On April 1, 2015, the SEC announced a settled enforcement proceeding against KBR, Inc., a publicly traded, Houston-based technology and engineering company, for including “restrictive language” in confidentiality agreements used in the course of internal investigations. This is the first time the SEC has used its enforcement powers under Rule 21F-17 of the Whistleblower provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. Rule 21F-17 provides that “[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communication.”

The language to which the SEC took exception appeared in confidentiality agreements KBR used in connection with internal investigations. The statement, which investigators required employees to sign before the interview, was included in the Company’s Code of Business Conduct Investigations Procedures manual. The statement read:

I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during this interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be the grounds for disciplinary action up to and including termination of employment.

It does not appear that the policy specifically referenced reporting to the SEC or any governmental authority. Moreover, it seems likely that the Company’s intent was to prevent employees from discussing the matter with each other. The SEC admitted that it had no evidence KBR ever prevented an employee from communication with the SEC staff or that KBR took any action to enforce the confidentiality provision. Nevertheless, the SEC posited that the language undermined the purpose of Section 21F and Rule 21F-17(a), which is to “encourage individuals to report to the” SEC.

The SEC indicated its approval of KBR’s amended policy by quoting it in the Order. The new policy provides:

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.

While the Order imposes a modest civil penalty of $130,000, KBR is also required to contact KBR employees who signed confidentiality statements from August 21, 2011, to the present and to provide them with a copy of the Order and a statement that they do not need permission from KBR to communicate with any governmental entity.

This case of first impression underscores the SEC’s commitment to the Whistleblower program and its intent to punish employers that, intentionally or not, restrict an employee’s ability to report potential violations to the SEC. There has been much press about such restrictive language in employment agreements, not just related to the SEC, but also related to the National Labor Relations Board and other federal agencies. It is clear the SEC will consider such restrictive language wherever it may be found. By virtue of this Order, companies will have to manage protecting the integrity of internal investigations and avoiding accusations that it discouraged employees from going to the SEC. It also remains to be seen whether the SEC will take the position that companies are required to affirmatively inform employees of their ability to make reports to the SEC or other governmental bodies or whether employees must merely refrain from discouraging such activity. Because the Whistleblower provisions apply to both private and public companies, it seems a prudent course of action for all employers to review employment and confidentiality agreements.

It is a great time for employers to review their employee handbooks. Richard F. Griffin, Jr., General Counsel of the National Labor Relations Board (NLRB), recently issued a lengthy and detailed report summarizing the NLRB’s rulings on common handbook provisions. To view the complete Memorandum, click here.

The rulings in the report apply to both unionized and non-unionized employers because the National Labor Relations Act (NLRA) restricts all employers from issuing policies or rules – even if well-intentioned – that inhibit employees from engaging in activities protected by the act, such as discussing wages, criticizing management, publicly communicating about working conditions and discussing unionization.

This LaborSphere post is the first in a series that will provide guidance based on the NLRB’s report. Over the upcoming weeks, we will summarize what the NLRB has deemed acceptable and unacceptable language for workplace policies on: (1) professionalism; (2) harassment; (3) trademarks; (4) photography/recording; and (5) media contact.

When Does A Confidentiality Policy Go Too Far?

The NLRB acknowledges that employers have a legitimate right and need to protect confidential information. However, policies that are overbroad and can be interpreted by employees to prohibit discussion regarding their wages, hours and working conditions will draw scrutiny from the NLRB. While context always matters for policy language, there are some “DON’Ts” that have clearly emerged from the NLRB report:

•  DO NOT prohibit employees from discussing “employee information.”

•  DO NOT prohibit disclosure of “another’s confidential information.” This could be interpreted to be wages and therefore violate the NLRA.

•  DO NOT prohibit disclosure of “details about the employer.”

•  DO NOT prohibit disclosure of all categories of “non-public information.”

The NLRB not only disfavors policies and rules that expressly prohibit or restrict employee discussions and collective action, but also those that are vague enough to dissuade an employee from such activities. According to the NLRB, employees should not have to guess about whether they are allowed to talk about their pay, hours or working conditions, but should instead feel free to do so.

When Do Confidentiality Rules Strike The Right Balance? 

Employers can vigorously and clearly prohibit disclosure of trade secrets and other confidential business information, provided that employers do not define those terms too expansively. Some examples of confidentiality policies that the NLRB has deemed lawful include:

•  No unauthorized disclosure of “business ‘secrets’ or other confidential information.”

•  “Misuse or unauthorized disclosure of confidential information not otherwise available to persons or firms outside [the Employer] is cause for disciplinary action, including termination.”

•  “Do not disclose confidential financial data, or other non-public proprietary company information. Do not share confidential information regarding business partners, vendors or customers.”

Even with brightline rules and other strong guidance, perhaps the most important takeaway when reviewing company policies is that context matters. Illustrative of this point, the NLRB upheld a rule that prohibited disclosure of “all information acquired in the course of one’s work.” On its face, this rule is arguably overbroad and could chill employee communications. However, the NLRB recognized that the rule was “nested among rules relating to conflicts of interest and compliance with SEC regulations and state and federal laws” and, as such, could not be reasonably understood to prevent employees from discussing their wages, hours or working conditions.

In sum, when reviewing policies intended to safeguard confidential information, an employer should watch out for language that is arguably overbroad or lacks sufficient context to justify its scope. This approach is the best formula for ensuring that policies achieve the employer’s true purpose: protecting critical confidential and proprietary information.