Hong Kong Court: Client Contacts Not Confidential in Conpak v Luk

In the recent case of Conpak Management Consultants Limited v Luk Wai Ting [2024] HKDC 1545, the Hong Kong District Court held that the relevant client contact information does not constitute confidential information warranting post-termination protection.

The case

Conpak is a certified public accountants firm. Conpak alleged that the following acts by Mr Luk, a former employee, constituted breach of his confidentiality obligations:

• During Mr Luk’s employment with Conpak, he forwarded 223 emails from his Conpak work email account to his personal email account.
• After the end of his employment with Conpak, Mr Luk, who was by then a director of another taxation services provision firm, used his work email address to send an email to Angenvoort (a former client of Conpak), offering services at a discounted rate and mentioned his previous employment with Conpak.

Conpak sought an injunction to restrain Mr Luk from using or disclosing, amongst other things, (i) Angenvoort’s contact information; and (ii) the client contact information contained in the 223 emails as well as the content of these emails. The main issue to be considered was whether such information had the requisite quality of confidentiality.

The court referred to Kuoni Travel (China) Ltd v Kelly Frances Richards and others (2006), which held that only confidential information which satisfies the following conditions is entitled to post-termination relief:

1. The information must be used in a trade or business.
2. The information is not already in the public domain.
3. The information can be easily isolated from other information which the (former) employee is free to use.
4. The disclosure of the information would be liable to cause real or significant harm to the (former) employer.
5. The (former) employer must limit the dissemination of the information or at least not encourage or permit its widespread publication or otherwise impress upon the (former) employee the confidentiality of the information.

The court found that:

• with respect to Angenvoort’s contact information, there was no evidence indicating that such information was confidential. The fact that the information might have come in the course of the business of Conpak did not necessarily mean that the information was not publicly available. It is noteworthy that the court distinguished the present case (which only concerned the name and contact of Angenvoort) from that of Willwin Development (Asia) Company Ltd and another v Wei Xing and others (2012) which held that names and contacts of clients, when associated with their product features and specifications, constituted confidential information; and
• with respect to the 223 emails, as the identities of the clients in those emails were not made known to the court and none of the content of these emails had been adduced in evidence, there was no basis to find that any part of these emails were confidential.

The court refused to grant Conpak the injunctive relief given that there was no breach of confidentiality.

Key takeaways for employers

The fatal point to Conpak’s claim is that it failed to prove that the information it sought to protect was confidential. Before bringing any action to restrain any (former) employee against misuse or disclosure of confidential information, it is important for employers to precisely identify the information it seeks to protect, and ensure that it is in a position to show that such information satisfies the five conditions referred to in the Kuoni decision set out above.

Other steps which can be taken to protect confidential information include:

• ensuring that there is an express confidentiality clause in the terms of employment which clearly defines what information is considered as confidential;
• including extra protective contractual measures, such as non-competition, non-poaching and non-solicitation provisions;
• establishing comprehensive policies and implementing training to emphasise the confidential nature of relevant information and educate employees on the importance of protecting confidential information as well as the consequences of breaches;
• implementing security measures to ensure that access to confidential information is restricted on a need-to-know basis and to prevent unauthorised access and disclosure;
• carrying out regular audits and monitoring to ensure compliance and early identification of potential breaches; and
• implementing clear procedures for handling departures, including monitoring and revoking access to confidential information.