Recent SEC Enforcement Action Highlights Need for Fresh Review of Confidentiality Agreements and Policies

E. Brandon Gaskins

Employers routinely utilize confidentiality agreements and policies to protect their reputation, proprietary information, internal processes, and employees’ privacy, but recent legal developments reveal that those agreements and policies may be putting businesses at risk of regulatory challenges and financial penalties.

The U.S. Securities and Exchange Commission (SEC) is aggressively policing investigation and employment practices by public companies to ensure that they do not restrict employees from engaging in whistleblower activity or communications with the SEC. In a recent enforcement action against KBR, Inc. (a publicly traded technology and engineering firm), the SEC attacked KBR’s practice of requiring employees to sign the following confidentiality statement in connection with internal investigations:

I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.

Even though there was no evidence that KBR enforced the agreement or prevented any employee from communicating with SEC staff, the SEC determined that KBR’s practice violated SEC Rule 21F-17. Adopted under the Dodd-Frank Wall Street Reform and Consumer Protection Act, Rule 21F-17, with very limited exceptions, prohibits publicly-traded companies from taking “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”

Anticipating the enforcement action, KBR settled with the SEC. The terms of the settlement included: (1) KBR’s consent to a cease and desist order; (2) a civil money penalty of $130,000; (3) KBR’s agreement to make reasonable efforts to inform employees who signed the confidentiality statement after August 21, 2011 that they are not required to seek permission before communicating with governmental agencies regarding possible violations of federal law; and (4) KBR’s agreement to use the following disclaimer in its amended confidentiality statement:

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.

In announcing the KBR settlement, the SEC vowed to “vigorously enforce” Rule 21F-17. The SEC also warned employers to review and amend their existing and historical agreements, including confidentiality, employment, severance, and other agreements, that could have the effect of impeding employees from reporting potential securities law violations to the SEC.

Concerned about the potential impact of the KBR action, the U.S. Chamber of Commerce issued a public letter to the SEC requesting clarification of the agency’s interpretation of Rule 21F-17.  In the letter, the Chamber of Commerce stated that that the KBR enforcement action was the "result of a highly subjective" application of the whistleblower rules and criticized the SEC for undertaking rulemaking through enforcement instead of a notice and comment process.  In urging the SEC to provide more formal guidance on its interpretation of Rule 21F-17, the Chamber noted that confidentiality agreements are a routine part of doing business and that such agreements have no more than a “tenuous connection” to federal securities laws.

Despite the Chamber of Commerce’s protestations, the SEC appears undeterred in increasing enforcement efforts under Rule 21F-17.  For example, Barnes & Noble, Inc. disclosed in its quarterly SEC filing in September 2015 that the SEC was investigating it for a potential violation of Rule 21F-17 based on “historical confidentiality provisions in agreements with employees.”   

Although Rule 21F-17 applies to publicly traded companies only, all employers should be cognizant of other legal pitfalls that could arise from applying confidentiality agreements and policies to internal investigations.  For example, the National Labor Relations Board (NLRB) has issued a series of decisions in recent years finding that confidentiality policies and agreements that prohibit non-supervisory employees from discussing internal investigations and other terms and conditions of employment can violate employees’ rights to engage in protected concerted activity under Section 7 of the National Labor Relations Act (NLRA). 

Generally, Section 7 provides employees the right to act together to improve their pay and working conditions, regardless of whether they are members of a union.  Consequently, nearly all employers are vulnerable to unfair labor practice charges if they maintain overly broad confidentiality policies.     

In Banner Health System, 358 NLRB No. 93 (2012), the NLRB held that an employer’s rule prohibiting employees from discussing ongoing investigations was a violation of the NLRA.  According to the NRLB, the employer’s generalized concern with protecting the integrity of the investigation did not outweigh the employees’ Section 7 right to engage in protected concerted activity.  Rejecting blanket rules that prohibit employers from requiring employees to keep investigations confidential, the NLRB stated that before an employer could impose a gag rule on employees, it was the employer’s burden to first determine whether in any given investigation witnesses need protection, evidence is in danger of being destroyed, testimony is in danger of being fabricated, or there is a need to prevent a cover up. 

