Be Ready For SEC Scrutiny Of Employee Confidentiality Pacts | Proskauer Rose LLP

After that, the executive and the CEO allegedly took steps to remove the employee’s access to the company’s information technology systems. The executive also allegedly used the company’s administrative account to access the employee’s company computer and obtain his passwords to his email and social media accounts. The company then discharged the employee.

The SEC concluded that in restricting the employee’s access to the company’s IT systems and in monitoring his online activities, the executive substantially interfered with the employee’s ability to communicate with the SEC about his concerns in violation of Rule 21F-17.

The executive was ordered to cease and desist from committing or causing any future violations of Rule 21F-17 and to pay a monetary penalty of $97,523.

This order has serious implications.

It could be read to reflect an exceedingly broad view of the protections afforded to SEC whistleblowers under Rule 21F-17 — protecting employees who have threatened to broadcast company information to third parties other than the SEC, such as customers or investors, or even the media .

This could jeopardize the privacy of sensitive data and other confidential information and trade secrets, which could present a range of significant risks to companies.

These concerns were highlighted in a vigorous dissent from SEC Commissioner Hester Peirce, [5] in which she characterized the SEC’s order as an “undisciplined interpretation and application of Rule 21F-17(a).”

Peirce stressed that Hansen’s actions clearly did not interfere with the employee’s ability to communicate with the SEC. Peirce further noted that limiting access to sensitive data is a common element in cybersecurity programs, and that companies have a strong interest in protecting the troves of data held about their customers, assets and business practices.

She cautioned that Rule 21F-17 should not be read

in a manner that complicates a company’s ability to act to protect its data in the face of sweeping disclosure threats, even well-intentioned ones by concerned employees. [6]

The Case of Brink’s

On June 22, the SEC announced that it had settled charges against The Brink’s Company for requiring employees to sign confidentiality agreements.

The SEC found that, beginning in 2015 through 2019, thousands of employees were required to sign agreements as part of their onboarding process that prohibited them from divulging confidential information about the company to any third party without the prior written authorization of a Brink’s executive officer.

The agreements defined “confidential information” to include information about

current and potential customers, … prices, costs, business plans, market research, sales, marketing, … operational processes and techniques, [and] Financial information including financial information set forth in internal records, files and ledgers or incorporated in profit and loss statements, financial reports and business plans.

The SEC further determined that although internal counsel for Brink’s was aware of the commission’s enforcement actions related to Rule 21F-17 and received advisories from various law firms regarding this subject, the company added a provision to the confidentiality agreement template in April 2015 imposing $75,000 in liquidated damages for violations of the confidentiality provision, along with payment of attorney fees and costs for Brink’s, but that the agreement still lacked a whistleblower exemption provision.

The SEC found that by requiring current and former employees to notify the company prior to disclosing any financial or business information to third parties — and threatening them with liquidated damages and legal fees if they failed to do so — the company impeded potential whistleblowers by forcing employees to either identify themselves to the company as whistleblowers or potentially pay $75,000 and the company’s legal fees.

This, according to the SEC, violated Rule 21F-17.

In light of the commission’s finding that Brink’s had violated Rule 21F-17, the company has undertaken to state in all confidentiality agreements that

Nothing contained in this Agreement limits the Employee’s ability to file a charge or complaint with the Securities and Exchange Commission, or any other federal, state, or local governmental regulatory or law enforcement agency. Brink’s was also assessed a monetary penalty of $400,000.

Although Peirce joined in the SEC’s bottom-line finding that Brink’s violated Rule 21F-17, she expressed concerns about the scope of the agreed undertaking in the order, to the extent it required Brink’s to include a provision in its employment-related agreements stating that employees were free

to file a charge or complaint with the Securities and Exchange Commission, or any other federal, state, or local governmental regulatory or law enforcement agency (“Government Agencies”). [7]

Peirce cautioned that the SEC “plainly lacks statutory authority to impose such a broad requirement,” and Rule 21F-17 does not purport to assert such authority.

She further noted that merely because a respondent has agreed to particularly broad language as part of a settlement

should not be misconstrued as an indication that other companies are under any obligation to use the same or similar language to avoid running afoul of Rule 21F-17.

Implications for Employers

These recent actions appear to signal that the SEC has a reinvigorated focus on enforcing Rule 21F-17, and may have even expanded its view of the scope of protection afforded to potential whistleblowers under this rule.

As a result, employers need to revisit and carefully examine company policies and employment-related agreements that address confidentiality to ensure that all contain the appropriate terms and carveouts to promote compliance with Rule 21F-17. [8]

Reproduced with permission. Originally published August 2022Be Ready For SEC Scrutiny Of Employee Confidentiality Pacts,“Law360.

[1] In the Matter of David Hansen, Release no. 94703 (Apr. 12, 2022).

[2] In the Matter of The Brink’s Co., Release No. 95138 (June 22, 2022).

[3] 17 CFR §240.21F-17.

[4] US Securities and Exchange Commission, “SEC Charges Co-Founder of Technology Company for Violating Whistleblower Protection Rule,” (Apr. 12, 2022),

[5] US Securities and Exchange Commission, “Statement in the Matter of David Hansen,” (Apr. 12, 2022),

[6] Of course, the SEC has tools at its disposal to obtain information relevant to a whistleblower complaint from an employer after the complaint is lodged. And query whether the order could be misconstrued by a whistleblower to engage in self-help discovery on an ongoing basis after complaining to the SEC to support and expand their whistleblower report.

[7] US Securities and Exchange Commission, “A Caution on the Limits of Authority: Statement Regarding In the Matter of The Brink’s Company,” (June 22, 2022).

[8] Some employers may be inclined to include carve-outs referenced in the Defend Trade Secrets Act in confidentiality agreements in hopes of also satisfying Rule 21F-17. The relevant DTSA provision states:

An individual shall not be held criminally or civilly liable under any Federal or State trade secret law for the disclosure of a trade secret that –

  • is made
      • in confidence to a Federal, State, or local government official, either directly or indirectly, or to an attorney; and
      • solely for the purpose of reporting or investigating a suspected violation of law; or
  • is made in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal.

18 USC § 1833(b)(1). In fact, it appears (based on footnote 4 in the Brinks order) that the employer there might have used such language. But that, alone, may be insufficient to satisfy the SEC, as it does not specifically reference, among other things, a disclosure to the SEC in particular.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker