Selecta Homes Pty Ltd v Paino

Case

[2019] SADC 122

23 August 2019

DISTRICT COURT OF SOUTH AUSTRALIA

(Civil: Application)

SELECTA HOMES PTY LTD v PAINO

[2019] SADC 122

Ruling and Judgment of Her Honour Judge Deuter

23 August 2019

EQUITY - EQUITABLE REMEDIES - INJUNCTIONS

Application for mandatory and prohibitive injunctions restricting use of confidential material relative to plaintiff's website and return of website passwords held by the defendant.  Serious issues to be tried and plaintiff made out prima facie case.  Balance of convenience is in favour of the plaintiff and injunctions granted.

Australian Broadcasting Corporation v O'Neill (2006) 227 CLR 57; Yeend & Others v Angelberger & Others [2010] SADC 20; Kilpatric Green Pty Ltd v State Supply Board (1991) 56 SASR 591; Stokes v Ragless [2014] SASC 56, considered.

SELECTA HOMES PTY LTD v PAINO
[2019] SADC 122

Introduction

  1. The plaintiff brought an urgent application seeking injunctive relief by an order that the defendant deliver up the username and password that permits access to the plaintiff’s website hosting platform ‘Siteground’ and an Apple Mac Mini desktop computer and monitor (‘the desktop computer’).  The plaintiff’s application was made without any substantive proceedings having been filed.

  2. On 13 August 2019 after further material had been filed, the plaintiff did not pursue the delivery up of the desktop computer, but rather sought injunctions preventing destruction or use of the ‘soft copy’ of the plaintiff’s website held by the defendant.  I made orders for injunctive relief and now provide my reasons for doing so.

    Background Facts

  3. The plaintiff company builds and sells residential homes.  Its sole Director is Paul Richard Ling.  Mr Ling initially filed affidavits in support of the application.  Mr Ling and the defendant were in a personal relationship between June 2015 and January 2019.  During that relationship, the defendant was employed by the plaintiff company in an administrative role from about January 2018 until about 17 January 2019.  The defendant’s employment duties included responsibility for the plaintiff’s website.  The plaintiff’s case is that the defendant transferred the website to the web hosting platform, ‘Siteground’ using only her personal email account, and did this without the plaintiff’s permission.  As a result, when the defendant left the employ of the plaintiff’s company, it was left without the username and password to permit access to the business website, and that this has impacted their business.

  4. The plaintiff’s primary source of business leads comes from their website as this showcases the work they do.  The plaintiff says that since the defendant left their employ the website has been deactivated and reactivated on a number of occasions, and that this has prevented clients and prospective clients viewing the website.  Mr Ling in his second affidavit alleges a drop in monthly referrals of between 30 to 50 per month, to 10 to 20 referrals per month.  When the referrals were at a high of 45 to 50 per month, these were converted to sales of 7 to 10 per month.  The reduced referrals from the website have resulted in reduced sales and a downturn in business income.  However, no evidence has been provided of any company losses since the end of the defendant’s employment in January 2019. 

  5. Mr Ling, on behalf of the plaintiff first contacted the website host, Siteground on 12 June 2019 to obtain access to the plaintiff’s website after the defendant had notified the plaintiff that her email account had been hacked.  Between 12 June 2019 and 23 July 2019, there has been correspondence between Mr Ling and Siteground regarding transfer of the website hosting from the defendant, however legal issues regarding that transfer and a decision by the plaintiff not to execute a required indemnity has meant that Siteground has not transferred hosting rights to the website.

  6. The plaintiff initially sought return of the desktop computer, alleging that it was purchased by the company for the defendant’s use; that the defendant used that computer to update the plaintiff’s website, and that the desktop computer also contained a soft copy of the source data for the plaintiff’s website as a backup.  There was initially a claim that other sensitive commercial information regarding the plaintiff was on the desktop computer.  This has not been pursued for the purpose of this application.

