Data hacked and leaked online still confidential: Court

Judicial Commissioner rules in test case involving security tech firm and ex-employee

The High Court has ruled in a novel case that confidential documents hacked from a computer and posted online remain confidential despite being in the public domain.

The court found in the test case that e-mails between lawyer and client leaked online by a third party but obtained by the defence was privileged information and could not be used as defence documents.

"Considering the circumstances surrounding the massive information leak and how the defendant came to be in possession of the e-mails, as well as the nature of the information within the e-mails, it seemed to me that an obligation of confidentiality could still be justly and reasonably imposed on the defendant in respect of the e-mails," wrote Judicial Commissioner Hoo Sheau Peng in judgment grounds released yesterday.

In the case, HT S.R.L., an Italian company specialising in security technologies, had sued Mr Wee Shuo Woon for breaches of his employment contract.

After the suit started, the firm's computer system was hacked by an unknown party and substantial amounts of information obtained were uploaded on the Internet including the WikiLeaks website.


HT S.R.L. had sued a former employee for breaches of his employment contract. After the suit started, the firm's computer system was hacked, and substantial amounts of information obtained were uploaded on the Internet including on the WikiLeaks website of Julian Assange (above). PHOTO: REUTERS

The data included e-mail communications, classified as "privileged and confidential", between the firm and its lawyers, Morgan Lewis Stamford.

Mr Wee subsequently got the e-mails from the Internet and, using their contents, sought to strike out the bulk of the firm's claims.

HT S.R.L in turn sought a court order to expunge all the e-mails used. If successful, Mr Wee's application to strike out its claims would fail.

PROTECTION IN INTERNET AGE

Considering the circumstances surrounding the massive information leak and how the defendant came to be in possession of the e-mails, as well as the nature of the information within the e-mails, it seemed to me that an obligation of confidentiality could still be justly and reasonably imposed on the defendant in respect of the e-mails.

JUDICIAL COMMISSIONER HOO SHEAU PENG , in judgment grounds released yesterday.

An assistant registrar ordered the referred material to be expunged and Mr Wee appealed to the High Court against the order.

Lawyer Adrian Tan argued for the firm that the privileged position of the documents would be critically undermined if the e-mails were allowed to be used because it would set a precedent for a party to use restricted information posted on the Internet "by fair means or foul".

Defence lawyer Nicholas Lazarus countered that the e-mails were already in the public domain and were freely available.

But JC Hoo noted the firm was a cyber-crime victim and Mr Wee was aware of the unauthorised disclosure of information online. The hacking - which had nothing to do with Mr Wee - had led to more than 500 gigabytes of information published on WikiLeaks, she noted.

She said Mr Wee was notified that the e-mails were privileged and confidential, and circumstances justified the development of the common law to offer adequate protection to such information in the Internet age.

She dismissed Mr Wee's appeal.

A version of this article appeared in the print edition of The Straits Times on February 17, 2016, with the headline 'Data hacked and leaked online still confidential: Court'. Print Edition | Subscribe