The law of confidentiality is useful in the commercial world as it recognises that certain information that has been divulged in circumstances imposing an obligation of confidence should be protected. The requirements are considered further below. The scale of confidentiality varies greatly and starts with trade secrets at one end, e.g. the recipe for a market-leading product. At the other end of the scale of importance comes the firm, which does not want its competitors to know how many customers it has or who these customers are. Breach of confidentiality does not depend on an express contract between the parties (although non-disclosure agreements are often used to ensure certainty) and it has the following three elements:
For information to be of a confidential nature, it has to be sufficiently important and have involved some thought or effort on the part of the person who had the idea. It cannot just be a general concept. The test for this is as follows:
In the absence of an express contractual term imposing confidentiality, there are a number of circumstances that can give rise to an obligation of confidence. The most obvious ones are between solicitor and client, doctor and patient and between an employer and his or her employee during the course of employment.
In less obvious situations, the test used to determine whether the circumstances will give rise to an obligation of confidence is whether, at the time of receipt of the information, the circumstances were such that it would be obvious to a reasonable person that the information was confidential.
Although the original recipient of information may owe a duty to the owner of the information to keep that information confidential, the obligation of confidentiality will not necessarily extend to a third party who acquires the information from the original recipient. This is particularly true if the third party does not know that the information is confidential. In these circumstances, it is possible that the third party can use or disclose the information as they wish, even though the original recipient of the information breached the duty they owed to the owner by disclosing the information to the third party. However, if such third party acquires or receives information in circumstances in which he or she knows, or ought reasonably to know, such information is confidential, such third party may also be bound by the obligations of confidentiality until the relevant information becomes available to the general public.
Information that remains locked in the mind of the person who obtains it cannot cause a problem. It is only when there is unauthorised use of the information that the law of confidentiality steps in. For example, the information may have been supplied to another party in order for that party to do a specific task, for example, personal information may be passed to an employee of a company for the sole purpose of entering the data into the company computer system. If they were to do just that, it would constitute the authorised use of the information. If, however, that person was to use the information for any other purpose such as disclosing it to others, that would constitute an unauthorised use of the information.
The remedies for breach of confidence consist of injunction (or, in Scotland, interdict), damages, or an account of profits, and delivery up or destruction of documentation containing the relevant information.
There are several defences to a claim of breach of confidentiality available to the recipient of information. These include where the recipient can show that the information is no longer confidential because it is now public knowledge through no act of the recipient (the recipient cannot be allowed to benefit from his or her own wrongdoing).
In addition, there is the defence of public interest. The court will not respect an obligation of confidence if it is in the public interest that confidential information is made known to the public.
Suing for an alleged breach of an implied duty of confidence should be considered a last resort, primarily because you cannot know with certainty before you begin proceedings that the court will find that a duty of confidence can in fact be implied at all, or what the extent of that duty will be considered to be in your particular case. Imposing specific ways to protect confidential information on the recipient is of far more use than suing for breach of an implied duty of confidence. Practical steps include adopting a procedure for retention and destruction of documents, marking documents that are confidential, and entering into non-disclosure agreements.