I knew it from the moment he asked her to connect

What can be done if your confidential client lists are used to network online?


Imagine this, it's Wednesday 8:45 am. Hump Day. You settle down at your computer. As the emails download you raise a hard earned coffee to your lips… and there's that hot buttery bagel just waiting for you to take a bite...

Oh great… Mrs H has emailed again. Better read that one… delay bagel gratification a moment longer…

What the…? How? He asked to connect with her on LinkedIn? No! ...No!

Mrs H is mad… really mad. Your ex-employee contacted her. He called her ‘honey45’ – that’s the unique handle that she trusted only you with! How did he get her handle? Mrs H says it’s a breach of her client confidentiality! She says she’s going make a complaint about you to the Commissioner. Mrs H is a great client. This is bad.

You check his profile on LinkedIn. He has literally thousands of connections. Your coffee goes cold… you dig deeper… Looks like he’s connected with a lot of your clients, quite a lot of them in fact… this isn’t right! He only worked for you for a month! The bagel becomes rubbery… this is not fair.

You email him, he denies it. You send him a serious letter and eventually he accepts that, yeh… okay… LinkedIn must have ‘somehow’ mined your client database when he was working for you. But he’s not going do anything about it. Your contacts were in the public domain – it’s just too bad.


Social networking sites like Facebook, LinkedIn and Twitter allow their members to upload bulk email addresses and other contact lists to request personal connections. Depending on the platform, these connections, once made, can be publicly displayed on a member’s personal profile or exploited in other ways, for example through direct messaging.


Various areas of the law may potentially apply in this situation, such as copyright, contract, equity and privacy.

Not all client lists or other databases of customer names, addresses and other such information are entitled to protection under Australian copyright law.

However, sufficiently detailed client lists that are of commercial value to a business and which were developed through the ‘sweat of the brow,’ or, by ‘application of the skill and ingenuity of the human brain’ will generally attract a quality of confidence that is a protectable in law. This is so even if the list was ‘constructed solely from materials in the public domain’ such as Facebook or LinkedIn, because the value of the list to the business derives from the fact that there is no alternative publicly available ‘directory.’ 

Where a confidential client list is entrusted to an employee for a limited purpose, it should only be used for that purpose. An employee would probably be in breach their duty of good faith and their equitable obligation to preserve the confidence of their employer if they were to disclose or use the list without their employer’s consent, regardless of whether they were also contractually bound to keep it confidential.

Businesses have a legitimate interest in retaining their customers and, depending on the circumstances, they may legally restrain their current or former employees and contractors from undermining those valuable connections.


If you engage employees or contractors, you should ensure your contractual arrangements with those people expressly identify your customer registers, client lists and relevant files or databases as being confidential information that belongs to you.

Where your contractor or employee is likely to be in a position that he or she may establish a personal relationship with your clients to such an extent that those clients could, for whatever reason, follow the contractor or employee if they were to move away from your business, you might want to consider including reasonable restraint of trade clauses in your contract with that person.

If you happen to be in the unfortunate situation that an (ex)employee or (ex)contractor has retained, disclosed or otherwise misused your confidential client lists, they may be in breach of their contract with you, in breach of their equitable duties of confidence and good faith to you, and, you may be entitled to obtain from a court an injunction for the delivery up and destruction of the documents.

Furthermore, where you hold personal information about your customers, the unauthorised access, use or disclosure of that information may be a notifiable data breach under the Privacy Act 1988 (Cth). Click to read about notifiable data breaches at blueprint4privacy.com.

In circumstances where that list has been disseminated in the public domain, you might be entitled to damages or an account of profits for any harm caused by that conduct to your business. Usually loss or damage will occur through a loss of goodwill associated with a business reputation, although there might be other causes.



Our specialist areas include media, entertainment, technology, privacy and litigation.



Liability limited by a scheme approved under Professional Standards Legislation.