In the current economic climate, any aspect which can give a company a competitive advantage is becoming increasingly valuable. Gaining an advantage over competitors can involve a range of factors, the details of which must remain confidential if they are to retain their value. However, while employers focus on protecting their Confidential Information from external disclosure, they often fail to identify the biggest risk to disclosure of their Confidential Information: their employees.
Many employers are aware that their Confidential Information is crucial to their business and should be kept under lock and key. However, often the importance of that confidentiality is unfortunately not translated into appropriate procedures for protecting the confidentiality of the information or to including suitable confidentiality provisions in employment contracts.
Increasingly, particularly in the context of start-up companies, employers are entering into employment contracts which contain minimal protection of the employer’s Confidential Information. To compound the issue, much of the Confidential Information of the employer is not treated as such, with employees honestly believing that they are entitled to not only have access to the Confidential Information, but are entitled to take it with them when they leave their employment.
In a recent study by the Ponemon Institute,1 an independent data privacy research firm, over half of employees admit to emailing business documents from their workplace to their personal email accounts, with 41% of employees sending this information to their email accounts at least once a week. 37% of employees admit to unauthorized use of file-sharing apps such as DropboxTM and Google DocsTM .
There is, of course, nothing illegal in employees making authorised copies of documents or files on which they are working during the period of their employment, in order to carry out their work. It is also a fact of economic life that employees change jobs. However, it is when an employee leaves their employ that such copying practices become problematic, as the documents and/or information are then likely to remain in the possession of the previous employee after they have terminated their employment. It is then left to the employer to rectify the situation by relying on any confidentiality provisions included in the employment contract and holding the previous employee to account. It becomes crucial to prevent any disclosure of the Confidential Information to third parties, including the new employer of the previous employee who is most likely a commercial competitor to boot.
Prevention is better than cure
Rather than attempting to rectify the situation after the horse has bolted so to speak, it is essential that employers put procedures in place to protect their Confidential Information from the start.
Employers need to increase their vigilance by ensuring comprehensive provisions are included in employment contracts. Such provisions should not only make it clear to employees what is regarded as Confidential Information by the employer, but also place restrictions on the copying thereof, and the disclosure of any Confidential Information to third parties. Clear instructions should be included in employment contracts for the delivery up of any Confidential Information obtained during the course of the employment, particularly in the context of software development, including source code, object code and any virtual machine images that may have been saved by the employee to external databases.
Employers should additionally put specific procedures in place to protect their Confidential Information. Employees must be suitably educated as to which information is regarded by the employer as confidential and which information may be freely disclosed outside of the workplace. As shown by the recent study by the Ponemon Institute,2 many employees are not aware that they are putting themselves and their employers at risk and do not recognize or understand their role in protecting their employer’s information. Many employees simply do not believe that they are doing anything wrong in copying information that they have obtained during their employment and then keeping this information when they have left their employ.
Protecting Confidential Information in Australia
For an action under the equitable Doctrine of Confidence to be successful in Australia, the Confidential Information must have been specifically identified as confidential; the information must have the necessary quality of confidence; it must have been given or received to import an obligation of confidence; and there must be unauthorized use or disclosure of the information.
An employer can take precautionary steps to ensure that its Confidential Information will be acknowledged as such, should there be any future need to rely on an action at common law under the equitable Doctrine of Confidence. Documents should be dated and clearly labelled as Confidential, for instance by including the word "Confidential" on the top of each document, and stored in specific locations to which only authorised personnel have access. Increasingly, employers are trying to rely on an employee's assumed understanding that all information conveyed orally to them during their employment will be kept confidential by the employee after their employment has been terminated. Unfortunately, simply telling an employee that certain information is confidential is insufficient. It is necessary to have such information correctly documented and identified as confidential in writing, with restricted access thereto.
Employers also need to give routine attention to the confidentiality provisions included in their employment contracts. It is often the case that employees are required to urgently enforce confidentiality provisions and employment contracts only once the employee has moved to another employer. It is then that many employers find to their dismay either that no confidentiality provisions have been included in the previous employee’s contract, or that the provisions that were agreed to are minimal to the point of simply expressing common law fiduciary obligations already existing as a result of the employer-employee relationship.
Comprehensive and detailed confidentiality provisions in employment contracts are essential to protect Confidential Information. This gives the employee contractual rights above and beyond their common law rights in protecting the disclosure of their Confidential Information. In instances where Confidential Information has already been disclosed by the previous employee, it also gives the employer rights in claiming damages. Contractual rights may be easier to prove and enforce than common-law fiduciary obligations, as is often the case in common law jurisdictions.
Where disclosure of Confidential Information affects Patent rights
Where the Confidential Information relates to the development of an invention for which a Patent Application may be filed, the disclosure of the Confidential Information could be disastrous to the employer, particularly if employer is still in the start-up phase. Any public disclosure of an invention before a Patent Application is filed will be considered by most patent jurisdictions as a novelty-destroying event. The fact that the disclosure was unauthorised and quite possibly made by the inventor of the invention, a previous employee, is irrelevant to this inquiry.
Australia, fortunately, has a grace period within which to file a Patent Application should there be any unauthorised public disclosure of the invention. A Patent Application may be validly filed in Australia for the invention, as long as it is filed within six (6) months of the unauthorised disclosure having occurred. The inclusion of comprehensive confidentiality provisions in an employment contract in the event of any unauthorised public disclosure by a previous employee may provide proof that the disclosure was unauthorised and allow employers to file a Patent Application within the grace period.
The inclusion of clearly articulated provisions in employment contracts may also be used to support entitlement proceedings under Section 36 of the Australian Patent Act 1990. Under this section, a person who believes that they are entitled to any patent rights resulting from the Patent Application filed by another person is entitled to challenge that Patent Application and claim ownership of it. If the Commissioner is satisfied that the invention has indeed been invented by the Applicant in the Section 36 Proceedings, the Patent Application may be assigned to that person.
Once an employee has moved to work for a competitor and has taken with him/her information which he/she has already copied from the employer, if he/she is able to support an allegation that the information to which he/she was given free access was not marked as Confidential, it may be too late to rectify the situation. Accordingly, employers should ensure that:
- the confidentiality provisions included in their employment contracts are up to date and comprehensive;
- their documents and information are marked as Confidential and are stored correctly; and
- employees are properly educated as to how to protect the Confidential Information of their employer.