Category Archives: compliance

HR’s Top Challenges for 2018

It’s been an eventful year, to say the least.

Mass shootings in Las Vegas, Sullivan Springs, Texas and elsewhere; a botched repeal of the Affordable Care Act and ongoing gridlock in the nation’s capital and, within the last two months, an almost daily drumbeat of sexual harassment allegations against leading figures in the entertainment, media and political realms — hardly any facet of American life was left undisturbed in an unusually eventful year in which it seemed abnormality in all things was “the new normal.”

A new survey from XpertHR  on the top 15 most challenging HR compliance issues for next year reveals that, unsurprisingly, current events are weighing heavily on the minds of HR leaders these days as they look ahead to 2018. Among their most pressing concerns is workplace violence: 45 percent of the 1,000 HR professionals surveyed identified preparing for, or responding to, an active shooter or workplace violence as very or extremely challenging. (In fact, concerns over deadly  workplace violence have given rise to new businesses dedicated to training and preparing employees for how to deal with an active shooter situation).

An emerging, patchwork crazy quilt of state and local regulations on marijuana legalization is also giving employers fits, with 35 percent of survey respondents feeling very or extremely challenged by managing employees who use marijuana medically or recreationally. Meanwhile, 32 percent cited addressing the impact of illicit substance abuse (such as heroin or opioids) in the workplace as very or extremely challenging.

“Just as with alcohol, it is lawful to prohibit an employee from bringing both lawful and unlawful drugs to work and use such substances on the job because of the risks drug use may have on the safety and productivity in the workplace,” says Beth Zoller, XpertHR’s legal editor. “Employers need to stay on top of federal, state and local developments as this is a rapidly evolving and changing issue.”

One of the headline-grabbing developments from earlier this year — the massive data breach that took place at Equifax — is illustrative of another top concern for HR going into 2018: protecting their organizations from cyber theft. Sixty four percent of respondents cited data security and the threat of a cyber breach as very or extremely challenging.

The legislative chaos in Washington is also extending into the workplace, particularly the uncertainty over healthcare reform, with 46 percent of respondents viewing the ACA as very or extremely challenging and 40 percent viewing ACA reporting as very or extremely challenging.

However, there’s an upside for employers now that a politically conservative presidential administration is in place, says Zoller.

“The appointment of Neil Gorsuch to the Supreme Court is sure to have an impact on labor and employment law cases and ensure a conservative majority in favor of employers and management-side issues,” she says. “The rollback of agency authority and more restrictive policies of the National Labor Relations Board and the EEOC will potentially have a positive impact on employers, who may be subject to less regulations.”

Privacy May Trump Fed Data Demands

A judge’s early ruling in Google’s complex legal battle with the U.S. Department of Labor highlights a new argument that other companies may use in fighting regulators’ demands for HR data: The government can’t be trusted to keep it safe from hackers.

The ruling came after the DOL’s Office of Federal Contract Compliance Programs had been auditing the company’s compensation practices for much of 2017, according to a blog post by Google vice president for people operations Eileen Naughton. Federal officials first requested documents in September 2015.

The Labor Department has not publicly accused Google of any specific violation, but critics have claimed the company—and others in tech—pays men more than women for the same work. Naughton, however, maintains that company data disprove this claim. “Our own annual analysis shows no gender pay gap at Google,” she writes.

The company had been cooperating with the audit, providing the government more than 329,000 documents and “detailed compensation information,” Naughton writes. Included were records on more than 21,000 employees.

But the two sides reached an impasse over the summer after the Labor Department demanded more information in June, according to a summary of the case by San Francisco-based administrative law judge Steven B. Berlin accompanying his July 24 preliminary ruling in the case (posted here, thanks to the Washington Post). The agency and company found compromises on some requests but remained at odds over others, Berlin writes.

According to Naughton, Google balked after DOL auditors wanted “employees’ compensation and other job information dating back 15 years, as well as extensive personal employee data and contact information for more than 25,000 employees. We were concerned that these requests went beyond the scope of what was relevant to this specific audit, and posed unnecessary risks to employees’ privacy.”

In his July decision, which is not yet final, Berlin granted a portion of the DOL request, but ruled that the request for employee contact information was “over-broad, intrusive on employee privacy, unduly burdensome, and insufficiently focused on obtaining the relevant information.”

