I am very aware that it is many weeks since I produced a privilege blog and I am now beginning to put that right. The main reason has been the day job getting in the way, as well as the excitement caused by the SFO v ENRC decision  EWHC 1017 (QB) which I will cover in a blog shortly, once I have completed some speaking engagements on this particular decision.
In the meantime, I have been keen for some weeks to cover a decision from the Singapore Court of Appeal from late last year (which I covered at first instance) which is a really interesting discussion on when and where privilege might be lost if privileged information gets into the public domain. The decision concerned is Wee Shuo Woon v HT S.R.L.  SGCA 23.
Here, the Defendant applied to strike out certain parts of the Plaintiff’s Statements of Claim, his application in support referring to and exhibiting copies of privileged emails belonging to the Plaintiff. These were available on WikiLeaks, the Plaintiff’s computer systems having been hacked. There was no evidence that the Defendant was involved in the hacking. The materials that the Defendants sought to use included express reservations and warnings of privilege and confidentiality; and the Court accepted that the information they contained was, prior to their uploading onto the internet, undoubtedly privileged and confidential. The Court considered that the Defendant knew or must have known this.
The key question for the Court was whether the availability of the emails concerned on the internet meant that they had entered the “public domain” such that they were no longer amenable to the protection of the law of confidence (which underpins privilege). The Defendant inevitably argued that because the emails had been placed on the internet and were freely available for access, then they had entered the public domain and so could not be protected. The Singapore Court of Appeal reviewed many English decisions relating to the law of confidentiality in which the question of the public domain has been examined. These decisions included Attorney-General v Guardian Newspapers Ltd (No. 2)  1AC 109 ( the “Spycatcher”) decision, Campbell v MGN Limited  2 AC 457 and Douglas v Hello! Ltd (No. 3)  1QB 125. The Court of Appeal noted that Lord Goff in Spycatcher had observed that
“the principle of confidentiality only applies to information to the extent that it is confidential. In particular, once it has entered what is usually called the public domain (which means no more than that the information in question is so generally accessible that, in all the circumstances, it cannot be regarded as confidential) then, as a general rule, the principal of confidentiality can have no application to it”. [At 282]
However, the Court of Appeal stressed that this “public domain” principle is not a free standing rule to be mechanistically applied; rather it is one factor to be considered determining whether a person’s conscience ought to require him to treat information as confidential. This meant (35) that it is a common sense enquiry whether the information has become so accessible that it would not be just in all the circumstances to require the party against whom confidence is asserted to treat it as confidential. Furthermore, the Court thought it important to focus not only on the extent to which the information in question had become accessible, but also on the extent to which it had in fact been accessed by the general public. It considered that “potential, abstract accessibility is vastly different from access in fact. This is particularly so, given the proliferation of information in the globalised internet age of today.” (36) That meant that the circumstances of each case had to be examined with consideration given to such factors as the likelihood of the information being accessed by the public, the degree to which the information had in fact been accessed and the extent to which the information may be appreciated or understood only with the specialised skills or expertise of the party seeking to make use of the information. The Court of Appeal said:
“merely making confidential information technically available to the public at large does not necessarily destroy its confidential character. Public media, in particular the internet, must not be the gateway through which all confidentiality is dissolved and destroyed”. (37).
In the Court of Appeal’s view, the fact that confidential information has in fact been accessed by a limited segment of the public does not necessarily mean that the information has entered into the public domain and thus lost its quality of confidentiality. Here, it was undisputed that the emails were generated in circumstances importing an obligation of confidentiality. And while it was true that the emails had been uploaded onto WikiLeaks so that they became potentially accessible by members of the public, the emails constituted a minute fraction of the approximately 500GB of data that had been stolen from the Plaintiff’s computer systems through the hacking and uploading onto the website. The Court of Appeal thought it important that trawling through the data to identify the emails would have been time consuming, even for a person who knew or suspected that the emails were in the hacked material. It was highly probable that few if any knew of the existence of the emails or their presence in the hacked material - and fewer still would have had the interest and information to undertake the task of scouring through the voluminous data for the emails. Accordingly, the Court of Appeal held that:
“...the emails and their contents were not public knowledge or in the public domain although they were theoretically accessible to anyone doing an intense search on WikiLeaks. The emails thus retained their confidential status and could still claim the protection of the law of confidence”. (43)
It followed from this that as the emails had not been adduced as evidence or otherwise relied on in the proceedings, save in the context of the present appeal, there were no impediments to making an Order to restrain their use. In addition, just as for example in Derby & Co Ltd v Weldon and Others (No. 8)  1WLR 73) the Courts hold that they should ordinarily intervene in cases where a party has inadvertently disclosed a privileged document only by reason of an obvious mistake, so the same approach should apply to a party taking advantage of an opponent who has been the victim of a cyber-attack, even if as here there was no evidence linking the defendant to that attack. Indeed, unlike in the case of mistake or negligence where the disclosure of the privilege document is attributable at least in part to the fault of the party in whom the privilege resides or of his legal advisors, the equity in favour of restraining the use of privileged documents is even stronger in the case of a party who had its privileged documents accessed and taken through stealth and unlawful means.
Since there was no other basis on which the application to restrain the Defendants use could be made, the injunction against use was granted. The Court of Appeal concluded (61):
“We do not think that the confidential character of the information in the emails had been lost in any way. To hold otherwise on account of the hacking and the uploading on WikiLeaks is to sanction and to encourage unauthorised access and pilferage of confidential information. The information was also protected by legal professional privilege and there was certainly nothing before the Court to suggest that the privilege had been waived by [the Plaintiff].”
So, mere accessibility by the public of privileged materials does not destroy the underlying privilege - it is as always a question of fact and degree. And here, we have in my view a very sensible and pragmatic decision. I am confident English courts would reach the same result.
This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.