    Defendants Response

  7. At a hearing on 26 July 2019 the defendant was unrepresented and I granted leave for her to appear by telephone link up from New South Wales.  She was clear that the desktop computer was a personal gift to her, she stated that it contained her personal information; was primarily a personal home computer and not a work device during her employment at the plaintiff’s company; was never granted access to the plaintiff’s NAS customer database and does not contain any client files, company information or sensitive data of the plaintiff.  The desktop computer was never taken into the plaintiff’s offices, and although the computer was paid for by the plaintiff, Mr Ling often claimed personal expenses as business ones; and that all of the plaintiff’s work computers were Microsoft based, leased through KPTech, and not Apple Mac computers.

  8. In relation to the plaintiff’s website being inactive in June 2019, the defendant told me that Mr Ling and the plaintiff’s general manager, Paul Kassara were aware that was going to happen for three days whilst maintenance was undertaken, after her email account was attacked.  She adhered to the time schedule for maintenance that she had given the plaintiff.  This was the only time the website was down.

  9. The defendant told me that she designed and built the plaintiff’s website in 2016 on a lap-top computer that she then owned.  The defendant completed that work as a contractor using a personal ABN.  The defendant built the website on a development URL using Siteground, and used her personal Siteground account.  The plaintiff’s website was published onto the Selecta Homes URL in January 2017, with the defendant attending for periods at the plaintiff’s office to make the transfer.  After transfer and publishing of the website, the defendant managed issues that arose until all was finalised in April 2017, and she was paid for her work as a contractor in May 2017.  The website has not changed since that date.  The defendant disputed that there had been any down turn in business because the plaintiff did not have access to the host account.  This was because business leads occurred when prospective clients view the website and submit their contact details to the company for follow up. 

  10. The defendant told me that she can no longer access the plaintiff’s systems or any sensitive information as all her emails and access to the plaintiff company was deleted in early 2019.  She disputes that any down turn in leads for the plaintiff relates to the company not having the access password to the hosting site, as they never had it before.  Rather it was a decision by the plaintiff not to reinstate online targeted marketing campaigns, such as Google search, that the defendant had set up and which the company cancelled when she left, that caused the downturn.  That is, potential clients searching building companies were no longer navigated towards the plaintiff company.  The plaintiff’s website had not changed the feature whereby potential clients who accessed the website were directed to an enquiry form to be emailed to the plaintiff for follow up.

  11. In relation to the host site (Siteground) password the defendant told me that the Siteground account was owned by her and she would not provide that.  She had already given the plaintiff the password to allow them administration access to the website.

    Further Evidence

  12. As a result of the factual dispute between the parties regarding the operation of the plaintiff’s website and access held by the defendant, I adjourned the matter and ordered that the defendant file affidavit evidence and gave leave to the plaintiff to file responding evidence.  The defendant filed two affidavits both sworn on 1 August 2019.  She confirmed that acting as a sole trader she:

    1.purchased a Wordpress theme, Avada, in October 2016 to use in building a website for the plaintiff;

    2.purchased a website hosting package through Siteground in October 2016;

    3.used the Avada theme and the Siteground hosting package to build a new website for the plaintiff on a developmental URL, a temporary web address, between November and December 2016;

    4.worked closely with Mr Ling in writing the plaintiff’s website in 2016;

    5.completed all development work for the website on a laptop computer she owned and purchased in 2014;

    6.worked with the plaintiff’s computer technical support company, KPTech to transfer the plaintiff’s website to the new domain in January 2017;

    7.made it clear that the hosting agreement remained with Siteground at transfer in January 2017 as per an attached email to the plaintiff’s general manger of 16 January 2017; and

    8.was paid $3150 by the plaintiff in May 2017 for the website creation.

  13. The defendant maintained that the Siteground hosting account is not owned by the plaintiff, and that the plaintiff has the website administration password to allow them to manage the business of the website.  She also maintained that no soft copy of the website was held on the desktop computer.

