-Admin (SG)’s claim before the High Court – that in conspiring to start a competing payroll business, the Respondents’ actions in accessing and downloading I-Admin (SG)’s materials entailed beaches of copyright and confidence.
12. I-Admin (SG) claimed that the following were the infringed materials:
a. source codes for the Payroll Systems and HRIS (“Category 1 Materials”);
b. databases and other materials constituting the technical infrastructure supporting the Payroll Systems and HRIS (“Category 2 Materials”);
c. business development and client-related materials (“Category 3 Materials”); and
d. materials related to its operations, such as documents setting out internal guidelines and policies (“Category 4 Materials”).
III. The High Court decision
13. In the High Court decision of I-Admin (Singapore) Pte Ltd v Hong Ying Ting and others and another suit [2019] SGHC 127, the High Court judge (the “Judge”) found in favour of the Respondents and held that there was no copyright infringement. Notably, at the High Court, the claim for copyright was only advanced for the Category 1 to 3 Materials. Although the Judge found that the copyright belonging to I-Admin (SG) did subsist in the Category 1 to 3 Materials under ss 7A(1)(a) and 7A(1)(b) of the Copyright Act (Cap 63, 2006 Rev Ed), the Judge was not convinced that the Respondents had copied a substantial part of the copyrighted works.
14. As for the claim for beach of confidence, the Judge likewise found in favour of the Respondents that they were not in breach of their obligations of confidence. Although the Judge found that the Respondents owed I-Admin (SG) obligations of confidence, there had been no use of its confidential information in the relevant sense and so the elements for obligations of confidence were not satisfied.
IV. Issues before CA
15. There were two main issues canvassed before the CA. First, that the Judge had erred in finding that the Respondents did not infringe their copyright in the Category 1 to 3 materials (the “Copyright Issue”).
16. Secondly, that the Judge had erred in finding that there was no breach of confidence in relation to the Category 1 to 4 materials (the “Breach of Confidence Issue”).
A. The Copyright Issue
17. I-Admin (SG)’s claim for infringement was dismissed on appeal and we summarise the CA’s findings on this issue in brief. I-Admin (SG) pitched their copyright infringement claim on two levels. At a higher level, they contend that the Respondents substantially reproduced and/or adapted its copyrighted materials for financial gain. At a lower level, they contend that the mere fact that the Respondents downloaded, possessed and circulated unauthorised copies of their materials constituted material reproduction in contravention of the Copyright Act. At the hearing before the CA, the counsel for I-Admin (SG) only focused on the latter submission.
18. However, this lower level claim for infringement was rejected on appeal for the following reasons:
a. First, the CA was not persuaded that I-Admin (SG) had sufficiently pleaded their case on this submission. Instead, the CA thought that the general tenor of their pleadings concerns the use of material for “financial or commercial gain”, and this was clearly the higher-level claim of copyright infringement.
b. Secondly, counsel for I-Admin (SG) did not seek any relief purely based on mere possession and circulation in their closing submissions.
c. As such, this would be prejudicial to the Respondents if the CA decided solely on the issue of possession and circulation.
19. Nevertheless, the CA went on to consider I-Admin (SG)’s higher level claim of infringement, which was only confined to the Category 2 Materials, ie, the Payitem Bibles. The CA was in agreement with the Judge that the Third Respondent’s Payitem Bible drafts were not material reproductions of the appellant’s files. The decision hinged on whether the Respondents reproduced the organisation of the Payitem Bibles and this was not the case. The Respondents had made minor differences in arrangement in their own drafts. Furthermore, the CA found that they had made even more significant modifications in their own finalised Payitem Bible. Thus, the CA was of the view that the Respondents had created a new and unique product which is sufficiently distinguishable from the Payitem Bibles and so there is no copyright infringement by the Respondents.
B. The Breach of Confidence Issue
20. More significantly, the CA overturned the Judge’s decision and held that the Respondents were in breach of their obligation of confidence.
