Analyzing the Zhang Changjie case: A new use for the Computer Misuse Act
03 September 2025
In 2023, former proprietary trader Zhang Changjie was convicted under Singapore’s Computer Misuse Act for unauthorized access to computer data and received the maximum fine of S$5,000 (US$3,880). The day before resigning from Genk Capital to join a competitor, Zhang Changjie copied thousands of files to his personal Gmail and Google Drive accounts. He then attempted to conceal his actions by deleting the zipped folders he had attached to emails to himself.
The stolen data was the lifeblood of Genk Capital’s operations, comprising commercially sensitive and proprietary information. The files included custom-built macros, reconciliation tools and live net position trackers – all of which were critical components that enabled the firm’s high-speed, efficient and competitive trading strategies.
Two years later, this case has become quite significant because it’s Singapore’s first reported successful private prosecution under the Computer Misuse Act.
“This shows that criminal law can be used creatively to plug gaps in trade secrets protection but also exposes the limits of our current framework,” said Ren Jun Lim, principal at Baker McKenzie Wong & Leow’s IP and technology practice group in Singapore. “The act wasn’t designed for IP theft. It is typically invoked in cases involving accessing email accounts without consent, using card payment terminals to make unauthorized transactions, making unauthorized transactions on credit or debit cards, and unauthorized access to computer systems to view information in those systems.”
Legal elements in Singapore’s computer crime laws
Given the lack of specific trade secrets legislation, there were three key legal elements under Singapore’s computer crime laws that allowed for the successful private prosecution of the ex-employee, according to Lim.
First, Zhang Changjie knowingly caused a computer to perform a function to secure access to Genk’s data by copying files from Genk’s desktop to his personal accounts. “Under Section 2(2)(b) of the act, securing access to data held in a computer includes the act of copying. This is often overlooked since, as mentioned above, the act is usually invoked in traditional ‘hacking’ cases,” said Lim.
Second, Zhang Changjie did so without authority. And third, he knew he was exceeding his authority. “Among various other factors, he had signed a non-disclosure agreement obliging him to keep Genk’s data in strict confidence; was frequently reminded to keep Genk’s data confidential; had plotted months in advance how to copy Genk’s data without being detected; returned to the office in secret on a Sunday to commit the crime; and intentionally deleted evidence to cover his tracks,” said Lim.
“Forensic evidence was also critical,” he continued. “Because Zhang Changjie deleted evidence of his crime, Genk had to engage a computer forensics expert to painstakingly recreate Zhang Changjie’s activities on that fateful day.”
The punishment and the crime
According to Lim, the S$5,000 punishment arguably didn’t fit the crime. “The conviction in this case was a win, but the sentence felt disconnected from the commercial utility of the stolen data,” he said. “That’s because the act wasn’t designed for trade secrets theft. It criminalizes unauthorized access, not the misappropriation of confidential business information per se. Thus, while it is possible for a person to be sentenced to up to two years’ jail for a Section 3(1) offence, the court declined to do so in the Zhang Changjie case. This is despite the fact that the court also ruled that Zhang Changjie’s crime was premeditated; that Zhang Changjie deleted incriminating evidence in an attempt to cover his tracks; and that Zhang Changjie was a prevaricating, uncooperative, untruthful and uncredible witness at trial.”
Lim said that this exposes a gap. “Singapore presently relies on a patchwork of civil breach of confidence claims and criminal laws like the Computer Misuse Act to address trade secrets theft. But that’s risky. Trade secrets are often the crown jewels of a business – think algorithms, client lists, precious business strategies. They deserve tailored protection.”
He added that dedicated legislation criminalizing trade secrets theft would deter such acts. This legislation would also provide clarity and consistency for IP rights owners, while supporting small- and medium-sized enterprises that may lack resources to enforce contracts, use digital monitoring tools or establish internal safeguards.
“Naturally, there may be challenges,” he said. “There lies a risk of over-criminalization; not every breach of confidence should be a criminal offence. Also, enforcement must be balanced to avoid weaponizing trade secrets in employment disputes. Still, the Zhang Changjie case shows we’re trying to fit a square peg into a round hole. It’s time we built the right legal tool for the job, and hopefully, this case serves as a good conversation starter.”
- Excel V. Dyquiangco
