In our Age of Communication, confidential information is more easily exposed than ever before. Real-time communication tools and social media give everyone with Internet access the ability to publicize information widely, and confidential information is always at risk of inadvertent or intentional exposure. The current cultural emphasis on transparency and disclosure—punctuated by headline news of high-profile leakers and whistleblowers, and exacerbated in the corporate context by aggressive activist shareholders and their director nominees—has contributed to an atmosphere in which sensitive corporate information is increasingly difficult to protect. There is limited statutory or case law to guide boards and directors in this area, and there exists a range of opinions among market participants and media commentators as to whether leaking information (other than illegal insider tipping) is problematic at all.
Directors’ legal obligations with respect to confidentiality are not well articulated, and confidential board information is unique in the corporate context. It includes material, non-public information, the disclosure of which is regulated by federal securities laws and by company-wide policies and procedures, but it also includes sensitive boardroom discussions that have both personal and business elements and implications. In order for boards to function effectively, directors must feel comfortable expressing their views in the boardroom on corporate matters honestly and freely, without concern that their conversations will be made public.
Concerns about leaks often increase with the election of “constituent” directors. These directors, placed on public company boards through proxy access or a proxy fight, are typically perceived—rightly or wrongly—as representatives of those shareholders that nominated them and are considered likely to share details of board deliberations with their sponsors. When sensitive board information is deliberately exposed by a director, boards may struggle to respond effectively, as the remedies available to the board and the company are limited, particularly since directors cannot require another director to resign. In order to protect confidential and sensitive information, boards should, at a minimum, have robust director confidentiality policies and, in appropriate circumstances, should consider adopting bylaws regarding preserving confidentiality. Companies may also want to review their crisis management plans to ensure that they cover breaches of confidentiality by directors in addition to employees.
Confidential Board Information
Confidential, non-public corporate information falls generally into three categories: proprietary information that is of competitive, commercial value to the company; inside information about the company’s finances, operations, and strategy; and sensitive information regarding board proceedings and deliberations. Unauthorized disclosures of proprietary information could imperil a company’s competitive advantage or commercial success while unauthorized disclosures of inside information can lead to illegal insider trading and manipulation of the company’s stock price. Information in any category that is material and non-public may be disclosed by company insiders only in specific ways prescribed by the federal securities laws, including Regulation FD. For these reasons, all companies should have comprehensive corporate confidentiality policies that apply to employees as well as directors. The authorized processes and channels for disclosure of confidential corporate information should be well defined and understood within the company, as improper disclosures can lead to criminal and civil liability in certain circumstances.
The third category, sensitive board information, includes information to which a director is privy by virtue of his or her membership on the board of directors. In the course of fulfilling their fiduciary duties and director responsibilities, directors are entrusted with significant amounts of material, non-public information of all types; however, they also become aware of the inside story: how this confidential corporate information is discussed, used, and understood within the board itself. Directors generally know how their fellow board members view corporate executives, strategic initiatives, potential acquisitions, competitive and legal threats, and even each other. They also understand how board deliberations have developed over time. Any element of this “meta-information” may be of particular importance, may be potentially disruptive or embarrassing if disclosed, or may simply have been shared within the boardroom with the expectation of privacy. Leaks of sensitive board information—as opposed to proprietary or valuable corporate information—also can be highly damaging to a company. Such leaks can be made publicly, to the media and the investor community at large, or privately, to a director’s sponsor or other influential shareholders.
Public and Private Disclosures
The most sensational type of leak happens when a disgruntled or dissatisfied director provides confidential information to the media in order to put pressure on the rest of the board. One recent headline-making situation involved J.C. Penney director, and activist investor, William Ackman. Ackman was a major stockholder of J.C. Penney, owning nearly 18 percent of the company’s shares through his hedge fund Pershing Square Capital Management. In August 2013, Ackman provided to a major news outlet two letters from himself to the J.C. Penney Board. The letters detailed boardroom discussions and expressed frustration with the leadership of the company and the J.C. Penney board, particularly with respect to the ongoing chief executive search process. The public firestorm that ensued benefited no one; the outcome included high-profile criticism of Ackman’s behavior from prominent members of the corporate community, Ackman’s resigning from the J.C. Penney board, Pershing Square’s sale of its holdings in the company, and a dramatic (and ongoing) decline in the value of J.C. Penney stock.
A less dramatic but likely more prevalent type of boardroom leak is the private communication of confidential information by constituent directors to their sponsoring shareholders. Activist shareholders and the investment community are increasingly pushing for shareholder-sponsored directors on public company boards, and indeed their numbers are growing. Dissident success in proxy fights put more constituent directors on boards in 2013 than in any year since 2009. In 2013, there were 90 proxy fights, 30 of which went to a shareholder vote. Of those 30, 17—over half—were won by the dissident. By contrast, 2012 saw only 77 proxy fights, of which 28 went to a vote, and nine of those were won by dissidents.
