What Makes Information Secret or Confidential, Anyway?

In principle, any type of information can be secret or confidential and may therefore be legally protectable. No, really.

A Functional Approach

The law of confidentiality and trade secrecy evolved away from any specific definition of just what type or form of information is capable of protection some time ago. Instead, the legal tests at play in this area adopt what I think of as a functional approach.

Legally speaking, a breach of confidence claim has three essential elements. First, the information must have the necessary “quality of confidence” about it. Secondly, the information must have been imparted in circumstances supporting an obligation of confidentiality. Finally, there must be an unauthorized use of that information to the detriment of the party communicating it.

Materially Inaccessible

The root issue is whether the plaintiff is seeking to legally protect information they could otherwise legitimately gate outside access to, but for the wrongful act. This is the flip side of the information not being publicly known or in the public domain. Put another way, either a third party without access to the plaintiff’s source of information simply cannot create an equivalent, or, just as legitimately, equivalently useful information could be independently created – but doing so would take a material amount of time, labour, or resources.

In contrast with, for example, patent law, this potential for independent creation or reverse engineering from publicly available sources allows situations where multiple parties may lawfully have rights to trade secrets or confidential information that are functionally equivalent. This can result in parallel sets of legally enforceable rights to use and control sources of information with equivalent uses. For example, competitors may develop comparable knowledge regarding major customers and many operational matters without this information being generally accessible within the industry as a whole. Similarly, generally speaking a firm may lawfully purchase a competitor’s product and experiment with it in a laboratory to reverse engineer it. If undertaking this process is costly enough, however, this knowledge may not (yet) be considered generally accessible within the industry.

While it is less common, there are also instances of courts declaring something like co-ownership or mutually existing rights to a source of confidential information following, for example, the breakdown of a partnership or business venture. However, all these situations require the information in question not to be accessible or generally known to the point that it can be said it has entered the public domain, including among experts in the appropriate field. Once this threshold is crossed, the ability to legally control the information is lost (although liability may ensure if this entry into the public domain was caused by wrongful conduct).

For comparison, the above is roughly analogous to the American concepts that a trade secret must not be readily ascertainable absent “proper” means of acquiring the secret.

Conduct and Contact with a Source

Not unrelatedly, civil suits relating to confidential information or trade secrets orientate on a person’s conduct and how they obtained and used the information in question. Wrongful conduct certainly includes outright acts of industrial espionage, or other instances of illicitly accessing records to take or copy them by physical or electronic means. Unfortunately, outright industrial espionage can be difficult to detect, and even if detected, the individuals involved either cannot be identified or live in a jurisdiction where it is rarely fruitful to bring a civil lawsuit. Much of the decided case law therefore involves a wrongdoer having been given access to confidential information for a specific purpose (such as for use during their employment duties or for a specific commercial relationship) but then using it for purposes that the provider did not consent to (such as to start a competing business or developing the same or similar assets or products).

Many of the tough cases in this area involve determining information that is not separable from the person of a departing employee or other individual – skills, knowledge and experience that they absorbed and cannot help but use in future endeavors – versus information that is specific enough that it can form a protectable trade secret or confidential piece of information.

From a judge’s perspective, this wrongful conduct approach usefully avoids needing to “look inside the box” to decide whether the secret or confidential information in question displays a defined set of characteristics. It also keeps just what types of information can potentially be legally protectable on the grounds of confidentiality or trade secrecy open-ended.

Evidence of Misappropriation

That said, the specific nature or presence of the items of information in question often matters for evidentiary reasons. For example, defendants often deny having used or misappropriated confidential information originating from the plaintiff at all. But suppose that it can be shown that a data set used by the defendants is precisely identical in parts that would be expected to vary at least a bit if the defendants actually went through the effort to independently generate something equivalent – say the personal information for a lengthy list of customers, or measurements. This type of factoid can be decisive in proving a breach of confidence.

Similarly, information that is simply heard or witnessed may certainly be confidential. Yet if it can be shown that someone copied and sent or brought documents recording confidential records with them, this tends to puncture arguments that the defendants merely relied on publicly available information or their own skills.

Legally speaking, though, it was where the information in question came from, what effort or event generated it, and what value or advantage that its unlawful use provided to a competitor that makes it secret or confidential.

The Swiss Army Knife of Confidentiality

Canada’s law in this area cross-pollinated with English and Australian authorities relatively recently. Specifically, it received a doctrinal synthesis developed by an English legal academic Francis Gurry via the Supreme Court of Canada’s decision in Lac Minerals Ltd. v. International Corona Resources Ltd., [1989] 2 SCR 574. I do not want to go too far down a doctrinal rabbit hole here, but one notable feature is that contractual obligations related to confidentiality and the equitable breach of confidence claim are considered to form one sui generis action “to enforce the policy of the law that confidence be respected.”

