Blowing the Whistle on Confidentiality Agreements that Restrict Whistleblowers

Recent changes to federal whistleblower protection law have made it necessary to revisit the form of confidentiality agreements (sometimes called non-disclosure agreements or NDAs) used by companies to protect their trade secrets and other confidential information.

Whistleblowers are parties who become aware of illegal or unethical conduct within a company and seek to report such conduct to the proper governmental authorities. In the wake of the collapse of Enron, the Bernie Madoff Ponzi scheme, and other financial and accounting scandals, the government has sought to make it easier for company insiders to report illegal or unethical conduct within a company without fear of retribution from the company. As you might expect, there is often a tension between the company’s desire to protect legitimate trade secrets, often through the use of confidentiality agreements, and the law’s desire to protect and encourage whistleblowers.  

Defend Trade Secrets Act. One example of this recent trend is the federal Defend Trade Secrets Act (DTSA), which was adopted in 2016. Under the DTSA, an individual cannot be held criminally or civilly liable for “blowing the whistle” and confidentially reporting a suspected violation of law to the government or to an attorney. The DTSA also protects a whistleblower who confidentially discloses trade secrets to an attorney or to a court in connection with a lawsuit alleging that an employer retaliated against the whistleblower.

The DTSA requires that any company that enters into a confidentiality agreement with an employee, consultant or independent contractor must include a notice in the confidentiality agreement of the DTSA whistleblower protections described in the previous paragraph. If the company fails to provide the DTSA notice, the company cannot sue the employee, consultant or independent contractor under the DTSA for exemplary damages or for attorneys’ fees as otherwise permitted to be recovered under the DTSA for willful, malicious or bad faith theft of trade secrets.

SEC Rule 21F-17. The Dodd-Frank Wall Street Reform and Consumer Protection Act added a new Section 21F to the Securities and Exchange Act of 1934 (the Exchange Act) which, among other things, prohibits companies from retaliating against whistleblowers who have reported concerns about securities law violations to the Securities and Exchange Commission (SEC) or who have assisted the SEC in any investigation or judicial or administrative action. To further clarify a company’s obligations under Section 21F of the Exchange Act, the SEC adopted Rule 21F-17, which provides that “no person may take any action to impede an individual from communicating directly with the [SEC] staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”

The SEC has taken administrative action against several companies that have entered into agreements with employees that contain confidentiality provisions that the SEC has alleged to violate SEC Rule 21F-17 by potentially “stifling” whistleblowers. The challenged agreements have included confidentiality agreements, severance agreements, and separation agreements, but any agreement that requires confidentiality obligations for the employee without providing an exception for whistleblowing reports to the SEC would arguably run afoul SEC Rule 21F-17.  In connection with an SEC cease and desist order, the SEC has indicated that including the following language in an agreement with a confidentiality provision would cause the agreement to comply with SEC Rule 21F-17:

“Nothing in this Confidentiality [Agreement] prohibits [the employee] from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation.  [The employee does] not need the prior authorization of the [the company] to make any such reports or disclosures and [the employee is] not required to notify the company that [the employee has] made such reports or disclosures.”     

Takeaways. Any company entering into a confidentiality agreement or other agreement with an employee, consultant or independent contractor that includes a confidentiality provision should consider including the DTSA notice described above to ensure that the company will enjoy the full benefit of the trade secret protection and remedies afforded by the DTSA. And companies (especially publicly traded companies) should consider including carve-outs for whistleblowers in their confidentiality agreements, such as the SEC-blessed disclosure described above, to ensure that those confidentiality agreements comply with SEC Rule 21F-17.  

Special thanks to CityBizList-Dallas for publishing this article here.