Protection of confidential technologies and information

In brief: For businesses involved in the creation, exploitation, or use of technologies, the protection of trade secrets and commercially valuable confidential information from competitors can be critical to a business's success or failure.

Confidential information generally

Confidential information can be protected under contract and through statutory provisions, most notably in the Corporations Act 2001 (Cth) (Act). It can otherwise be protected by the operation of law, where the information is not in the public domain and is being treated and communicated as confidential information (for example: by way of an equitable duty of confidence). 

Factors for determining confidentiality

In the recent decision of Luvalot Clothing Pty Ltd v Dong [2022] FCA 1411, factors for determining whether certain information is confidential are helpfully summarised and includes:

"1. The extent to which the information is known outside the business.
2. The extent to which the [information] was known by employees and others involved in the plaintiff’s business.
3. The extent of measures taken to guard the secrecy of the information.
4. The value of the information to the plaintiffs and their competitors.
5. The amount of effort or money expended by the plaintiffs in developing the information.
6. The ease or difficulty with which the information could be properly acquired or duplicated by others.
7. Whether it was plainly made known to the employee that the material was by the employer as confidential [sic].
8. The fact that the usages and practices of the industry support the assertions of confidentiality.
9. The fact that the employee has been permitted to share the information only by reason of his or her seniority or high responsibility.
10. That the owner believes these things to be true and that belief is reasonable.
11. The greater the extent to which the ‘confidential’ material is habitually handled by an employee, the greater the obligation of the confidentiality imposed.
12. That the information can be readily identified." [Our emphasis added]

Under contract, potentially wider categories of information may be protected through characterisation as confidential information. 

Precision in identifying confidential information

There needs to be precision regarding the identification of what is claimed to be confidential. Care needs to be taken to ensure that contractual obligations properly reference that information, rather than broad, amorphous concepts of confidential information. Broad classes of information may not be sufficiently precise for protection either under contract, or for reliance on a breach of an equitable obligation of confidence. 

For example, in engineering technologies, a particular part or component might have a mixture of design elements, potentially patentable aspects, but may also have been produced and manufactured using very specific methods, processes, or to undisclosed tolerances, that could not be easily recreated by a competitor (even with access to the component). Being able to properly identify and articulate the information required to follow a particular engineering or technology process is key to the enforcement of obligations of confidentiality.

For emerging technologies in the AI era, the issue of identification of confidential information involved in AI technologies poses other unique difficulties, which we discussed in our article, "Black box" infringement: Generative AI and intellectual property rights.

In Saltman Engineering Co Ltd v Campbell Engineering Co Ltd [1963] 3 All ER 413 at 415, the Court of Appeal said the following about the quality of confidence in information: 

"…but what makes it confidential is the fact that the maker of the document has used his brain and thus produced a result which can only be produced by somebody who goes through the same process."

Specifically identifying a business's information enables the detection of particular processes and potential misuse of  confidential information.

The availability of relief may otherwise rest on whether any harm has been done, and the commerciality of protracted litigation over a detected misuse. Without loss, there may be no utility or purpose to court relief. Since courts generally do not make inutile determinations, relief may simply not be available in the absence of loss. 

The internal threat

Many confidential information disputes originate out of an employee/employer relationship, or a contractor relationship. This is unfortunate but unsurprising, as it is within those trusted relationships that access to confidential information is provided, and it is often necessary for the employee/contractor to perform their role. 

Contractual provisions (whether employment, non-disclosure or otherwise) are not sufficient on their own to ensure a business can seek appropriate relief against the misuse of its confidential information through an internal threat actor.

Instead, proof of access to, retention of, or exfiltration of a business's information is critical to demonstrating that a party had access to and misused a business's confidential information. The ability to track and audit communication of information internally, and especially out of a business's information systems, is critical evidence for any confidentiality dispute. 

There are limitations on what obligations an employee might have about information received in the course of their employment. The information that is retained in an employee's mind, potentially becomes part of that employee's acquired skill and experience, provided the information has not been deliberating memorised - see Phillips v Robab Pty Ltd [2014] NSWSC 1520. In rare instances (mnemonists or people with eidetic memories), the potential for the accurate recollection of vast amounts of information may be possible (provided, probably, that there is no evidence that the information has been deliberately memorised).

In addition to any contractual and equitable obligations they have, company officers, and employees, both past and present, have statutory obligations to keep confidential information confidential. 

Section 183 of the Act provides a prohibition on the improper use of information obtained in their roles to:

(a) gain an advantage for themselves or someone else
(b) cause detriment to the corporation. 

Section 183 of the Act expressly extends to conduct by a person after they cease their role as an officer or employee. 

The term 'improper' is not defined in the Act, but may be akin to a breach of equitable obligations of confidence (see Del Casale v Artedomus (Aust) Pty Ltd [2007] NSWCA 172), such that assuming the following conditions are met:

1. The information possesses the necessary quality of confidentiality
2. has been imparted in circumstances implying an obligation of confidentiality
3. "unauthorised use of that information to the detriment of the party communicating it" (see Attorney-General (UK) v Heinemann Publishers Australia Pty Ltd (1987) 8 NSWLR 341) would amount to a breach of confidence (or qualify as 'improper' conduct for  Section 183 of the Act). 

Fighting about secrets, in public

Given the Australian court system is open and public, the litigation of confidential information disputes potentially threatens the confidentiality sought to be protected. Once confidential information is read/said in open court, the confidentiality of that information will be lost. Even communication of the information between the participants to the litigation may be problematic since the participants are invariable competitors (or alleged competitors). 

Care must be taken to agree to regimes within the court system to protect the information a business asserts is valuable to it. This includes:

• Orders preventing the disclosure of documents exchanged in the proceeding with the parties directly, and instead being restricted to the parties' legal representatives, including counsel.
• Orders restricting public access to the information, including orders ensuring that the information is not read or revealed in open court, that evidence is properly recorded on the court file as confidential, and orders protecting the confidentiality of that information. 

Additional protections are afforded for documents revealed through a court process both under the Civil Procedure Act 2010 (Vic) - see Section 26 of the Civil Procedure Act 2010 (Vic), and the implied Harman Undertaking, where the disclosure has occurred as a result of some compulsory process, and the information has not been read, reveal in open court and made public thereby. 

In extreme instances, the confidential information involved can have national security implications (for example: disputes involving Defence technologies), in which case further steps may be required to conduct the litigation without contravention of other laws. 

In Australia, such information is protected under a comprehensive list of secrecy provisions - for example, the general secrecy offences in Part 5.6 of the Criminal Code, and non-disclosure duties in Commonwealth laws. As at January 2023, there were 296 non-disclosure duties in 107 Commonwealth laws which attract criminal liability for unauthorised disclosure of information by current or former Commonwealth officers, under section 122.4 of the Criminal Code (see List of Secrecy provisions in Commonwealth laws, published 24 March 2023). 

The use of such information in a commercial dispute or even criminal proceedings is problematic, and may require a departure from the fundamental principle of open justice, such as through the processes set out in the National Security Information (Criminal and Civil Proceedings) Act 2004 (Cth). 

Key recommendations 

• In disputes involving confidential aspects of technologies/processes, clear identification of the information being protected (whether it be processes, tolerances, etc) is critical.
• Consideration should be given early in the dispute to precisely what protections may be needed to conduct the litigation without compromising the confidential information, or (in extreme cases) contravening other secrecy obligations that might attach to the information.