Confidentiality Agreements: The Growing Need to Take a Closer Look
In a case filed just last month in San Francisco Superior Court, a current employee of Google asserts claims against the company based on its allegedly overbroad confidentiality agreement that Google requires all employees to sign and its policies regarding the use and disclosure of confidential information. (John Doe v. Google, Inc.; San Francisco Superior Court Case No.CGC-16-556034; filed December 20, 2016.)
Proceeding anonymously as plaintiff John Doe, the employee notes at the outset of his complaint that the case does not involve “Google’s trade secrets, consumer privacy, or other information that should not be disclosed under the law (such as material non-public information under the securities laws).” Rather, the employee alleges, the case “concerns Google’s use of confidentiality and other policies for illegal and improper purposes” and that “Google defines essentially everything as ‘confidential information.’”
Alleging that Google’s confidentiality agreement and its policies governing confidential information violate several provisions of the California Labor Code, plaintiff Doe asserts claims for recovery under the California Private Attorneys General Act. Given the number of companies, big and small, that use agreements and have data protection policies much like those at issue in the Google case, this case may mark the first of many to come. For that reason, confidentiality agreements perhaps deserve a closer look.
What Should You Be Looking Out For?
Of all the “standard” documents that employers have employees sign, the confidentiality agreement (sometimes simply labeled as a “Confidentiality Agreement” or with some combination of “Confidential,” “Proprietary,” “Non-disclosure,” and/or “Trade secrets” in the title) may receive the least amount of attention on a per-word basis. These agreements typically contain numerous and sometimes lengthy provisions comprising multiple pages, but employees often sign them without any review of the terms; doing so because the wording makes their eyes glaze over, because they assume they have no choice but to sign the agreement as worded, or because they recall having signed similar agreements at each company for which they worked. Many employment law attorneys and human resources professionals often give little more than a cursory review of the standard form of agreement that the attorney or the employer generally uses. And because these agreements seek to protect a company’s proprietary information, those drafting and reviewing the agreements tend to approach them with the idea that casting the protective net as broadly as possible provides the greatest protection.
But the attention that these agreements have received from several government agencies over the past few years and in the case recently filed against Google require a more careful review of the agreements that employers use to protect their proprietary information and to impose other restrictions on employees. The following provides a quick checklist of key items on which to focus.
How broadly does the agreement define “confidential information?”
To provide the protection it needs, an employer generally defines the scope of information covered by the agreement as broadly as possible. The agreement rarely identifies specific documents or data to which the employee will have access, but instead includes descriptions and categories of documents and data. The typical definition also defines the covered information so that it includes information to which the employee will have access and to which he or she may have access, and to include information and data existing at the time the employee signs and that the employer will obtain or create in the future. The employer understandably seeks to cover as much as possible and attempts to do so in a one-size-fits-all agreement so that it does not have to craft an employee-specific version based on the particular person’s job and access.
In drafting an all-inclusive agreement, however, employers often end up with a vague description of what the agreement covers that provides little useful guidance to the individual bound by the agreement and that, in some cases, may violate the law. “Employee information,” for example, often appears within the long list of data covered by the agreement with no further explanation. But what exactly would this category of information include? Most employers would reasonably assert that a confidentiality agreement including this term would apply to social security numbers, medical information, performance history, and disciplinary information, and few people would disagree that this type of information about someone’s coworkers deserves protection. The term reaches much further, however, and may include information that an employer has no interest in protecting and information for which an employer cannot lawfully prevent disclosure.
It seems unlikely that in including “employee information” within the scope of confidential information an employer intends to prevent a former employee from disclosing the favorite foods, fashion sense, or political leanings of his or her former colleagues, even if the former employee learned this information only as a result of his or her employment with the company. (Companies sometimes attempt to narrow the definition by wording it to cover only information fitting within the listed categories and “not publicly available,” “not known to the general public,” etc., but these terms themselves provide little guidance.) An employer might want to prevent a former employee from disclosing the details of a co-worker’s performance evaluation or specifics about performance history, but the employer probably cannot prevent the former employee from offering his or her opinion about someone else’s performance, abilities, or results. The term “employee information” on its face covers both. It also encompasses information about the company’s pay practices, the working conditions, and the company’s record of hiring or promoting women or minorities, yet various laws would strictly prohibit an employer from preventing a current or former employee from publicly disclosing such information.
For years, employers have used overly broad and vague terms without much concern because they largely controlled whether a legal challenge to the enforceability and lawfulness of the terms would arise. After all, if the employer limited its enforcement efforts to those situations involving the type of information that most would view as deserving of protection (which most companies would do anyway given the cost of enforcement and the limited value in preventing disclosure or misuse of information not highly valuable to the company), the vagueness and overbreadth issues would not take center stage. But the focus of agencies including the EEOC, the NLRB and the SEC on the potential impact of overly broad and impermissible terms, and the ability of individuals who signed confidentiality agreements to assert claims providing monetary recovery without any showing that the employer sought to enforce the agreement against the person or that the individual suffered any actual harm (like in the case filed against Google), mean that companies may no longer control the risks created by an unenforceable or unlawful agreement. Even if a company would never have sought to enforce an unenforceable term (e.g., using a confidentiality agreement to prevent a person from talking with a government agency) or pushed the limits of its expansive terms (e.g., using the agreement as a basis for preventing an employee from publicly discussing wages or working conditions), these problematic terms may cause trouble.
