Submissions and Analysis
39 As the non-parties ultimately formulated their principal submission, they accepted that the Information Technology Agreement and the conditions therein bound them. Under the General Conditions of Use for employees and internal users in the Information Technology Agreement, the following appears:
• …
• Company facilities are not [to] be used for any improper or unlawful purpose and/or use. This includes access and/or transmission of offensive or pornographic material, the posting or transmission of libellous or defamatory material and the sending of unsolicited mail.
• Inappropriate use of the facilities will result in disciplinary action that may include termination of your employment.
• …
The following appears under the heading "User Accounts":
• User accounts are to be used only by the designated user.
• You are not authorised to access a user's account other than your own without the user's knowledge.
• Do not touch a computer that is logged in by someone other than you when the user is not around. Please report it to the IT department if this becomes an issue.
• User permission may vary between accounts. Permission requests must first be approved by your direct Manager.
• All IT related requests for change are to be recorded in the appropriate electronic form via IT Help Desk online portal under Links on the SCF intranet.
The following appears under the heading, "Internet":
• SCF internet access is to be used primarily for business purposes.
• Access to inappropriate or non-business related websites may be blocked.
• The IT department will monitor Internet traffic and reserve the right to take action to prevent possible network outages or general network slowness.
• Company mobile and portable devices will only have access to the company wireless network. This includes work phones, laptops and tablets. Personal devices are prohibited.
• Social Media sites are to be managed as per SCF Social Medial Policy
Finally, the following appears under the heading, "email/Social Media":
• If required, SCF will provide you with email access to be used primarily for business purposes.
• SCF email is not to be used as your private account as it is owned and operated by SCF Group and will be monitored for appropriate content and correct use.
• Personal emails and social media accounts are not to be used as a business tool.
• Do not register your SCF email for any Social Media or non-business related sites.
40 The non-parties submitted that the significance of the policy is that it does not contain an absolute prohibition on personal or private use and insofar as the company has a right to inspect or monitor personal or private use, that right may be exercised (and only exercised) for the purpose of determining if there has been inappropriate use by the user. Furthermore, the non-parties submitted that it is clear that other employees would not access Mr Sykes' account and any right of a non-executive director to have access would be exercised through the management of the company and, in particular, Mr Sykes as the chief executive officer. The non-parties submitted that Mr Sykes' evidence of his belief is consistent with this position.
41 The steps in the non-parties' submission are as follows. First, the Communications are confidential and protected, subject only to the effect of their "disclosure" on the SCF Group system. Secondly, the receipt of the Communications by the SCF Group was an unsolicited receipt that took place by reason of the medium used. Thirdly, the SCF Group received the Communications in circumstances in which it knew they were personal and confidential because Mr Sykes' knowledge can be attributed to the SCF Group and because of the nature of the documents themselves. Fourthly, it would be unconscientious in the circumstances for the SCF Group not to respect the confidence.
42 The non-parties relied heavily on the decision in Matthews v Clifton [2014] FCA 415; (2014) 99 ACSR 265 (Matthews v Clifton). One of the issues in that case was whether liquidators of a number of family-owned companies should be denied access to the private and personal communications (including legal advice) of directors and owners of the companies retained on the computers on the basis of the equitable duty of confidence. White J analysed the issue by reference to the four criteria identified by Gummow J in Smith Kline.
43 The non-parties relied on the fact that White J upheld the claim that the information was protected by a duty of confidence even though the companies had an "Email and Internet Usage Policy" that restricted the use of the email and internet facilities to business related communications and purposes and provided that a person's emails were not private and could be reviewed by his or her employer. The non-parties submitted that the position is even stronger in this case because the policy contemplates or allows for some private use and inspection by others is only for the limited purpose of monitoring for misuse. The non-parties also relied on the fact that in Matthews v Clifton, the employees did not have access to the information. That is said to be a significant factor and is also the case here.
