A Board of Directors Confidentiality Agreement
A Board of Directors Confidentiality Agreement (or Non-Disclosure Agreement) is a legal document that sets forth an obligation for board members to hold sensitive and confidential information relating to the company in strict confidence. At its most basic level, a Board of Directors Confidentiality Agreement prohibits board members from discussing and/or sharing confidential company information with third parties, including shareholders, with certain narrow exceptions as discussed below.
What Information is Protected
Broadly speaking, a Board of Directors Confidentiality Agreement will protect any information owned by the company and considered confidential and/or proprietary. Though there is no universal definition of such protected information, the following are commonly protected by Board of Directors Confidentiality Agreements: The foregoing non-exhaustive list makes it clear that the breadth of information protected by a Board of Directors Confidentiality Agreement is likely to be quite broad. However, in order to ensure that the Board of Directors Confidentiality Agreement does not impinge on a board member’s ability to carry out his or her fiduciary duties , protected information should be clearly defined and should not include information that is readily ascertainable from public sources (as discussed further below).
Exceptions
In addition, there are notable exceptions that allow board members to disclose confidential information. These exceptions typically are triggered when disclosure is required by law. Accordingly, board members should be exempt from confidentiality obligations when they must respond to a subpoena or other court order, and when disclosure to a government agency is required by statute or regulation. In addition, a board member typically may disclose protected information to his or her agents and advisors on a need-to-know basis as long as such agent or advisor also agrees to be bound by the terms of the Board of Directors Confidentiality Agreement.
Examples
Consider the following examples of Board of Directors Confidentiality Agreements: The above examples illustrate how a Board of Directors Confidentiality Agreement can be drafted to broadly cover relevant confidential information, but also allow for certain exceptions to the general prohibition on disclosure.
Confidentiality Agreement Essentials
The purpose of a confidentiality agreement is to protect non-public information (which may be business sensitive, proprietary, confidential or even trade secrets). Key components of a typical board of directors confidentiality agreement include: Non-Disclosure Provisions. Clearly setting out the specific types of information that the director is expected not to disclose (Patient Information, Client/Customer Information, Staff Information, Financial Information, Marketing Information, etc.); the requirement to return all material (including any copies) containing any such information to the organization; and prohibition against use of such information other than for the purpose of performing their duties as required by the Board. Duration of Confidentiality. The organization should consider what duration (if any) should be imposed on the obligations of confidentiality to protect the information (from one year to 10 years, or even longer depending on the nature of the confidential information). Any exceptions to the duration (e.g. in the event that any such information becomes public despite the director’s duty) should be considered. Consequences of Breach. What are the consequences of breach (such as self-reporting, giving the board a reasonable opportunity to investigate and, if warranted, consider and implement remedial steps before other measures are taken and what these corrective measures might be)? Enforcement of a Confidentiality Agreement can add significant costs to an organization if it is not properly drafted.
Legal Consequences and Responsibilities
Confidentiality agreements are not simply a good idea, they are often a legal requirement. Pond said Alabama law requires each board to establish an ethical code pursuant to certain statutory provisions. This code has to cover duties such as confidentiality and other legal requirements. Confidentiality is often codified in the by-laws, but it does not have to be.
If the corporation is a nonprofit, a confidentiality obligation is even more important since some nonprofits share very detailed financial information and records that are required to be kept confidential pursuant to certain requirements imposed by the federal government.
For example, Pond said that healthcare boards sometimes see Patient Health Information ("PHI") that is governed by the Health Insurance Portability and Accountability Act (HIPAA). So anyone with access to PHI is required to protect that information and keep it confidential. Leake said confidentiality obligations imposed by law and by the by-laws are especially important when dealing with PHI because there can be significant penalties for breaches. Similar rules exist for corporate boards that have access to information protected by the Family Education Rights and Privacy Act or the Gramm-Leach-Bliley Act.
"Board members who sit on one board where they are privy to personal private information – whether that is PHI or some other kind of private confidential information governed by one of those laws – may serve on another board that sees similar private confidential information. It’s really important that there is a confidentiality obligation that would prevent someone from taking that information they see on one board and using it to gain some kind of competitive advantage on their other board. Similarly, if they are privy to trade secrets or proprietary business information on one board, you wouldn’t want someone to take that information and take it back to their executive compensation committee on another board. – Not only could there be sanctions, but if you do that, you could be opening the door for a shareholder derivative action against the board you served on and the board you used that information on."
Pond said confidentiality obligations may be difficult to enforce depending on the nature of the board member’s position. If a board member’s employment at the corporation ends, the person may continue to have access to corporate confidential information.