  14. In relation to the plaintiff’s case that the defendant has been responsible for a downturn in enquiries flowing from the website, the defendant repeated that this was impacted by the plaintiff’s decision to stop ‘Google ads’ and other on-line marketing to generate leads.  An email of 15 February 2019 from the defendant to the plaintiff’s General Manager sets out how those on-line adverts were navigating people to the plaintiff’s website, and contains a recommendation from the defendant that they be reinstated.

  15. Mr Ling filed a Third Affidavit of 9 August 2019, whereby he set out that it was not until 9 June 2019 that he became aware of the defendant’s ongoing involvement with the plaintiff’s website, and Facebook and Instagram pages.  This was as a result of an email from the defendant to the plaintiff advising that her personal web address had been attacked, and that she had taken steps to protect the plaintiff’s website by putting it into maintenance mode on a short-term basis.  This caused concern for the plaintiff as then realised they did not have full control over their website and the confidential information held therein.

  16. Mr Ling maintained that the plaintiff owned the Siteground host account and should hold the password.  He asserted that it is clear that the plaintiff had paid for the Hosting account and did so on 24 October 2018.

    Hearing – 13 August 2019

  17. The plaintiff’s application came on again before me on 13 August 2019.  Despite attempts to contact her by email and telephone, the defendant did not appear.  The plaintiff accepted for the interlocutory application that the desktop computer did not appear to contain the plaintiff’s confidential information, and particularly a soft copy of their website.  They did not pursue delivery up of that computer.  However, they sought orders that the defendant:

    ·preserve and retain the ‘soft copy’ of the plaintiff’s website stored on the defendant’s laptop computer;

    ·not create or make copies of the ‘soft copy’ of the plaintiff’s website stored on the defendant’s laptop computer; and

    ·not share or use the ‘soft copy’ of the plaintiff’s website stored on the defendant’s laptop computer.

  18. The basis of this order was the information in the defendant’s affidavits of 1 August 2019 that she developed the plaintiff’s website on her personal laptop computer.  It was not clear if she retained a ‘soft copy’ of that website and the plaintiff wanted to protect confidential information used to develop the website and still held by the defendant.

  19. The plaintiff maintained that they do not have full access to their website while the defendant holds the host site password.  The defendant created the website with Siteground while acting as a contractor engaged by the plaintiff.  She was paid for her work.  The defendant has no ownership over the website.  This became clear to the plaintiff when the defendant contacted them in June 2019 and indicated that, because her email had been attacked, the plaintiff’s website was at some risk.  This lack of complete control over their website, the plaintiff’s primary way of attracting sales, was put as a serious issue for the plaintiff’s business.

    The Principles

  20. There is a clear factual dispute between the parties regarding the operation of the plaintiff’s website; the access held by the defendant to that website, and the soft copy; the status of the Siteground hosting account and any losses suffered by the plaintiff since January 2019 and the cause of those losses.

  21. The plaintiff has not issued any substantive or primary proceedings, as they are not yet able to assess their business losses from the time the defendant left the plaintiff’s employ.  The plaintiff now seeks both mandatory and prohibitive injunctions, including the handing over of its website hosting password and the preservation of the ‘soft copy’ of the plaintiff’s website.

  22. Before granting any injunction, the court must be satisfied that the plaintiff has made out a prima facie case.  As noted by the High Court in Australian Broadcasting Corporation v O’Neill: that does[1]

    ... not mean that the plaintiff must show that it is more probable than not that he will succeed at trial.  It is sufficient that the plaintiff shows a sufficient likelihood of success to justify in the circumstances the preservation of the status quo pending the trial.

    [1] (2006) 227 CLR 57 para 65.

