The sophistication and proliferation of modern technology, and the ways in which that technology is being used by employees, give rise to a host of challenges for employers, including how best to protect confidential information.
Traditional approaches to protecting confidential information will become increasingly ineffective as technology continues to evolve. Currently, the strongest wave of innovation is being felt on the social-networking front. The use of social networks has, in an unprecedented way, blurred the line between employees' work- and personal-use of technology. This, as we will illustrate, gives rise to a significant shift in what an employer must do to protect its confidential information.
The law has not yet evolved sufficiently to allow employers to understand with certainty how they need to respond to the changing manner in which business is transacted in the era of the Internet. In this article, we will describe the four key areas of legal and practical evolution we expect will occur, being:
- Traditional common law protections will be rendered entirely inadequate.
- Reliance on contractual "confidential information" provisions will become increasingly difficult.
- Post-employment restraints of trade will become more important, yet more difficult to enforce.
- Policies will become an employer's most important tool in protecting confidential information.
Consider the case of Amy, one of ABC Co's key sales people.
Amy generates and cultivates a number of important customer relationships. Each quarter ABC Co provides her significant bonus and commission payments. It is happy to do so because those arrangements are linked closely to the level of revenue she generates for its business.
Amy is, technologically, very savvy. While she uses ABC Co's internal systems (including its email system and CRM database) to generate leads, the majority of her customer relationships have been developed – in the course of her employment – via her use of the LinkedIn social networking platform. LinkedIn is the main platform via which her business relationships are maintained and managed.
LinkedIn is a social media product with a commercial business focus. In this regard, it differs from "traditional" social media platforms such as Facebook and MySpace (which focus more on "social" or "personal" interaction). Indeed, Amy's LinkedIn account has ABC Co listed as one of her primary identifiers. Amy, like other members of ABC Co's sales team, uses LinkedIn while logged into ABC Co's IT network, and also accesses her account from her personal computer and home internet account. She also uses the LinkedIn app on her personal iPhone.
Amy's practices, once considered "cutting edge", are today par for the course. Her example alludes to the difficulties that employers are beginning to experience in protecting commercially sensitive information. In the past, an employer could track the creation, development and movement of its confidential information by having its IT staff monitor its IT system.
This is, in many cases, no longer possible. Amy's employer may never become aware of Amy's correspondence with customers and suppliers via the email and chat functionalities embedded in platforms such as LinkedIn. Amy's employer may also never become aware of all the devices Amy uses to access LinkedIn and to communicate with customers including tablets, netbooks and smartphones.
Critically, protections traditionally relied upon by employers are unlikely to be sufficient to guard against breaches of an employee's obligation to maintain the integrity of his or her employer's confidential information. This requires employers to think creatively about employment contracts and policies to ensure the protection of valuable confidential information.
The inadequacy of common law protections
The common law recognises a class of confidential information that an employee is not entitled to use or disseminate in the course of, or after, his or her employment. This type of information is considered by the courts to be so sacred that it will be granted protection even in the absence of an express agreement between an employer and employee to that effect. This class of protection extends only to what the courts deem to be "trade secrets", being information classes that are:
"...so confidential that, even though they may necessarily be learnt by heart and even though the servant may have left the service they cannot lawfully be used for anyone's benefit but the master's". 1
Unfortunately for employers, the range of information that will be afforded "trade secret" protection is very narrow. While courts have been prepared to find that client lists and databases are trade secrets, such information will lose its protection once it is "learned" by an employee and becomes part of his or her own skill and knowledge. By way of example:
- The New South Wales Court of Appeal refused to afford "trade secret" status to the specific identity, location and contact details of four suppliers (from over 3000 candidate suppliers) in Taiwan. This was despite the court finding that the information was commercially valuable, and that the consensus in the relevant industry was that the information in question was confidential.2
- The Federal Court of Australia refused to grant interlocutory relief to an employer seeking to restrict the post-employment use of confidential information relating to the design of a component developed by the employee in the course of the employment. The court held that, despite the fact that information may be confidential at the time it is acquired, it may be capable of lawfully "trave[l[ing] with the employee who learns it when he leaves his employment, and is available to him wherever he goes."3
The limited scope of the protection causes employers significant difficulty. This is exacerbated by the fact that the term "trade secret" has no settled legal definition. 4 Indeed, in a recent Victorian Supreme Court decision, Justice Harper "attempted" (his Honour's word) to define the concept as follows:
"For the purposes of this case, I therefore take a trade secret to be an item of confidential information, learnt during employment, the confidentiality of which, as an employee of ordinary honesty and intelligence would acknowledge, must be maintained even after that employment has come to an end. In other words, a trade secret has an inherent quality that takes it above and beyond mere general knowledge, albeit that the general knowledge may to a lay person be very specialised. Whether information amounts to a trade secret is a question of fact, to be determined in the particular circumstances."5
What is clear is that, for information to qualify for "trade secret" status, there needs to be an acceptance (by both employer and (however reluctantly) employee) that the information has a "secret" quality. A necessary precondition to that situation is that the employer has sought in some manner to protect the secrecy of the information. In Amy's case, her employer may have acquiesced, or even encouraged, her use of LinkedIn.
