Breach of confidence is a specialized legal concept designed to safeguard the secrecy and privacy of sensitive information. Unlike conventional torts rooted in English common law, this doctrine emerged from equity, reflecting an ethical duty to maintain confidentiality whenever information is disclosed under circumstances implying trust. Over time, breach of confidence has evolved significantly, addressing modern realities of corporate espionage, privacy law, and digital data leaks. Its overarching purpose is to prevent parties from profiting—financially or otherwise—by wrongfully exploiting or sharing information that was meant to remain confidential.
Historical Equitable Foundations
In equity’s early days, English courts recognized that certain obligations arose out of good conscience rather than strict legal rules. These courts stepped in when common law remedies fell short, penalizing behaviour that violated trust. Over centuries, breach of confidence has grown from being an equitable principle used in limited contexts (e.g., confidential letters or business secrets) into a robust cause of action covering personal, corporate, and governmental data. This adaptability persists, enabling Canadian courts to apply breach of confidence flexibly across diverse scenarios—from sensitive family details to trade secrets in complex technology firms.
Why Breach of Confidence Matters
In the modern era, the rise of digital communication and remote data storage amplifies the vulnerability of information. A single leak can compromise customer databases, proprietary formulas, or government secrets, inflicting significant monetary, reputational, or strategic losses. Contract law and tort law alone are sometimes insufficient for these scenarios, especially if no explicit agreement was signed. By offering an independent route to recover damages or secure injunctions, breach of confidence underscores the gravity of upholding trust in commercial dealings, professional services, and personal relationships.
To establish a breach of confidence, courts in Ontario require three fundamental elements to be satisfied:
1. Confidential Nature of the Information
The data or material must genuinely be secret or not readily accessible to the public. This can extend to anything from business plans to personal diaries, provided it holds value by virtue of its secrecy.
2. Obligation of Confidence
The context in which the information was disclosed must create a reasonable expectation of confidentiality—often arising through non-disclosure agreements (NDAs) or inherent relationships like lawyer–client, doctor–patient, or employer–employee. Even absent a formal contract, the law may imply confidentiality if the circumstances suggest trust and exclusivity.
3. Unauthorized Use to the Detriment of the Informant
The breach must involve unauthorized use or disclosure leading to harm—be it financial loss, reputational damage, or strategic disadvantage. Courts consider if the defendant’s actions reasonably caused or risked detriment to the plaintiff’s interests.
Illustrating the Three Elements
A software engineer entrusted with proprietary code uses it to launch a rival product. The code’s confidential nature, plus the engineer’s implied duty to the employer, and the resultant harm (loss of market share) satisfy these elements.
An accountant who reveals private financial data about a client’s upcoming merger to a third party also ticks each box: the data was secret, the relationship implied confidentiality, and the client’s strategic position is compromised.
Proving “detriment” may not always equate to direct monetary harm—courts recognize intangible damages, such as damage to corporate goodwill or loss of a competitive advantage.
Under Canadian law, breach of confidence covers a wide breadth of sensitive data—ranging from trade secrets in tech start-ups to personal health records. The evolution of case law in neighbouring jurisdictions (England, Australia, New Zealand) also influences Canadian jurisprudence. While each province shapes its procedural nuances, the core principle remains that trust and reasonable expectations of privacy must be upheld, or else legal recourse is warranted.
Commercial Contexts
In business, breach of confidence frequently arises with high-stakes corporate secrets (like manufacturing formulas, expansion strategies) or intangible elements (like customer lists, pricing structures). Plaintiffs use breach of confidence to fill gaps left by contract law if no explicit NDAs exist, or if a cunning defendant claims no formal promise was given. By resting on equitable principles, Canadian courts can still impose liability when fairness demands it.
Aligning With Other Legal Systems
Like the English approach, Canada’s legal system also punishes unjust enrichment derived from confidential data, sometimes employing accounts of profits or constructive trusts to disgorge gains. The synergy between local rulings and broader Commonwealth precedent helps sustain a consistent global standard. Consequently, Canada’s breach of confidence framework is robust enough to handle cross-border disputes, where multiple countries’ laws might otherwise complicate enforcement.
Contract Law
Confidentiality often merges with contractual obligations. NDAs or confidentiality clauses define permissible data usage, and breach of confidence can reinforce these terms or act as a fallback if formal contracts are absent. The courts can infer an implied duty of confidence from the nature of the relationship (e.g., an employee with special access to R&D labs) even if no written agreement exists.
Tort Law
While separate from conventional torts like negligence or defamation, breach of confidence overlaps with privacy rights or tortious interference. For instance, a third party might induce someone to violate confidentiality—possibly giving rise to an action grounded in both tort and breach of confidence.