  23. The principles to be considered when a mandatory injunction is sought were set out by Judge Brebner in Yeend & Others v Angleberger & Other,[2] where he relied upon the principles in Australian Broadcasting Commission v O’Neill [3] and Kilpatric Green Pty Ltd v State Supply Board:[4] 

    In order to obtain the injunctions sought the plaintiffs must demonstrate that there is a serious question to be tried in the sense that their prospects of success in the action they have brought are sufficient to justify preservation of the status quo pending the determination of the action; that damages would not be an adequate remedy; and that the balance of convenience falls in their favour in the sense that the injury or inconvenience which the plaintiff is likely to suffer if the injunctions are refused is greater than the injury that the defendants would suffer if they are granted.  Some cases have incorporated the question of whether damages would be an adequate remedy into the question of the balance of convenience.

    [2] [2010] SADC 20 para 13.

    [3] (2006) 227 CLR 57 at [19], [65] – [72].

    [4] (1991) 56 SASR 591.

  24. As noted by Parker J in Stokes v Ragless:[5]

    …a higher degree of probability of the plaintiff’s succeeding at trial is required where a mandatory rather than a prohibitory interlocutory injunction is sought.

    [5] [2014] SASC 56 at [18].

  25. Parker J also noted that:[6]

    … in assessing whether there is a prima facie case it is also necessary to take into account the several defences that the defendant intends to rely upon at trial.

    [6] [2014] SASC 56 at [208].

    Prima Facie Case

  26. The plaintiff is yet to issue substantive proceedings and that at this stage the respective cases of the parties is not complete.  However serious issues have been raised by the plaintiff regarding the conduct of their business, and the risks posed by not having full access to their website.  Both parties agree that the website is the main source of leads for the plaintiff’s business.

  27. The defendant sought to explain both in court and by affidavit how and why she retained ownership of the Siteground account that hosts the plaintiff’s website.  Without expert computing evidence, I do not understand how or why an independent contractor who builds a website for a business continues to hold any access at all to the client’s website once the business or employment relationship has ceased.

  28. The plaintiff’s business was potentially compromised in June 2019 when the defendant’s email was attacked.  I acknowledge that the defendant made full disclosure to the plaintiff and acted to protect the plaintiff’s website.  However, this incident and the risk it posed to the plaintiff’s business, satisfies me that the plaintiff has shown that it has a prima facie case to be tried.  The status quo should be maintained by the defendant delivering up the Siteground password to the defendant, and being ordered to preserve and not copy or share the ‘soft copy’ of the plaintiff’s website.

  29. As to the issue of damages, the plaintiff claims that they have suffered significant losses by not having full access to their website.  Those losses cannot yet be quantified.  It could be argued that damages are an adequate remedy.  However, it is not clear if the defendant, as an individual, has the means to meet an award of damages.  If losses continue before judgment, then damages may not ultimately be an adequate remedy.

  30. There is also the issue of the plaintiff’s commercial reputation if enquiries and business leads are not followed up due to problems or difficulties with their website.

  31. The concern for the plaintiff is that the business was not aware that the website was potentially the victim of an attack in June 2019 when the defendant’s email was hacked.  They were reliant upon the defendant advising them of potential issues.  That is not a satisfactory way to run a business, when the defendant no longer has any business or employment relationship with the plaintiff.  The plaintiff’s business is vulnerable, and losses suffered may not be recovered against an individual defendant.

  32. The defendant has not provided a reason why she needs to retain, publish or alter the soft copy of the plaintiff’s website, or to retain the password for the plaintiff’s website hosting account with Siteground.  She has no ongoing involvement with the plaintiff’s business and her relationship with its director Mr Ling, has ceased.

  33. On the other hand, the plaintiff could suffer financial detriment if its website is compromised and it ceases to obtain leads and sales as a result.  I am of the view that the balance of convenience rests with the plaintiff, and that there should be a grant of an interlocutory injunction, that has both prohibitive and mandatory effect, in the terms of the order made by me on 13 August 2019.


Cases Citing This Decision

0

Cases Cited

3

Statutory Material Cited

0

Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd [2001] HCA 63
Yeend v Anglberger [2010] SADC 20
Yeend v Anglberger [2010] SADC 20