Legal Options If Employees Breach Confidentiality in Singapore
If an employee leaks confidential information from your business, the legal and operational implications are potentially serious. In this article we will discuss:
- What is confidential information
- When breaches of confidentiality might occur
- The potential consequences of a breach of confidentiality
- How to prevent breaches of confidentiality by employees
- What employers can do if employees have breached confidentiality
- How a lawyer can help you prevent breaches of confidentiality, or address breaches that have already occurred
What is Confidential Information?
Confidential information generally refers to any information pertaining to a business that is not publicly available. It may include passwords, emails relating to the business, trade secrets, personal data of individuals and third-parties, pricing information and client information.
Your employment agreements with your employees should clearly define the types of business information that are considered confidential information (and hence cannot be disclosed).
The employment agreements should also state when your employees are allowed to disclose such information. Standard exceptions to the duty not to disclose confidential information include where:
- The law requires such disclosure (e.g. as per a court order)
- The disclosure is necessary in order to file tax returns
- The information has already become publicly available (through some means other than a breach of confidentiality)
When Might Breaches of Confidentiality Occur?
A time to be on high alert for breaches of confidentiality is when an employee leaves to join a competitor. This is a time when employees might be inclined to intentionally take things like client lists or pricing information, which can possibly benefit them in their new job, with them.
However, breaches of confidential information can also happen at any time through sheer carelessness. For example, inadequate cybersecurity measures can result in data being stolen from your business through simple phishing email scams.
Data can also be stolen when more sophisticated spyware is unintentionally installed on a work computer when an employee visits an unsafe website, and the spyware then adjusts the computer’s security settings or connects external hardware to the computer.
Apart from cyberattacks, careless leaks can occur when employees simply don’t know what information can be shared externally and what information is confidential. They may provide information such as personal contact details of other employees or management to customers or suppliers who call and simply ask for it for apparently reasonable purposes.
What are the Potential Consequences of a Breach of Confidentiality?
The operational risk is obvious and generally well understood: if the information that was disclosed by the employee could give a competitor any kind of competitive advantage against you, you could suffer financial loss arising out of the movement of client revenue from you to that competitor.
The legal risk is that if you were negligent in allowing this leak to occur, your business is vicariously responsible for your employee’s actions, which could place your business in breach of its contractual confidentiality obligations to third-parties.
This could possibly lead to a lawsuit against you for damages and/or it could place your business in breach of its obligations under the Personal Data Protection Act, resulting in an enforcement action against your business by the Personal Data Protection Commission.
How to Prevent Breaches of Confidentiality by Employees
There are a variety of tools available to prevent and limit breaches of confidentiality by employees. Knowing how to deploy them effectively relies on your business having a clearly stated confidentiality policy that is effectively communicated to employees. A lawyer can work with you to craft a confidentiality policy that is feasible for your business.
Core to this policy is defining what is and is not confidential and then putting in place protocols that determine how confidential information must be handled safely. This could possibly include things like the use of:
- Strong passwords that need to be changed regularly
- Two-factor authentication for access to sensitive data
- Regularly-updated anti-virus programs
- Email monitoring software
Then there are practical measures such as:
- Setting rules for how different kinds of information must be stored, and who may access such information
- Implementing authorisation protocols for securing management approval before any information is disclosed externally under non-standard circumstances.
However, the key to the successful implementation of a confidentiality policy is educating the staff about it and ensuring that they follow it.
As for intentional breaches of confidentiality, the consequences for these need to be clearly spelled out in the confidentiality policy. Disciplinary or legal action must also be taken in each instance of a breach in order to deter any future breaches.
What Can Employers Do If Employees have Breached Confidentiality?
If you discover that an employee has intentionally breached confidentiality, the first thing to do is to gather evidence of this in order to:
- Understand the extent of the breach; and
- Be able to take action against the employee in breach.
