In the spring of 2016, the Defend Trade Secrets Act (“DTSA” or “Act”) was signed into law providing trade secret owners for the first time a federal civil cause of action for trade secret misappropriation. Although the DTSA does not provide a new framework and largely overlaps with the Uniform Trade Secrets Act in that respect, it does have some unique provisions. One key distinction imbedded in the statute is that the Act requires employers to provide notice to employees of whistleblower immunities in all agreements dealing with trade secrets and/or confidential information in order to be able to recover punitive damages and attorneys’ fees. Employers can do so by (1) providing notice in the agreement itself, or (2) “cross-referenc[ing]” a “policy document” that sets forth the employer’s reporting policy for a suspected violation of law.
Unfortunately, the DTSA, like most new laws, stops there and does not provide employers with any guidance on the “policy document.” What should the “policy document” say? Is it enough to simply “cross-reference” the policy in the agreement? Or should the employer provide the employee a physical copy of the policy along with the agreement? Unfortunately, the DTSA does not provide these answers.
What should the “policy document” say?
The DTSA does not give direction on what a “policy document” must say in order to satisfy the immunity notification requirement. Consequently, and not surprisingly, employers should follow best practices. First and foremost, there should be a general statement that the employer upholds the highest ethical standards and complies strictly with the law. It should create a “reporting responsibility” for employees to come forward with any suspected or known violations (because an employer can only act and take remedial action on known violations.) There must be a reporting procedure. It should be an open door policy that encourages reporting, and permits the violations to be reported confidentially and/or anonymously. Employers might consider including a 1-800 hotline, an e-mail address, a mailing address, or all of the above. There should be a “no retaliation” provision that expressly states that anyone who in “good faith” reports a violation or suspected violation of the law will not be subject to retaliation. Further, the policy should state that the company will subject to discipline any employee who does retaliate against someone who has reported a violation in good faith. The definition of “good faith” should be defined so the policy is not misused. Namely, unsubstantiated complaints made maliciously, with knowledge of their falsity, or without reasonable belief that the conduct constitutes a violation are not in good faith and should be subject to discipline. The policy should identify a compliance officer. This individual could be the company’s general counsel and/or HR director. This person is responsible for ensuring that all complaints are investigated and resolved. Finally, the company should include a statement that all reports are promptly investigated and appropriate corrective action will be taken if warranted by the investigation.
In addition, employers should might consider adding language concerning the DTSA’s immunity notification provision, such as:
Employees may disclose trade secret information either (i) in confidence to a federal, state or local government official or to an attorney solely to report or investigate a suspected violation of law, or (ii) under seal in a complaint or other document filed in a lawsuit or other proceeding without fear of prosecution, liability or retaliation provided they do so in strict adherence with 18 U.S.C. §1833.
How should agreements reference the “policy document”?
Once the employer has a whistleblower policy in place that is updated and in compliance with the DTSA, it now must communicate this policy to its employees. How should this be done? Again, the DTSA is silent. No magic words are necessary, but the following language may suffice:
Notwithstanding any provisions in this agreement applicable to the unauthorized use or disclosure of trade secrets, you may be entitled to immunity from prosecution or civil liability for the disclosure of trade secrets or confidential information as set forth in Company’s [NAME OF EMPLOYER'S WHISTLEBLOWER/REPORTING POLICY].
How should the “policy documents” be provided to employees?
Finally, the DTSA simply says that the “policy document” must be cross-referenced in the agreement, but it does not say whether the policy should be given to the employee or simply made accessible to the employee. Because the DTSA is a new statute, it is unclear whether courts will require simultaneous communication/delivery of the “policy document.” In order to avoid the “I never got the policy” Defense, employers should institute procedures to ensure that employees receive the whistleblower policy contemporaneously with execution of the agreement by the employee. Obviously, the easiest way to do this is by providing an actual, physical copy of the whistleblower policy to the employee when the agreement is signed. Alternatively, employers can email the policy to employees to create a paper trail, or provide the employees with links to an internal intranet where the employee can review the policy. Employers may also require employees to sign certificates acknowledging receipt of the policy. If feasible, employers may wish to keep proof of delivery in employees’ personnel files.
To summarize, if the employer chooses to cross-reference its whistleblower policy, to ensure compliance with the DTSA it should follow these 4 simple steps:
- Adopt a whistleblower policy. The policy should have certain provisions including general statements of company policy, a reporting procedure, a no retaliation policy, a definition of good faith, designation of a compliance officer, and a concluding statement that reports will be promptly investigated with corrective action taken if warranted. An even better policy will also include language address the DTSA’s immunity notification provision
- Include language that cross-references the employers’ whistleblower policy in agreements with employees.
- Provide actual notice of the immunity provision to the employee contemporaneous with signing the agreement, preferably by delivering a physical copy of the policy at the time the agreement is signed.
- Get proof of receipt of the policy with certificate(s) or acknowledgement(s) that are signed with each subsequent agreement. Retain and keep signed copies in the employees’ personnel file.