Noting that hackers have accessed the federal government’s own employee records in a well-publicized 2015 data breach at the U.S. Office of Personnel Management, the judge outlined his other main objection to the DOL requests: “My concern centers on [the] extent to which the employee contact information, once at OFCCP, will be secure from hacking, OFCCP employee misuse, and similar potential intrusions or disclosures. OFCCP has already collected for 21,114 employees information such as name, date of birth, place of birth, citizenship status, visa status, salary, and stock grants. That information, if hacked or misused, could subject tens of thousands of employees to risk of identity theft, other fraud, or the improper public disclosure of private facts. Adding contact data, such as personal phone numbers and email addresses, increases the risk of harm to Google’s employees. The contact information could ease the efforts of malicious hackers or misdirected government employees.”

What does this mean for HR?

One employment attorney says the lesson for employers is to respond cautiously to government demands for sensitive employee data.

“The July order demonstrates that employers can, and should, take steps to protect their employees’ confidential information—even when such information is demanded by the government,” writes Margaret C. Inomata of the Washington, D.C. office of Vedder Price, in a blog post. “By resisting the OFCCP’s overbroad requests, Google managed to significantly pare down the scope of the agency’s demand and forced the OFCCP to take additional steps to protect its employees’ contact information,” she writes “Like Google, other employers should consider creative solutions to defend against the unnecessary disclosure of sensitive employee data and maintain their employees’ trust.”

 

New Trade Secrets Law: The HR Angle

It’s incredibly rare these days for a proposed law to receive near-unanimous backing in the U.S. House and Senate but, by George, our nation’s politicians managed to pull off this miraculous feat recently, which culminated with President Obama affixing his signature yesterday to the Defend Trade Secrets Act.

The new law puts trade secrets on par with patents, copyrights and trademarks, which are already protected under federal law. The Defend Trade Secrets Act provides a “uniform set of rules for trade secret protection” throughout the United States (although it does not replace trade secret laws passed by individual states). The upshot is that companies whose trade secrets were violated in multiple states can now file suit in a federal court rather than trying to determine which state may (or may not) provide the best legal remedy.

Trade secret claims have long been a key component of employee non-compete agreement lawsuits, writes Chris Marquardt, a partner at Alston & Bird’s labor and employment law group. For this reason, the new federal law “not only gives employers another tool to protect their confidential business information, but will also likely shift many routine employment-agreement lawsuits into the federal court system,” he writes.

Employee non-compete agreements can vary widely from state to state and the new law is written in such a way as to recognize that “the statute should not override state laws” on such agreements, Marquardt writes. However, he adds, “only time will tell how broadly federal courts interpret the new law and how willing they are to use it to prevent employees from accepting new jobs in competition with a former employer.”

Brett Coburn, also a partner with Alston & Bird, writes that one of the less-frequently discussed aspects of the new law is one that will impact nearly all employers: “The law grants both criminal and civil immunity under both federal and state trade secrets laws to individuals who disclose a company’s trade secrets to the government” if the person has reason to suspect that a legal violation has occurred. It also requires employers to notify employees of this immunity “in any agreements that govern the use of trade secrets or other confidential information.”

To ensure compliance, Coburn writes, HR leaders and legal counsel will need to reexamine their company’s restrictive covenant and nondisclosure agreements, as well as policies regarding the protection of confidential information and employee whistleblower activities.

Employee Handbooks Under Scrutiny

OK, pop quiz: What’s the difference between these two employee-handbook policies?

  1. “Be respectful to the company, other employees, customers, partners, and competitors.”
  2. “Each employee is expected to work in a cooperative manner with management/supervision, co-workers, customers and vendors.”

One, according to the National Labor Relations Board, is legal. The other is not. (I’ll tell you which was which in a minute.)

Don’t fret if you have trouble seeing the difference. That’s why we have lawyers. And that’s why there’s plenty of work for them as the ThinkstockPhotos-517631808NLRB cracks down on employee-handbook language — including provisions that once were standard — that it says is too broad.

In a series of rulings the agency has told companies to revise policies that infringe on rights of workers — unionized or not — to talk to each other about the company in person or through social media.

“Employers are really waking up to this,” says Lauri F. Rasnick, a member of the firm at Epstein Becker Green of New York. “For a long time, nonunionized employers didn’t give a lot of thought to NLRB decisions.”