This framing has resulted in the breach of confidence action acting as something of a Swiss army knife relating to the law of confidentiality in general. One tension resulting from Canada following the Commonwealth tendency to fit the different strands of confidentiality under the same umbrella is that information is kept secret for a range of legitimate reasons. In practice and as discussed below on the value-added approach, the strong majority of cases relate to trade secrets and confidential business information. There are, however, other potential types of confidential information that may be legally protectable.

The legal requisite at play in determining whether the information in question can be legally protected is whether it possesses the “quality of confidence.” While there are certainly statements of legal principle at play, whether the quality of confidence is present bends more in the direction of a finding of fact. If the information in obviously intrinsically confidential because of what it is, Canadian courts tend to make the requisite finding of fact succinctly and move on.

For example, the settlement agreements used to resolve a lawsuit typically include a non-disclosure or confidentiality clause. For many lawsuits a primary purpose of this type of protection is probably to de-escalate tensions and allow one or both parties to save face. Settlement figures are not difficult to generate per se (although negotiating them can be a different matter). But their non-publicly available nature matters. The phrase “I am legally obligated not to discuss that” can usefully obscure everything from the defendant paying out some exorbitant sum to the plaintiff being allowed to quietly walk away with nothing. A similar set of statements could be made regarding announcement dates or bid or tender amounts in the commercial context.

This is an area where there are some technical differences between the Canadian breach of confidence doctrine and its American analog of trade secret law. Specifically, American trade secrecy law incorporates a “derives independent economic value, actual or potential” requisite. In my opinion, American and Canadian law tends to land in the same place; if it is proven that non-readily ascertainable information is commercial valuable then this typically makes out the quality of confidence requisite. Nonetheless, American trade secrecy law is more overtly aimed at commercially useful technical secrets or business information.

Looking for Value Added

In practice, most cases relating to confidentiality occur in the business or employment context. Here, Canadian courts tend to winnow out public from non-public information by assessing signs of “value added” – what time, labour, effort, or expense went into producing or refining information to make it useful for some commercial purpose.

One of the difficulties in identifying legally protectable secrets is that useful information is almost invariably derived from other forms of information. Further, the constituent parts of some technical secret or data set tends to incorporate publicly available knowledge, either directly or indirectly. For example, technical secrets typically relate to some topic that is generally known to experts within an industry. Similarly, confidential business plans often rely on and incorporate publicly available statistics. As such, it is often not possible to simply point at some portion of the allegedly confidential information and say: “Ah ha! That section is publicly available, so this information is not confidential.”

The classic statement regarding how the courts handle this conundrum is Saltman Engineering Co Ltd. v. Campbell Engineering Co. Ltd., [1948] 65 RPC 203, wherein the plaintiffs retained the defendants to make machinery tools and provided diagrams for this purpose. The defendants went on to make additional tools for their own purposes using the diagrams. The court held that it would have been possible to reverse engineer an equivalent to the diagrams by purchasing publicly available products, but the fact was that the defendants had not. The court described why such re-creatable or reverse engineerable information was nonetheless confidential as follows:

The information, to be confidential, must, I apprehend, apart from contract, have the necessary quality of confidence about it, namely, it must not be something which is public property and public knowledge. On the other hand, it is perfectly possible to have a confidential document…the result of…which may be available for the use of anybody; but what makes it confidential is the fact that the maker of the document has used his brain and thus produced a result which can only be produced by somebody who goes through the same process.

What the Defendants did in this case was to dispense in certain material respects with the necessity of going through the process which had been gone through in compiling these drawings, and thereby to save themselves a great deal of labour and calculation and careful draughtsmanship… That, in my opinion, was a breach of confidence.

Other Valuable Information

While Saltman’s “used his brain” metric is suggestive of the exercise of technical skills, it is certainly possible to happen onto commercial valuable, non-public information through good fortune rather than sustained effort. Equally, many types of confidential business information, such as costs and profit margin or technical know-how, are accumulated over time as a natural outgrowth of an organization’s operations. Even within the commercial sphere, the law’s tendency to treat confidential and therefore legally protectable information as a functional concept allows many forms of information to fit within it. This does mean, however, that context is king, and that the legal definition of the quality of confidence has evolved in a direction that is content neutral.

Regardless, I particularly enjoy this passage from Saltman because I think it points towards why Big Data or the Internet of Things type informational products derived from aggregated data are in principle legally protectable as a type of confidential information under existing legal doctrines, although that is a different topic.

The Nature of the Injury

A related point is that the nature of the legal injury for breach of confidence is often not any direct or consequential loss resulting from misappropriating some item of information. Rather, it is frequently the springboard or head start advantage provided by neither needing to bargain with the injured party to lawfully gain access to the information, nor needing to go through the same effort and expense to create something equivalent. A different topic, but the courts wield an unusual amount of remedial discretion in assessing the context and deciding how to rectify a breach of confidence.