The Securities and Exchange Commission instituted cease and desist proceedings against KBR, Inc. for the purpose of entering an agreed Cease and Desist Order which is likely to affect the drafting of all confidentiality agreements entered into between a company and its employees. Indeed, the Order serves as a reminder to employers to carefully review and consider the language used not only in employee confidentiality agreements but also separation agreements, employment agreements, personnel handbooks and other documents which impose confidentiality restrictions on employees.
KBR is a public company regulated by the SEC. Like many companies, KBR maintained a compliance program under which any employee could report conduct by KBR which the employee believed to be illegal or unethical, including potential securities law violations. KBR would then typically conduct an internal investigation of the report that included inteviews of KBR employees, including the employee who made the report. As part of the investigation, KBR would have each person it interviewed sign a confidentiality agreement stating that he would not disclose the interview or the subject matter of the interview to anyone, “without the prior authorization of the Law Department,” and warning that an unauthorized disclosure could result in discipline including termination of employment.
The SEC believed that KBR’s broad confidentiality restriction undermined the purpose of the whistleblower provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act, which are intended to encourage the reporting, directly to the SEC, of potential securities law violations, and violated an SEC rule prohibiting “any action to impede an individual from communicating with the SEC about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement.” Interestingly, the SEC’s found that KBR’s use of the broad confidentiality agreement violated this rule even though there was no evidence that KBR had prevented any employee from communicating directly with the SEC or had ever taken any action to enforce the confidentiality agreement.
To settle the charges, KBR has agreed to amend its form confidentiality agreement to expressly provide that the agreement “does not prohibit the reporting of possible violations of federal law or regulation to any governmental agency or entity, . . . or making other disclosures that are protected under the whistleblower provisions of federal law or regulation.” The confidentiality agreement must also be amended to expressly provide that those reports or disclosures could be made without the law department’s authorization and without notice to KBR.
The SEC’s position on confidentiality agreements is now clearer than ever. As we have pointed out previously, the NLRB and EEOC have taken a similarly dim view of broad confidentiality agreements or policies that might be construed by employees as prohibiting them from engaging in legally protected concerted action under the National Labor Relations Act or pursuing their Title VII or other rights. But these positions remain largely untested in court, and employer’s often have competing interests at stake, such as their legitimate interest in protecting highly sensitive business information and attorney-client privileged communications. Furthermore, context can be important. What an employer says in its personnel manual about confidentiality, and the limits on confidentiality, should not necessarily be subject to the same rules as what it says in a negotiated separation agreement under which an employee is often being compensated, at least in part, for his continuing commitment not to disclose confidential information.
So what should an employer do? First, don’t regard your confidentiality policies, non-disclosure agreements, and confidentiality provisions in separation and other agreements as boilerplate to be used and re-used without careful thought. This is particularly so for employer’s who are regulated by the SEC or in highly regulated industries such as those dealing with the government in which the False Claims Act whistleblower provisions come into play. Consider the risks of potential government scrutiny for potentially overbroad confidentiality language versus the risks of disclosure of highly sensitive or privileged information. And, consider the context. You may want to insist on broader protection, for example, when entering into a separation or settlement agreement with an employee than in your personnel manual. And, public companies may weigh these risks differently than companies that are not publicly-traded.