Global Processing Services (UK) Limited v Vladimir Yanpolsky & Anor.

Key principles and decision: The court granted summary judgment for the claimant in a claim for breach of confidence and injunction relief to prevent threatened misuse and disclosure of confidential material disclosed to the first defendant in criminal proceedings. The judge applied the three Coco v A.N. Clark elements for breach of confidence (quality of confidence; imparting in circumstances importing an obligation of confidence; and unauthorised use to the detriment of the confider) and held that the disclosed material had the necessary quality of confidence and had been imparted in circumstances importing an obligation of confidence.

The court considered the disputed question of any implied undertaking attaching to material disclosed in criminal proceedings, reviewed Mahon v Rahn and Taylor v Director of the Serious Fraud Office, and concluded that it was bound to follow Mahon v Rahn on the issue of "used" material. Even without relying on an implied undertaking, the claim in breach of confidence succeeded because the defendants had no realistic prospect of establishing that the threatened use of the disclosed data fell within any exception (neither the public interest nor any purpose/appeal exception applied to contacting individual cardholders).

Background and parties:

• The claimant is a payments processing technology provider. The first defendant was its former chief technical officer; he was arrested and later convicted following a 2017 cyber-attack. The Crown disclosed a large electronic exhibit (the Exhibit) containing over 11 GB of material to the first defendant in the criminal proceedings (the Disclosed Data).
• The defendants (the first defendant and his wife, the second defendant) thereafter used and threatened to use parts of the Disclosed Data in various emails to third parties (including Visa, Mastercard, regulators and banks) and threatened to contact individual cardholders to notify them of an alleged data breach.

Procedural posture and relief sought: The claimant sought summary judgment and injunctive relief for breach of confidence, delivery up and destruction/deletion of disclosed material, following correspondence and an earlier interim injunction made by Collins Rice J. The application was heard as a summary judgment rule 24 application asking whether the defendants had a real prospect of successfully defending the claim.

Issues framed by the court:

1. Whether the Disclosed Data had the necessary quality of confidence.
2. Whether the Disclosed Data was imparted in circumstances importing an obligation of confidence (including whether an implied undertaking attached to material disclosed in criminal proceedings).
3. Whether there had been unauthorised use or threatened use of the Disclosed Data and whether any exceptions applied: (a) use for the purposes of the criminal proceedings or a proposed appeal (the purpose/appeal exception); or (b) public interest.
4. Whether the claimant had suffered or would suffer detriment and whether injunctive relief was appropriate in all the circumstances.

Court's reasoning and findings:

• The judge held there was no realistic prospect of the defendants successfully disputing that the Disclosed Data had the necessary quality of confidence and was imparted in circumstances importing an obligation of confidence; the defendants themselves repeatedly treated the material as confidential in their communications.
• The court considered the difficult authority question whether an implied undertaking arises in respect of "used" material disclosed to an accused. After review of Mahon v Rahn and Taylor v SFO, the judge concluded he was bound by Mahon v Rahn in relation to used material but observed the law on the point was uncertain. He did not need to rely on an implied undertaking to decide the case.
• The defendants relied on two exceptions. The public interest exception failed because the threatened use (contacting individual cardholders and offering to supply their data) was neither limited nor proportionate and plainly not in the public interest. The purpose/appeal exception also failed in relation to the threatened contacting of individual cardholders because that threatened action was not shown to be done for the purpose of an application for permission to appeal or an appeal; contacting cardholders would not reasonably assist the proposed appeal.
• The threatened conduct would damage the claimant's reputation and the claimant legitimately sought injunctive relief. The court accordingly granted summary judgment on the threatened misuse and an injunction in the terms sought.

Other procedural notes: The court also made an order restricting access to court files because of the confidential nature of the underlying evidence.

Summary judgment for the claimant on the threatened misuse of the disclosed data; an injunction was granted prohibiting use, preservation, dissemination or disclosure of the Disclosed Data and ordering delivery up and destruction/deletion as sought. Rationale: the Disclosed Data had the necessary quality of confidence and was imparted in circumstances importing an obligation of confidence; the defendants had no realistic prospect of showing their threatened use fell within a public interest or purpose/appeal exception. The court noted uncertainty in authority about implied undertakings for "used" material but followed Mahon v Rahn on that point.