Court Clarifies When A Third Party Business’S Information Is Confidential And Must Not Be Used Or Disclosed
Businesses should ensure they identify when a third party’s information given to them is confidential, and should only be used for the purposes for which it was given, and not disclosed to others without the third party’s permission.
A company supplied edible infused oil to a customer for use in its products. This was to ensure that the customer’s products satisfied food safety regulations. The company therefore had to supply technical information about the oil to the customer, including ingredients and recipes, so the customer could be sure the oil would meet the relevant regulatory standards. The customer also obtained information about the oil in the course of its internal technical audits.
The customer started looking for a new supplier of oil. As part of the process of checking whether potential new suppliers’ oil could satisfy the regulatory standards it disclosed information about the existing supplier’s oil to them.
The existing supplier applied for an injunction to stop it from disclosing the information on the basis the information was confidential. Information is confidential and will be protected if:
1. The information has the necessary quality of confidence about it
2. It is provided in circumstances which import an obligation of confidence
3. There has been unauthorised use of the information to the detriment of the party seeking to protect it
It can also be possible to maintain a breach of confidence claim even though the information in question could be gleaned by reverse engineering.
The High Court ruled that the test was whether the information was freely available to the public or could be discovered without a significant amount of work. In this case it found that neither applied, and the information therefore had the necessary quality of confidence and was confidential.
It also found that a reasonable third party would conclude that the information was provided to the customer solely to help it determine that the safety and regulatory regulations were complied with, as this was commonly understood in the food industry. That imported an obligation of confidence on the customer not to disclose the information to third parties for any other purpose (or to use it for other purposes itself).
• Businesses should ensure that they identify when a third party’s information given to them is confidential, so it should only be used for the purposes for which it was given, and should not be disclosed to others without the third party’s permission
Case ref: Kerry Ingredients (UK) Limited v Bakkavor Group Limited and others  EWHC 2448