Unjust Enrichment
If the defendant profits from confidential data without equivalently disadvantaging the plaintiff, or obtains a windfall absent a corresponding deprivation, unjust enrichment might still apply. In practice, breach of confidence and unjust enrichment complement each other, letting plaintiffs recoup ill-gotten gains even if direct financial harm is tougher to quantify.
Fiduciary Duty
Where a fiduciary relationship exists—like a trustee–beneficiary or director–corporation dynamic—misusing confidential data can simultaneously breach both the fiduciary duty and the duty of confidence. Courts tend to impose stiffer penalties for breaches involving fiduciaries, as these roles demand heightened loyalty and trust.
Intellectual Property
Breach of confidence dovetails with IP rights by plugging gaps where, for instance, an invention or creative work does not meet formal patent or copyright thresholds. Even if no registration or statutory IP protection applies, confidentiality law can still protect the know-how or intangible assets from unauthorized exploitation.
Confidential information is anything that derives value from its secrecy—information whose public exposure would diminish or negate its advantage. For instance:
Business Plans: Expansion blueprints, marketing tactics, or R&D roadmaps.
Trade Secrets: Recipes, formulas, or algorithms not patented but kept under wraps.
Personal Data: Health records, private messages, undisclosed personal affiliations.
Government/Corporate Classifieds: Sensitive documents concerning national security or corporate mergers.
Relevant Considerations
Accessibility: If data is already in the public domain, it loses confidential status.
Circumstances of Disclosure: Courts examine if the disclosing party intended it to remain secret or took steps (like restricted access, NDAs) indicating that expectation.
Contextual Sensitivity: Information that has minimal value or is widely known typically fails the confidentiality threshold.
1. Business Information
Encompasses client lists, financial records, pricing strategies, technical specifications, or secret recipes. A renowned restaurant chain might guard its seasoning formula, bestowing it only on select staff to preserve uniqueness.
2. Personal Information
Sensitive personal data—health details, family history, private correspondence—released in a context implying secrecy (e.g., doctor–patient) remains protected.
3. Government Information
Classified state documents or operational intelligence can carry high stakes, with unauthorized disclosure incurring both civil liability and potential criminal repercussions.
Once data enters the public realm, it no longer qualifies as confidential. Thus, controlling the flow of information is paramount; even inadvertent leaks can destroy the protective veil.
Confidential information loses its protective status if it becomes readily accessible—e.g., through publication or broad distribution. This principle underlines the necessity of tight security measures, from password-protected files and locked cabinets to rigorous staff training. Plaintiffs who fail to demonstrate consistent safeguarding efforts may find it harder to claim breach of confidence, as courts scrutinize whether the holders themselves treated the information with the seriousness it deserved.
Express and Implied Obligations
Information might be disclosed under a formal NDA (express), spelling out usage limits and penalties for breach. Alternatively, confidentiality may be implied if the relationship—like a law firm retaining client data—makes the obligation self-evident. Judges weigh the circumstances—whether the data was labelled “confidential,” how it was transmitted, and the parties’ roles—to determine if an implied duty exists.
Situations Leading to Obligations of Confidence
1. Professional Relationships
Lawyer–client, accountant–client, or doctor–patient interactions inherently embed confidentiality. Professionals must preserve client secrets or risk disciplinary measures and civil liability.
2. Business Transactions
Mergers, acquisitions, or partnerships often involve data-sharing (e.g., trade secrets, financial statements). NDAs or confidentiality clauses typically govern these deals; a breach can trigger major lawsuits.
3. Employment
Staff often access privileged corporate insights (like product prototypes). Employment agreements commonly contain confidentiality clauses, enforceable even post-termination to protect intangible corporate knowledge.
What Constitutes a Breach
Unauthorized Use: Deploying the information outside the original disclosure terms (e.g., using internal product roadmaps to create a rival brand).
Disclosure to Third Parties: Communicating secrets to outsiders—through carelessness or intentional release—who are neither authorized nor bound by confidentiality.
Harm or Potential Harm: The plaintiff need only show a realistic risk of detriment—loss of competitive advantage, reputational damage, or missed opportunities.
Examples of Breach Scenarios
Employee Misusing Trade Secrets: A software engineer migrates to a competitor, replicating algorithms gleaned from the former employer’s source code.
Professional Disclosing Client Data: An accountant or lawyer shares details about a client’s finances or strategies with third parties without consent.
Partnership Betrayal: A co-owner reveals development plans for a new product line to an external manufacturer, undermining the partnership’s exclusive arrangement.
Responsibilities of Third Parties
Even unintended recipients of confidential information must respect it—once aware it is proprietary. Courts can impose liability if the third party knowingly exploits or spreads the data. They may be ordered to cease use, destroy copies, or pay damages if they benefited financially. Ignorance or unawareness might excuse them until they realize the data’s confidential nature, after which continuing usage can be actionable.