Common Issues for Boards
A range of common challenges faced by boards is at issue before an executive, the board of directors, or an advisory board member, signs a confidentiality agreement with the corporation. Below is a list of common challenges:
- External pressures to disclose board matters. The board will invariably be under pressure from those interested in the well-being of the corporation to disclose matters discussed at board. For example, if the company is experiencing financial or operational difficulties and a restructuring plan is being developed, the board may be pressured from shareholders or dissident shareholders to disclose aspects of the restructuring plan and disclose why the restructuring may be necessary. The best protection is to require advance approval from the board respecting disclosure of certain matters and to have specified disclosure as exceptions to confidentiality requirement.
- Risks of digital communication. Not unlike the communication by board members for companies. Email is subject to forwarding and screen shots. Boardroom materials may be printed and left about and it could be in the interests of a competitor to attempt to pick up those documents for their own purposes.
- Disclosure by current director. If a current director is forced to resign due to opposition , for example, that current director may disclose information to the public or might not know that the corporation has a confidentiality agreement respecting confidential information. To address this risk, directors are required to return all documents or electronic copies of documents containing confidential information and confirm that they have not retained any such information and to provide a written undertaking not to disclose the confidential information to others. Board members should seek comfort that such written undertakings are provided.
- Reappointment of directors for next year’s term. The board may not think about the future and the board should consider that board items may become a risk if there is Board discussion and approval of multi-year incentive compensation plans. The disclosure requirements of changing compensation would be present and if those compensation arrangements are approved in one year, the board might consider that no further discussion is necessary with respect to the same compensation structure in future years.
Drafting and Enforcing Confidentiality Agreements
To achieve the ultimate goals of confidence and trust, Board of Director confidentiality agreements should be drafted as clearly as possible to avoid ambiguity and unintended exclusions. Companies should be aware of how their chosen drafting terms will be construed and executed – including in state courts where they might be challenged. For example, terms like "trade secrets" can be both overbroad and overly narrow. If a confidentiality agreement is made with too broad of a definition of "confidential information," it may fail in court as not realistically being confidential by definition. It can also include a requirement to not make copies of confidential information, which is unrealistic if the confidential materials are usually in electronic form on laptops or mobile devices. The context for what is confidential must also be clear, because Board members may legitimately need to use confidential information in the course of their Board service, such as if their "insider" knowledge is relevant to their own business dealings and they have to prove or disprove knowledge of that information. The confidentiality agreement should not block that kind of legitimate use.
As for enforcement, there are several strategies to keep in mind ahead of time. Larger companies’ confidentiality agreements for employees and executives may have a clause that makes employment conditional on signing the agreement. Even for Boards, some companies may have language that makes Board service contingent on the confidentiality agreement being signed. This is a big step and would obviously be more practical for large companies that can afford to do without the input on their Board of Directors. If there’s a refusal to sign, that’s usually a reason to not proceed with the Board appointment, but it’s up to the company whether to include it in the initial offer. Sometimes a Board member has already seen confidential information at a very early point in their Board service, and that may taint the possibility of negotiating a Board confidentiality agreement if it is presented later.
Patterns of Breach and Lessons
Some of the most high-profile breaches of confidentiality agreements involving directors were of the "leaking" type. One such case was In re Franklin Nat’l Bank S’holders Litigation, 95 Civ 5350 (CPS), 2008 WL 194348, at *5 & n.17 (E.D.N.Y. Jan. 22, 2008). In that case, a member of the board of directors of Franklin National Bank breached his confidentiality agreement with the bank by using confidential information, obtained from an investment banker about the bank’s financial challenges, to purchase a ten-percent stake in a public holding company. Several years later the state banking department agreed to a conservatorship of the bank, and the shareholder was subsequently criminally prosecuted for his inside trading. See id., 2008 WL 194348 at *2, 5. Directly related to an improper disclosure was an Illinois suit against several La Salle Bank officers who had prohibited a bank board member from issuing nonpublic information about the bank’s affairs. In re La Salle Nat’l Bank, 2000 WL 1521125, at *8 (Ill. App. Ct. Oct. 16, 2000) (unpublished opinion). The member, Edward Kruse, sued the other members of the board, and several officers, for damages . Kruse v. Baker, No. 80L115, Second Amended Complaint, ¶ 9 (Ill. Cir. Ct. filed Sept. 22, 1980). Kruse alleged that the officers had conspired with some of the board members to capitalize on the value of the bank’s stock, for personal gain, by refusing to disclose the bank’s true financial condition. The Illinois court found that "[i]t is generally understood in the accounting context that keeping the books at the bank was of vital importance." As such, the court concluded that the keeping of the books at the bank and the disclosure of certain information was "inherently a basic duty" of the officers. Kruse v. Baker, 2000 WL 1521125 at *8. However, as a result of a "special shareholder derivative activity," any recovery was ultimately taken directly from the directors; no funds were paid to the bank. See id. at *11. A different type of breach, rather than leaking, is to misappropriate confidential information. The South Dakota Supreme Court has held that board members have a duty not to misappropriate corporate opportunities. King v. Iowa Fertilizer Co., 293 N.W.2d 903, 907 (S.D. 1980).