44 The respondents accept that the issue is whether the equitable duty of confidence protects the Communications. The respondents submitted that the Communications do not have the necessary quality of confidence and nor did they take place in circumstances importing an obligation of confidence.
45 The respondents made the following submissions.
46 First, the Communications are to and from a company email address. They identify Mr Sykes as chief executive officer, and contain company details and a claim by the company for confidentiality.
47 Secondly, Matthews v Clifton is distinguishable because in that case the parties claiming privilege were the owners of the companies and one of them was the sole director.
48 Thirdly, the directors have a general law right and a statutory right (s 198F) to inspect company documents. Section 198F of the Corporations Act provides as follows:
198F Right of access to company books
Right while director
(1) A director of a company may inspect the books of the company (other than its financial records) at all reasonable times for the purposes of a legal proceeding:
(a) to which the person is a party; or
(b) that the person proposes in good faith to bring; or
(c) that the person has reason to believe will be brought against them.
Note: Section 290 gives the director a right of access to financial records.
Right during 7 years after ceasing to be director
(2) A person who has ceased to be a director of a company may inspect the books of the company (including its financial records) at all reasonable times for the purposes of a legal proceeding:
(a) to which the person is a party; or
(b) that the person proposes in good faith to bring; or
(c) that the person has reason to believe will be brought against them.
This right continues for 7 years after the person ceased to be a director of the company.
Right to take copies
(3) A person authorised to inspect books under this section for the purposes of a legal proceeding may make copies of the books for the purposes of those proceedings.
Company not to refuse access
(4) A company must allow a person to exercise their rights to inspect or take copies of the books under this section.
Interaction with other rules
(5) This section does not limit any right of access to company books that a person has apart from this section.
Mr Shelswell is a director of the SCF Group. He is a party to this proceeding and the Shareholder Proceeding. It is fair to say that the respondents emphasised the common law right of inspection, although they did not abandon reliance on s 198F. The respondents accept that under the general law right the directors need a proper purpose for inspection, but they submit that the context in this case is not, for example, a health issue, but legal advice and opinion connected to the company's operations.
49 Fourthly, the Information Technology Agreement makes it clear that there could be no expectation of confidentiality. The respondents emphasised the email and Social Media policy and that part of it which states that the SCF email is owned and operated by SCF Group. It is made clear that the email account will be monitored. It is true that the policy refers to monitoring "for appropriate and correct use", but (the respondents submitted) you cannot monitor an email account without having access to it. The respondents submitted that there is no bright line between something you might want to look at and something you might not want to look at.
50 Fifthly, the respondents rely on their rights of access under the Popeye Holdco Pty Limited Subscription and Shareholders' Deed (SSD) and the PLNSA. Clauses 12.1(d), 12.2(b) and 12.3 of the SSD are as follows:
12. INFORMATION RIGHTS
12.1 Information to be provided to the Investor
The Company must prepare and provide to the Investor copies of the following:
…
(d) such other information relating to the businesses or affairs of the Group or to its financial position or prospects as any Investor may from time to time reasonably direct.
12.2 Access rights of Investors and Investor Directors
Subject to clause 12.3, the Company must give each Investor, each of their Affiliates and each Investor Director reasonable access on reasonable notice to:
…
(b) inspect and take copies of documents relating to any Group Company, including the statutory registers and books of account of each Group Company; and
…
12.3 Exceptions to Investor's access rights
Nothing in clause 12.2 requires the Company to give any person access to information if to do so would, in the opinion of the Board:
(a) constitute a breach by any Group Company of any obligation of confidentiality owed to a third party; or
(b) materially disrupt, or have a materially adverse effect on, the business or operations of a Group Company.
Clause 16.5 of the PLNSA is as follows:
16.5 Information: miscellaneous
The Original Guarantor shall supply to the Agent (in sufficient copies for all the Lenders, if the Agent so requests):
…
(b) promptly, such further information regarding the financial condition, business and operations of any member of the Group as any Finance Party (through the Agent) may reasonably request; and
…
51 Finally, this is not a case of inadvertent disclosure by the non-parties. Whatever the subjective views of the non-parties as to the confidentiality of the Communications, they used, and knew that they were using, the SCF Group email accounts.