The U.S. Chamber of Commerce contends the effort is part of an anti-employer crusade. In a highly critical December report titled “Theater of the Absurd: The NLRB Takes on the Employee Handbook,” the trade group argues that the agency “has undertaken a campaign to outlaw heretofore uncontroversial rules found in employee handbooks and in employers’ social media policies.”

Worse, according to the chamber: the NLRB’s guidance to employers often is contradictory, creating “a morass of confusion that leaves employers wondering just how they are to exercise effective control over their workplaces.”

Rasnick agrees. “I do think that’s part of the challenge for employers,” she says, noting that NLRB decisions aren’t always consistent. And they are continuing to evolve, with confidentiality provisions attracting more scrutiny in recent rulings, she says.

The latest headline came this month after an administrative law judge ruled that Quicken Loans and five related companies had illegal rules in its employee handbook, which it calls “The Big Book.” (Despite the Quicken name, the companies are not owned by software company Intuit; they’re led by Dan Gilbert, majority owner of the Cleveland Cavaliers.)

To the untutored eye, many of the rules seem pretty standard stuff. An example: “Think before you Tweet. Or post, comment or pin. What you share can live forever. If it doesn’t belong on the front page of The New York Times, don’t put it online.”

The problem with this rule, wrote judge David I. Goldman in his April 7 ruling:  Although the policy doesn’t tell workers they can’t bad-mouth the company online, “an employee considering this suggestion would reasonably feel chilled by this rule from expressing negative (but protected) information” about the employer.

The companies are appealing the decision to the full board. But there’s little indication that the NLRB is letting up on the effort.

Back to our pop quiz. Of those two employee-handbook policies, the first (“be respectful”) is illegal, according to the NLRB’s general counsel. The second (“work in a cooperative manner”) is OK.

The problem is in telling workers they must be “respectful” to management, as well as customers and others, wrote Richard F. Griffin Jr. in a memo last year. An employee might reasonably see that as a ban on complaining about the company, he wrote.

The second example is legal, Griffin wrote. “Employees would reasonably understand that it is stating the employer’s legitimate expectation that employees work together in an atmosphere of civility.”

Internal Investigations are Getting Longer

Patience may be a virtue, but HR leaders shouldn’t expect their employees to necessarily see it that way when it comes to the increasing number of days it’s taking employers to complete internal investigations.

ThinkstockPhotos-470406181As some of you may recall, my colleague — Kristen Frasch — posted details on Friday from NAVEX Global’s 2015 Europe, Middle East, Africa and Asia Pacific State of Compliance Programmes Benchmark Report. In it, NAVEX reported that, on a global scale, boards are not getting regular compliance reports from their ethics and compliance officers.

Well, here’s an even newer report from NAVEX that sheds light on the time it’s taking these days to respond to open internal-investigation cases.

In its 2016 Ethics and Compliance Hotline Benchmark report, NAVEX reveals that the timeline for internal investigations is continuing to lengthen. More precisely, companies took a median of 46 calendar days to close such cases, up from 39 days in 2014 and 32 days in 2011.

HR, diversity and workplace-respect cases, in particular, jumped to 47 calendar days, up from 37 days in 2014. (These cases represented 71 percent of the 867,551 reports — at 2,311 client organizations — in NAVEX’s database.)

Needless to say, this doesn’t bode well for employers that want to keep employee morale high and limit how often employees take their complaints outside their organizations. Who needs the EEOC knocking on your door, right?

Asked what’s driving these longer timelines, Carrie Penman, chief compliance officer and senior vice president of advisory services for NAVEX Global, pointed to several factors.

In a poll conducted during a client webinar held by NAVEX last week, Penman said, roughly 46 percent of the respondents cited a lack of resources as the primary reason. “Resources are simply not keeping pace with the volume,” Penman pointed out. Case complexity turned out to be the second-most-mentioned driver in the poll.

Penman said some of the respondents specifically mentioned the global nature of many of the cases and the more frequent involvement of legal counsels as important drivers. (She said roughly 1,000 individuals participated in the webinar, with about six in 10 taking part in the polling.)

So what should HR leaders be doing about this lengthening time frame?

Penman hopes many will use these findings to hammer home the need for additional resources. As far as her clients are concerned, she said, she advises them to “record all of the issues they are working on in a central database so they can get a holistic picture of what’s going on in their organizations” and can, in turn, make a stronger case for more support.