The possibility of mandatory proxy access still lingers, though fortunately it is no longer on the near-term horizon. Proxy access had been a top Securities and Exchange Commission (SEC) priority but suffered a setback in 2011 when the U.S. Court of Appeals for the D.C. Circuit overturned the rule on the basis that the SEC had not conducted an adequate analysis of the rule’s economic impact. In 2012, SEC Chairman Mary Schapiro told a Congressional panel that the SEC had no immediate plans to revisit its proxy access rule. Nonetheless, shareholder proposals on proxy access slightly increased in number and shareholder support in 2013, and two did receive shareholder approval.
Constituent directors may be chosen for board seats by their sponsoring entities on the explicit understanding that they will share inside information for investment evaluation purposes. Indeed, the Delaware Chancery Court recently expressed the view that “[w]hen a director serves as the designee of a stockholder on the board, and when it is understood that the director acts as the stockholder’s representative, then the stockholder is generally entitled to the same information as the director.” Absent contractual or bylaw provisions to the contrary, Delaware law permits constituent directors to disclose information to their sponsors so long as they do so in a manner that is consistent with their fiduciary duties. If the corporation were harmed by the disclosures, or if the director knew that the sponsor would use the information disclosed to usurp corporate opportunities belonging to the company, the director likely would be found to have breached his or her duty of loyalty. Regardless of the director’s intention, however, once information has been passed outside of the board, as a practical matter it is impossible to control the flow of information from the sponsoring shareholder’s employees to others in the investment community, absent specific confidentiality obligations being in place. Other directors may not be aware of the extent or type of information that a constituent director is providing to the sponsoring shareholder, nor how widely the information is being disseminated. Certain activists routinely enter into confidentiality agreements with companies on whose boards they participate, and these agreements, when properly drafted, protect both the company and the activist.
Some activist hedge funds have begun the unfortunate practice of providing their constituent directors with special compensation arrangements, some of which are contingent on certain events or on the implementation of the shareholding entity’s plans for the company. These arrangements are deeply problematic, as directors—regardless of who nominates them—owe fiduciary duties to all shareholders of the company and should not be prioritizing any particular agenda for personal benefit. As one commentator has observed, “If this nonsense is not illegal, it ought to be.” Boards should give consideration to adopting a bylaw that would disqualify candidates from serving as directors if they are party to such arrangements, although a position recently taken by ISS makes this decision more difficult.
There is a risk of harm to the company itself when any confidential information is leaked, but there is certain harm to the functioning of the board of directors when its sensitive deliberations are publicly disclosed. An effective group of directors trusts and relies on each other, encourages discussion and debate, and can tolerate even strongly-held dissenting views. When trust has been undermined, board effectiveness will be seriously compromised. A major breach of confidentiality, or an ongoing flow of sensitive information outside the board, can have a chilling effect on board deliberations, thereby depriving shareholders of the full benefit of the directors’ expertise and judgment. Meetings are likely to become contentious, and the board may become incapable of consensus or timely decision-making. All of this is particularly true when a leak exacerbates existing board dysfunction. Showing a lack of understanding of board dynamics, activist director William Ackman opined—in one of his letters to the J.C. Penney board that he provided to the media—that “[e]xtreme candor among directors is critical.”
Public company boards should consider implementing a confidentiality policy specific to directors. The policy should define “confidential information” broadly, listing examples of the types of information covered, and emphasize that the category includes all non-public information entrusted to or obtained by directors due to their position on the board. The policy should remind directors of their fiduciary duties and state that directors may only use confidential information for the benefit of the company, and not for personal benefit or the benefit of any other entities. The policy should specifically address the issue of disclosure by constituent directors to their sponsors and should note that directors are bound by their confidentiality obligations even after their tenure on the board concludes. The policy should expressly state that, while directors may disclose confidential information when required by law, in such cases a director should provide advance notice of the upcoming disclosure to the board, its chairman, and the chief executive officer. The policy could also require the director is to attempt, in cooperation with the company and at the company’s expense, to avoid or minimize any required disclosures through legally available steps.
