In brief
The recent decisions of the Singapore High Court in ATT Systems (S’pore) Pte Ltd and another v Centricore (S) Pte Ltd and other [2025] SGHC 13 and Centricore (S) Pte Ltd and others v ATT Systems (S’pore) Pte Ltd and another [2025] SGHC(A) 17 (“ATT Decisions”) reinforce the Singapore Courts’ commitment to protecting employers’ confidential information against the actions of errant employees. The ATT Decisions are also an important reminder to employees of their duties of loyalty and good faith to their employer during the course of their employment.
In the ATT Decisions, the digital footprints left by certain employees as they exited their employer was noted by the Courts, as they unequivocally showed a course of conduct of certain employees, during the course of their employment, misappropriating confidential information belonging to their employer in connection with plans to leave their respective roles to engage in competing activities.
The ATT Decisions are a timely reminder that pre-emptive actions by employers working closely with legal advisors and digital forensics experts can help detect breaches of confidentiality and employee obligations, enable swift action with a view to preserving employer rights and mitigate risks of loss, damage and significant harm to employers.
Key takeaways/recommended actions
Under Singapore laws, employees are entitled to leave their roles at any time, including making payment to leave immediately. To protect proprietary interests, trade secrets and confidential information and to ensure business continuity, it is important for employers to build robust protocols and governance frameworks in relation to obligations of key executives and employees. Employers should monitor unusual employee activity and manage employee departures from the moment an employee gives notice to the last day of employment.
Some recommended key actions:
- Having robust contractual provisions to strengthen employee obligations during employment and post-termination. For example:
- Restrictive covenants (RCs) are a fairly common feature in employment contracts. However, when not drafted with the particular employee in mind, they can end up being not fit for purpose. For example: Can the employer identify the legitimate proprietary interest being protected? Is the restriction, geographical or temporal, reasonable? RCs warrant careful consideration, especially if the obligations imposed on the employee are onerous.
- Contractual obligations around the return of confidential information upon termination (or resignation) and protocols/directives around secure deletion and acceptable use and/or device-specific policies should be drafted clearly and in an unambiguous fashion. This allows for clear steps/procedures to be executed leading up to an employee’s termination of employment. Vice versa, if an employee had disposed of confidential information belonging to an ex-employer, it would be prudent for the employee to retain evidence of disposal/destruction. In the ATT Decisions, the Court found that bare assertions of deletion of confidential information and destruction of external storage devices used to store said confidential information will not suffice. As these items were always within the possession and control of the departed employees, the onus is on the employees to adduce evidence to support the assertion.
- Strengthen controls and improve your ability to quickly address any potential wrongdoing by:
- Having a clear understanding of and definitions as to what you consider to be confidential information, including any particularly sensitive information that your business is built around e.g., proprietary algorithms or source codes.
- Limiting access to sensitive files and folders to only those who need-to-know, and keeping reliable activity and access records.
- Restricting the use of personal storage platforms and non-approved devices.
- Implementing enhanced oversight of email inboxes, devices, etc. where managers have reason to suspect an exit might be imminent or after notice of resignation is provided.
- Act quickly when red flags appear by:
- Briefing trusted advisors such as legal counsel and digital forensics experts as soon as possible. Coordination between legal teams and digital forensics experts can provide a significant early advantage when it comes to shaping pleadings and arguments, as well as in formulating strategies for settlement negotiations.
- Securing devices promptly and reviewing recent access or download patterns.
- Preserving records that may disappear quickly, including activity logs.
- Mapping out potential coordinated conduct early where several people appear to be acting together.
In more detail
Employee exits always carry legal and commercial risks. The ATT Decisions show how digital forensics can play a critical role in proving whether employees have breached their duties of loyalty and confidence to their employer. In particular, the ATT Decisions underscore how forensic traces, such as mass deletions and unauthorised use of cloud storage, coupled with evidence of employee coordination, can become the primary narrative of wrongdoing. Baker McKenzie’s recent client alert on this decision provides a useful analysis of the findings.
The importance of digital forensics in evidence collection
Digital forensic artefacts that reveal preparation, coordination and concealment by the errant employees constitute compelling evidence. Examples of forensic artefacts commonly identified and presented as evidence of wrongdoing include:
- Bulk copying and exfiltration of employer data to an employee’s personal devices, private email accounts, or cloud storage shortly before resignation or during notice periods.