Among other disturbing findings in the more recent NAVEX report: Workers are apparently skipping an internal remedy and taking retaliation claims outside their organizations. Despite the noticeable rise in retaliation claims being taken up by the Equal Employment Opportunity Commission in recent years, they continue to represent less than 1 percent of all reports in NAVEX’s database.

“People are simply not giving their organizations a chance to address their concerns and are instead taking them outside … ,” Penman said.

Compliance Efforts Not So Great Globally, Either

507249886 -- compliance word cloudIt wasn’t that long ago that I wrote a news analysis about the problems with ethics and compliance programs here in the United States.

Experts in that piece lamented the lack of clout being given to many corporate ethics and compliance officers, and the tendency at far too many organizations to require ethics officers to wear too many hats — doubling up on such governance responsibilities as risk management and human resources, thereby not being able to focus properly on any one of them, especially ethics and compliance.

Well, it appears those two disciplines are in need of collar corrections on the global stage as well. According to the recently released NAVEX Global’s 2015 Europe, Middle East, Africa and Asia Pacific State of Compliance Programmes Benchmark Report, despite tighter government enforcement, boards are not getting regular compliance reports and 40 percent don’t have regular reporting cadence with their boards or are not sure. And the majority say their budgets for ethics and compliance will remain the same or will be less in the coming year.

To come up with its findings, NAVEX Global partnered with an independent research agency to investigate how companies headquartered  across Europe, Middle East and Africa (EMEA) and Asia Pacific (APAC) develop and execute their ethics and compliance programs.

Researchers polled 247 key decision-makers and individuals responsible for ethics  and compliance programs. The purpose of the survey was to benchmark “the top priorities and challenges faced by ethics and compliance professionals headquartered in EMEA and APAC,” according to the report.

From the report (edited slightly for English readers):

“It is not surprising that measuring program effectiveness was cited as the biggest program challenge, since this is a complex undertaking. Organizations struggle to define the right combination of key indicators of culture and compliance to demonstrate the program is working.

“The key challenges of time availability and managing regulations speak to the need for programs to be properly resourced. A robust risk-assessment process can help to identify and better manage resource allocation and to prioritize jurisdictional issues. Successful programs regularly review resources against the organization’s risk profile to ensure appropriate management and mitigation actions .

“Survey write-in responses to challenges included concerns about implementing standardized programs across locations and being seen as a “troublemaker” for bringing up issues. The wide variety of responses serve as a reminder that every organization has its own culture and challenges to be factored into the development and implementation of an effective ethics and compliance program .

Key takeaways from the report:

  • Take a Risk-Based Approach: Program components and implementation strategies can be complex and will vary significantly by company and by region. The development of these programs should be driven by the organization’s risk profile, which can be identified by conducting a comprehensive ethics, compliance and reputational risk assessment.
  • Put Meaningful Program Measurements in Place: Consider a variety of metrics to determine the effectiveness of the program as there is no one metric or indication that will provide complete insights. A combination of useful metrics could include whistleblower-hotline benchmarks, feedback on training sessions, leadership feedback, employee surveys and focus group data, exit interview feedback, and legal actions.
  • Train Middle Managers and Supervisors: First- and second-level managers are culture carriers — the strongest link senior management has to employees. These managers need to be trained on communicating organizational expectations to employees — and trained on how to respond when issues arise. Investing in these managers will pay dividends in terms of creating a strong culture of integrity and compliance.
  •  Engage Leadership and Your Board of Directors: Both best-practice frameworks and regulatory bodies around the world have defined a clear oversight role for the board of directors. Neglecting this duty could mean putting the organization, and board members themselves, at risk. A regular reporting cadence — with high-quality data put into context — will help keep the board and leadership engaged.
  • Do More With Less: Make good use of systems and processes that will improve the efficiency and accuracy of their programs. There is still opportunity for further automation in many areas of respondents’ E&C programs.

Bonuses for Low Performers

“So, Mr. Employee, your performance this year has failed to meet expectations. And … here’s your bonus.”

bonus failThat’s right — about three in 10 (30 percent) of U.S. employers plan to give bonuses to employees who fail to meet expectations (the lowest performance ranking possible) this year, according to Towers Watson’s just-released Talent Management and Rewards Pulse Survey.  Meanwhile, these companies are once again failing to fully fund their employee bonus pools and say they continue to struggle to attract and retain “critical skill” employees.