52 The respondents relied on the approach taken by Brereton J in In the matter of Optimisation Australia Pty Ltd [2016] NSWSC 1581 (Optimisation Australia). The issue in that case arose under the Evidence Act 1995 (Cth) and more particularly, s 122(2) (inconsistent conduct amounting to waiver). That, however, does not affect the significance of Brereton J's observations. That is because, so the submission proceeds, waiver and whether confidentiality has been maintained raise similar issues. Brereton J said (at [44]):
…Those who created these emails in contention appear to be more than ordinarily computer literate. They did so using company resources and company stationery, in circumstances where every director of the company was entitled to know what correspondence was being sent out from the company. It is as if they took company letterhead, wrote on company letterhead paper, signed as if in their official capacities on that company letterhead paper, sent it in an envelope bearing the logo of the company, and left a copy of it on the company's outgoing correspondence file for anyone entitled to inspect the company's documents to see. Creating and sending the emails in the manner in which they were created and sent is inconsistent with any legitimate expectation that they would be kept confidential from others entitled to see the company's records, particularly as these parties were not unfamiliar with the distinction between work and personal email accounts: the evidence reveals - although I am not sure that I have seen evidence of Mr Williams having a private email account - that at least Mrs Williams and Mr Kearney had private as well as work email accounts.
53 The respondents also relied on Simpkin v The Berkeley Group Holdings plc [2017] EWHC 1472 (QB); [2017] 4 WLR 116 (Simpkin v Berkeley Group Holdings). In that case, a former director and employee of a company brought proceedings against the company. In its witness statements, the employer referred to an email from the claimant to his solicitor for the purpose of obtaining advice in divorce proceedings. Garnham J held that the document was not protected by legal professional privileged because it was not confidential. His Lordship said (at [32], [33], [34] and [42]):
32 First, the claimant signed a copy of the company's IT policy which made clear that e-mails sent and received on its IT system were the property of Berkeley. Berkeley's IT department had access to all the company's computers and e-mail accounts and did not need authorisation before accessing their computers or accounts. The claimant's employment contract makes clear that his e-mails were subject to monitoring by Berkeley without his consent.
33 Second, I accept Mr Malek's arguments that the Synopsis was created in the course of the claimant's employment. The Synopsis contained an analysis of the defendant's financial performance by its group finance director, created on, and transmitted via, its IT system whilst the claimant was at its office. He prepared it using the defendant's financial information. It appears he prepared it over the course of almost an hour whilst working at the defendant's offices in the early morning of 11 August 2014. He prepared it using the defendant's IT system and used the defendant's e-mail account to e-mail it to his personal account.
34 Third, it is impossible to maintain that the claimant had any reasonable expectation of privacy as regards the preparation of this document. The claimant saved the Synopsis to his folder on one drive of Berkeley's central servers. As Mr Malek contends, the claimant was, or should have been, aware that documents in that file were stored centrally. The Synopsis was not password protected and was not segregated from the claimant's work related documents.
42 In those circumstances I accept Mr Malek's submissions that the Synopsis was never confidential as against Berkeley or, if it was, it lost its confidentiality when it was processed on the defendant's IT system
54 The non-parties responded to these submissions in the following way.
55 The non-parties submitted that an obligation of confidence may arise even where there is no confidential relationship if a reasonable person in the defendant's position would understand that the information is intended to be secret, or to be available to a limited group to which that person does not belong (Australian Broadcasting Corporation v Lenah Game Meats Pty Limited [2001] HCA 63; (2001) 208 CLR 199 at [34]-[36] per Gleeson CJ). The non-parties submitted that it is not a question of proceeding on the basis that there was a disclosure and then asking whether there was a restriction imposed, but rather, one should ask whether there was, in the circumstances of this case, a disclosure to the SCF Group for a limited permissible purpose.
