Non-Disclosure Agreements and Whistleblower Protections

Non-disclosure agreements (NDAs) occupy a contested legal space when they intersect with federal and state whistleblower statutes. This page explains how NDAs are defined and scoped in employment and settlement contexts, the mechanisms by which federal law limits their enforceability against whistleblowers, common scenarios where the conflict arises, and the legal boundaries that determine which provisions hold and which do not. Understanding this intersection is essential for anyone analyzing whistleblower confidentiality rights or evaluating the scope of protected disclosures under U.S. law.

Definition and scope

A non-disclosure agreement is a contract—bilateral or unilateral—in which one or more parties agree to keep defined information confidential. In the employment context, NDAs take three principal forms:

1. Onboarding confidentiality agreements — signed at hiring, covering trade secrets, proprietary processes, and client data.
2. Separation and severance agreements — signed upon termination, often including broad confidentiality and non-disparagement clauses as a condition of receiving severance pay.
3. Settlement agreements — signed to resolve litigation or regulatory complaints, frequently including clauses prohibiting further disclosure of the underlying facts.

The enforceability of each type is governed by a layered framework: state contract law sets baseline requirements (consideration, mutual assent, definiteness), while federal whistleblower statutes carve out mandatory exceptions that state law cannot override under the Supremacy Clause of the U.S. Constitution.

The core federal principle is that a private contract cannot prospectively waive rights that Congress has conferred by statute. The Securities and Exchange Commission codified this principle explicitly at 17 C.F.R. § 240.21F-17, which prohibits any person from taking action to "impede" an individual from communicating with the SEC about possible securities law violations. Violations of this rule carry civil penalties, and the SEC has assessed fines against employers for NDA language alone—without any underlying substantive securities violation.

The scope of federal protection extends across more than 20 distinct whistleblower statutes administered by agencies including the SEC, Commodity Futures Trading Commission (CFTC), Department of Labor (DOL), and the Office of Special Counsel (OSC). Each statute defines its own protected communications and sets different limits on what a private agreement may restrict.

How it works

The mechanism by which federal law overrides NDA restrictions operates through several distinct channels:

1. Statutory anti-waiver provisions — Many whistleblower statutes include explicit language declaring that rights under the statute may not be waived by private agreement. Section 21F of the Securities Exchange Act of 1934, as implemented under the Dodd-Frank Wall Street Reform and Consumer Protection Act, contains such a provision. A contractual clause purporting to waive a whistleblower's right to report to the SEC or to receive a whistleblower award is void as a matter of law.

2. Regulatory rule enforcement — The SEC's Rule 21F-17 goes further than the statute: it prohibits NDA language that could have a "chilling effect" on reporting, even if the employee has not yet attempted to report. The SEC has brought enforcement actions against employers whose standard confidentiality agreements contained blanket prohibitions on disclosure to government agencies, even without evidence that any specific employee was prevented from reporting.

3. NLRA protections — The National Labor Relations Board (NLRB) has held that overly broad NDAs in non-union private-sector employment may violate Section 7 of the National Labor Relations Act (29 U.S.C. § 157) by restricting employees from engaging in concerted activity, which includes discussing working conditions.

4. State-level restrictions — Thirteen states, including California, New York, and Illinois, have enacted statutes limiting the use of NDAs in sexual harassment settlements. California's SPEAK OUT Act analog and New York's Civil Practice Law and Rules § 5003-b restrict confidentiality provisions in these cases.

The practical enforcement sequence is: (a) the employee signs an NDA; (b) the employee attempts to report to a federal agency or participates in an agency investigation; (c) the employer invokes the NDA or retaliates; (d) the agency or a court evaluates whether the NDA clause is preempted or void; (e) if void, the clause is severed and the remainder of the agreement may survive.

Common scenarios

Settlement agreements following internal complaints — An employee raises a safety concern internally, the employer offers severance conditioned on signing a broad confidentiality agreement. Under the Occupational Safety and Health Administration (OSHA) Whistleblower Protection Program, which administers protections under 25 federal statutes, settlement agreements in OSHA-investigated cases must be reviewed and approved by OSHA to ensure they do not restrict future reporting rights or impose penalties on the employee for prior protected activity.

Pre-dispute arbitration and confidentiality clauses — Employers sometimes embed confidentiality requirements in arbitration agreements. The Ending Forced Arbitration of Sexual Assault and Sexual Harassment Act of 2022 (Pub. L. 117-90) voids pre-dispute arbitration agreements for covered claims, affecting the confidentiality architecture of those disputes.

Government contractor NDAs — Federal contractors face a distinct regime. The National Defense Authorization Act provisions governing contractor whistleblowers, addressed in detail at government contractor whistleblower rights, prohibit contract conditions that restrict employees from lawfully reporting waste, fraud, or abuse to designated federal officials (41 U.S.C. § 4712).

SEC and CFTC award claimants — An individual who signed a severance NDA may still submit a tip to the SEC or CFTC Whistleblower Program and remain eligible for a monetary award. The contractual prohibition on disclosure does not strip award eligibility because Rule 21F-17 renders the restrictive NDA clause void. The CFTC's parallel provision at 17 C.F.R. § 165.19 mirrors the SEC rule.

IRS whistleblower submissions — NDAs cannot bar submission of information to the IRS Whistleblower Office under 26 U.S.C. § 7623. The IRS Whistleblower Program operates independently of private contractual restrictions.

Decision boundaries

The enforceability of an NDA in a whistleblower context depends on four classification questions:

1. Does the subject matter fall within a federal statute's protected disclosure category?

If the disclosure concerns securities fraud, commodities fraud, tax fraud, federal contract fraud, or workplace safety violations, a federal statutory framework almost certainly preempts any NDA restriction on reporting to the relevant agency. The False Claims Act adds a specific qui tam dimension: an employee who has already filed a sealed qui tam complaint is not permitted to disclose the complaint's existence, but the filing itself is a protected act that an NDA cannot retroactively void.

2. Is the NDA prospective or retrospective?

Prospective NDAs (signed before any protected activity occurs) are more susceptible to challenge on chilling-effect grounds under SEC Rule 21F-17. Retrospective settlement agreements (signed after a complaint is filed or investigation is underway) face OSHA approval requirements in cases under OSHA-administered statutes and court approval in qui tam matters.

3. Does the agreement distinguish between internal and external reporting?

Some NDAs attempt to prohibit only public disclosure while permitting confidential agency reporting. Courts and regulators treat this distinction as legally significant: an NDA that expressly carves out disclosures to government agencies is less likely to be found void, while one that imposes blanket silence—even as to government agencies—is more likely to be invalidated. The contrast between internal vs. external whistleblowing frameworks is directly relevant to how this distinction is analyzed.

4. Does the agreement impose financial penalties for disclosure?

Clauses requiring forfeiture of severance, liquidated damages, or return of settlement consideration if the employee reports to an agency are treated with particular skepticism. The SEC has specifically cited liquidated damages clauses tied to regulatory reporting as violations of Rule 21F-17. Penalty-for-reporting clauses in OSHA-covered settlements are subject to agency rejection during the approval process.

A separate boundary applies to Sarbanes-Oxley whistleblower protections: Section 1107 of SOX (18 U.S.C. § 1513(e)) criminalizes retaliatory action against persons who provide truthful information to law enforcement, which courts have held constrains the use of NDAs to silence employees who have already provided information to federal authorities.

The [whistleblower-