“The most valuable commodity I know of is information.”
Gordon Gekko, Wall Street (1987).


Trade secrets and confidential business information are valuable assets of every business venture.  Be they the byproduct of research and development, business relationships, creative thought and action, or experience through trial and error, in almost all cases, they are assets worthy of protection from misappropriation and misuse.

Unlike other forms of intellectual property, which can be protected by patents, trademarks, trade dress and copyrights, trade secrets and confidential information derive their economic value from not being generally known to the public or to the competition.  This kind of intellectual property, therefore, requires measures to ensure that the information remains secret.

A common form of protection of such information is the implementation, use and enforcement of non-disclosure agreements (NDAs) and confidential information provisions in business agreements.  These protections can be found in independent documents, such as NDAs, trade secret agreements, and confidential information agreements, or they can be included in other contracts such as employment agreements, noncompete agreements or severance agreements.  Regardless of name or form, non-disclosure covenants basically do the same three things.  First, they define the information that the business deems confidential.  Second, they bind employees, consultants, vendors, suppliers and other business associates to only use trade secret and confidential information in a manner that advances the interests of the business.  Third, they provide the owner of the trade secrets or other confidential information with remedies against a party who violates this confidence.

NDAs and confidential information covenants are common in the business community.  If you are reading this, you likely have seen and been asked to sign one or more such agreement.  The problem, however (and the reason for this article), is that most of the NDAs and confidential information covenants currently in use are out of date and do not comply with recently enacted state and federal statutes or interpretations of those statutes by courts and agencies charged with their enforcement.  Specifically, there are limits to what businesses can dictate to employees and others about non-disclosure of what the business considers to be trade secret and confidential information.

Specifically, if there is a provision in an agreement that directly or indirectly restricts an employee or other person from disclosing confidential information to a government law enforcement agency (e.g., the Securities Exchange Commissions (SEC), the Internal Revenue Service, the Federal Trade Commission, the Equal Employment Opportunity Commission) in connection with a complaint about suspected illegal conduct, that provision may be deemed illegal because it could have the effect of discouraging an individual from reporting a violation of law designed to protect the public interest in some way.

This is one of many measures that government agencies employ to protect whistleblowers.  Whistleblower protections, too numerous to list here, abound at the state and federal level. (See, e.g., whistleblower protections enforced by OSHA, the SEC, the IRS, the Office of Special Counsel.)  These protections are deemed so important that certain agencies like the IRS and the SEC offer rewards (bounties) to whistleblowers who provide the agencies with original information that leads to the successful recovery of taxpayer funds.  Accordingly, any restriction by a business on an employee or other business associate that directly or indirectly prohibits, restricts, or discourages the reporting of a violation of law to a law enforcement agency will be deemed unenforceable and could lead to civil penalties against the business in an enforcement action.

Consider the case of In the Matter of BlueLinx Holdings Inc., File No. 3-17371, in which the SEC assessed a $265,000 civil penalty against a company that included in its standard severance agreement provisions prohibiting disclosure of company confidential information unless “compelled” to do so by law or legal process.  The agreement also required employees to either give written notice to the company’s legal department before providing confidential information pursuant to legal process, a requirement that is contrary SEC enforcement guidelines providing that employees need not disclose complaints to an employer.  There was no express exception allowing employees to provide information voluntarily to the SEC or any other regulatory or law enforcement agency.  In addition, the agreements required employees to waive the right to any monetary recovery in connection with a complaint or charge filed with an administrative agency, a provision contrary to the right to recover a whistleblower bounty.

The SEC determined that the Agreements violated Rule 21F-17 of the Securities Exchange Act in three ways:

  • By including those clauses in its severance agreements, BlueLinx raised impediments to participation in the SEC’s whistleblower program;
  • By requiring departing employees to notify the company’s legal department before disclosing financial or business information to third parties, BlueLinx forced those employees to choose between reporting illegal conduct to the SEC and identifying themselves to the company as whistleblowers (and potentially losing their severance benefits); and
  • By requiring departing employees to waive monetary recovery in connection with providing information to the SEC, BlueLinx removed the financial incentives implemented by Congress to encourage communications to the SEC about possible securities law violations.

A similar result was seen in Matter of NeuStar, Inc., where the SEC imposed a civil penalty of $180,000 against a company that included in its standard severance agreement a non-disparagement clause requiring forfeiture of all but $100 of severance pay for any employee who “engage[s] in any communication that disparages, denigrates, maligns or impugns NeuStar or its officers, directors, [etc.] . . .  including but not limited to communications with . . . regulators (including but not limited to the Securities and Exchange Commission . . .).”  Significant recent civil penalties also have been imposed by the SEC against BlackRock Inc., Anheuser-Busch InBev SA/NV, and KBR, Inc. for using confidentiality provisions that discourage whistleblower activity.

In case you are thinking that all of this is well and good, but does not apply to your company because it is not publicly traded, think again.  The U.S. Supreme Court has held that the whistleblower provisions of Sarbanes-Oxley protect employees of privately held contractors and subcontractors of public companies.  The Dodd-Frank Act of 2010 expressly prohibits retaliation by employers, public and private, “because of any lawful act done by the whistleblower in providing information to the SEC, initiating or assisting in an SEC investigation or action based on or related to such information, or in making disclosures that are required or protected under Sarbanes-Oxley or any other law, rule or regulation subject to the jurisdiction of the SEC.  15 U.S.C. § 78u-6(h).

Note also, that the Department of Labor has weighed in on the issue, and we can expect other agencies to follow suit.

Additionally, the Defend Trade Secrets Act of 2016 (“DTSA”), enacted a year ago, provides immunity from liability to any person who discloses a trade secret (i) in confidence to a federal, state, or local government official, either directly or indirectly, or to an attorney for the sole purpose of reporting or investigating a suspected violation of law, or (ii) in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal.  The DTSA requires businesses to notify employees, consultants, and independent contractors of this immunity provision in any contract or agreement that protects trade secrets and is entered into after May 11, 2016.

Businesses that employ confidential information or non-disparagement restrictions in agreements, and do not properly exclude from the restrictions confidential reports to law enforcement agencies, run certain risks.  First and most significant is the risk of a civil penalty or fine (and the press release that always accompanies an enforcement action) a government agency.  Second is the risk that a judge may deem the NDA or non-disparagement clause unenforceable, in whole or in part.  The final risk is the impairment of goodwill, internally and externally, that may result from requiring employees and others to sign agreements containing illegal or unenforceable provisions.

We see numerous examples of non-compliant agreements, agreements that do not properly document required limitations on the scope of confidential information and non-disparagement covenants.  Many of these come from or at least originated with well-reputed law firms.  If the agreements you use have never been reviewed by legal counsel, or have not recently been reviewed, or were reviewed by a counsel not well-oriented in the broader aspects of statutory and regulatory compliance, it would be wise to have them double-checked and if warranted, updated to comply with these and other recent regulatory developments.