On 3 April 2016 11.5 million files from the database of one of the world’s largest offshore law firms, Mossack Fonseca, were leaked following a hack of its computers. The leaked material has become known as the Panama Papers and revealed what had previously been confidential information about more than 214,000 offshore companies, including information about shareholders and directors of those companies. No doubt many laws were broken in Pamana by those responsible for the leak of the confidential material, but in this article we shall look briefly at what qualifies as “confidential information” in this country and what protections (excluding the criminal law) are available to those who wish to keep their confidential information safe.
What information qualifies as confidential?
The law of confidence exists in English law to protect confidential information from publication and/or other unauthorised use. It is often the only or main form of protection for commercially sensitive information which is not otherwise capable of being protected by intellectual property rights. In order to qualify as confidential information, the information in question must be:
- Confidential in nature; and
- Disclosed in circumstances importing an obligation of confidence.
This definition does not make it easy to identify what is genuinely confidential information and there can be very fine distinctions. Clearly though, information which is available publically will not be confidential in nature and neither will information revealed in circumstances where the recipient of the information could not have been on notice that he or she was to keep the information secret.
The obligation of confidence
In essence, once an individual has received information in confidence, the law seeks to prevent that person from taking unfair advantage of it. An obligation to keep information confidential arises when an individual receives information that they know, or ought reasonably to appreciate, is to be regarded as confidential. Some relationships, such as between a doctor and patient or solicitor and client automatically give rise, by their very nature, to an obligation of confidentiality on the part of the doctor or solicitor.
It is important to note that the obligation of confidence can arise independently of any express agreement between the information sharing parties: you do not need a contract or agreement to be able to take advantage of the law of confidence and its protections. However, to avoid falling foul of any uncertainty as to what is or is not confidential information or whether the information has been imparted in a confidential manner or not, it is sensible, where possible, for any party about to reveal sensitive information to only do so under the terms of an express confidentiality agreement. Such an agreement should specify clearly what information is confidential and what the recipient party may or may not do with it.
Use or threatened use of information / breach of confidence
To be able to take action under the law of confidence there must be a misuse or threatened misuse of the confidential information – a “breach of confidence”. A breach of confidence can occur in two ways:
- Disclosure of the confidential information to an unauthorised third party; and/or
- Using the confidential information for an unauthorised purpose.
If a breach of confidence is established, the possible remedies available to the innocent party are:
- Account of profits – if the party which has misused the confidential information has profited financially from that misuse, then the innocent party can seek to recover those profits for itself;
- Damages – if the misuse of the confidential information has led to the innocent party suffering loss and damage then it can seek to be compensated financially by the wrongdoer; and
- Injunction – the Court can prevent further breaches of confidence by the wrongdoer and force the that same party to destroy copies of the confidential information it holds.
If there is a threat of disclosure or other misuse of confidential information then that also is enough to enable the innocent party to ask the Court for an injunction to prevent a breach of confidence from occurring. It is noteworthy though that not all breaches of confidence will give rise to in a remedy for the innocent party. For example, if the breach was carried out in the public interest, then the Court may not punish the discloser.
Protecting your confidential information – prevention rather than cure
As set out above, any release of confidential information should be carried out under the terms of a written confidentiality agreement where possible. That will provide a good measure of protection in the vast majority of cases.
However, the law of confidence (and a written confidentiality agreement) will not be able to prevent situations like Panama where a hacker is determined to steal information and reveal it to the press. In addition, for some breaches of confidence, the remedies set out in the section above provide limited redress. Often the prime goal is to maintain the confidential nature of the information and not have it revealed to the public. As a result, once a widespread publication has taken place, as in Panama, the damage may have been done and there can never be proper reparation. This perhaps exposes the soft underbelly of the law of confidence – that it is more of a deterrent than anything else.
For this reason, if any warning of a potential future breach of confidence is given, it should not be ignored. Instead, such a threat should be addressed forcefully as it is far better to prevent the breach if possible, than to deal with the fallout after a breach has occurred.