21. Menon CJ agreed with the Judge that a claim for breach of confidence traditionally rested on the three elements. Citing the decision of Coco v AN Clark (Engineers) Ltd [1969] RPC 41 (“Coco”) at [47] and Clearlab SG Pte Ltd v Ting Chong Chai and others [2015] 1 SLR 163 (“Clearlab SG”) at [64], the Judge held that the three well-established elements must be found before a claim for breach of confidence can succeed:
a. the information must possess the quality of confidentiality;
b. the information must have been imparted in circumstances importing an obligation of confidence; and
c. there must have been some unauthorised use of that information to the detriment of the party from whom the information originated.
22. However, Menon CJ opined that the requirement that the plaintiffs must show unauthorised use of their materials by the defendants and the resulting detriment has come under increased scrutiny. As counsel for I-Admin (SG) contended, a modern approach ought to be put in place and this prompted the question of whether the current law of confidence is sufficiently broad to encompass the myriad of ways in which confidentiality might be undermined.
23. To answer the question on the sufficiency of the law of confidence in Singapore, three considerations arose for the CA’s consideration.
(1) What interests are sought to be protected by the cause of action?
24. The CA considered a line of cases to show that English jurisprudence has a longstanding tradition of protecting confidential information. This line of cases developing the unique features of an action for breach of confidence concluded with Coco. The reasoning in the line of cases forms the basis for Megarry J’s articulation of the three elements as cited in Coco and Clearlab SG above.
25. The CA took the view that the envisaged purpose of an action for breach of confidence, as seen in cases like Coco, is to protect the specific interest of the plaintiff in preventing wrongful gain or profit from its confidential information (“wrongful gain interest”). However, interestingly, even though Megarry J in Coco stipulated that detriment to the plaintiff was an essential element of the cause of action, he noted that not all early cases concerning breach of confidence focused on damage stemming from the misuse of confidential information. Megarry J’s comments suggested that the policy objectives behind the early law of confidence may have extended beyond safeguarding against wrongful gain.
26. What then are the other interests that ought to be protected? The CA found support for Megarry J’s comments in Morison v Moat (1861) 68 ER 492 (“Morison”), where Turner VC referred to a claim for breach of confidence as arising from an “obligation of conscience”. In the view of Menon CJ, this imports a broader, more fundamental, equity-based rationalisation for the protection of confidentiality: an obligation of conscience is to respect the confidence of the relevant information, not merely to refrain from causing detriment to the plaintiff. This places the defendants under a duty to be bound not to deal with confidential information in a manner that adversely affects their conscience. This language of “conscience” thus reflects an interest in preventing a wrong and protecting plaintiffs from any kind of improper threat to the confidentiality of their information.
27. The CA further found support for the “obligation of conscience” in their own decision of Adinop Co Ltd v Rovithai Ltd and another [2019] 2 SLR 808 (“Adinop”). In that case, the plaintiff alleged that the respondent had misused confidential customer information and the CA found that the first respondent’s conscience was bound against the use of the plaintiff’s confidential information.
28. Concluding on the first consideration, the CA found that a second distinct interest guides the operation of breach of confidence claims. The law is also interested in protecting a plaintiff’s interest to avoid wrongful loss (the “wrongful loss interest”), which is suffered so long as a defendant’s conscience has been impacted in the breach of the obligation of confidentiality.
(2) What is the nature of the threat to these interests?
29. Following the first consideration, the second consideration then asks if there is a threat to this wrongful loss interest that warrants a more robust response by the law. The test as set out in Coco and Clearlab SG is clearly targeted at protecting the wrongful gain interest. While the wrongful gain interest and wrongful loss interest do overlap, the CA was of the view that the present case clearly showed that a distinction can be drawn.
30. For example, in this case, it was not clearly proven that the Respondents had directly profited from their use of I-Admin (SG)’s materials. However, this does not detract from the fact that the Respondents had knowingly acquired and circulated these materials without consent. To the CA, this is an unchecked threat to the wrongful loss interest which is not sufficiently addressed by our Singapore laws and public policy.
