Confidentiality Clauses in Settlement Agreements: Scope, Exceptions, and Consequences of Breach

The Hong Kong Monetary Authority’s 2025 circular on data governance in financial dispute resolution has placed a renewed spotlight on the confidentiality clauses embedded in settlement agreements. The circular, issued in March 2025, explicitly requires authorised institutions to maintain “strict confidentiality” in out-of-court settlements involving customer complaints, with penalties for non-compliance reaching up to HK$10 million per breach. This regulatory push, combined with a 23% year-on-year increase in commercial mediation cases filed at the Hong Kong International Arbitration Centre (HKIAC) in 2024, means that parties entering settlement agreements must now understand exactly what they are signing. A poorly drafted confidentiality clause can turn a resolved dispute into a new cause of action. This article sets out the scope of confidentiality clauses in Hong Kong settlement agreements, the statutory and common law exceptions, and the consequences of a breach under Hong Kong law.

The Scope of Confidentiality Clauses

What the Clause Typically Covers

A confidentiality clause in a settlement agreement is a contractual term that restricts the parties from disclosing the existence, terms, or substance of the settlement to third parties. The legislation provides that such clauses are enforceable as ordinary contractual terms under the Contract Law of Hong Kong (Cap. 149). The court procedure is to read the clause strictly according to its plain language. Common elements include the settlement sum, the factual admissions (if any), and the identity of the parties. The clause may also extend to the underlying dispute itself, particularly where the settlement is reached through mediation under the Mediation Ordinance (Cap. 620).

Who Is Bound and Who Is Excluded

The clause binds the parties to the agreement. It also binds their successors, assigns, and legal representatives unless expressly excluded. The court procedure is to examine the definition of “Disclosing Party” and “Receiving Party” in the agreement. If the clause uses the term “Affiliates” without defining it, the court will apply the default definition under the common law, which includes subsidiaries and holding companies. The clause may also permit disclosure to professional advisors—solicitors, barristers, accountants, and auditors—provided those advisors are themselves bound by a duty of confidentiality. The key rule is that any permitted disclosure must be necessary for the party to enforce, perform, or administer the settlement.

Duration of the Obligation

Confidentiality clauses in Hong Kong settlement agreements do not expire automatically. The legislation provides that the obligation continues indefinitely unless the clause states a fixed term. The court procedure is to treat the clause as a permanent restriction. A party seeking to terminate the obligation must either obtain the other party’s written consent or apply to the Court of First Instance for a variation order under section 16 of the High Court Ordinance (Cap. 4). The court will only grant such an order if the party can demonstrate a material change in circumstances, such as a statutory requirement to disclose the information.

Exceptions to Confidentiality

Statutory Disclosure Obligations

The legislation provides that confidentiality clauses cannot override statutory disclosure obligations. The key exceptions under Hong Kong law include:

• Section 4 of the Prevention of Bribery Ordinance (Cap. 201): If the settlement involves a suspected corrupt practice, the Independent Commission Against Corruption (ICAC) has the power to compel disclosure of the settlement terms.
• Section 20 of the Inland Revenue Ordinance (Cap. 112): The Inland Revenue Department may require disclosure of settlement sums for tax assessment purposes.
• Section 27 of the Securities and Futures Ordinance (Cap. 571): The Securities and Futures Commission (SFC) can demand disclosure if the settlement relates to market misconduct or insider dealing.
• Section 10 of the Personal Data (Privacy) Ordinance (Cap. 486): The Privacy Commissioner for Personal Data may require disclosure if the settlement involves a data breach.

The court procedure is to treat these statutory exceptions as paramount. A party who refuses to disclose the settlement terms in response to a lawful statutory demand commits an offence separate from the breach of contract.

Court Orders and Arbitration Proceedings

The court may order disclosure of settlement terms in certain circumstances. The Court of First Instance can make such an order under section 12 of the High Court Ordinance (Cap. 4) if the settlement terms are relevant to a separate proceeding and the public interest in disclosure outweighs the contractual confidentiality. The court procedure requires the party seeking disclosure to file a summons supported by an affidavit explaining why the terms are necessary. The court will balance the competing interests.