“The fact that some companies continue to deliver substantial bonuses to weak performers raises questions as to whether they are investing their bonus dollars as effectively as possible or truly holding workers accountable for performance,” says Laura Sejen, managing director at TW.

It should be noted, however, that the poor performers don’t necessarily get the same bonuses as the  high performers. While some of the companies give payouts to all employees regardless of performance, others give their lowest-ranking employees only 65 percent of their target payout, while the high performers tend to receive bonuses of about 19 percent above target, according to the survey, which queried 170 large and mid-sized companies from various industries.

The companies’ average projected bonus funding for the current year is only 89 percent of target — this marks the fifth year in a row that U.S. employers have not fully funded their bonus pools, according to TW.

More than half the companies (52 percent) say they’re having trouble holding on to critical-skill employees, compared to 41 percent in 2013. Meanwhile, 66 percent report problems attracting critical-skill employees.

“With hiring activity on the increase and employees more receptive to changing jobs, there is greater competition for talent, making it more difficult for companies to keep their most-valued employees,” says Sejen.

Employers also appear to be daunted by President Obama’s recent proposed changes to the Fair Labor Standards Act’s overtime rules, with 50 percent saying the changes will have a significant impact on their organizations and only 47 percent prepared to make the changes.

Sharing Economy Hits a Speed Bump

Some call it the sharing economy, others call it peer to peer and some just call it the Uber economy: Whatever one calls it, the startups that are using smartphones and the desire of many people to set their own hours to create new businesses that are disrupting fields such as the taxi economy are drawing a lot of attention these days from investors, consumers … and legal plaintiffs.

Confused Driver

Specifically, some of the workers who perform these services believe they’re actually employees rather than independent contractors. In California, the state labor commission agreed, ruling in June that an Uber driver was actually an employee of the company. Now, two similar startups have decided to proactively address the question but in radically different ways. Homejoy, an on-demand cleaning service, has announced it will shut down in the face of multiple lawsuits from workers alleging employee misclassification. Meanwhile, on-demand grocery delivery service Instacart said it will offer its in-store workers in three cities (Atlanta, Miami and Washington) the opportunity to convert from independent-contractor status to part-time employee.

Instacart says it plans to expand the program to more of the 16 cities in which it operates — a list that includes Los Angeles, New York, Austin and Boulder, according to Entrepreneur.com. About 75 percent of the eligible workers are expected to apply for part-time status, Instacart spokeswoman Andrea Saul told Entrepreneur.com. The company has more than 7,000 contract workers. Saul said workers who convert to part-time status will be paid above whatever the minimum wage is in their respective locality. Workers will continue to be eligible for tips and commissions, she said. As employees, Instacart will also be responsible for their workers compensation and payroll taxes, of course.

The confusion over whether workers who participate in the sharing economy are independent contractors or employees has prompted calls for changes. One approach would be to make things like unemployment compensation, workers compensation and benefits portable, so they would follow workers from job to job instead of being the responsibility of whichever entity employs them. Another would be to create a new classification – the so-called “dependent contractor,” according to Bloomberg View. Countries including Germany, Canada and Sweden already use this classification.

Whatever ends up happening, the controversy over worker classification in the sharing economy – not to mention at long-established companies such as FedEx Ground – won’t be resolved anytime soon, and we’ll continue keeping a close eye on it.

The Feds’ War on Employee Misclassification

Seeking to clarify the issue of just what it is that distinguishes an independent contractor from an employee, the Department of Labor yesterday  issued its first Administrator’s Interpretation (AI) of the issue as it pertains to the Fair Labor Standards Act. The issue has only grown more heated in recent months with the rise of “gig economy” companies such as Uber and Lyft, along with long-running disputes between companies and workers such as FedEx Ground’s dispute with its drivers, who claim they were misclassified as independent contractors.

Written by the DOL’s Wage and Hour Division Administrator, David Weil, the 15-page memo states that the misclassification of employees as independent contractors “is among the most damaging to workers and our economy.” It emphasizes the WHD’s six-factor economic realities test that’s used to determine a worker’s status along with what a just-released briefing from law firm Seyfarth Shaw describes as “an extremely expansive reading of the FLSA’s ‘suffer or permit to work’ definition of ’employ.'”

“Combined,” the Seyfarth Shaw briefing says, “WHD’s efforts indicate a significant hostility towards the use of independent contractors.”

