As an international financial centre, Hong Kong has one of the most transient and mobile workforces and one of the highest concentrations of information technology (IT) use in the workplace. Therefore, it is not surprising that when senior personnel leave (particularly, if it is to join a rival organisation) all sorts of issues can arise as to the whereabouts and ownership of information stored on devices such as laptops, mobile email and smartphone devices and the like.
The recent case of Re JBPB & Co and Ors  HKEC 844 is another in a line of cases arising out of disputes between employers and ex-employees over the ownership of information stored on IT devices used for work. As is common in such cases, delicate issues can arise concerning access to an employee's confidential information (not to mention personal data privacy).
- Employers need to have clear policies in place regarding the use to which their IT equipment can be put by employees.
- Such policies should be considered carefully and should, so far as possible, reflect the culture of the employer's workplace.
- Employers should be transparent with their employees about their policies regarding the use to which IT equipment should be put.
- Employers should provide employees with regular training and supervision regarding their IT policies (and keep documents and records of such training and supervision).
- An employer's internal operating procedures policies and manual do not (of themselves) entitle it to ignore privacy and personal data issues.
- The law of confidence and reasonable expectation of privacy is an evolving and difficult area of the law; good independent legal advice is required.
- The law of personal data privacy is also complex and requires good independent legal advice.
- The fact that a document is regarded by its owner as confidential does not (of itself) mean that it can be withheld from production in subsequent litigation between an employer and employee. Confidential documents relevant to that litigation have to be preserved by whichever party has possession, custody or power over them. As soon as there is a real likelihood of a dispute arising, legal advice should be taken.
- If an employee has concerns about the security and privacy of their personal communications at the workplace then he or she should avoid using the IT system at work for personal use. This is particularly true of senior personnel. This may be highly inconvenient but prevention is generally better than cure.
Background and facts
The plaintiff was an accountant who had worked for the defendant firm in Hong Kong. Prior to joining the defendant the plaintiff had been a partner in another firm in Hong Kong. The plaintiff ceased to work for the defendant as from July 2010 and moved to another firm.
On joining the defendant in June 2007 their IT personnel allegedly helped the plaintiff transfer and copy documents from an old laptop provided to him by his previous firm to a laptop provided by the defendant. On being given a new laptop in 2009 by the defendant once again all the information was allegedly transferred from the earlier laptop to the new one (the laptop).
The information claimed by the plaintiff to have been transferred to the laptop included:
- confidential information relating to the business and clients of the plaintiff's previous firm that "crossed over" to the defendant;
- confidential information relating to the business and clients of the plaintiff's previous firm that did not cross over to the defendant; and
- the plaintiff's confidential and personal documents (of the sort not infrequently generated by personnel at work).
It was not disputed that documents on the laptop relating to the defendant and its clients belonged to the defendant.
On the day of the plaintiff's departure from the defendant's office, the laptop was in the possession of the defendant. The defendant took the view that the laptop belonged to it and was only to be used for business use in accordance with the defendant's Office Procedures Manual (the OPM). The plaintiff's position was that the defendant knew that the laptop also contained confidential and personal documents belonging to him.
The plaintiff commenced legal proceedings against the defendant in order to obtain (amongst other things) an injunction to restrain the defendant from disclosing or accessing or copying "confidential documents" contained in or stored on the laptop and to deliver-up or destroy any such confidential documents and copies thereof. The plaintiff also sought an order for the delivery-up of the laptop into the possession of an independent solicitor to assist with the process of securing and protecting the confidentiality in the confidential documents ("the court orders").
The primary issue was whether the plaintiff was entitled to the court orders to protect the confidential information on the laptop pending the outcome of the trial in his action against the defendant.
In an interesting judgment, the judge traced the history of claims for breach of confidence and how it had developed from claims arising out of confidential relationships, in which confidential information was imparted, to claims based on a reasonable expectation of privacy. The judge cited with approval the following extract from a leading English Court of Appeal case on point (Imerman v Tchenguiz & Ors  2 FLR 814):
"It seems to us, as a matter of principle, that, again in the absence of any defence on the particular facts, a Claimant who establishes a right of confidence in certain information contained in a document should be able to restrain any threat by an unauthorised Defendant to look at, copy, distribute any copies of, or to communicate, or utilise the contents of the documents (or any copy), and also be able to enforce the return (or destruction) of any such document or copy."
Given that the grant of the court orders would have effectively disposed of the plaintiff's claims (because it was by no means certain that the plaintiff would continue with a claim for damages if the court orders were granted), the plaintiff was required to show that he was "likely to succeed at trial" with regard to his claim to a reasonable expectation of privacy in respect of the confidential information on the laptop.
The judge decided that, save where undertakings could be agreed between the parties as to the confidential information (such as communications regarding the plaintiff's personal affairs), the plaintiff was entitled to the court orders that he sought, subject to a suitable form of words being approved by the court. The plaintiff was not entitled to court orders with respect to that confidential information relating to the business and clients that had crossed over to the defendant.
Interestingly, the judge had this to say with respect to the argument advanced on behalf of the defendant that the OPM entitled it (amongst other things) to search and investigate "business equipment, including computers, desks and lockers belonging to the Firm" (including computer files):
"In my view, the mere fact that documents, which the Plaintiff can otherwise seek protection by an action for breach of confidence, are stored in a computer owned by the 1st Defendant who is entitled to search it for documents or information belonging to it, cannot deprive the Plaintiff of the reasonable expectation of privacy in respect of his own documents, and the consequent right to maintain a claim for breach of confidence against the Defendants should such right be infringed."
"I consider that Clause 2.8 of the OPM only permits the 1st Defendant to search, inter alia, the computer of its staff (or former staff) for files or documents properly belonging to the 1st Defendant for its business purpose, but does not entitle the 1st Defendant to search for, look at, copy or disseminate the contents of the Plaintiff's private or confidential documents contained therein."
Our understanding is that the defendant has applied for permission to appeal the court orders granted by the judge and that application will be heard by the judge in August 2011. The application and, if granted, the substantive appeal, is likely to test (among other things) the ambit of an employee's expectation of privacy as against the rights of an employer in such circumstances under Hong Kong law.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.