Few actions can hurt business prospects as discovering an employee has walked out the door with your company's confidential information and trade secrets. Client lists, pricing strategies, proprietary algorithms, business plans, in the time it takes to zip a folder and click "send," years of competitive advantage can vanish. If you find yourself in this situation, Singapore law offers a meaningful arsenal of responses. The challenge lies in choosing the right weapons, and moving fast enough to use them.
The Criminal Route: The Computer Misuse Act
Most employers instinctively reach for a civil lawyer, but Singapore's Computer Misuse Act ("CMA") provides a powerful and often underused alternative. The CMA criminalises unauthorised access to computer data and crucially, it does not require you to prove that the stolen information was commercially valuable, that copyright subsists in it, or even that it qualifies as a trade secret. Unauthorised access to the data is, by itself, an offence.
Koh Keng Leong Terence v Zhang Changjie [2023] SGMC 96 illustrates both the power and the limitations of this route. Zhang, a trader at proprietary trading firm Genk Capital, covertly emailed thousands of the firm's files to his personal Gmail and Google Drive before resigning the next day to join a direct competitor. He was convicted under the CMA and fined the maximum penalty of S$5,000.
The strategic advantages of a criminal action are significant. It sends an unambiguous message that your organisation will not tolerate data theft. It also unlocks tools unavailable in civil proceedings, private search and seizure warrants, for instance, can be used to secure evidence before it is destroyed. However, it is noteworthy that Singapore still lacks a dedicated criminal offence for trade secrets theft, and the sentencing framework under the CMA does not yet fully reflect the commercial harm such theft causes. The maximum fine remains modest relative to the damage inflicted.
The Civil Route: Breach of Confidence and Contract
Civil proceedings remain the primary tool for most employers, and Singapore's courts have developed a sophisticated framework for protecting confidential information.
A breach of confidence claim in Singapore is now governed by the modified approach established by the Court of Appeal in I-Admin (Singapore) Pte Ltd v Hong Ying Ting [2020] SGCA 32. Under this approach, once an employer establishes that information was confidential and was accessed or acquired without authorisation, a breach of confidence is presumed. The burden then shifts to the defendant to prove that their conscience was unaffected.
This is a significant development for employers. The I-Admin approach specifically addresses situations where an employee wrongfully accesses or acquires confidential information but has not yet used or disclosed it, closing a gap in the traditional Coco v AN Clark test, which required proof of actual unauthorised use and resulting detriment.
The recent High Court decision in Hayate Partners Pte Ltd v Rajan Sunil Kumar [2025] SGHC 41, reinforces this protection further. The court found that an employee's authority to access company data exists strictly for work purposes, an employee who downloads confidential files for personal reasons becomes a "taker" and bears the burden of demonstrating a clear conscience. Notably, the court also drew an adverse inference against the employee when he deleted applications from his devices after a court inspection order a stark reminder that cover-up attempts can backfire badly.
Civil remedies available to employers are broad. They include urgent interim injunctions to halt further use or disclosure, orders requiring the employee to deliver up devices for forensic examination, and monetary claims for lost profits, loss of business opportunities, or an account of profits made by the defendant through wrongful use of your data.
Preserving Digital Evidence
Whichever route you choose, your first priority must be evidence preservation. Digital evidence is fragile it can be deleted, overwritten, or corrupted within hours. Immediately upon suspecting a breach, businesses should isolate affected devices and accounts, work with IT to pull access logs, email repository records, and download histories, and engage a computer forensics professional to image devices and reconstruct digital footprints before any evidence degrades. Maintaining a clear chain of custody, documenting every person who handles the evidence, and when, is essential to ensuring admissibility in court.
Choosing Your Strategy
The choice between criminal and civil action is not always binary. Criminal proceedings and civil litigation can run in parallel. Criminal prosecution carries reputational deterrence and access to evidence-gathering tools; civil claims deliver financial compensation and injunctive relief.
What is non-negotiable is the need to act immediately, engage experienced legal counsel, and ensure your internal IT and contractual safeguards are in order before the next departure. The primary responsibility lies with the employer. Watertight employment contracts, clearly communicated IT security policies, and robust off-boarding protocols will not guarantee that no employee ever steals from you but they will ensure you are in the strongest possible position when one tries.