Ultimately, the need for protection and the validity of certain legalese may trump the desire for a readily understood, narrowly-tailored, plain-English definition of what the agreement covers. But if the person tasked with reviewing the agreement asks whether he or she can identify the types of information that the company maintains that might fit within each descriptive category, removes those that have no relevance to the particular company, includes better descriptions, and eliminates potentially unlawful terms, it will go a long way toward creating an agreement that both provides actual guidance to the person questioning what they can and cannot disclose and will provide the company a stronger agreement better able to withstand challenges.
Does the agreement create an exception for communications with government agencies?
Companies may primarily intend for their confidentiality agreements to protect against the use or disclosure of information in a way that may disadvantage the company from a competitive standpoint, but the agreements normally go much further in limiting disclosure. They typically prevent disclosure not only to subsequent employers, competitors, and customers but more broadly to anyone outside the company, including law enforcement agencies or other government agencies investigating the company. The EEOC and the SEC have taken note, and these agencies consider invalid any provision that would limit a person’s ability to communicate with the agency or to participate in an investigation. These agencies do not limit their objection to those situations in which a person actually refused to communicate because of a confidentiality agreement he or she had signed, but to any provision that would on its face limit such communications or participation because they may prevent people from coming forward on their own.
So in reviewing any agreement that limits the right to disclose information about the company or about the person’s employment, companies should not get distracted by whether the company ever has or would take the position that the agreement prohibits such conduct. Rather, companies should focus on any provision that would even arguably limit a person’s right to contact any government agency, to fully respond to any communications from an agency, or to participate in any proceedings initiated by an agency. Companies should modify these provisions and should consider including a catch-all provision within the agreement that notes that nothing in the agreement limits the person’s rights in this regard.
Does the agreement note the immunity provided under the federal Defend Trade Secrets Act?
President Obama recently signed into law the Defend Trade Secrets Act of 2016 (DTSA) which provides a federal cause of action for misappropriation of trade secrets. The DTSA includes a provision granting immunity to an individual who discloses trade secrets in certain contexts and it requires employers to provide notice of this immunity in “any contract or agreement with an employee that governs the use of a trade secret or other confidential information.” For companies that require employees to sign confidentiality agreements or other agreements that limit a person’s right to disclose proprietary information, the DTSA requires revision of these documents to ensure that they provide the required notice of immunity. The DTSA does not require employers to revise agreements already in place, but all documents executed or put in place on or after the effective date of the DTSA (May 11, 2016) must include the notice of immunity.
Does the agreement include other restrictive covenants?
Employers often include within their confidentiality agreements other restrictive covenants such as non-compete provisions and provisions restricting an individual’s right to solicit former co-workers or clients following the termination of employment. When included within lengthy agreements governing confidential information, employers often overlook these provisions and neglect to keep them updated to comply with applicable law. Although California law still provides the greatest protection for former employees as to their right to compete, other states that allow non-compete and non-solicit agreements impose particular requirements and limitations that require periodic updating to comply with the latest legal developments.
Does the agreement contain a choice of law or forum selection clause?
In an effort to avoid California law and California courts, some employers have included within their confidentiality agreements (and other employment agreements) choice-of-law and venue provisions that make the agreement subject to the law of another state and that require the parties to litigate any dispute arising out of the agreement in that other state. But as of January 1, 2017, California law prohibits an employer from requiring an employee who primarily resides and works in California to sign an agreement with either of these provisions and makes voidable any choice-of-law or venue provision that violates the new law. (California Labor Code section §§ 925(a),(b).) The new law creates an exception for agreements containing these covered provisions if the individual has an attorney representing him or her in negotiating the terms of the agreement; a situation perhaps less likely with confidentiality agreements than for an employment contract. (California Labor Code section §§ 925(e).) Given the new law, California employers must proceed cautiously in using confidentiality agreements with non-California choice-of-law or venue provisions.
Although the new law does not directly apply to confidentiality agreements signed before the effective date, it may nevertheless indirectly impact agreements signed before that date. The new statute applies only to contracts “entered into, modified, or extended on or after January 1, 2017.” (California Labor Code section §§ 925(f).) Employers often include within severance agreements and other documents that employees sign upon termination of employment a provision affirming the person’s continuing obligations under the confidentiality agreement signed during his or her employment. The simple affirmation of obligations that would continue even if the person did not sign the agreement with the affirmation – most confidentiality agreements and restrictive covenants impose obligations continuing after the termination of employment – would not seem to qualify as a modification or extension of the agreement under the new law, but Section 925 does not define these terms. Employers should, therefore, recognize the potential impact of a severance agreement or other termination document might have on a confidentiality agreement the person signed before January 1, 2017, that contained non-California choice-of-law or venue provisions.