VIC Former employer claiming breach of contract.

Australia's #1 for Law
Join 150,000 Australians every month. Ask a question, respond to a question and better understand the law today!
FREE - Join Now
D

Deleted member 27711

Guest
Hi everyone

I am seeking advice for myself and at least four others who have been accused of breach of NDA and threatened with ligation proceedings if we do not comply with demands.

We used a chat application authorized on company group to socialize and occasionally air out grievances with management decisions and the client base. The group chat was known to senior staff and middle management. All members of the chat were covered under NDA even two former employees who resigned their position after the group chat was made.

Edit: When upper management became aware of this chat they took screen shot records of everything and then made the claims that NDA had been breached.

No monetary damages or damages to reputation have occurred as a result of anything discussed among us.

Can this company legally sue all of us when no damages of any form have occurred, and no information has ever been shared with a third party not legally accountable for its safekeeping.

Will agreeing to the demands by and signing an undertaking be seen as an admission of guilt to be used in future litigation?

Edit: Feel free to ask any questions about any of the specifics, I will do my best to answer them.
 
Last edited by a moderator:

Scruff

Well-Known Member
25 July 2018
902
133
2,389
NSW
I think the nature and security of the chat itself is critical in determining whether or not the company has any kind of a case at all. Answering the following should enable others to be better able to assist you. (Depending on the answers you give, some questions may not be relevant.)

1. What type of service is involved?
(a) public - hosted on a public platform (eg Facebook; ICQ; etc); or
(b) private - hosted by the company itself on it's own servers; or
(c) other - for example, hosted by a third party on the company's behalf.

2. If the answer to #1 is (c), what can you tell us about the third party? (ie; company name or which software platform is used. This might provide an understanding of security and how the service works.)

3. If the answer to #1 is (b) or (c), is access restricted to the company's internal network only, or can the chat be accessed from the internet?

4. What other security is in place? (eg: registration; username/password; etc)

5. Who initiated or created the chat - the company or an employee?

6. Who is the administrator of the chat - the company or an employee? (ie; who manages and controls access to the chat)

7. What is the purpose of the chat (as stated by the administrator)?

8. Did the company explicitly authorize the chat to be used for the purpose stated at #7?

9. Is the chat being used for any purpose(s) other than as stated at #7 and #8?
 
Last edited:
D

Deleted member 27711

Guest
1:The chat application is called Viber, it is an encrypted message service in a similar vein to Telegram. I assume it would be classified as public. It was authorized for use on company ground and many chat rooms on this program existed used my upper and middle management alike.

4: The chat was only accessible by getting the users phone and gaining access to it. The application could only be synced with other computers by scanning a QR code with the phone itself. If the application was logged into a PC it would be protected by whatever security was placed on the PC. The chat because known to upper management because an employee failed to log the application out of the PC he was using. (after he resigned)

5: Chat was created by a senior employee

6: A supervisor and senior employees managed the chat.

7: Purpose of the chat was to allow us to communicate as a group despite a shift working roster and have some form of workplace culture.

8: The company authorized the use of many chat rooms on this application to be used by staff. Middle management (supervisor) was aware of this chat and approved its use. However once known to upper management and reviewed by upper management they decided they did not approve of it.

9: The chat was never used for anything malicious, customer information was never posted there (as far as I can recall). Basically it was just used to post memes, complain about decisions made by management, and debrief on complication situations customers had put us in without giving any private information of the customer away.
------
While we agreed the company was well within their rights to enact disciplinary measures we feel the reason they have chosen to threaten legal action is because pretty much everyone resigned due to the terrible workplace culture.
 

Scruff

Well-Known Member
25 July 2018
902
133
2,389
NSW
Okay, as someone with I.T. / networking qualifications, I'll give my opinion on the I.T. side of things for the legal experts if they need it.

I've read up on Viber and in my opinion, it appears to be very secure. It's a chat/group platform that appears to have many features similar to Facebook, but is much more security focused. It utilizes endpoint encryption, meaning that all content is encrypted at the sender's end and then decrypted at the recipient's end. Encryption keys are stored on the users devices only and nowhere else, therefore all content is encrypted whilst travelling over the internet or any intermediate network and even the company itself can't see the content. The system also has what it calls "Trusted Contacts", whereby users can exchange "secret keys" for the purpose of verification. The system automatically lets you know if the details of a trusted contact change. Finally, the system appears to be very robust in regard to administration and management. If managed competently, the administrator of a chat/group would have full control over who has access to it.

So on the surface, there doesn't appear to be any issue with the platform itself in regard to privacy or private content being made available to the public.

The first issue I can see from what has been stated so far, relates to the "failed to log out" issue that the OP describes in his response to Q4 above. If the PC or device in question was on company premises, then any impact should have been minimal. Otherwise, any concerns the company has regarding who had access to that PC or device would certainly be valid. (Think using Facebook on a public PC at an internet cafe and not logging out before you leave.)

The other issue I see is that it appears at least some ex-employees are retaining access to the system after they've left the company. There may or may not be valid reasons for this, but it does appear to be a failure of the chat administrators in regard to security - particularly given the extensive security features that the Viber platform offers. In regards to an NDA, the failure of the administrators here could easily result in employees knowingly or unknowingly breaching the NDA by discussing protected information with ex-employees.

I'll hand the legal stuff over to the experts, but from an I.T. perspective, it's hard to see how employees could breach an NDA by using this system if it was properly administered by the company.
 
Last edited: