In the recent High Court decision Glencore International AG & Others v Commissioner of Taxation of the Commonwealth of Australia & Others, the High Court unanimously refused Glencore AG’s (Glencore) application for an injunction against the Commissioner of Taxation (Commissioner) relating to documents concerning a corporate restructure of Glencore (Documents) which had been stolen from the offices of Appleby (Bermuda) Limited (Appleby), a legal firm based in Bermuda, following a cyber attack in 2016.
The Documents formed part of a set of 13.4 million confidential electronic documents leaked to German reporters which originated from Appleby’s offices. The contents of the documents attracted worldwide attention, and they were collectively known as the ‘Paradise Papers’.
Glencore sought an injunction restraining the Commissioner from using the documents, or any information contained in them, or which could be derived from them, and sought an order that the Commissioner return the documents to it.
The Commissioner argued that:
Glencore had not disclosed a cause of action by which it was entitled to the relief sought; and
that the Australian taxation legislation required that the Documents be retained and used in assessing Glencore’s taxation liability as it was required to assess a taxpayer’s liability to pay tax from the taxpayer’s tax returns and from any other information in the Commissioner’s possession.1
All parties to the proceeding agreed that the Documents were the subject of legal professional privilege.
The Commissioner successfully argued that legal professional privilege only extended as far as protecting the Documents from being produced by compulsion in investigations and proceedings, it did not extend to a requirement for material which has been leaked to be returned.
The High Court held that:
although documents which are the subject of legal professional privilege are exempt from production to the Court by Court process or by statutory compulsion, the premise that legal professional privilege is a legal right which is capable of being enforced is incorrect;
whilst the doctrine of legal professional privilege is “fundamental to persons and to our legal system"2 the right spoken of in connection with the privilege is not an actionable right; and
the alternative equitable remedy of breach of confidentiality was not available in the circumstances of this dispute because in order to bring an action for breach of confidentiality, there would have to be wrongdoing on the part of the Commissioner.
There has been much discussion in the Australian press as to whether this decision has eroded the fundamental right of Australians to have communications with their legal advisors kept confidential.
This is not the case. The High Court stressed the importance of the doctrine of legal professional privilege but stated that the remedy sought by Glencore was inappropriate.
Whilst the doctrine of legal professional privilege can be relied on to resist having to produce documents under compulsion, it cannot be used to found an action seeking the return of documents once they are in the public domain.
The case does however raise important issues for all individuals and entities that are in possession of documents which are subject to legal professional privilege.
It serves as a further reminder that data protection and cyber security must be foremost in the mind of board members.
If documents which are subject to legal professional privilege are hacked and come into the possession of an opponent or a statutory authority, there is a real risk that these documents will subsequently be tendered in evidence against your organisation in proceedings.
Accordingly, the following steps should be taken:
ensure that any legal advice stored within your organisation is stored in a secure manner as possible, that circulation is limited to key personnel, and that minimal hard copies of the documents are produced to minimise the risk of them being inadvertently disclosed;
ensure that your IT systems are secure. Have them ‘white hacked’ by an external provider to ensure the system is as secure as you think it is; and
retain the documents for the minimum period required and destroy them at the earliest opportunity.
If you have any questions in relation to this article, please contact Iain Freeman or Lorraine Madden.