If that is the case, a court is likely to be reluctant to deem the information as being of a "trade secret" quality.
Difficulties in relying on contractual protections of confidential information
Because of the limited scope of, and enforcement difficulties that afflict, the common law protection, most employers attempt to use the contract of employment to protect confidential information. Generally speaking, employers seek to include in their employment contracts provisions aimed at:
- expanding the species of information which are protected (well beyond "trade secrets");
- ensuring that there are processes in place to maintain the confidentiality of the information; and
- proscribing the misuse of the information in question.
- It is important that the relevant provisions are drafted with care, and with knowledge of the latest legal developments. Employers need to be increasingly vigilant that their contractual protections capture the types (and forms) of information that they seek to protect. In this regard, it is important to understand that courts will not enforce covenants expressed to protect "confidential information" where that concept is, in the contract:
- not defined broadly enough so as to capture the information the employer seeks to protect; or
- defined so broadly as to render the clause unreasonable.
In a recent decision of the Supreme Court of New South Wales, an employer sought to restrict a former employee's use of a customer list retained by the former employee (among other information) on a USB stick she retained following her resignation. The relevant contractual provision was expressed to protect:
"... all information, knowledge, trade secrets, processes or data concerning or relating to the business of [the employer], its customers and employees, of which an employee may become aware in the course of their employment."
The court, in finding the clause did not extend to protect the customer list, held that it was not its role to infer from those words the types of information the parties intended to extend coverage. Despite the fact that the employee had moved to the employer's most direct competitor, the court refused to extend protection to the customer list.6
The key point is that contracts of employment need to be drafted such that "confidential information" is defined with sufficient precision to capture the classes of information the employer considers sacred. Relevantly, employers should ensure that their contracts capture the types of information that social networking places at risk.
Even where the contractual protections are properly drafted, the increasing (and evolving) use of technology by employees has led employers to begin to experience practical difficulties in enforcing contractual covenants that are designed to protect confidential information. Traditionally, an employer was aware of the existence of its confidential information. Moreover, an employer – most recently through its IT department – had an ability to monitor the movement of that information: Email traffic could be observed, and efforts to upload information to foreign storage devices (such as USB sticks) could be prevented or logged.
However, as Amy's example illustrates, the game has changed.
Amy, in accordance with a flexible working arrangement she was able to negotiate (via the relevant National Employment Standard in the Fair Work Act), works from home each Friday. She uses the email and chat functionalities of her personal LinkedIn account to interact with ABC Co's customers. In doing so, she also uses ABC Co's pricing policy, a printed copy of which she has open in front of her.
Each time that Amy interacts with a customer, she uses the information in the pricing policy, combined with the information relayed to her by the customer.
This combined information is of value to the employer, and is the type of information that a court would have little hesitation in protecting (assuming that Amy has agreed to a covenant to that effect). However, the employer is confronted by an important hurdle. All things being equal, the employer has no means of monitoring Amy's use of the information. Moreover, in many cases the employer will not even be aware of the existence of the information.
A further problem employers are increasingly being faced with is evident from the following extension of Amy's story:
When a member of the public views Amy's LinkedIn profile, they are able to access a list of Amy's "Connections", each of whom is identified by name and employer; and each of whom is contactable via LinkedIn.
Amy has, potentially, made her employer's customer list public. The problem for the employer is that, once information becomes publicly available, the employer is likely to lose its ability to convince a court that the information is "confidential". The exception, from an enforcement perspective, is where the employee in question has – contrary to his or her contract – made the information public.
