REVISITING THE LAW OF CONFIDENCE IN SINGAPORE AND A PROPOSAL FOR A NEW TORT OF MISUSE OF PRIVATE INFORMATION

• Date: 01 December 2020
• Author: SAW Cheng Lim1 LLB (Hons) (National University of Singapore), LLM (Cambridge); Advocate and Solicitor (Singapore); Associate Professor, School of Law, Singapore Management University. CHAN Zheng Wen Samuel Class of 2022 (LLB/BBM), School of Law, Singapore Management University. CHAI Wen Min Class of 2021 (LLB), School of Law, Singapore Management University. 1 The authors are grateful to the anonymous reviewer for the very kind and helpful comments as well as to Soh Kian Peng for reading an earlier draft of this article. The usual disclaimers apply. The secret is of value only so long as it remains a secret.[2]
• Published date: 01 December 2020

This article critically examines the recent Court of Appeal decision in I-Admin (Singapore) Pte Ltd v Hong Ying Ting [2020] 1 SLR 1130 and its implications for the law of confidence. The article begins by setting out the decision at first instance, and then on appeal. It argues that the Court of Appeal's “modified approach” fails to meaningfully engage the plaintiff's wrongful gain interest and places the law's emphasis primarily, if not wholly, on the plaintiff's wrongful loss interest. The new framework also appears to have been influenced by English jurisprudence, which has had a long but unhelpful history of conflating the distinct concepts of “privacy” and “confidentiality”. To that end, it is submitted that the “modified approach” can play a more meaningful role in the context of a new common law cause of action to be known as the tort of “misuse of private information”. In so far as disputes involving commercial confidences are concerned, the traditional three-stage test for the breach of confidence action famously laid down in Coco v A N Clark (Engineers) Ltd [1969] RPC 41 should be retained, albeit in a modified form.

I. Introduction

1 As much as the circuit breaker which the Government implemented on 7 April 2020 was unprecedented with numerous far-reaching consequences, the same can arguably be said of I-Admin (Singapore) Pte Ltd v Hong Ying Ting3 (“I-Admin (CA)”) – a decision of the Court of Appeal delivered just a day earlier – in relation to the authors' understanding and the future application of the law of confidence in Singapore. I-Admin (CA) unquestionably marked a watershed for Singapore as the decision significantly modified the analytical framework and test which had hitherto been employed to establish the equitable action for breach of confidence.4 In essence, the “modified approach” in the court's judgment5 introduced a legal presumption in favour of the plaintiff but, in the process, also jettisoned the need for the plaintiff to prove the third requirement6 embodied in Megarry J's oft-cited test in Coco v A N Clark (Engineers) Ltd7 (“Coco”), a decision which has been cited with glowing approval by the Singapore courts for very many years.8

2 In an action for breach of confidence, the plaintiff – pursuant to the traditional Coco formulation – must establish three elements: (a) the information concerned is confidential in nature; (b) it was imparted in circumstances importing an obligation of confidence; and

(c) unauthorised use was made of that information to the detriment of the plaintiff. Following I-Admin (CA), however, a plaintiff is now only required to prove the first two elements of the action, whereupon a breach of confidence is presumed and the defendant, in turn, bears the burden of showing that his conscience has not been affected. To say that the Rubicon has been crossed might therefore be no understatement. Indeed, to some segments of society, the decision in I-Admin (CA) is to be warmly welcomed since it reflects a marked shift towards the legal protection of confidences, particularly in an age where information can easily be abused, copied and exploited en masse.9 Nevertheless, for reasons which will become clear later, the authors are of the view that the law of confidence in Singapore remains in a state of flux. It is also the case that I-Admin (CA) itself, with respect, raises several questions of its own that call for greater sensitivity in their treatment by the courts.

3 The objectives of this article are relatively straightforward. Although the authors have set out in the first instance to critically examine the judgment of the Court of Appeal in I-Admin, this article is much more than just a comment on that decision. It aims to unravel the various doctrinal difficulties and uncertainties inherent in the “old fashioned”10 cause of action for breach of confidence – by, inter alia, (a) transporting the reader back to the roots of the action;11 (b) understanding the two distinct, but related, interests (namely, “privacy” and “confidentiality”) that the action is capable of protecting and the various limitations and inadequacies of the action in trying to protect privacy interests in information; as well as (c) proposing a modification of the third requirement in the Coco framework.

