Legal Options If Employees Breach Confidentiality in Singapore
If an employee leaks confidential information from your business, the legal and operational implications are potentially serious. In this article we will discuss:
- What is confidential information
- When breaches of confidentiality might occur
- The potential consequences of a breach of confidentiality
- How to prevent breaches of confidentiality by employees
- What employers can do if employees have breached confidentiality
- How a lawyer can help you prevent breaches of confidentiality, or address breaches that have already occurred
What is Confidential Information?
Confidential information generally refers to any information pertaining to a business that is not publicly available. It may include passwords, emails relating to the business, trade secrets, personal data of individuals and third-parties, pricing information and client information.
Your employment agreements with your employees should clearly define the types of business information that are considered confidential information (and hence cannot be disclosed).
The employment agreements should also state when your employees are allowed to disclose such information. Standard exceptions to the duty not to disclose confidential information include where:
- The law requires such disclosure (e.g. as per a court order)
- The disclosure is necessary in order to file tax returns
- The information has already become publicly available (through some means other than a breach of confidentiality)
When Might Breaches of Confidentiality Occur?
A time to be on high alert for breaches of confidentiality is when an employee leaves to join a competitor. This is a time when employees might be inclined to intentionally take things like client lists or pricing information, which can possibly benefit them in their new job, with them.
However, breaches of confidential information can also happen at any time through sheer carelessness. For example, inadequate cybersecurity measures can result in data being stolen from your business through simple phishing email scams.
Data can also be stolen when more sophisticated spyware is unintentionally installed on a work computer when an employee visits an unsafe website, and the spyware then adjusts the computer’s security settings or connects external hardware to the computer.
Apart from cyberattacks, careless leaks can occur when employees simply don’t know what information can be shared externally and what information is confidential. They may provide information such as personal contact details of other employees or management to customers or suppliers who call and simply ask for it for apparently reasonable purposes.
What are the Potential Consequences of a Breach of Confidentiality?
The operational risk is obvious and generally well understood: if the information that was disclosed by the employee could give a competitor any kind of competitive advantage against you, you could suffer financial loss arising out of the movement of client revenue from you to that competitor.
The legal risk is that if you were negligent in allowing this leak to occur, your business is vicariously responsible for your employee’s actions, which could place your business in breach of its contractual confidentiality obligations to third-parties.
This could possibly lead to a lawsuit against you for damages and/or it could place your business in breach of its obligations under the Personal Data Protection Act, resulting in an enforcement action against your business by the Personal Data Protection Commission.
How to Prevent Breaches of Confidentiality by Employees
There are a variety of tools available to prevent and limit breaches of confidentiality by employees. Knowing how to deploy them effectively relies on your business having a clearly stated confidentiality policy that is effectively communicated to employees. A lawyer can work with you to craft a confidentiality policy that is feasible for your business.
Core to this policy is defining what is and is not confidential and then putting in place protocols that determine how confidential information must be handled safely. This could possibly include things like the use of:
- Strong passwords that need to be changed regularly
- Two-factor authentication for access to sensitive data
- Regularly-updated anti-virus programs
- Email monitoring software
Then there are practical measures such as:
- Setting rules for how different kinds of information must be stored, and who may access such information
- Implementing authorisation protocols for securing management approval before any information is disclosed externally under non-standard circumstances.
However, the key to the successful implementation of a confidentiality policy is educating the staff about it and ensuring that they follow it.
As for intentional breaches of confidentiality, the consequences for these need to be clearly spelled out in the confidentiality policy. Disciplinary or legal action must also be taken in each instance of a breach in order to deter any future breaches.
What Can Employers Do If Employees have Breached Confidentiality?
If you discover that an employee has intentionally breached confidentiality, the first thing to do is to gather evidence of this in order to:
- Understand the extent of the breach; and
- Be able to take action against the employee in breach.
If the breach is serious, you may wish to consider exercising the provision of your employment agreement that allows you to terminate employment without notice for cause (you should ensure that your employment agreement has such a term).
Unless you are a government agency, a breach of confidentiality in itself will not amount to a criminal offence so there is no point in getting the police involved. However, you may wish to engage a lawyer to sue the employee for breach of his employment contract’s confidentiality clause.
To do this, the breach must have caused some actual financial loss to your business and you would need to make some attempt at quantifying how much loss was caused. The loss could be in terms of loss of good-will, loss of actual clients or something else.
A lawyer will be able to engage the services of a forensic accountant to assist in quantifying this in due course if necessary.
Apart from seeking damages to compensate you for the quantified financial loss, the lawyer may possibly also be able to obtain an injunction preventing the employee from retaining or distributing any further confidential information, as a method of damage control.
How Can a Lawyer Help?
Like everything else, when it comes to protecting the confidentiality of your businesses’ information, prevention is better than cure. That’s why the best time to consult a lawyer is before anything bad happens.
Adding watertight confidentiality clauses to employment agreements
A lawyer can help to reduce the likelihood of bad things happening in the future by revising your employment agreements to ensure that your employees’ contractual confidentiality obligations are as tight as they can be (i.e. without any loopholes).
When revising your employment agreements, the lawyer can also ensure that your business has broad contractual powers to respond appropriately by immediately terminating employment and taking legal action if your employees breach their confidentiality obligations.
Drafting comprehensive confidentiality policies
Similarly, a lawyer’s ability to draft a comprehensive confidentiality policy for your business will help prevent future incidents that could derail your business, and help to reduce your business’ legal exposure if those incidents do occur.