Having a detailed and robust board confidentiality policy will serve both to advise directors (and their sponsors, if any) as to their obligations with respect to sensitive board information and to create a board culture that views leaking as unacceptable and dishonorable behavior. The chairman of the board should provide the policy to director candidates before they are nominated (or, in the case of constituent directors, directors-elect before they begin service) and may wish to obtain written or oral assurances that they understand and can abide by the terms of the policy. Another available mechanism is a board-approved bylaw requiring director nominees to confirm their acceptance of the board’s confidentiality policy and to agree that they will not act as representatives of particular constituencies while on the board. Advance notice bylaws for director nominations may also contain confidentiality requirements. To the extent information will be shared with sponsors by their directors, the board should require the execution of a confidentiality agreement with the sponsor.
The board should review its confidentiality policy during its annual review of the company’s corporate governance policies. The board chairman or board counsel may wish to specifically remind directors of their confidentiality obligations when contentious or sensitive situations are at the forefront of board affairs. As a general matter, the board chairman should ensure to the best of his or her ability that directors never lose sight of their shared obligation to fulfill the fiduciary duties they owe to all shareholders.
If legal disputes do arise, a well-drafted confidentiality policy can be a factor in a court’s determination of whether information should be deemed confidential. In a 2005 Delaware Chancery Court case involving the Walt Disney Company, the court determined that certain documents relating to “‘private communications among or deliberations of the Company’s board of directors’” should remain confidential. Vice Chancellor Lamb based his decision on the company’s written confidentiality policy, which covered documents of this type, as well as on the expectation of privacy of the individuals who participated in the communications described therein. The court observed that “By adopting this [confidentiality] policy, the board has recognized the necessity of keeping the thoughts, opinions, and deliberations of its members confidential. This board policy deserves significant weight.”
There are legal ramifications for some breaches of confidentiality. Disclosure of material, non-public information can result in civil or criminal charges. A damaging leak of confidential material could in certain circumstances amount to a breach of the duty of loyalty, which could result in personal liability for damages and limit the director’s legal and contractual protections against such liability. At the board level, however, breaches of confidentiality by directors are notoriously difficult to handle. The first principle should be for the board not to exacerbate the situation by taking actions that would create negative publicity for the company. Removing a director, for example, can only be done by the shareholders and is a very difficult and time-consuming process, and attempting to do so likely would result in protracted public controversy.
Typically, when a serious breach of confidentiality occurs, the board asks for the offending director’s resignation. A board cannot demand it, however, unless the director has signed an advance resignation letter, which commits a director to resign under certain specified circumstances. The effectiveness of advance resignation letters is likely to depend largely on the fairness of the process to determine whether the triggering event has in fact occurred. If the director or sponsoring shareholder resists, enforcement could result in a damaging public controversy regardless of the validity of the process used. Moreover, if the trigger is a finding by a court that the director breached his obligations, the issue is unlikely to be resolved in a timely fashion. Thus, boards commonly wait until the director’s term has expired and decline to renominate him or her when faced with trust issues of this type. A board may wish to adopt a bylaw stating that no director who is determined by the board to have violated the board confidentiality policy may be eligible to serve on the board.
When a request for a director’s resignation fails, a board usually creates special committees for sensitive topics. A director cannot be completely isolated, however, as all directors must have the information needed to fulfill their fiduciary duties. In the 2013 case Kalisman v. Friedman, which involved a constituent director who sought access to board information that had been kept from him, Vice Chancellor J. Travis Laster of the Delaware Chancery Court reiterated a director’s broad right to information, stating, “A director’s right to information is ‘essentially unfettered in nature.’” The letter opinion observed that a special committee is entitled to have protected communications with its separate legal counsel to the extent necessary for its work but cautioned that “[t]he degree to which such a committee would need to provide some form of update periodically or upon request to other directors or the board has not been fully determined and is likely fact-dependent….” One exception in extreme cases is that “a board or a committee can withhold [attorney-client] privileged information once sufficient adversity exists between the director and the corporation such that the director could no longer have a reasonable expectation that he was a client of the board’s counsel.”
Finally, the board’s crisis management plan should include provisions regarding director leaks of sensitive board information, whether private or public and whether intentional or inadvertent. Advance preparation can help to ensure procedural fairness and to prevent emotional responses to what can be perceived as a personal betrayal from clouding the board’s judgment.
Culture of Trust
The obligation of confidentiality fundamentally derives from the fiduciary duties of loyalty and care, and questions of disclosure are, when not covered by existing agreements or company policy, matters of business judgment. Ultimately, there is no substitute for genuine trust, collegiality, and a proper amount of respect among board members. The creation of a culture of confidence is probably a board’s best protection against damaging leaks, and the chairman or lead director should proactively build trust and cohesiveness among directors whenever possible. As a matter of best practices, boards also should establish and maintain clear policies about the handling of confidential board information and the process to be followed in the event of a leak and should require confidentiality agreements in situations where directors may be sharing confidential information with their sponsors.