4 More importantly, the authors take this opportunity to sound the clarion call for a new common law action in Singapore (existing alongside, but operating independently of, the traditional cause of action for breach of confidence) to more effectively safeguard the individual's informational privacy in the modern world – through the proposed tort for “misuse of private information”. A bifurcated approach can then be adopted, with Coco (albeit modified) applying to cases where commercial confidences are concerned and the new tort applying to cases involving private or personal information. The discussion, however, first begins with

an outline of the background facts and the judgments of the High Court and Court of Appeal in I-Admin.

II. Background facts and judgments of the High Court and Court of Appeal in I-Admin

5 The facts are as follows. The plaintiff, I-Admin (Singapore) Pte Ltd (“I-Admin”), is a Singapore-incorporated company in the business of providing outsourcing services and systems software, primarily in the areas of payroll and human resource management.12 The first defendant, Hong, was previously employed by the plaintiff, while the second and fifth defendants, Liu and Tan, were previously employed by the plaintiff's subsidiaries.13 All three defendants resigned within the space of two months,14 after which they started working for the third defendant, Nice Payroll Pte Ltd (“Nice Payroll”), a Singapore-incorporated company that was also in the business of providing similar services.15 Nice Payroll was formed earlier (in 2011) by Hong, together with the fourth defendant, Li. An agreement was also reached whereby Li, Liu and Hong would share equal ownership of the company.16

6 In 2013, however, I-Admin discovered the existence of Nice Payroll, including the fact that Hong and Liu were the directors of the company.17 I-Admin then sought and obtained an Anton Piller order against the defendants, pursuant to which certain materials belonging to I-Admin were found on Nice Payroll's premises.18 I-Admin then sued the defendants for copyright infringement, breach of confidence, conspiracy, breach of contract and inducement thereof.19 For present purposes, the authors will only focus on the parts of the case pertaining to the law of confidence. It was argued, in relation to the claim for breach of confidence, that the breach manifested itself in four instances, namely:

(a) the defendants' reproduction of I-Admin's confidential material;

(b) the use of I-Admin's source codes and databases to generate Nice Payroll's payroll reports;

(c) Hong's access to and use of I-Admin's demonstration platform; and

(d) Hong's disclosure to I-Admin's clients (HSBC Bank Ltd and ADP International Services BV) that their client data was in Nice Payroll's possession.20

A. The High Court judgment

7 At first instance, Aedit Abdullah J in I-Admin (Singapore) Pte Ltd v Hong Ying Ting21 (“I-Admin (HC)”) substantially found in favour of the defendants, except for a claim involving breach of contract.22 In particular, where copyright infringement was concerned, the court found that substantial copying was not proved in relation to the plaintiff's source codes, databases and other materials.23

8 The claims for breach of confidence also failed for several reasons. First, with respect to the argument that the defendants had reproduced, copied, adapted and/or referenced I-Admin's materials24 in developing Nice Payroll's products, the court held that it was not proved that any copying or reproduction had occurred.25 In any event, it was found that mere copying alone “[could] not amount to actual use”26 for the purposes of establishing unauthorised use. In reaching this conclusion, Abdullah J distinguished the earlier decision of the High Court in Clearlab SG Pte Ltd v Ting Chong Chai27 (“Clearlab”). I-Admin ultimately failed to show that the defendants had in fact used its confidential materials when developing their own products.28

9 Second, with respect to the claim that the defendants had used I-Admin's payroll software to generate Nice Payroll's internal payroll reports,29 the court found that it was unlikely that the defendants had actually installed and utilised the plaintiff's software simply to process internal payroll reports when less taxing alternatives were available to them. More crucially, however, there was no forensic evidence to show actual use – that the plaintiff's software had actually been run.30 The same

defect plagued I-Admin's third claim that Hong had accessed and utilised confidential information hosted on the plaintiff's online demonstration platform. While forensic evidence showed that a file was downloaded from the server,31 I-Admin could not give further details as to how the defendants had made unauthorised use of that particular file.32 Merely gaining access to the confidential information alone was insufficient to establish unauthorised use.33

10 Finally, in so far as I-Admin argued that the defendants had breached confidence by disclosing that they had confidential client data in possession, the court held that this merely confused the client data with the fact that such data was in the defendants' possession. Although the defendants could not make use of the data, it did not follow that they could not also disclose the fact that they had come into possession of such data to the plaintiff's clients.34 As such, the fourth claim also failed.

B. The Court of Appeal judgment

11 On appeal, the apex court agreed that I-Admin's claim for copyright infringement had been correctly rejected.35

12 With respect to the claim for breach of confidence, the...