What qualifies as "confidential information" in Malaysia?12 months ago JS Lim
You’ve seen those letters and documents bearing the label “Private and Confidential” on the cover, especially at the office or with banks. This is a pretty standard warning sign that, if you revealed the information or opened it without authorization, you can get into trouble. You don’t know exactly what type of trouble, but you hope you never find out (but we’ll tell you anyway at the end of the article).
But what if there isn’t a label, or if the information was conveyed through words (which you obviously can’t paste a label on)?
Unless you were the one setting the confidentiality policy, you’ve probably had times where you couldn’t tell if something was being told to you in confidence. You might even have gotten into trouble for revealing something you didn’t know you were supposed to keep secret. Is information about a project confidential just because it was from a private meeting with your boss? What about the customer database labelled “Confidential” but the whole company can access freely?
Before we confuse you, you should know that this is different from “confidential information” in the sense of “official secrets” held by government servants, which is covered by our Official Secrets Act. More on point is the TeaLive case between Loob Holdings and La Kaffa, where Loob Holdings broke the franchise agreement and continued to use La Kaffa’s confidential information as its own - you can read more about in our article linked below.
[READ MORE - Will Tealive need to close their shops in Malaysia?]
As to what “confidential information” means in a more general sense, well, there’s no hard and fast answer. Here’s why:
There are no written laws about confidential information
This hardly means that we have no laws on it, but whether it’s an employer, a client, a supplier, a business partner - the way confidential information is protected will largely depend on the contract you sign. You’ll generally have a clause defining exactly what “confidential information” means in your contract, how long it will be confidential, and so on.
In layman definitions, we understand confidential information as:
One conclusion you can gather from that is that not everything that people say is “confidential” is actually “confidential”. In law, the rules are usually defined to very technical degree in your contract, like in this example of a Non-Disclosure Agreement (NDA). They come from some specific rules which determine if a set of information is really confidential:
1. The info must be restricted
It’s said that Coca-Cola stores their 100+ year-old carbonated drink recipe in a security vault in Atlanta; while KFC stores their “11 herbs and spices” recipe in a vault in their Louisville headquarters - both being things most people can only dream of getting their hands on.
While you don’t have to reach their standard of security and protection, you do have to put in proper measures to safekeep your trade secrets, tech advantage, operations and processes - anything that puts you ahead of the competition. For example, if you’ve unnecessarily disclosed too much info too many people, or you’ve let employees freely access the customer database without any form of security or controls, you’ll have a hard time proving that the information was confidential in the first place.
Also, what you want to protect as a “trade secret” must not be available in the public domain. This means that any information that is already known by others cannot be considered “confidential”. To use KFC as an example, you can’t call “ how to fry a chicken” confidential information unless you use a special procedure that no one else in the world knows about; but the exact proportion of “11 herbs and spices” they use is something only KFC knows, so it qualifies as confidential.
A parallel to this is that when employees leave, they are still bound to keep their previous employers’ confidential information a secret, such as trade secrets, operation methods, and customer databases. But, they can freely use the skills and knowledge from their previous jobs.
2. It was reasonably clear that the information was confidential
Imagine you’re told the details to an upcoming grand-scale project, and you excitedly mentioned it to your team over lunch. Next thing you know, you’re getting told off because it was confidential and you should have kept it to yourself. Wait what, how were you supposed to know it was confidential in the first place??
This is why information only qualifies as confidential if one of the following conditions are met:
You were expressly told that it is confidential (eg. verbally, or through a label on the document saying “Private and Confidential), or
The circumstances you were given the information came with an obligation to keep it a secret, or
A reasonable person who received information in that situation would have thought that the information was confidential
“Reasonable person” here means an ordinary person, who may not have specific experience or expertise. So, if the only way to know if something was confidential is through a “standard practice” that somehow no one bothers to mention, that information might not qualify as confidential.
What if I have a legal duty to expose the information?
There are situations where you could be compelled by the law to reveal confidential information, such as through testimony in court, and whistleblowing on illegal dealings like corruption. In such cases, you can freely disclose the information as you’re required to, but only as far as necessary (it’s not a free pass to leak everything out).
Most confidentiality contracts will also include a provision on what should happen when you’re forced to reveal confidential information by law. In most cases, this involves informing the other party that you’ve been compelled by law to reveal the information, and that you only reveal what is absolutely necessary.
So what kind of trouble can I get into?
If someone reveals confidential information entrusted to them, they can be sued by the owner for losses caused by the revelation. It’s called an action for breach of confidence, and you’d claim for things like loss of profits, damage to reputation, and so on. But that’s actually not very useful - if your secret recipe got leaked, it’s out there for good and no amount of monetary compensation will undo that.
Your best bet to protect any confidential information you have is through prevention, not a lawsuit. You could restrict access to the information, control who can use the information, and clearly outline liabilities in your contracts with employees, suppliers, sub-contractors, and business partners. An example of a commonly signed contract is the Non-Disclosure Agreement which we’ve mentioned above, which outlines the rights and responsibilities of parties with regard to how confidential information should be exchanged and protected (including what happens should there be a breach of confidence).
Jie Sheng knows a little bit about a lot, and a lot about a little bit. He swings between making bad puns and looking overly serious at screens. People call him "ginseng" because he's healthy and bitter, not because they can't say his name properly.