The Law of Confidential Information in Malaysia

 

  1. The information must have the quality of confidence about it

The information disclosed must be confidential in nature (trade secrets, technological secrets, customer lists etc.) The confidential information must have some elements of originality in it, and must not be something which is already readily accessible in the public domain.

  1. The information must have been imparted in a way which gives rise to an obligation of confidentiality.

The recipients of confidential information will only be bound if they know or should have known that they should not use such information for their own gains. The most common situation where the duty of confidentiality arises is between an employer and an employee. Generally, an employee owes a “duty of fidelity” to his employer, which includes the duty to protect trade secrets that the employee is exposed to during the course of employment. Such protection does not extend to general skill and knowledge which the employee has acquired during the employment.

To succeed in a legal claim, it is not sufficient for an employer to simply allege that an ex-employee has “misappropriated private and confidential information”. The employer must provide clear particular as to which specific confidential information had been misappropriated. If an ex-employee set up a competing business post-resignation, the employer must evaluate whether there has been an abuse of confidential information by the ex-employee and if there is clear evidence to that effect. The mere act of setting up a competing business is in itself not a legal wrong, and employers cannot use confidentiality obligations to restrain competition unless there has been a clear, specific breach of confidence.

  1. Actual or anticipated unauthorised use of confidential information.

A legal action will only succeed if an unauthorised breach of confidence is threatened or in anticipation, or had actually occurred.

 

“If all three elements above are satisfy, the potential remedies include liquidated damages to recoup losses and/or injunction to immediately halt someone who is using your trade secrets for their own gain”

 

How to protect confidential information?

  • Non-Disclosure Agreement (NDA)

It is a prudent business practice for a Non-Disclosure Agreement (NDA) to be drafted and signed by the parties, clearly setting out their obligations to one another in terms of any confidential information that needs to change hands. An NDA provides more certainty in the event potential disputes, because the matter can be dealt with as breach of contract.

 

  • “Need to know” management style

It is also crucial to have in place adequate management system in the organisation to control and monitor the access to confidential information by staffs. Such access should be restricted by a “need-to-know” management style, which means the file/folder containing the confidential information shall be encrypted and can only be accessed by certain people with the authority or permission to access. In addition, appropriate NDA clauses should also be included in employment contracts and also contracts with third parties.

 

  • The use of physical barriers

Examples of physical barriers include forbidding the use of phones or cameras in areas where specialised parts of the production process take place; and storing trade secrets in secure areas.

 

Conclusion:

There is no system of registration for confidential information. Protection is available only by keeping the information secret. Even if the claimant wins in the legal claim, the outcome may never be as good as having the information kept confidential in the first place because once made public the information cannot subsequently be made secret again.