Employer Confidentiality Agreements That Go Too Far

Many employers require employees to sign a Confidentiality Agreement regarding certain data and information that the employee will have access to in the course and scope of their employment. There are certain types of employer data that must be maintained as confidential such as:

  • Client identification or personal health information under the federal Health Insurance Portability and Accountability Act (HIPAA)
  • Personally identifiable information (PII), such as donor names and credit card numbers or employee addresses and social security numbers under privacy and state confidentiality laws.

Additionally, general business information that an employer needs to keep confidential for business reasons to maintain a competitive advantage such as business plans, financial resources, funding sources or customer lists falls within the definition of trade secrets and can be maintained as confidential. Protecting this data is simple, right? You just have employees sign a broad confidentiality agreement, and that’s that!


Like many areas of employment law, it’s not that simple. In a recent decision of the Second Circuit Court of Appeals, which covers New York, Connecticut and Vermont, the court held that a non-union organization violated the National Labor Relations Act (NLRA) by promulgating an unlawful confidentiality agreement and terminating an employee for his refusal to sign the agreement. The agreement required employees to maintain confidential information protected by HIPAA, but went beyond that and “strictly prohibited” employees from disclosing information with respect to all “non-public information intended for internal purposes,” including ”administrative information such as salaries and the contents of employment contracts.” The policy also prohibited employees from being “interviewed by any media source, or answering any questions from any media source regarding their employment” or “other workings and conditions” of the employer without the employer’s consent.


When an underperforming and problematic employee was ultimately terminated for his refusal to sign the agreement, he filed an unfair labor practice charge with the National Labor Relations Board (NLRB). Citing the longstanding NLRB rule that discipline imposed pursuant to an unlawfully overbroad employer policy is unlawful, the NLRB, as affirmed by the court on appeal, determined that the termination was unlawful even though in this instance the employee was acting alone. All employees covered by the NLRA, regardless of whether they are unionized, have the right to engage in what is considered “protected concerted activity” under that NLRA, and discipline based on any policy that restricts concerted activity is unlawful. While a confidentiality policy could prohibit HR or accounting staff from discussing the salaries of other employees. Such a policy could not prohibit employees discussing their own compensation rate, or asking their coworkers to discuss this compensation.


Employers should review any confidentiality policies or agreements to make sure that employees covered by the NLRA are not restricted in their ability to discuss or reveal information that involves the terms and conditions of their employment or their rights to engage in protected concerted activity, which would include discussions with co-workers or third parties such as the traditional or social media.