Liability of Third Parties
Defendants who engage in “indirect benefit” can face restitution or disgorgement. For instance, if a competitor obtains leaked trade secrets from a disloyal employee, the competitor might owe an account of profits from any advantage gleaned. This ensures that no one can gain from someone else’s breach, aligning with equity’s principle of fairness.
Rights of the Original Holder
The primary right of action belongs to the party whose information was compromised—the original creator or owner. However, certain business relationships or partnerships can extend these rights to other stakeholders who share or rely on the same data (like a joint R&D project).
Assignment of Rights
In some scenarios—like a sale of business assets—the buyer inherits the right to sue for prior misuse or ongoing breaches. Assignments must be clearly documented within the transaction, ensuring the new holder can enforce confidentiality. Courts typically require explicit reference to the right to sue for past or ongoing violations.
Cases Involving Multiple Parties
Multi-party disputes might involve a chain of entities who each received confidential data. The court then navigates layers of obligations—who had the original rights, who assumed them, and at what point the confidentiality was supposed to end. Clear definitions of roles and responsibilities reduce confusion in these complex setups.
Common Defences
1. Public Interest
Disclosure was critical for revealing wrongdoing (e.g., whistleblower scenarios) or safeguarding public safety. Courts weigh the overall benefit of exposure against the plaintiff’s right to secrecy.
2. Consent
If the original holder authorized usage or distribution—whether explicitly or impliedly—the defendant’s actions might be justified. Defendants typically must produce strong evidence of consent to avoid liability.
3. Information Already in Public Domain
Once data is widely accessible, it can no longer be “confidential.” The defendant may show the info was previously published or easily obtainable.
4. Lack of Detriment
If no real harm (financial, reputational, or strategic) occurred or is likely, plaintiffs face an uphill battle proving a breach.
Balancing Public Policy and Private Rights
Some disclosures serve vital societal objectives—like exposing corruption. Courts carefully examine the magnitude of public interest, ensuring not to overshadow legitimate confidentiality. If the public interest is modest compared to the plaintiff’s severe harm, confidentiality often prevails.
Adjudicating breach of confidence entails balancing conflicting needs: the plaintiff’s right to control their confidential data vs. the public’s or defendant’s interest in disclosure. Overly strict protection might hamper freedom of expression or important investigative journalism. Conversely, lax protection dissuades innovation and trust in business or personal dealings. Courts weigh each claim’s context, measuring the plaintiff’s steps to protect data, the gravity of potential harm, and any overriding policy reasons for disclosure.
Adapting to the Digital Age
With rising data breaches, cyber espionage, and global info flows, Canadian courts are refining how they quantify intangible harms and intangible profits in breach of confidence cases. Judges increasingly consult IT forensics to pinpoint the scope of data compromise. The shift underscores a commitment to flexible legal standards that adapt to real-world complexities, like the unstoppable spread of leaked documents on the internet.
Emphasis on Prevention and Quick Remedies
Recent rulings highlight a readiness to grant urgent injunctions or Anton Piller orders (civil search orders) to retrieve improperly obtained data. This swift approach reflects a move away from waiting until harm fully unfolds, acknowledging that the immediacy of digital leaks can devastate the plaintiff’s advantage.
Injunctive Relief
Injunctions remain a primary recourse, barring defendants from further disclosure or requiring them to halt usage. Courts weigh the plaintiff’s immediate need for protection vs. any prejudice to the defendant. Provisional (interlocutory) injunctions can freeze the situation while a suit proceeds, preventing irreversible harm.
Damages
Plaintiffs may seek monetary awards for lost profits, brand erosion, or the cost of mitigating a leak. Courts review how the defendant’s breach concretely impacted the plaintiff. Damages can also include compensation for time and resources spent rectifying disclosures or reconstructing business strategies compromised by espionage.
Account of Profits
If the defendant profited from wrongful use—e.g., launching a competing product using stolen formulas—courts can order disgorgement, forcing them to surrender gains. This prevents unjust enrichment and underscores equity’s aim: no party should keep ill-gotten benefits.
Delivery Up and Destruction
Courts may mandate delivery up (handing over all copies, documents, or media containing the confidential info) or the destruction of said materials. These orders reclaim the data’s control for the rightful owner, thwarting further leaks or repeated misuse.
Declaratory Relief
A declaratory judgment clarifies each side’s rights and duties—such as affirming the data’s confidential status or stating that certain usage is unauthorized. This official recognition helps guide parties’ future conduct, reducing the risk of repeated disputes.