- Coordinated activity by multiple employees seemingly unrelated to their ordinary roles and responsibilities evidenced through communications and sharing/distribution of information such as chat messages on internal messaging platforms or inadvertent forwarding of messages to group chats.
- Mass deletion and/or wiping of data before returning company devices, or the use of anti-forensic tools without authorisation or approval.
- Evidence of an increase in access to sensitive or commercially valuable information shortly before resignation or during the notice period.
The ATT Decisions highlight how these types of forensic artefacts can serve as strongly persuasive evidence of wrongdoing. Given the ease with which employees can exfiltrate large volumes of sensitive information, forensic audits are increasingly no longer only conducted “after the fact” i.e., after a major breach has come to an employer’s attention. Organisations that rely heavily on confidential and/or proprietary information should consider incorporating forensic reviews into standard exit protocols, particularly for senior employees or those with access to sensitive information.
Early forensic insight can shape pleadings, remedies and settlement negotiations by enabling parties to quickly identify and marshal the facts relevant to potential causes of action. Delay in engaging legal advisors or digital forensic experts runs the risk of volatile digital evidence being lost, including digital evidence subject to automatic deletion before preservation steps are implemented. This may also weaken the ability to obtain urgent interim relief such as injunctions.
What can employers take away
Employers should adopt both proactive and reactive strategies when managing employee departures. This means implementing safeguards before issues occur, and taking swift, targeted action when concerns arise. Some of the key steps include:
- Using appropriate workplace monitoring, that is lawful and purpose-driven, aligned with Personal Data Protection Act (PDPA) obligations. Have clear upfront policies that enable employers to identify unusual activity, such as mass downloads, unusual file access or attempts to move information externally or to non-sanctioned environments, without invading employee privacy.
- Controlling the use of personal storage and USB drives by discouraging or blocking the use of personal cloud accounts and personal USB devices for work materials. Where such tools are necessary, provide approved and monitored alternatives that the company can oversee.
- Ensuring policies and contracts clearly define what constitutes confidential information. Even where information doesn’t rise to the level of a “trade secret”, it may still be protected under an equitable obligation of confidence. Employers should therefore, consider broadening the scope of confidential information.
- Requiring employees to return all company information upon departure and confirm that no copies have been retained. Employees do not have the right to retain company data post-termination. Effective governance requires a “Clean Desk/Clean Drive” policy that is legally enforceable through employment agreements.
- Data governance should be linked to HR policies. Tie moments such as promotions, resignations or performance concerns should trigger reviews of access rights and data handling. An employee’s duty of good faith and fidelity continues until their final day of employment, any preparatory steps to compete using company data may amount to actionable breaches.
- Treating resignations as high-risk events, especially for senior/revenue-generating roles, should trigger heightened data protection and preservation steps. Employers should move quickly to safeguard company information by securing work devices, reviewing access logs and ensuring no data is being moved off the system. The period leading up to and immediately following resignation is often when data exfiltration, coordination and deletion activity most commonly occurs.
In the current legal landscape in Singapore, employee conduct involving company information in the lead up to departure can materially shape the outcome of a dispute. Acting early and having the ght governance frameworks in place can make all the difference in the eventual outcome of a dispute.
In the ATT Decisions, Ms. Celeste Ang, Mr. Pradeep Nair, Mr. Spencer Lee and Mr. Yiu Kai Tai of Wong & Leow LLC successfully acted for ATT at the first instance and on appeal. Mr. Gino Bello and Mr. Daniel Wang, now of Secretariat, were engaged as digital forensic experts to analyse the digital forensic footprints, including identifying the mass data exfiltration, storage and deletion of the plaintiffs’ confidential information.
The claimants in the ATT Decisions are ATT Systems (S’pore) Pte Ltd and ATT Infosoft Pte Ltd, with the defendants being Centricore (S) Pte Ltd, IdGates Pte Ltd, and certain ex-employees of ATT, namely, Faruk bin Abdul Kather, Toh Shenglong Louis, Kyaw Htun Win, Danesh s/o Sudinthan Pillai, Kyaw Khaing and Aung Thiha Aung.
Spencer Lee and Kai Tai Yiu, Senior Associates, have contributed to this legal update.