Difficulties in enforcing postemployment restraints of trade
In light of these difficulties, there is an increasing trend of employers seeking to add to the tools they have available to protect confidential information. This is done by having the employee commit to restraints of trade aimed at preventing the employee from competing with the employer, soliciting the employer's customers, or both. These "restraint of trade" provisions are expressed to apply for a prescribed time after termination. An effective restraint can have the effect of reducing or eliminating the damage caused by the retention or disclosure of confidential information by the employee because it gives the employer the ability to take preemptive steps to reduce or prevent that damage.
While a full exploration of the enforceability of restraints of trade is beyond the scope of this article, suffice it to say that non-competition covenants which prohibit a former employee working for a competitor, or setting up in competition with the employer, can be enforceable to protect the employer's confidential information.7
Assuming that a valid restraint of trade provision exists and has been contravened, the primary form of relief an employer seeks is injunctive. That is, the employer obtains (or threatens to obtain) an order from a court to the effect that the employee must not breach the terms of his or her restraint. Non-compliance with such an order amounts to contempt of court and can result in criminal sanctions.
It is at this "enforcement" stage that modern technology provides the greatest challenge for employers. Restraints can assist in overcoming the difficulties in protecting the misuse of confidential information. However, their effectiveness relies upon the employer moving swiftly as soon as a breach occurs or is anticipated. The next development in Amy's story illustrates the changing landscape:
In early September, Amy provides ABC Co with notice of her resignation. Her employment contract contains a one-month notice period. ABC Co moves to avoid any potential loss of business by placing her on gardening leave and having its lawyers write her a letter confirming the restraints of trade that will bind her for the first two months after her employment terminates. ABC Co is confident that this has bought it a three month head start in shoring up any leakage of confidential information.
However, unbeknown to ABC Co, in the months leading up to her resignation, Amy contacted each of ABC Co's key clients with whom she had a relationship. The purpose of that contact was to discuss the prospect of their business migrating with her to her next employer.
She did so from home, using her LinkedIn account.
In the above situation, the employer would be hard-pressed to obtain any meaningful injunctive relief against Amy or her new employer. The simple fact is that the "ship has sailed" and it will be unlikely that a court will accept that an injunction will serve any real purpose. While the employer may be able to obtain damages, the method of calculating them will be difficult and, in any event, customer relationships are likely to have been lost forever.
The increased importance of policies
So, what can employers do in the face of these challenges? Faced with the difficulties we have described, employers will become increasingly reliant on their internal policies as definers of employers' rights. These policies should be framed in a manner that better equips the employer to overcome the hurdles to the protection of confidential information we have described in this article.
Among other things, employers may wish to consider the following:
- Formulating and implementing a "social networking" policy, either as a free-standing document or by way of amendment to an existing IT-usage policy.
- Granting itself, via a policy, the ability to force an employee to allow it access to "personal" social networking accounts (access to which is otherwise unavailable), such as Facebook or LinkedIn (particularly in circumstances where business activity is conducted using the social networking platform).
- Where possible (that is, when the use is via the internal IT system), working with its IT department to ensure that employee use of sites such as LinkedIn is monitored and, where appropriate, instances of regular or excessive use are drawn to the attention of management. This tactic will be more effective where it is coupled with appropriate notification to employees.8
- Ensuring that their policies include strict limitations on making otherwise confidential information public and clearly define the
- bounds of what information may be disclosed for work purposes on social networking forums. For some employers, it may be appropriate to insist that no workrelated communications take place via any "external" system that it is not capable of monitoring.
- Having in place clear guidelines around the steps an employee must take in relation to their workrelated social networking accounts upon termination. Among other things, an employer may consider insisting that employees delete "connections" to the employer's customers and suppliers the maintenance of which is likely to enable the employee to breach his or her contractual obligations.
- Placing on employees a positive obligation to disclose their use of work-related social networking platforms to communicate with customers and suppliers, and/or insisting that all such correspondence be copied to a manager.
- Expanding the definition of the computer network in IT policies to expressly include an employee's personal IT equipment (where that equipment is being used in connection with the employer's business).
Inclusion of matters such as these in policies will be important in assisting employers to enforce the contractual protections we have described earlier. By way of example:
- By including restrictions on the types of information that may be disclosed by an employee via social networks, an employer is able to reduce the risk that their sensitive commercial information will lose its quality of confidence in the eyes of court.
- Imposing on an employee an obligation to disclose work-related social networking communications (or limiting such activity to internal systems) will assist an employer to overcome the difficulties we described in relation to the employer's awareness of the existence of confidential information.