If you suspect confidential information has been compromised—or if you are defending against alleged unauthorized disclosure—reach out to Grigoras Law. We proudly serve businesses, professionals, and individuals across Ontario, combining meticulous investigation with tailored legal strategies to safeguard your proprietary or personal data. Our firm is committed to:
Disclaimer: The answers provided in this FAQ section are general in nature and should not be relied upon as formal legal advice. Each individual case is unique, and a separate analysis is required to address specific context and fact situations. For comprehensive guidance tailored to your situation, we welcome you to contact our expert team.
Confidential information refers to data or details that are not publicly available and have been shared with an expectation of privacy. This can include trade secrets, business plans, client lists, technical specifications, financial records, and personal data. For information to be considered confidential, it must be treated as such by the parties involved and should not be easily accessible to others. Confidentiality is often established through agreements, but it can also be implied based on the nature of the relationship, such as between a doctor and patient or lawyer and client. The key factor is whether the information holds value due to its secrecy and whether its disclosure could harm the party that provided it.
The law requires that confidential information must have the necessary quality of confidence about it. This means that it is not trivial or public knowledge and is kept secret. Additionally, the information must have been shared in circumstances that imply an obligation of confidentiality. This can occur in professional settings, business transactions, or personal relationships. It is essential to clearly define and communicate what constitutes confidential information to all parties involved to ensure that it is adequately protected.
The legal consequences of breaching confidentiality can be significant and multifaceted. A party found to have breached confidentiality may face various legal remedies, including injunctions, damages, and account of profits. An injunction may be issued to prevent further disclosure or use of the confidential information, thereby protecting the injured party’s interests. Damages can be awarded to compensate the injured party for any financial losses or harm caused by the breach, including loss of business opportunities or damage to reputation. Additionally, the court may order an account of profits, requiring the breaching party to surrender any gains made from the misuse of the confidential information.
In some cases, reputational damage and loss of trust can have long-lasting effects, impacting professional relationships and business opportunities. Legal proceedings can be complex and costly, making it crucial to seek experienced legal counsel to navigate these issues effectively. Furthermore, breaching confidentiality can lead to a breakdown in business relationships and could result in additional legal claims such as breach of contract or fiduciary duty. It is essential to understand the full scope of potential consequences to mitigate risks and respond appropriately.
Protecting your confidential information involves several proactive steps. Firstly, implement robust confidentiality agreements with employees, business partners, and contractors to clearly outline expectations and obligations. These agreements should specify what information is considered confidential, the duration of confidentiality, and the consequences of breaches. Secondly, limit access to sensitive information to only those who need it and use secure methods for storing and sharing data, such as encryption and password protection.
Regularly train employees on the importance of confidentiality and the potential consequences of breaches. Establishing a culture of confidentiality within your organization can help prevent accidental disclosures and reinforce the seriousness of maintaining secrecy. Additionally, monitor and audit the use of confidential information to detect any unauthorized access or misuse early. If you suspect a breach, act swiftly to investigate and mitigate the impact. Legal measures, such as seeking an injunction, can also be taken to prevent further disclosure and protect your interests.
If you are accused of breaching confidentiality, it is essential to take the accusation seriously and seek legal advice immediately. An experienced lawyer can help you understand the allegations and evaluate your options. Begin by gathering all relevant documents and evidence related to the confidential information and the circumstances of its disclosure. This may include emails, agreements, and any communications with the party alleging the breach.
Your lawyer can help you build a defence, which may involve proving that the information was not confidential, that it was disclosed with permission, or that the disclosure was necessary and lawful. It is also crucial to refrain from further disclosing the information and to follow your lawyer’s advice closely to protect your legal position. Additionally, you may need to engage in settlement discussions or mediation to resolve the issue without escalating it to court. Addressing the accusation promptly and professionally can help mitigate potential damage to your reputation and business relationships.
Yes, third parties can be held liable for using confidential information if they knew or ought to have known that the information was confidential and obtained through improper means. The law imposes obligations on third parties to respect the confidentiality of information they receive. If a third party benefits from the misuse or disclosure of confidential information, they can be subject to legal action, including injunctions, damages, and account of profits.
Third-party liability often depends on the circumstances under which the information was acquired. For instance, if a third party knowingly received confidential information from someone who was breaching their duty of confidence, they could be held accountable. The courts may also consider whether the third party acted in good faith or whether they took steps to verify the confidentiality status of the information. Seeking legal advice is crucial to understand the specific circumstances and potential liabilities involved in such cases. It is important to take appropriate measures to ensure that you are not inadvertently using or disclosing confidential information improperly obtained.
Grigoras Law provides smart, strategic counsel in civil litigation, business law, and appeals across Ontario.
Smart, Strategic Counsel.
GRIGORAS LAW - Civil Litigation and Business Lawyers Toronto © 2025 All Right Reserved
our team of experienced lawyers are at your service