An agreement between an employer and a worker stating that the worker is an independent contractor “is not indicative of the economic realities of the working relationship and is not relevant to the analysis of the worker’s status,” Weil’s memo states. The true measure of whether a worker is an employee or an independent contractor, Weil writes, is the extent to which the worker is economically dependent on the employer. A worker who is really in business for him-or-herself is an independent contractor, he notes; a worker who is economically dependent on the company is an employee.

Weil’s AI serves as a reminder to employers to regularly question their independent-contractor classifications as a part of their global risk audits, writes Michael Droke, a partner in the labor and employment division of Dorsey and Whitney. They should also be keeping records on the process used to determine whether one is an independent contractor or employee, and ensure that those classified as independent contractors aren’t given rights or access that may call their status into question, he writes: “For example, contractors should not have internal email accounts, should not be given server access, and should not be invited to employee functions.”

Weil’s AI is yet one more piece of evidence that the federal government is aggressively seeking out employers that misclassify (either deliberately or by mistake) employees as independent contractors and that businesses must proceed very carefully in this area, according to the Seyfarth Shaw memo.

“The guidance now makes it likely that DOL investigations and enforcement actions and private litigation contesting the classification of such workers will intensify,” the Seyfarth Shaw attorneys write. “Businesses should, therefore, carefully evaluate the DOL’s guidance and its potential impact on their operations.”

Confidentiality Agreement Crackdown, Revisited

If there was any question whether the Securities and Exchange Commission was serious in its efforts to clamp down on confidentiality statements, Office of the Whistleblower Chief Sean McKessy put it to rest during a recent American Bar Association webinar titled “New Developments in Whistleblower Claims and the SEC,” which took place on Wednesday.ThinkstockPhotos-155172325

Some of you may recall the story we published earlier this month titled “Cracking Down on Confidentiality Agreements,” in which I reported on the SEC’s first “enforcement action” against a company it said had used restrictive language in its confidentiality agreements.

More precisely, the SEC charged the Houston-based engineering firm KBR Inc. of violating whistleblower protection Rule 21F-17 by requiring witnesses in certain internal-investigation interviews to sign confidentiality statements saying violators could face discipline, including termination, if they discussed the matters with outside parties without KBR’s approval.

Most of the experts I spoke to for that story predicted that the SEC wasn’t likely to stop with KBR in pursuing such violations—and  McKessy’s remarks on Wednesday seemed to back up those claims.

On Thursday, Seyfarth Shaw attorney Ada W. Dolph, who was one of the sources for my original story, provided some commentary on McKessy’s remarks, writing in a memo that McKessy pointed out in the ABA webinar that the SEC rule is “very broad,” and “intentionally so.”

Dolph, based in her firm’s Chicago office, continued …

“McKessy stated that this initiative remains a ‘priority’ for him and his office. ‘To the extent that we have come across this language [restricting whistleblowers] in a Code of Conduct’ or other agreements, the SEC has taken the position that it ‘falls within our jurisdiction and we have the ability to enforce it.’ He noted that ‘KBR is a concrete case to demonstrate what I have been saying,’ referencing public remarks he has made in the past regarding SEC scrutiny of employment agreements. He stated that the agency is continuing to take affirmative steps to identify agreements that violate the Rule, including soliciting individuals to provide agreements for the SEC to review. Additionally, he reported that the SEC is reviewing executive severance agreements filed with Forms 8-K for any potential violations of the Rule.”

Dolph pointed out that McKessy also addressed the question of whether the SEC would apply the KBR order to private companies under the U.S. Supreme Court’s 2014 ruling in Lawson v. FMR LLC, 134 S.Ct. 1158 (2014)—which expanded Sarbanes-Oxley’s whistleblower protections to employees of private companies who contract with public companies. McKessy, she reported, “stated that the SEC has not officially taken a position on this issue, but in his personal opinion he ‘certainly can see a logical thread behind the logic of the Lawson decision’ to be ‘expanded into this space [private companies],’ and that ‘anyone who has read the Lawson decision can extrapolate from it the broader application.’ ”

In short, Dolph concluded, “it is clear that we can expect further SEC enforcement actions in this area.”

Granted, that’s pretty much been the expectation all along. But McKessy’s remarks should, at the very least, be considered a not-so-friendly reminder that you might not want to wait too long before reviewing your confidentiality agreements and policies in order to ensure they aren’t worded in a way that would catch the attention of SEC officials.