56 The non-parties submitted that the general law right of a director to inspect company books is not unqualified. They submitted that the right in s 198F goes no further than the common law right of inspection. The non-parties submitted that there is no evidence that Mr Shelswell has exercised any right under s 198F.
57 With respect to the clauses in the SSD and PLNSA, the non-parties submitted that a request has to be made under these clauses, the request must be reasonable and that in each case it must be relating to or regarding the company's business. None of these clauses evince an intention to abrogate the equitable duty of confidence.
58 The non-parties submitted that the critical feature of the facts in Matthews v Clifton was not the fact that the persons claiming the documents were privileged were owners of the companies and one was the sole director, but that the companies' documents could not be accessed by the companies' employees. This, they submitted, was a recognition that confidence in the documents was preserved.
59 The non-parties submitted that the issue in Optimisation Australia was one of privilege, not the duty of confidence and that the two issues are different.
60 The non-parties submitted that Simpkin v Berkeley Group Holdings was a case concerned with legal professional privilege, not the equitable duty of confidence and, critically, the document in issue in that case was a document prepared in the course of the employee's employment and using the company's financial information (at [33]). The employee could not 'retrofit privilege", as counsel for the non-parties put it, by sending the document to his solicitor. In the circumstances, the document was a company document, and not just a document which was on its system.
61 The first question which I must address is whether the principles identified by White J in Matthews v Clifton apply to this case such that I should follow that case unless I am satisfied that his Honour was clearly wrong. I do not think that they do because there is an important difference between the two cases. In Matthews v Clifton, the persons seeking the protection of equity were, in reality, the companies to whom they were said to have disclosed the information. It is true White J referred to disclosure to the companies' employees, but that was no more than by way of contrast. In my respectful opinion, the complete identity of the plaintiffs and the companies was the critical feature. That point is made expressly when his Honour considers the knowledge of the companies and concludes that it is the knowledge of the plaintiffs.
62 In my respectful opinion, these points become clear when one has regard to the following passages in his Honour's reasons (at [58], [69] and [77]):
58. The fourth consideration is that the claim that the Computers contain confidential material of a more general kind is also not implausible. The circumstance that IWH, Scarce Builders and each of the Associated Companies is owned and controlled by Mr and Mrs Scarce makes it unsurprising that they may have used the Computers of one member in their group to record information of the other members of the group and for private purposes. It is commonplace for the owners of family-owned companies to ignore the distinctions of legal identity in the day-to-day running of their businesses and in their personal affairs.
69. In the present case, it is significant, in my opinion, that Mr and Mrs Scarce were not only employees of the companies. They were, either by direct or indirect shareholdings, the sole owners of the companies; and Mr Scarce was the sole director of each. He was also the Managing Director of each. In these circumstances, I consider that it would be artificial to treat Mr Scarce's disclosure to "the companies" as akin to the disclosure of an ordinary employee. It is also inappropriate to draw any distinction between Mr and Mrs Scarce in this respect. They did "disclose" the information to the companies but in a context in which they controlled access to it. There was no suggestion that the information on the Computers was available to the companies' employees generally.
77 In the present case, it is appropriate to conclude that the companies had either actual or imputed knowledge of the limited purpose or purposes for which the information was being "disclosed" to them. The knowledge of Mr and Mrs Scarce, in particular, that of Mr Scarce, should be attributed to the companies in this respect. In particular, their knowledge that the information was being recorded on the company computers for the purpose of convenient storage and that the emails were being used for personal matters can be attributed to the companies.
63 In this case, there was disclosure of the Communications to the SCF Group when the Communications appeared on the SCF Group email account of Mr Sykes and Mr Woodward respectively. Of course, SCF Holdings and SCF Group Pty Limited are artificial entities, but when one looks behind the corporate veil, there is a board of directors which consists not only of Mr Sykes and Mr Woodward, but also of Dr Heine and Mr Shelswell. Nor does Mr Sykes' position as the chief executive officer mean that it is appropriate to conclude that there was no disclosure by Mr Sykes (and Mr Woodward) to the SCF Group. These circumstances distinguish the present case from Matthews v Clifton.
