"Information is power" is a well known, and much used phrase. It has never been more accurate in a world increasingly driven and run by commerce, media and technology. The control and manipulation of information can dictate the way in which governments act, the views of the public, as well as the state of a company's balance sheet.
However, with power comes responsibility and it is the job of the law to curb the misuse of information and protect individuals and companies from the disclosure of confidential information (be it accidental or deliberate) which has the potential to damage reputations, provide competitors with an unfair advantage or have a negative effect on a company's business.
A number of common law and statutory provisions seek to provide this protection: the Data Protection Act 1998, the Human Rights Act 1998 as well as a number of intellectual property rights. There is no English domestic law of invasion of privacy. In developing a right to protect private or confidential information the English courts have to proceed through the tort of breach of confidence into which the jurisprudence of Articles 8 and 10 ECHR has been shoehorned1. This is a provision derived from the common law, which seeks to protect individuals and companies where:
- the information has the necessary "quality" of confidence
- the information has been imparted in circumstances imposing an obligation of confidence and
- there has been an unauthorised use of the information to the detriment of the party communicating it.
Breach of confidence is premised on the theory that information received in confidence (either expressly or impliedly) ought to be able to be protected from disclosure to others without the permission of the original discloser. The fact is that confidential information is of a "confidential" nature because it is highly important to a business (sometimes the information is the business) and that the confidential information must therefore be "worked" for the benefit of that business. This means that the owner of the confidential information must regularly place it in the hands of employees of the company or disclose it to outside bodies for business purposes; this can lead to the accidental or deliberate disclosure of that information to third parties and a third party benefiting.
In these circumstances the principles of breach of confidence will be there to protect such information if the three elements mentioned above are satisfied:
"Quality" of confidence
In respect of this first element, it must be shown that the information is not useless and neither is it trivial in the public domain.
Imparted in circumstances imposing an obligation of confidence
The information must have been disclosed during a relationship where a reasonable person would ordinarily expect a duty of confidentiality to exist. Examples of these circumstances would be employment relationships, consultancy arrangements, solicitor-client relationships, business relationships (or proposed business relationships) or those persons who themselves are subject to a duty of confidentiality. It has even been held, in Stephens v Avery and others  2 All ER 477, that information disclosed to a friend can be subject to an enforceable duty of confidence.
Unauthorised use to the detriment of the original discloser
Depending on how long the third party has held the information, or what it has done with it, this may mean the threat by the third party to use the information or the actual use of the information for commercial/monetary ends or other uses which are to the detriment of the original discloser.
Protection prior to disclosure
As mentioned above the principles of breach of confidence will protect a party from the disclosure (or threat of disclosure) of confidential information providing that a number of conditions are met. However, the following additional practical and legal steps should also be considered to safeguard where possible information that is business sensitive:
- Make sure that information is marked "confidential" and that before disclosing confidential information to third parties (for example for discussions on a possible joint venture) you expressly inform the third party that the information is confidential;
- Do not rely on the law of confidence alone to protect your business, but, where appropriate, enter into confidentiality agreements which will govern the terms of the parties' relationship and protect the disclosure of specific pieces of information; and
- Ensure that confidentiality provisions are included in employees' contracts and that your company has a confidentiality policy which is well advertised and known by its staff;
Protection following disclosure
If confidential information is passed to third parties (or that is threatened) the original discloser must move quickly to ensure that the extent of the breach is limited or that the information is not disclosed. In many cases disclosure of confidential information could have a devastating effect on the business in question. Where the confidential information is a company's trade secrets, or the company is a pioneer in a particular market, then damages in the form of financial compensation will not put the company back in the position it would have been in had the information not been disclosed. Therefore, if a breach is threatened the company should act very quickly, either seeking undertakings from the potential discloser, or (more likely) going to court to obtain an injunction without giving notice to the person threatening the breach. A company would have to show that in the event of breach of confidentiality the breach would be such that it would not be adequately compensated by an award of damages.
The remedies available from the court will depend on the particular circumstances, but the following is a list of those which may be available for a petitioning company or individual:
- account of profits
- delivery up/destruction of the confidential information
- an adverse costs order.
Recent case law
Two recent cases have discussed the extent of the remedies available to protect against breach (or threatened breach) of confidence. The first was L v (1) L and (2) H (A Firm)  EWHC 140 QB, where, in the midst of a divorce battle, a wife appropriated and copied her husband's computer's hard drive hoping to preserve confidential and/or financial information that she feared her husband might destroy. Here the husband successfully argued that the information on the hard drive might include confidential information belonging to him and which his wife was not entitled access to (as well as legally privileged information). The court was persuaded that the hard drive contained confidential information which merited the delivery up of the hard drive (and all copies) to the husband.
A second case in 2007, Sectrack NV v Satamatics Limited (2) Jan Leemans  EWHC 3003 (Comm), highlighted the manner in which an injunction could protect the disclosure of a party's confidential information. In essence this case highlights that where confidential information has been disclosed, an injunction can be granted which provides "springboard" relief. That is, for example, if a customer list was disclosed to a third party in breach of confidence, and it is ruled that it would have taken that third party 6 months to build up such a customer list, then the injunction against the third party using that information would remain in place for 6 months to negate any commercial advantage that they would receive from having appropriated it.
These cases show that where a claimant acts swiftly, and has shown the three elements set out above, the law can provide remedies which will either prevent further disclosure of confidential information, return confidential information to its owner or prevent a third party taking advantage of the information disclosed. However, the damage may already be done by the time the information is disclosed. Companies should carefully consider what confidential information they disclose to employees or third parties and check that they have put in place internal systems to protect against misuse of any material disclosed wrongly.
As confirmed in Margaret, Duchess of Argyll (femme sole) v Duke of Argyll & oths  1 All ER 611 and affirmed in Coco v A N Clark (Engineers) Ltd  RPC 41 most recently developed in Douglas v Hello! (no3)  QB1259 and McKennitt v Ash  EWCA Civ 1714  EMLR 113