What happens when a worker takes company data during their notice period?
Singapore's High Court recently ruled on a case involving an employee who downloaded thousands of company files before and after submitting his resignation. The case provides important guidance on confidentiality obligations during an employee's notice period and demonstrates how courts evaluate technical evidence in determining breaches of contractual and equitable duties.
The employee worked as head of investor relations at a Singapore-based fund management company specializing in Japanese market investments from December 2019 to December 2021. His role primarily involved promoting the company's Hayate Japan Equity Long-Short Fund to prospective investors.
During his employment, he used both personal devices (MacBook and iPhone) alongside a company-issued Dell laptop. The employer stored confidential information on Google Drive, accessible to selected employees including him.
The employment contract contained specific confidentiality clauses requiring the employee to return all company materials upon termination, keep company information confidential both during and after employment, and not use company information for personal advantage.
Additionally, the employer had IT Security Guidelines prohibiting employees from forwarding and downloading company information to personal accounts and devices, though the employee claimed he was never informed of these guidelines.
The dispute
The employee became frustrated when the employer failed to provide payslips needed for his Singapore citizenship application. Despite repeated requests, he received only one payslip in September 2021.
In October 2021, the employee expressed concerns about product marketability and stopped reaching out to potential investors. He verbally resigned on December 8, 2021.
A post-resignation IT audit revealed 6,274 downloads from the company's Google Drive since June 2021. Approximately 4,533 downloads occurred on December 8, 2021 (resignation day). There were 330 instances of viewing or downloading files on December 20, 2021. On his final day (December 21, 2021), the employee downloaded his entire work Skype chat log.
The downloaded materials contained sensitive information across six categories: investment strategies, research databases, business development materials, client information including banking details, operational materials, and regulatory/legal advice.
The employee offered different justifications for each set of downloads. For the December 8 downloads, he claimed to be searching for missing payslips. The court found this implausible, noting it "beggars belief" that payslips would be in folders clearly labeled for company work.
For the December 20 downloads, he claimed these were for proper handover preparation. Based on technical evidence from forensic experts, the court concluded these were likely saved to the company laptop rather than his personal device.
For the December 21 downloads of Skype logs, he claimed these were needed as evidence for potential regulatory complaints about missing payslips. The court rejected this explanation, noting he had already taken relevant screenshots before that date.
A critical turning point involved the employee's actions after legal proceedings began. When ordered to produce his devices for forensic inspection, he deleted most applications before surrendering them.
Justice Dedar Singh Gill noted this deletion "greatly hampered" forensic experts' ability to determine when company documents were deleted by destroying crucial metadata. The timing—immediately after receiving the court order—significantly influenced findings against the employee.
The judge stated: "It lies ill in the mouth of [the worker] to say... that [the employer] has no evidence to show that he retained [the employer's] documents beyond the termination of his employment, when the only reason [the employer] does not have such evidence is due to [the worker's] intentional and deliberate acts of deleting the applications."
The court ruled the employee breached both contractual and equitable obligations regarding the December 8 and December 21 downloads by accessing, downloading, and retaining them beyond his employment.
For the December 20 downloads, no breach was found as these were determined to be on the company laptop that was returned upon employment termination.
The court ordered deletion of Google Drive cache files remaining on the employee's MacBook from the December 8 downloads, to be conducted under employer supervision. Damages would be assessed in a separate proceeding.
This case emphasizes that employees must respect confidentiality obligations during notice periods. Courts examine technical evidence closely to determine whether contractual duties were breached. Tampering with electronic evidence can severely damage a defendant's case. Even when pursuing legitimate concerns like missing payslips, employees must use proper channels rather than unauthorized mass downloads. Companies should ensure clear communication of IT security policies to all employees.