64 There is some awkwardness in concluding that Mr Sykes and Mr Woodward were "disclosing" the Communications to the SCF Group. From their point of view, it is more accurate to say that they used the companies' work email account for their private and personal purposes and I am prepared to assume that they were not intending to disclose the Communications to the world or, indeed, anybody else in the companies. However, their intention is not the test. They disclosed the Communications in that the Communications are part of the material that can be monitored by the companies for appropriate content and correct use. In addition, personal emails and social media accounts are not to be used as a business tool. In my opinion, the correct interpretation of the Information Technology Agreement is that private and personal emails which are of appropriate content, are not used as a business tool and are secondary to the primary use of the account for business purposes, are permitted. Emails of this nature have been disclosed in the sense that they will be monitored by the companies to ensure that they fall within this category. Emails which fall outside this category cannot be the subject of a duty of confidence. I do not understand it to be suggested that the Communications have inappropriate content, or are being used as a business tool.
65 It seems to me that the companies are, in effect, allowing the non-parties to use and store on its system a certain quantity of personal or private emails. If that was all that was happening, then it is difficult to see why a duty of confidence could not arise in relation to what is inherently personal and private material. But there are additional matters to be considered. First, the companies have the right to monitor the material. This is undoubtedly correct and, as I have said, if there was inappropriate use, then there would be no duty of confidence. Furthermore, the right to monitor is a right vested in the companies, not the chief executive officer and could be exercised by an appropriately authorised agent or delegate of the companies. However, neither of these matters mean that the disclosure (and use to the extent monitoring involves use) is not for a limited purpose and that a duty of confidence in equity cannot operate to prevent disclosure outside the limited purpose. It is difficult to see why material which is plainly private or personal material loses all of its character as confidential material because the person to whom it is disclosed has the limited right to monitor the material. An example will illustrate the point. A person uses their work email account for communicating personal information relating to their health or family. The reasonable person in the position of a recipient is aware of the company's account and email policy and that this is a permitted use. The reasonable person receiving the material would not assume that all confidentiality in the material had been lost. Of course, the Communications were not material about Mr Sykes' health or family, but legal advice related in one way or another to the companies and transactions in which they were involved. That may mean that those monitoring the material must do so more closely, but the fact remains that this was legal advice provided to Mr Sykes and Mr Woodward in their personal capacities.
66 Secondly, the Communications were under the companies' name and addresses and refer, for example, to Mr Sykes as chief executive officer of the companies. That is a relevant matter, but cannot override the fact that the Communications were private and personal.
67 Thirdly, the directors have a general law right to inspect the books of the companies. There is also the right in s 198F of the Corporations Act. It is no answer to this fact that there is no evidence in this case that any director actually exercised the right. I accept the respondents' submission that it is the existence of the right that is significant, not its exercise. However, the right is a limited right. If I may say, there is a clear summary of the limited nature of the right in Austin RP and Ramsay IM, Ford, Austin and Ramsay's Principles of Corporations Law (16th ed, LexisNexis Butterworths, 2015) at [11.420]. There is nothing in this case to suggest that a director needed disclosure or use of the Communications over and above that necessary for monitoring purposes in order to discharge his or her fiduciary and statutory obligations.
68 Fourthly, as to the two authorities the respondents relied on, I have considered them carefully. Both addressed legal professional privilege and not the duty of confidence in equity, and in Simpkin v Berkeley Group Holdings, an important consideration was the fact that the employee prepared the relevant document on company time and using company information. In any event, and with all due respect, neither authority persuades me that the approach I propose to take is not the proper one.
69 Finally, although the respondents referred to the clauses in the SSD and PLNSA, they did not make detailed submissions about how they operated. On the face to it, they are not engaged in relation to private legal advice.
70 In my opinion, the Communications are confidential information in respect of which equitable relief should be granted.