(3) What are the remedies that ought to be made available where the relevant interests have been infringed?
31. The CA states that there are adequate remedies to protect a plaintiff where the wrongful gain interest has been infringed. For instance, there is a “formidable armoury” of remedies including injunctions and delivery up, as well as monetary remedies, to address situations where the wrongful gain interest has been infringed.
32. On the other hand, the CA was of the view that plaintiffs who have only suffered a violation of their wrongful loss interest may not always be availed of these remedies and might find themselves with limited alternatives. Given that the damage from such infringement is often not translated into monetary terms or quantifiable detriment, the owner of compromised information will have little recourse against errant ex-employees.
(4) Conclusion on the Breach of Confidence Issue
33. The CA’s sympathy with owners of confidential information is clear – the wrongful loss interest is a legitimate objective undergirding the law of breach of confidence. To this end, the previous legal framework in Clearlab SG did not adequately safeguard this interest or offer recourse to owners of confidential information who have suffered damage. The CA was of the view that the requirement of unauthorised use and detriment under the three Clearlab SG requirements have clearly held back the development of the law by overemphasising the wrongful gain interest at the expense of the wrongful loss interest.
34. The CA thus stated at [61] a modified approach in relation to breach of confidence claims. The court must first consider two prerequisites:
a. whether the information in question has the necessary quality of confidence about it; and
b. whether it was imparted in circumstances importing an obligation of confidence. An obligation of confidence will also be found where confidential information has been accessed or acquired without the plaintiff’s knowledge or consent.
35. It is upon the satisfaction of these prerequisites that an action for breach of confidence may be presumed. The presumption can be displaced where, eg, the defendant came across the information by accident or was unaware of its confidential nature or believed that there is a strong public interest in disclosing it. The burden of proof is shifted to the defendant to prove that his conscience was unaffected.
36. On the facts, the Respondents were found liable for breach of confidence for the acquisition, circulation and reference to the Appellant’s confidential materials without permission: at [63]. The Respondents failed to displace the presumption that their conscience was negatively affected.
37. The CA held that the Respondents should be liable for equitable damages: at [77]. The value of the Appellant’s confidential information would be the cost saved by the Respondents in taking the information given that they used the information as a ‘spring-board’ to create their own intellectual property (relying on Seager v Copydex [1967] 1 WLR 923 and Seager v Copydex (No 2) [1969] 1 WLR 809.): at [78].
38. In quantifying the damages, the court will consider the additional cost that would have been incurred by the Third Respondent to create the different elements of its payroll software without any reference to the Appellant’s materials, as well as the reduction in time taken to set up the Third Respondent’s business, allowing it to commence profit-making earlier: at [79].
V. Comment
39. The CA’s development of the law in the law of confidence is much welcomed. By giving weight to the wrongful loss interest, the CA has identified a lacuna in the law that is clearly in need of reform to protect owners of confidential information. As the CA rightly noted, modern technology has made it significantly easier to access, copy and disseminate vast amounts of confidential information. Moreover, employees often come across large volumes of confidential materials in the course of their employment. A genuine concern would be that employees could surreptitiously download this information for their personal use and to start a competing business.
40. Hitherto, the problem is that while an owner of confidential information may be able to obtain forensic analysis reports of the acquisition of confidential information, it is usually impracticable to obtain evidence of unauthorised use of the information.
41. Further, it is typically impracticable to obtain evidence of detriment to an owner of confidential information until a significant amount of time has passed, in which case the infringer would likely have wrongfully profited substantially and grown to become a significant competitor. An owner of confidential information would not want to permit such a scenario.