- By pro-actively enforcing its policies and monitoring or controlling the use of social networks, an employer is better placed to detect an employee's actions in preparing to exit from a business in circumstances that may breach the employee's ongoing obligations. In this regard, we envisage that restraint-based injunctive proceedings will generally be commenced at a sooner point in time than has traditionally been the case (with proceedings threatened or commenced in some cases prior to receiving notice of resignation).
Of course, fundamental to all of this is ensuring that an employer is able to enforce its policies. The key risk in this regard is borne out by an alternative ending to Amy's story:
Amy, during the course of her employment, refuses to allow access to her LinkedIn correspondence, despite the fact that ABC Co's Social Networking Policy demands she do so.
ABC Co takes disciplinary action. Ultimately, Amy's employment ends and she commences unfair dismissal proceedings before Fair Work Australia. Amy alleges that her use of LinkedIn is a "personal" matter with which ABC Co ought not interfere.
Policies are an important mechanism open to employers for protection. If an employer can demonstrate that it has a policy in place that is widely promulgated and understood by employees, it is able to defend disciplinary actions taken against employees pursuant to that policy. However, such a policy must also be reasonable.
Amy's unfair dismissal scenario has not yet been considered by Fair Work Australia or any court. 9 However, various decisions have dealt with the question of whether an employer is entitled to regulate an employee's conduct outside of work. While differing formulations exist, the general position may be described as follows:
"[A]n employee's behaviour outside of working hours will only have an impact on their employment to the extent that it can be said to breach an express of implied term of his or her contract of employment".10
Indeed, Australian courts and tribunals are becoming more and more likely to allow for employer control over employees' conduct away from the workplace, especially where modern technology is involved. In a recent decision, Fair Work Australia described the changing landscape as follows:
"The fact that the comments were made on the [employee's] home computer, out of work hours, does not make any difference. The comments were read by work colleagues and it was not long before [the employer] was advised of what had occurred. The [employer] has rightfully submitted, in my view, that the separation between home and work is now less pronounced than it once used to be."11
These decisions, which bear strong analogy, should inform an employer in relation to the extent to which it is permitted to regulate an employee's use of social media. While the matter is far from settled, the indications are that an employer will be permitted to insist on interfering with "personal" social network use provided that both:
- (Connexion) The social network in question, and its use by the employee, has a connexion to the employer's business. That connexion could, in the case of LinkedIn, arise because:
- the employee is holding him- or herself out (on the platform) as an employee of the employer; and/or
- the employee is conducting relationships related to the employment via the network.
- (Reasonableness) The interference is reasonable. For instance, while LinkedIn usage in most cases will fulfil the "connexion" limb, it is unlikely that an employer's insistence that an employee disclose all contact received from recruiters via LinkedIn, or purely personal correspondence.
Modern technology gives rise to many opportunities, but also many challenges. It is important for employers to proactively manage the impact of social media to ensure that confidential information is protected to the extent possible.
Employers should, in light of the increased use of social networks (together with the increased detachment of employers from the "traditional" workplace):
Consider the adequacy of protections in their contracts of employment to protect information they consider confidential.
Revisit the adequacy of their restraint of trade provisions.
Finally, in the context of these two contractual protections, consider whether their employment-related policies are robust and agile enough to deal with the changed manner in which business relationships are conducted.Footnotes
1 Faccenda Chicken Limited v Fowler
 1 All ER 724
2 Wright v Gasweld (1991) 22 NSWLR 317
3 ANI Corp Ltd v Celtite Australia Pty Ltd (1990) 19 IPR 506
4 Butterworths Australian Legal Dictionary, 1997
5 GlaxoSmithKline Australia Pty Ltd v Ritchie & Anor (2009) 22 VR 482
6 Reed Business Information v Seymour  NSWSC 790
7 See Littlewoods Organisation v Harris  1 All ER 1026 per Lord Denning
8 We note that workplace surveillance legislation, applicable in some States and Territories, requires employers to provide advance notification to employees of, among other things, the monitoring of computer-use.
9 The leakage of confidential information via LinkedIn has not been considered judicially in Australia. However the UK High Court in Hays Specialist Recruitment (Holdings) Ltd & Anor v Ions & Anor  EWHC 745 (Ch) ordered a recruitment consultant to hand over all of the client information he had allegedly transferred to his LinkedIn account.
10 Rose v Telstra  AIRC 1592
11 O'Keefe v Williams Muir's Pty Limited T/A troy Williams The Good Guys  FWA 5311
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.