If the breach is serious, you may wish to consider exercising the provision of your employment agreement that allows you to terminate employment without notice for cause (you should ensure that your employment agreement has such a term).
Unless you are a government agency, a breach of confidentiality in itself will not amount to a criminal offence so there is no point in getting the police involved. However, you may wish to engage a lawyer to sue the employee for breach of his employment contract’s confidentiality clause.
To do this, the breach must have caused some actual financial loss to your business and you would need to make some attempt at quantifying how much loss was caused. The loss could be in terms of loss of good-will, loss of actual clients or something else.
A lawyer will be able to engage the services of a forensic accountant to assist in quantifying this in due course if necessary.
Apart from seeking damages to compensate you for the quantified financial loss, the lawyer may possibly also be able to obtain an injunction preventing the employee from retaining or distributing any further confidential information, as a method of damage control.
How Can a Lawyer Help?
Like everything else, when it comes to protecting the confidentiality of your businesses’ information, prevention is better than cure. That’s why the best time to consult a lawyer is before anything bad happens.
Adding watertight confidentiality clauses to employment agreements
A lawyer can help to reduce the likelihood of bad things happening in the future by revising your employment agreements to ensure that your employees’ contractual confidentiality obligations are as tight as they can be (i.e. without any loopholes).
When revising your employment agreements, the lawyer can also ensure that your business has broad contractual powers to respond appropriately by immediately terminating employment and taking legal action if your employees breach their confidentiality obligations.
Drafting comprehensive confidentiality policies
Similarly, engaging a lawyer to draft a comprehensive confidentiality policy for your business will help prevent future incidents that could derail your business, and help to reduce your business’ legal exposure if those incidents do occur.
With a comprehensive confidentiality policy in place, you are also more likely to be protected against third-party claims (e.g. from clients) for negligence in allowing a breach of confidentiality, and from any potential enforcement action from the Personal Data Protection Commission for any failure to prevent the disclosure of third-party personal data.
Suing employees who have breached confidentiality
Whether or not you have taken the prudent approach of engaging a lawyer early on for these purposes, if an employee has breached confidentiality in a way that has caused an adverse impact on your business, it is recommended that you consult a lawyer about the possibility of suing that employee as soon as possible.
This way, the lawyer can assess the extent to which the legal remedies available to you are likely to reduce the damage done by your employee.
- Appointing Company Directors in Singapore: Eligibility, Process etc.
- Managing Director vs CEO in Singapore: Roles and Obligations
- Guide to Directors' Remuneration in Singapore
- Directors' Duties in Singapore
- Shadow Directors: Who are They and What Duties Do They Owe to the Company?
- How to Remove a Director from a Company in Singapore
- Removal and Resignation of Company Auditor in Singapore
- Appointing a Company Secretary: Roles and Responsibilities
- Appointing an Authorised Representative for Foreign Companies in Singapore
- Process Agents in Singapore
- 2 Ways to Remove a Singapore Company Shareholder ASAP
- Guide to Paid-Up Capital in Singapore (Is $1 Enough?)
- Preparing a Register of Shareholders for a Singapore Company
- How to Issue Shares in a Singapore Private Company
- Guide to Transferring Shares in a Singapore Private Company
- Your Guide to Share Certificates in Singapore: Usage and How to Prepare
- Shareholder Rights in Singapore Private Companies
- Shareholder Roles and Obligations in Singapore Companies
- Dividend Payments Guide for Singapore Business Owners
- Share Transmission: What Happens If a Shareholder Dies in Singapore?
- How to Reduce the Share Capital of Your Singapore Company
- Buy-Sell Agreements: How to Write & Fund Them in Singapore
- Oppression of Minority Shareholders
- Essential Regulatory Compliance Guide for Singapore Companies
- Dormant Companies and Their Filing Obligations in Singapore
- Anti-Money Laundering Regulations and Your Business: What You Need to Know
- Price-Fixing, Bid-Rigging and Other Anti-Competitive Practices to Avoid
- Legally Conducting Lucky Draws for Singapore Businesses
- Restaurant Inspection and Food Safety Rules in Singapore
- Does Your Company Need a Legal Team (In-House Counsel)?
