Confidential Information

Introduction

 

It is a central tenet of Malaysian law that there can be no property in pure information. A person cannot own information, in the same way that he or she can own the copyright in a work, or the patent rights in an invention. The unauthorized disclosure of confidential information may however give rise to civil liability on the part of the disclosing party, on the basis that where a person has promised not to divulge a secret, he or she ought to be held to his or her word. The protection of confidential information in Malaysia is therefore founded upon the relationship between a confider and his confidant.

Malaysian law in this area is based on English law. In line with the developments in English law, a breach of confidence is generally actionable in the Malaysian Courts if the following three conditions are fulfilled.

 

1. Information must be confidential

 

Firstly, the information disclosed must be confidential in nature. The information may be in respect of trade secrets (e.g. customer lists), technological secrets (e.g. knowhow relating to a manufacturing process), personal information or any other form of confidential information.

The information in question must not be readily accessible to persons that normally deal with that kind of information. Information which is already in the public domain is generally not protectable. However, where it is a defendant's breach of confidence itself that has resulted in the information becoming publicly available, the defendant remains liable for loss and damage suffered by the plaintiff arising from such disclosure.

 

2. Information must be disclosed in circumstances importing confidentiality

 

Secondly, the information must have been imparted in circumstances which give rise to an obligation of confidentiality. The recipient of confidential information will only be bound if a reasonable man standing in the shoes of the recipient of the information would realize on reasonable grounds that the information was being given to him in confidence. The clearest case is of course where one person gives another information on express condition that he keep it a secret. However, the obligation of confidentiality may also arise by implication having regard to the surrounding circumstances.

One of the relationships in which this duty of confidentiality normally arises is that of employer and employee. Generally, during the currency of his or her employment, an employee must observe a "duty of fidelity" to his or her employer, to act in the employer's best interests. This includes protecting the trade secrets that the employee is exposed to in the course of his or her work. Once an employee leaves employ, he or she is still obliged to keep confidential the trade secrets of his or her former employer. Thus, for example, an employer is entitled to prevent an ex-employee from making use of a list of customers which the employee deliberately memorized or copied for this purpose. Such protection however does not extend to general skill and knowledge in the employee's head which the employee would necessarily have acquired during the course of his employment.

 

3. Actual or anticipated unauthorized use or disclosure

 

Thirdly, there must be an actual or anticipated unauthorized use or disclosure of the information in question. No action may be brought if no unauthorized breach of confidence is threatened or has occurred.

Where the unauthorized disclosure or use is anticipated, the Courts will in the appropriate circumstances grant an interlocutory injunction to prevent such use or disclosure. The Courts may also award damages for any loss or damage suffered by reason of a breach of confidence, or in certain circumstances, for future injuries in lieu of an injunction.

 

Protecting confidential information

 

There is no system of registration for confidential information. Protection is available only by keeping the information secret, because once made public the information cannot subsequently be made secret again. Even if the owner of the misappropriated information takes legal action and obtains payment for the damage suffered, this may never be as good as having the information kept confidential in the first place.

An important aspect of maintaining protection is adequate management control by businesses. Access to confidential information by staff should be restricted by management on a "need-to-know" basis, since the commonest cause of loss of confidential information from a company is staff moving to another firm in the same field of business. Appropriate clauses should be included in employment contracts and contracts with third parties such as suppliers, sub-contractors and the like.

 

Non-Disclosure Agreement (NDA)

 

It happens regularly in business that one company needs to disclose its confidential information to another. For example, a manufacturer may need to submit its new product to a test laboratory for technical assessment and approval prior to the product being launched on the market. It is often also necessary to share secrets when some form of cooperation is contemplated between two companies.

In these circumstances, it is strongly advisable for a Non-Disclosure Agreement (NDA) to be drafted and signed by the parties that sets out their obligations to one another in terms of any confidential information that needs to change hands. An NDA provides the advantage that in the event legal action does become necessary due to a breach of confidence, the matter can be handled in much the same way as enforcement of any other business contract.

 

Protection of undisclosed information under international agreements

 

Article 39 of the TRIPs Agreement (Trade-Related Aspects of Intellectual Property Rights), which is binding on member countries of the World Trade Organisation, requires the protection of undisclosed information of commercial value and of certain data submitted to governments or government agencies, in the course of such countries ensuring effective protection against unfair competition.