42. Also, while the facts of this case involved a business protecting its intellectual property, breach of confidence may be relied on in a wide range of other scenarios to protect confidential information. Andrew Ang J in Vestwin Trading Pte Ltd v Obegi Melissa [2006] 3 SLR(R) 573 (HC) commented at [35] that the tort is “not confined to commercially valuable information”. He surveyed at [36] various cases and gave examples of different types of confidential information which have been protected under the law of confidence: private etchings and prints made by the Royal Consort, Prince Albert; communications between solicitor and client; communications between husband and wife during their marriage; the design of a moped engine; telephone conversations; details of a lesbian relationship between plaintiff and a third party; information obtained by a former crown servant of alleged illegal activities of the British Security Services; telephone bills and other bills and receipts (which evince an adultery); a medical research questionnaire prepared from material in the public domain; a mugshot taken at a police station; photographs of a celebrity wedding; genetic information needed to reproduce a variety of nectarines imprinted in the twig wood or scion wood of the nectarine tree; and information about the plaintiff’s financial dealings with other customers.
43. Detriment may be even harder to prove in respect of certain types of confidential information and scenarios. Yet, the interest of the information owner is just the same: to protect the confidentiality of the information.
44. The modified approach laid down in this decision has wide-ranging implications. For example, if a person makes a voice recording of a confidential conversation or closed-door forum without permission, the person may be prima facie liable for breach of confidence. The other party or the speaker may commence legal action and perhaps seek an urgent interlocutory injunction against the aforementioned person to prevent (further) dissemination. Of course, that is quite apart from the wisdom of doing so in certain scenarios given the likelihood of the Streisand effect.
45. This approach may also pave the way for obtaining urgent injunctive relief against unknown persons in cybersecurity breaches. An interim and then permanent injunction was granted in Clarkson Plc v person(s) unknown [2018] EWHC 417 (QB) against hackers who gained unauthorised access to the claimant’s IT systems, obtained information, and sent emails to the claimant to threaten disclosure for ransom. While the injunction and judgment may have little effect on the hackers, the existence of a public judgment in the matter would at least put the public on notice of the theft of the information and deter potential recipients from retaining, publishing or distributing the stolen information to competitors or anyone else.
46. On the other hand, in today’s world where an overwhelming amount of digital information and materials come into people’s possession through many different channels, it is not uncommon that a person finds herself possessing information which may be deemed by the information owner to be confidential albeit without the owner’s knowledge or consent. For example, when emails or text messages containing confidential data are sent to a person and the person may be unaware of its existence because it was sent into junk mail or it was automatically saved into the person’s device. Perhaps the person may have opened it once and thought nothing of it. In such scenarios, the recipient would thus have the burden of proving that although she received the information, she had no clue about it or did not do anything with the information which should affect her conscience. Yet, this might be an unenviable task of proving a negative. Even if she could show from forensic analysis that there was no movement of the data, would this suffice to absolve her?
47. Take for instance, in a scenario where a person received confidential information without any intention of doing so, perused it and thought nothing of the information. She then deleted the information. A few years later, she somehow recalls the information and uses it in her business not knowing where she obtained the information from.
48. Before this decision, authorities suggest that an employee who deliberately memorises confidential information such as a formula or customer list may be liable for breach of confidence (or breach of duty of good faith), but not necessarily an employee who remembers and uses particular information that was not readily separable from his general knowledge and acquired skill from simply being an employee performing his service (Printers and Finishers Ltd v Holloway [1964] 3 All ER 731, [1965] 1 WLR 1 at 6, per Cross J, cited in Faccenda Chicken Ltd v Fowler [1986] 1 All ER 617 at 625-627, cited in Tang Siew Choy and others v Certact Pte Ltd [1993] 1 SLR(R) 835 (CA) at [16]).
49. After this decision, the modified approach would apply such that the earlier mentioned person who subsequently recalls and uses the confidential information would potentially be liable for simply accessing the information. How would this person rebut the presumption and prove that her conscience was not affected? Does her deletion of the confidential information at the first instance prove that her conscience was unaffected? Should this person be liable for the tort of breach of confidence? That said, such a scenario should be rare. The fact-sensitive inquiry of whether the defendant’s conscience has been affected should leave sufficient room for justice to be done in such outlier cases.
50. This modified approach should be welcomed by owners of confidential information, especially digital information that is easily transferable and replicable – and that would probably be all of us.