Contributed by Timm Schowalter, January 26, 2022
Despite the ever increasing concerns over privacy and data breaches, both externally and internally, it may become more difficult for employers to legally protect their confidential and proprietary information. As explained in our November 8, 2021 article, “Employers’ Rights Under the Computer Fraud and Abuse Act (CFAA) Narrowed after Supreme Court Decision in Van Buren,” the United States Supreme Court significantly narrowed the interpretation of the CFAA and therewith employers’ means of seeking remedies for the misuse of confidential data. In essence, the Court explained that if access to data was provided, then the reaches of the CFAA’s protections do not apply regardless of the purpose of the subsequent use or nefarious motive. This is clearly a call to action for employers to fortify their legal protections by examining and revising their confidentiality policies and nondisclosure agreements to contractually incorporate the lost protections of the CFAA. However, will revisions to confidentiality policies and non-disclosure agreements aimed at regaining the protections of the CFAA withstand the judicial scrutiny of the National Labor Relations Board? Time will tell.
In Stericyle, Inc., NLRB, 04–CA–137660 (January 6, 2022) the Biden-era NLRB is revisiting the legality of routine workplace confidentiality rules and the employer-friendly standard established in Boeing, 365 NLRB No. 154 (2017). In Boeing, the NLRB reversed course from President Obama’s NLRB and established a new balancing test to be applied to workplace confidentiality rules that reasonably may be construed to interfere with Section 7 rights. The Board rejected the hyper-legalistic “reasonably construe” standard set forth in Lutheran Heritage Village-Livonia, 343 NLRB 646 (2004) in favor of a more employer-friendly “objectively reasonable employee” standard. Since Boeing, the NLRB and former General Counsel Peter Robb provided a series of employer-friendly decisions and guidance to employers wanting to adopt and enforce common-sense confidentiality rules. The Board explained: “[T]he Board subsequently lost its way. In case after case, it invalidated commonsense rules and requirements that most people would reasonably expect every employer to maintain.” LA Specialty Produce Company, 368 NLRB. No. 93 (2019).
Again, time will tell if the Board will revert to the untenable Lutheran Heritage “reasonably construe” standard that made legality of a facially neutral confidentiality turn on whether an employee “would reasonably construe” a rule to prohibit some type of potential Section 7 activity that might (or might not) occur in the future.
In the meantime, employers are encouraged to further review their confidentiality policies and non-disclosure agreement to ensure that they incorporate the protections of the CFAA, albeit, in a narrowly-tailored manner to survive what appears to be the inevitable narrowing of the enforceability of commonplace confidentiality polices.