1. Background Information^[1]

Secure Force Ltd (SFL) supplies cybersecurity advisory services to state and federal governments and to financial and other commercial organisations. Clients include Australian banks, infrastructure companies, the South Australian Department of Finance, and SATAC. Managed Security Services (MSS) are a principal component of this business, which involves full-time monitoring and management of clients' IT systems in Secure Force's Cyber Security Operations Centre (CSOC) so as to defend clients against external and internal cybersecurity threats. SFL also provides professional services related to cyber-security risk assessment and IT anti-crime and asset recovery services.

Cheryl Heinze was employed as a cybersecurity engineer by SFL between I July 2019 and 3 June 2021. The day before she commenced employment with SFL, Heinze signed a written non-disclosure agreement which imposed broad obligations of confidence upon Heinze in connection with her SFL employment. The obligation to maintain confidentiality extended to all business concepts and ideas, all documents created by or for SFL, and all trade secrets. This obligation augmented equitable duties of confidence arising from Heinze's employment contract as well as statutory duties imposed by ss 181 - 183 Corporations Act 2001 (Cth).

In March 2021, SFL placed Heinze on a 'performance improvement arrangement' due to alleged substandard work performance. Meanwhile, Heinze claimed that SFL was not paying her correctly. As a result of the deteriorating relationship between Heinze and SFL, in early May 2021 Heinze began negotiations in relation to taking up a position with one of SFL's competitors, Cannon Ltd.

In May 2021 SFL became suspicious that Heinze might be misappropriating SFL's confidential information. Its managing director, Sam Spade, therefore authorised SFL personnel to conduct covert surveillance of Heinze's work laptop. This was done through the insertion of 'key logger' software that tracks keyboard strokes for an external observer. As a result of this surveillance, SFL claims it found evidence that Heinze took steps in May and June 2021 to download a wide range of its confidential information onto a work laptop and then onto her personal laptop to enable misappropriation of that information.

Once communications between Heinze and Cannon and the downloading of a substantial quantity of SFL's business records were discovered, Heinze's employment with SFL was terminated, effective June 3, 2021. SFL then instituted proceedings for an injunction preventing Heinze and Cannon Ltd from using or disseminating any confidential information and an order seeking the return of Heinze's work laptop and the surrender of a personal laptop as well as all other copies of SFL's confidential information. However, after proceedings were instituted, Heinze deliberately destroyed her personal laptop and an associated hard drive. SFL claims that this was done to avoid having the personal laptop subject to forensic analysis.

Heinze counter-argued that the covert surveillance undertaken by SFL employees which led to the termination of her employment was unlawful, and that the termination itself was therefore unlawful.

2. Extracts from Secure Force Ltd's Statement of Claim

The Plaintiff

1. The Plaintiff is a corporation formed within the limits of Australia and carries on the business of supplying cybersecurity advisory and support services to state and federal governments and to financial and other commercial organisations.
2. At all material times, the Plaintiff was the owner or otherwise beneficially entitled to deal with certain information of a confidential character related to its business operations.........................................

The First Defendant

1. The First Defendant, Cheryl Heinze, is a cybersecurity engineer...............................

The Second Defendant

1. The Second Defendant, Cannon Ltd is a corporation formed within the limits of Australia. Cannon Ltd is a competitor of the Plaintiff and also carries on the business of supplying cybersecurity advisory and support services.
2. Following the termination of her employment with the Plaintiff, the First Defendant commenced employment with the Second Defendant.............................................

Non-disclosure agreement

1. As a prelude to commencing employment with the Plaintiff on June 30, 2019 the Defendant entered into a Non-Disclosure Agreement with the Plaintiff.
2. The terms of the Non-Disclosure Agreement included an obligation to preserve and maintain the confidentiality of the following:
3. business concepts and ideas, business planning, budgeting and marketing information;
4. all documents created by or for Secure Force including methodologies, guidelines, procedures, scopes of work and plans;
5. information designated as confidential by Secure Force, or otherwise imparted in circumstances of confidence to the Employee by Secure Force; and
6. trade secrets and any other material or informational classifiable in law or equity as the confidential information of Secure Force, its related companies and clients, except to the extent that such information is public knowledge or becomes public knowledge other than by breach of this Agreement.
7. The Non-Disclosure Agreement also required the First Defendant to not use the Confidential Information other than in connection with the First Defendant's employment duties with the Plaintiff.
8. Upon request, the First Defendant was also obliged to:
   1. return all Confidential Information and Notes and all copies;
   2. furnish to Secure Force a certificate that it retains no Confidential Information, Notes or copies thereof
9. During May and June 2021, the First Defendant breached the Non-Disclosure Agreement by downloading the Plaintiff's confidential information onto a work laptop and then a personal laptop in order to for that information to be misappropriated and disclosed to the Second Defendant.....................................................

Contract of Employment

1. Between I July 2019 and 3 June 2021 the Plaintiff employed the First Defendant as a cybersecurity engineer.
2. The following were implied terms of the contract of employment between the Plaintiff and the First Defendant:

(a) a duty of good faith and fidelity to the Plaintiff;

(b) a duty so long as the contract of employment subsisted not to misuse any information confidential to the Plaintiff or to disclose such information to any third party;

(c) a duty, following the termination of the contract of employment, not to use or disclose any trade secrets or other confidential information of the Plaintiff.

1. The First Defendant breached the above implied terms by downloading the Plaintiff's confidential information onto work and personal laptops in order to enable them to be misappropriated by the Defendants.

Sections 182 and 183 Corporations Act 2001 (Cth)

1. ...........................
2. By downloading the Plaintiff's confidential information onto work and personal laptops with a view to using them in future employment with the second Defendant, the First Defendant improperly used this information and improperly used her position to gain an advantage for herself and the second Defendant to the detriment of the Plaintiff.................................