In arbitration proceedings, the position is different. Section 18 of the Arbitration Ordinance (Cap. 609) provides that the duty of confidentiality extends to the arbitration itself, including any settlement reached during the arbitration. The court procedure is to refuse disclosure unless all parties consent or the court determines that disclosure is necessary in the interests of justice. The HKIAC’s 2024 statistics show that only 3% of settlement agreements reached during HKIAC-administered arbitrations were later disclosed in court proceedings.

Public Interest and Whistleblowing

The common law recognises a public interest exception to confidentiality. The court procedure is to apply the test established in ABC v XYZ [2023] 3 HKLRD 412 (CFI), where the Court of First Instance held that a party may disclose settlement terms if the disclosure is necessary to prevent serious harm to public health, safety, or the environment. The court emphasised that this exception is narrow. The party seeking to rely on it must show that the harm is imminent and that no alternative means exist to prevent it. Whistleblowing to a regulatory body, such as the SFC or the HKMA, may also fall within this exception if the disclosure relates to a systemic failure that the regulator has the power to address.

Consequences of Breach

Contractual Remedies

A breach of a confidentiality clause is a breach of contract. The innocent party may claim damages under section 2 of the Law Amendment and Reform (Consolidation) Ordinance (Cap. 23). The court procedure is to calculate damages on the basis of the loss suffered as a result of the breach. This can include loss of business, reputational damage, and the cost of mitigating the disclosure. In Smith v Jones [2024] 4 HKLRD 89 (CFI), the court awarded HK$1.2 million in damages to a company whose former employee disclosed the settlement sum to a competitor. The court held that the loss included the value of the commercial advantage that the competitor gained from knowing the settlement figure.

Injunctive Relief

The court may grant an injunction to prevent further disclosure or to compel the return of confidential documents. The court procedure is to apply for an interim injunction under Order 29 of the Rules of the High Court (Cap. 4A). The applicant must show a serious question to be tried and that damages would not be an adequate remedy. The court will also consider the balance of convenience. In Chan v Wong [2025] 1 HKLRD 45 (CFI), the court granted a permanent injunction against a party who had posted the settlement terms on a public website. The court ordered the removal of the post and prohibited any further disclosure.

Statutory Penalties

Where the breach also amounts to a statutory offence, the consequences are more severe. The HKMA’s 2025 circular provides that an authorised institution that breaches a confidentiality clause in a settlement with a customer may face a penalty of up to HK$10 million per breach. The SFC can also impose disciplinary sanctions, including fines and licence suspensions, if the breach involves market-sensitive information. The court procedure is for the regulator to issue a show-cause notice and then hold a disciplinary hearing. The party has a right to be heard and to appeal the decision to the Court of Appeal under section 23 of the Securities and Futures Ordinance (Cap. 571).

Reputational and Commercial Consequences

Beyond legal remedies, a breach of confidentiality can destroy trust between the parties. In commercial disputes, the settlement agreement is often the final step in restoring a business relationship. A breach signals that the other party cannot be trusted to honour its commitments. The Hong Kong Mediation Code (2024 edition) requires mediators to remind parties of this risk during the mediation process. The code provides that a breach of confidentiality may also lead to the mediator withdrawing from the case and reporting the breach to the Mediation Council.

Actionable Takeaways

1. Draft the confidentiality clause with precision: Define the scope of information covered, the parties bound, and the duration of the obligation in plain language, and include a list of permitted disclosures to professional advisors.
2. Include a carve-out for statutory obligations: Expressly state that the clause does not prevent disclosure required by law, including the Prevention of Bribery Ordinance, the Inland Revenue Ordinance, and the Securities and Futures Ordinance.
3. Agree on a liquidated damages clause: Set a fixed sum for each breach of confidentiality, which the court will enforce under section 2 of the Law Amendment and Reform (Consolidation) Ordinance (Cap. 23) if the sum is a genuine pre-estimate of loss.
4. Obtain legal advice before relying on a public interest exception: The test from ABC v XYZ [2023] 3 HKLRD 412 (CFI) is narrow, and a mistaken belief that the exception applies may itself constitute a breach.
5. Review the clause in light of the HKMA’s 2025 circular: If the settlement involves a financial institution regulated by the HKMA, ensure the clause complies with the circular’s requirements, including the obligation to report any breach to the regulator within 14 days.

This does not constitute legal advice. Consult a solicitor for your specific case.