- Acqui-Hiring of Singapore Companies: How Does It Work?
- How to Change the Name of Your Singapore Company
- Can Directors be Liable for Company Debts in Singapore?
- Company Loans to Directors/Shareholders in Singapore
- 3 Types of Insurance Every Singapore Business Needs
- Creating and Registering Charges in Singapore: Guide for Companies
- Guide to Effective Business Continuity Planning in Singapore
- Business Asset Sale & Disposal in Singapore: How Do They Work?
- Business Partnership Disputes in Singapore: How to Resolve
- How to Commence a Derivative Action on Behalf of a Company in Singapore
- Business Will: How to Pass on Your Business to Your Successors in Singapore
- Record-Keeping Requirements for Singapore Companies
- Company Constitutions in Singapore and How to Draft One
- Company Memorandum and Articles of Association
- Company Resolutions: What are They?
- Board Resolutions in Singapore
- Minutes of Company Meeting in Singapore: How to Record
- How to Set Up a Register of Controllers
- How to Set Up a Register of Nominee Directors
- Guide to Filing Financial Statements for Singapore Business Owners
- Filing Annual Returns For Your Business
- Singapore Corporate Tax: How to Pay, Tax Rate, Exemptions
- Start-Up Tax Exemption Guide for New Singapore Companies
- GST Registration: Requirements and Procedure in Singapore
- What is Withholding Tax and When to Pay It in Singapore
- Singapore Influencers: Here's How to Calculate Your Income Tax
- Tax Investigation of Tax-Evading Business Owners in Singapore
- Small Business Accounting Services in Singapore
- Company Audits in Singapore: Requirements and Exemptions
- Suspect a PDPA Data Breach? Here's What to Do Next
- Must You Notify PDPC About a Data Breach in Your Business?
- Summary: Your Organisation's 10 Main PDPA Obligations
- Essential PDPA Compliance Guide for Singapore Businesses
- PDPA Consent Requirements: How Can Your Business Comply?
- Is It Legal for Businesses to Ask for Your NRIC in Singapore?
- Here's a 7-Step Plan for Companies to Prevent Unauthorised Disclosure When Processing and Sending Personal Data
- Cloud Storage of Personal Data: Your Business’ Data Protection Obligations
- GDPR Compliance in Singapore: Is it Required and How to Comply
- Appointing a Data Protection Officer For Your Business: All You Need to Know
- How Can Companies Dispose of Documents Containing Personal Data?
- Check the Do-Not-Call Registry Before Marketing to Singapore Phone Numbers
- How to Legally Install CCTVs for Home/Business Use in Singapore
- Is Web Scraping or Crawling Legal in Singapore?
- Legal Options If Employees Breach Confidentiality in Singapore
- Your Guide to E-commerce Website Terms of Service in Singapore
- Dealing with Defamation of Your Business: Can You Sue?
- Sending Email Newsletters That Comply With Singapore Law
- A legal guide to drafting a social media policy for your company
- Your Guide to a Media Release Form in Singapore
- Your Guide to an Influencer Marketing Agreement in Singapore
- Outdoor Advertising: How to Legally Display Public Ads in Singapore
- Should You Save or Close Your Zombie Company in Singapore?
- Voluntary Suspension of Business in Singapore: How to Handle
- Winding Up a Singapore Company: Grounds and Procedure
- Closing Your Singapore Business: What You Need to Settle
- Striking Off a Company
- Can a Company that Struck Itself Off the Register Later Apply to Restore Itself?
- Dissolution of partnerships in Singapore
- What Should a Creditor Do When a Company Becomes Insolvent?
- How to File a Proof of Debt Against a Company in Liquidation
- Validation of Payments Made by Companies Being Wound Up