Injunction

1. The Plaintiff seeks an order that the Defendants be restrained from publishing, disclosing, using or reproducing:
   1. Any of the documents, or any material, property or information contained in Confidential Exhibit SF-2, Confidential Exhibit SF-3 and Confidential Exhibit SF-4 to the affidavit of Sam Spade dated 17 June, 2021;
   2. Any other information relating to the business affairs of the Plaintiff or its customers or clients (regardless of the form of storage or representation), including all:

i. business concepts and ideas, business planning, budgeting and marketing information;

ii. all documents created by or for the Plaintiff including methodologies, guidelines, procedures, scopes of work, and plans;

ii. information designated as confidential by the Plaintiff or otherwise imparted in circumstances of confidence to the Defendant by the Plaintiff; and

iv. trade secrets and any other material or information classifiable in law or equity as confidential information of the Plaintiff or its customers or clients.

.................................................

Return of confidential information

1. The Plaintiff seeks an order that:

The Defendants within two (2) days of making this up deliver up to the Plaintiff's solicitors all of the material referred to in paragraphs 8 (a), (b) and... above (in whatever form, including digital form) which is in her possession, custody, control or power............................................

Extracts from Cheryl Heinze's Defense

Insofar as the assertions set out in the Plaintiff's Statement of Claim are concerned, the Defendant replies as follows:

1. Admit
2. Admit
3. Admit
4. Admit
5. Admit
6. Admit
7. Admit
8. Admit
9. Admit
10. Deny. The material downloaded to the First Defendant's work laptop was downloaded to enable the First Defendant to undertake her employment duties with the Plaintiff. The material was not downloaded for the purpose of misappropriation or disclosure to the Second Defendant.
11. Admit
12. Admit
13. Deny. The material downloaded to the First Defendant's work laptop and personal laptop was downloaded to enable the First Defendant to undertake her employment duties with the Plaintiff. The material was not downloaded for the purpose of misappropriation or disclosure to the Second Defendant.
14. .......
15. Deny. The material downloaded to the First Defendant's work laptop and personal laptop was downloaded to enable the First Defendant to undertake her employment duties with the Plaintiff. The material was not downloaded for the purpose of misappropriation or disclosure to the Second Defendant. There has been no disclosure of the Plaintiff's confidential information to the Second Defendant and so the Plaintiff has suffered no detriment.
16. ................
17. Deny. The First Defendant denies that the Plaintiff is entitled to the relief sought......................
18. Deny. The First Defendant denies that the Plaintiff is entitled to the relief sought...................

. Extracts from the Non-Disclosure Agreement Signed 30 June 2019 by Heinze and Sam Spade, MD on behalf of Secure Force Ltd.^[1]

"1. Definition

1.1 In this Agreement:

"1. Confidential information' means all information acquired by the Employee Secure Force relating to the business affairs of Secure Force, its related companies and clients (regardless of the form of storage or representation), including all:

1. business concepts and ideas, business planning, budgeting and marketing information;

2. all documents created by or for Secure Force including methodologies, guidelines, procedures, scopes of work, and plans;

3. information designated as confidential by Secure Force, or otherwise imparted in circumstances of confidence to the Employee by Secure Force; and

4. trade secrets and any other material or informational classifiable in law or equity as the confidential information of Secure Force, its related companies and clients,

Except to the extent that such information is public knowledge or becomes public knowledge other than by breach of this Agreement.

2. 'Notes' means any notes, abstracts, assessments, evaluations, summaries or other material derived from, referring to, incorporating or containing any reproductions, adaptions or copies of any Confidential information.

2. Disclosure

2.1 In consideration of the supply of Confidential Information by Secure Force to the Employee, the Employee agrees to preserve and maintain in confidence the Confidential Information and not use the Confidential Information other than in connection with the Employee's employment by Secure Force.

2.2 The Employee will use and will ensure that any person to whom the Confidential Information is disclosed uses, all reasonable endeavours and precautions to protect and preserve the confidential nature of the Confidential Information.

2.3 The Employee acknowledges that the Confidential Information remains at all times the exclusive property of Secure Force.

3. Notes

3.1 The Employee will not and will not allow any person to whom Confidential Information is disclosed, except for the purposes of the Employee's employment by Secure Force, to:

• make any Notes;
• use any Confidential Information or Notes; or
• directly or indirectly, divulge, disclose or publish any Confidential Information or any Notes.

4.1 The Employee will (and will procure that each person to whom Confidential Information or Notes are disclosed) immediately upon request:

• return all Confidential Information and Notes and all copies;
• furnish to Secure Force a certificate that it retains no Confidential Information, Notes or copies thereof."

^[1] This material has been cut and pasted from the judgment at [62 - 66] with name changes and other adjustments for the purposes of learning in this course.

Communications between Heinze and Cannon Ltd

For the purposes of this course please assume that this appendix contains printed copies of various emails from Heinze's personal email to Cannon Ltd personnel. Of particular note is the following:

May 30, 2021

Subject: Argus Ltd

Hi Carol,

During a team meeting today, I learned that Argus Ltd is interested in undertaking an independent high-grade cybersecurity risk assessment. Apparently, its cybersecurity insurers are demanding this. As Argus Ltd is one of Australia's biggest investor corporations this looks like a great opportunity for Cannon. I found out the contact details of Argus's CFO. Do you want me to arrange a meeting?

I hope that this shows how keen I am to leave SFL and get a position with Cannon.

More to come,

CH.

Heinze is defending the claim of breach of confidence on two grounds:

1. Consent to accessing and downloading of the confidential information; and

2. Denial of disclosure to Cannon Ltd.

Which party bears the onus of proving/disproving (1) and (2) above?

please reference cases acts you use