The unauthorised disclosure of confidential information or sharing of company secrets constitutes a breach of the employee’s duty of confidentiality and can have important consequences.

This was evident in recent proceedings before the Federal Court of Australia – Show Pony Group Pty Ltd (Showpo) v Black Swallow Boutique & Ors (Black Swallow) (File No. NSD1984/2016).

The case flags important issues for employers – the security risks associated with the use and management of online data and the fact that a breach of confidence often occurs internally.

Case study

Showpo and Black Swallow were both on-line fashion retailers with similar target markets.

Showpo alleged that a former employee downloaded information containing some 306,000 contacts shortly prior to resignation, for the benefit of her new employer Black Swallow. The database comprised significant information including a customer mailing list, subscribers and competition entrants and contacts of suppliers.

When Showpo learned that Black Swallow had started using the database, proceedings were filed in the Federal Court, and Showpro was granted an interim injunction preventing Black Swallow, its CEO and the former employee from using or disclosing the contents of the customer mailing list.

Although the matter was ultimately settled through mediation, by consent the Court ordered that the respondents (Black Swallow, its CEO and Showpo’s ex-employee) be permanently restrained from using or disclosing the client contact list or any information derived from it and that they pay Showpo $60,000 as compensation.

On-line security management

Employers should evaluate and monitor their IT systems, policies and procedures. It is important to set very specific rules when determining who has access to confidential information and how that information may be used.

To minimise on-line security risks, a business can take the following steps:

• Work with an IT professional to ensure that they understand their computer systems and that all possible security, storage and backup devices are available and being used effectively.

• Ensure that access to confidential or sensitive information is provided only as absolutely necessary and that records are kept with details of those employees who are granted access.

• Educate staff about on-line security safety and scams or unauthorised access attempts and require that any suspicious activity be immediately reported.

• Reiterate the importance of creating strong passwords and keeping them confidential. Passwords should never be shared with other staff members.

• Ensure that an outgoing employee’s access to information is immediately terminated upon his or her departure and passwords reset.

• Use employment agreements, policies and codes of conduct to document employee expectations regarding IT security and computer use.

Employment agreements

Although a duty of confidentiality is implicit within the employment relationship, employers should use written contracts to reiterate the employee’s obligations.

Incidental workplace matters and employee expectations regarding computer use and confidentiality should also be spelt out in company policies and codes of conduct which should be made available to all employees before or on induction.

Confidentiality and trade secrets can be further protected through restraint of trade clauses in the employment contract.

A restraint of trade clause seeks to prevent an employee after leaving the workplace, from using confidential information and/or working with certain competitors within a certain area and for a specific time. Restraint of trade clauses must be carefully drafted to ensure they are reasonable in the circumstances and only go so far as to protect the legitimate interests of the business.