This principle was recently affirmed in Boeing Co., 362 NLRB No. 195 (2015), in which the NLRB  found that a company policy discouraging employees from discussing internal investigations with other employees violated the NLRA.  As part of Boeing’s internal investigation practices, it provided employee witnesses a notice stating that “we recommend that you refrain from discussing this case with any Boeing employee other than company representative[s] investigating this issue or your union representative.”   This language was substituted for language in the notice that Boeing previously used, which “directed” employees not to discuss the investigation.

Despite the change in language from “directed” to “recommend” in the notice, the NLRB found that the policy violated the employees’ Section 7 rights, explaining that a rule’s unlawfulness is not premised on its mandatory phrasing or evidence of enforcement, but rather on the rule’s tendency to coerce employees from engaging in their protected rights.  Accordingly, the NLRB ruled that the blanket notice was too sweeping.  In so doing, the NLRB reaffirmed an employer’s obligation to weigh the competing interests of the need for confidentiality in the investigation and the employees’ rights to engage in protected concerted activity and “determine whether the particular circumstances of an investigation created legitimate concerns of witness intimidation or harassment, the destruction of evidence, or other misconduct tending to compromise the integrity of the inquiry.”

Employers may also violate employees’ Section 7 rights if they prohibit employees from discussing not only investigations but other terms and conditions of employment.  On March 18, 2015, the NLRB’s General Counsel issued a thirty-page memorandum outlining the agency’s position on employee handbook rules and policies, including confidentiality policies.  In the memo, the NLRB listed examples of rules found to be unlawful under Section 7 of the NLRA, such as rules prohibiting discussion of employee information, wages, hours, and workplace complaints. 

Other agencies, including the United States Equal Employment Opportunity Commission (EEOC) and Department of Labor, also oppose confidentiality agreements and policies that interfere with their investigations or with employees’ rights to engage in protected activity under the statutes those agencies enforce.  For example, in February 2014, the EEOC filed a lawsuit against CVS in the Northern District of Illinois for alleged pattern and practice violations of Title VII of the Civil Rights Act arising from CVS use of an “overly broad, misleading and unenforceable” separation agreement.  Among the challenged provisions in the separation agreement is a confidentiality clause that prohibits CVS’s former employees from disclosing information concerning the company’s personnel, including their skills, abilities, duties, wages, benefits, and affirmative action plans.   According to the EEOC, this provision, along with others commonly included in severance agreements, interfere with employees’ rights to file a charge with the EEOC and to participate and cooperate with an investigation conducted by the EEOC.

The district court dismissed the lawsuit in October 2014 on the grounds that the EEOC failed to attempt to secure a conciliation agreement with CVS prior to filing suit.  The court, however, did not resolve the merits of the case, and the EEOC has appealed the dismissal to the Seventh Circuit Court of Appeals, where the case remains pending.  Regardless of the outcome of the appeal, the EEOC’s lawsuit against CVS clearly signals the agency’s disapproval of broadly drafted confidentiality provisions in separation agreements and creates doubt about the enforceability of such provisions in the future.

Despite the various regulatory challenges discussed above, businesses should not abandon the use of confidentiality agreements and policies.  These tools are essential in helping employers protect themselves from dishonest and disgruntled employees and ensuring the integrity and security of their property, reputation, and processes.  The effectiveness of such policies and agreements, however, requires that employers continually assess them for compliance with legal and regulatory developments.

Accordingly, businesses should review their current and historical practices of using confidentiality agreements and policies to ensure that they provide adequate protection and can be enforced without increasing exposure to regulatory or legal challenges.  Confidentiality policies and agreements should be carefully drafted to define confidential information consistent with the legitimate needs of the employer’s business without prohibiting employees from discussing terms and conditions of employment or engaging in protected activity under applicable statutes and regulations.  To accomplish this, employers should consider including disclaimers, such as the one required under the KBR settlement, that specifically inform employees of their rights and the protected activities that are not covered by the particular policy or provision.  Moreover, in conducting internal investigations, employers should reject a blanket policy that prohibits or discourages employees from discussing the investigation with other employees.  Instead, each investigation must be evaluated on a case-by-case basis to determine whether the integrity of the particular investigation is sufficiently threatened to justify imposing confidentiality obligations on employee witnesses.  


Jump to Page

By using this site, you agree to our updated Privacy Policy and our Terms of Use.