With a comprehensive confidentiality policy in place, you are also more likely to be protected against third-party claims (e.g. from clients) for negligence in allowing a breach of confidentiality, and from any potential enforcement action from the Personal Data Protection Commission for any failure to prevent the disclosure of third-party personal data.
Suing employees who have breached confidentiality
Whether or not you have taken the prudent approach of engaging a lawyer early on for these purposes, if an employee has breached confidentiality in a way that has caused an adverse impact on your business, it is recommended that you consult a lawyer about the possibility of suing that employee as soon as possible.
This way, the lawyer can assess the extent to which the legal remedies available to you are likely to reduce the damage done by your employee.
- What are Annual General Meetings (AGMs) in Singapore?
- Anti-Money Laundering Regulations and Your Business: What You Need to Know
- Price-Fixing, Bid-Rigging and Other Anti-Competitive Practices to Avoid
- Dividend Payments Guide for Singapore Business Owners
- Company Audits in Singapore: Requirements and Exemptions
- Guide to Transferring Shares in a Singapore Private Company
- How to Hold an Extraordinary General Meeting (EGM) in Singapore
- How to Issue Shares in a Singapore Private Company
- How to Reduce the Share Capital of Your Singapore Company
- How Businesses Can Legally Conduct Lucky Draws in Singapore
- Dormant Companies and Their Filing Obligations in Singapore
- How to Hold a Board Meeting in Singapore
- Paid-Up Capital in Singapore: A Complete Guide (Is $1 Enough?)
- Essential Regulatory Compliance Guide for Singapore Companies
- Finding a Suitable Corporate Secretarial Firm in Singapore
- Oppression of Minority Shareholders
- Process Agents in Singapore
- Company Constitutions in Singapore and How to Draft One
- Company Memorandum and Articles of Association
- Minutes of Company Meeting in Singapore: How to Record
- Guide to Filing Financial Statements for Singapore Business Owners
- Filing Annual Returns For Your Business
- Memorandum of Understanding (MOU): Does Your Business Need One?
- Company Resolutions: What are They?
- Board Resolutions in Singapore
- Your Guide to Resolutions Passed at a First Directors’ Meeting
- Your Guide to Resolutions to Appoint a Company Secretary
- Your Guide to Resolutions for Authority to Act on a Share Purchase and Subscription Agreement
- Your Guide to Shareholders’ Resolutions for Share Allotments
- Your Guide to Resolution for Authorisation of Investment in the Shares of Another Company
- Your Guide to Share Certificates in Singapore: Usage and How to Prepare
- Your Guide to Resolution for Transfer of Shares
- Your Guide to Resolution for Change of Registered Address
- Your Guide to Board Resolution for Approval/Allotment of Shares
- Your Guide to Resolutions to Increase the Share Capital
- How to Set Up a Register of Controllers
- How to Set Up a Register of Nominee Directors
- Shadow Directors: Who are They and What Duties Do They Owe to the Company?
- Guide to Directors' Remuneration in Singapore
- 3 Types of Insurance Every Singapore Business Needs
- How to Change the Name of Your Singapore Company
- How to Remove a Director from a Company in Singapore
- Appointing Company Directors in Singapore: Eligibility, Process etc.
- Company Loans to Directors/Shareholders (& Vice Versa) in Singapore
- Share Transmission: What Happens If a Shareholder Dies in Singapore?
- Business Will: How to Pass on Your Business to Your Successors in Singapore
- Shareholder Rights in Singapore Private Companies
- Removal and Resignation of Company Auditor in Singapore
- Shareholder Roles and Obligations in Singapore Companies
- Creating and Registering Charges in Singapore: Guide for Companies
- How to Commence a Derivative Action on Behalf of a Company in Singapore
- Managing Director vs CEO in Singapore: Roles and Obligations
- Appointing an Authorised Representative for a Singapore Business
- Business Partnership Disputes in Singapore: How to Resolve
- Appointing a Company Secretary: Roles and Responsibilities
- Directors' Duties in Singapore
- What is Withholding Tax and When to Pay It in Singapore
- Singapore Influencers: Here's How to Calculate Your Income Tax
- Corporate Tax in Singapore: How to Pay, Tax Rate, Exemptions
- When to Register for GST, How and Responsibilities after Registration
- Start-Up Tax Exemption Guide for New Singapore Companies
- Tax Investigation of Tax-Evading Business Owners in Singapore
- Essential PDPA Compliance Guide for Singapore Businesses
- Cloud Storage of Personal Data: Your Business’ Data Protection Obligations
- How Can Companies Dispose of Documents Containing Personal Data?
- Here's a 7-Step Plan for Companies to Prevent Unauthorised Disclosure When Processing and Sending Personal Data
- Appointing a Data Protection Officer For Your Business: All You Need to Know
- Summary: Your Organisation's 9 Main Obligations under the Personal Data Protection Act
- Check the Do-Not-Call Registry Before Marketing to Singapore Phone Numbers
- GDPR Compliance in Singapore: Is it Required and How to Comply
- Is It Legal for Businesses to Ask for Your NRIC in Singapore?
- PDPA Consent Requirements: How Can Your Business Comply?
- Legal Options If Employees Breach Confidentiality in Singapore
- Insolvency: Claw-back of Assets from Unfair Preference and Undervalue Transactions
- Striking Off a Company
- What Should a Creditor Do When a Company Becomes Insolvent?
- Dissolution of partnerships in Singapore
- Validation of Payments Made by Companies Being Wound Up
- Can a Company that Struck Itself Off the Register Later Apply to Restore Itself?
- Are You Closing Your Singapore Business? Have You Settled All of the Following?
- How to File a Proof of Debt against a Company in Liquidation
- Winding Up a Company