On April 1, 2015, the Securities and Exchange Commission (“SEC”) announced an enforcement action and corresponding settlement arising out of an employer’s confidentiality agreement. The SEC contended that the agreement improperly restricted the right of whistleblowers to disclose securities law violations to the SEC. The SEC’s actions underscore the importance of employers modifying their confidentiality agreements to ensure they are protecting legitimate confidentiality interests—without infringing on statutorily protected rights of employees to report misconduct.

Confidentiality Must Yield to Legitimate Whistleblowing

KBR Inc. (“KBR”) had in place a compliance program by which it would receive and investigate complaints and allegations from its employees of potential illegal or unethical conduct by the company or its employees. As part of its internal investigations of these complaints, KBR’s investigators would interview employees and ask them to sign a confidentiality statement that read:

I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.

The SEC noted that it was “unaware of any instances in which (i) a KBR employee was in fact prevented from communicating directly with Commission Staff about potential securities law violations, or (ii) KBR took action to enforce the form confidentiality agreement.” Nonetheless, the SEC determined that this confidentiality statement violated the regulations implementing the whistleblower protection provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”). Specifically, the SEC’s regulations prohibit employers from “tak[ing] any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.” (17 C.F.R. § 240.21F-17(a).)

According to the SEC, even absent any action by KBR to enforce its confidentiality statement, the statement still impeded employees from communicating with the SEC by prohibiting them from discussing the substance of their interviews with KBR’s internal investigators without receiving prior clearance. Rather than contest the SEC’s determination, KBR elected to settle. It will pay a civil money penalty of $130,000 and will amend its confidentiality agreement to address the offending language.

Employers May Still Prohibit Public Disclosure of Confidential Information Relating to Alleged Misconduct

Despite this enforcement action, even publicly traded companies may still prohibit employees from publicly disclosing confidential information related to alleged misconduct. Notably, the SEC approved an amended confidentiality statement that KBR intends to use in investigations going forward. It states, in relevant part (with emphasis added):

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.

Thus, the SEC does not view as problematic confidentiality policies that prohibit the disclosure of confidential information—including information about possible violations of federal law or regulations—to competitors, to the media or to other public sources. Rather, the SEC is solely focused on protecting employees’ right to disclose possible violations of law to the appropriate government agencies.

It’s Not Just the SEC

The SEC’s recent enforcement action is only the most recent example of a federal crackdown on overly restrictive confidentiality agreements and policies. Even non-publicly traded companies should review their confidentiality agreements to ensure that they contain no restrictions that could be considered unlawful.

For example, on April 8, 2014, President Obama issued Executive Order 13665 and a Presidential Memorandum directing the Department of Labor to issue regulations that will, among other things, prohibit government contractors from retaliating against employees and applicants for asking about, disclosing, or discussing their compensation with other workers. The Department of Labor’s proposed rule, published on September 17, 2014, includes a broad definition of “compensation” as “any payments made to, or on behalf of, an employee or offered to an applicant as remuneration for employment.” Likewise, the National Labor Relations Board (“NLRB”) has recently issued a series of rulings rejecting employer policies prohibiting employees from discussing wages, benefits, or other terms and conditions of employment, with colleagues and union representatives. According to the NLRB, these policies violate Section 7 of the National Labor Relations Act (“NLRA”), which protects non-supervisory employees’ right to engage in concerted activity for mutual aid and protection, and Section 8 of the NLRA, which prohibits employers from interfering with, restraining, or coercing employees who are exercising rights guaranteed under Section 7. The NLRB also takes the position that confidentiality policies that categorically prohibit employees from discussing internal investigations violate non-supervisory employees’ Section 7 rights, in the absence of a showing that the rule is necessary to preserve the integrity of the investigation. See T Mobile USA Inc., 2015 NLRB LEXIS 180, *34-36 (March 18, 2015) (“In order to justify a rule prohibiting employee discussions of ongoing investigations, the Respondent must show that it has a legitimate business justification…. The Respondent must show, for example, that the rule was necessary because witnesses needed protection, evidence was in danger of being destroyed, and/or testimony was likely to be fabricated”).

Further, the Dodd-Frank Act’s whistleblower provision is only one of a number of similar whistleblower protection provisions potentially applicable to employers. Similar protections exist for whistleblowers in the aviation industry (49 U.S.C. § 42121), the nuclear energy industry (42 U.S.C. § 5851), the oil and gas pipeline industry (49 U.S.C. § 60129), and the commercial trucking industry (49 U.S.C. § 31105), among others. Most of these whistleblower protection statutes are enforced by the Department of Labor, which may share the SEC’s concern over restrictive confidentiality agreements and policies.

Next Steps for Employers

Because the SEC has already shown a willingness to enforce its view of the proper scope of an employee confidentiality agreement, employers should immediately review their agreements and policies to ensure that they do not prohibit protected whistleblowing and that the agreements comply with other laws applicable to the employer. At the same time, employers still need to make sure that their confidentiality agreements and policies are sufficiently broad to protect their legitimate confidentiality interests. Perhaps the easiest way to strike this balance is to simply add to all employee confidentiality agreements a disclaimer similar to that approved by the SEC in the KBR matter:

Nothing in this Agreement prohibits me from reporting possible violations of law to any governmental agency or entity or making other disclosures that are protected under the whistleblower provisions of federal, state, or local laws or regulations.

If the existing confidentiality agreement contains any requirement to go first to in-house counsel, that requirement should be expressly negated.

Employers should also add NLRA-related disclaimers to confidentiality agreements provided to non-supervisory employees, and government contractors should also include language that prohibits retaliation for compensation discussions that are protected by Executive Order 13665.