It was reported recently that certain universities and medical research centers in the U.S. made adverse employment decisions against several Chinese-American scientists who were suspected of disclosing confidential information regarding federal funded research to China. Around the same time, it was also reported that the U.S. authorities had charged a Chinese-American engineer at a multinational company in the New York State and a Chinese businessman in Liaoning province with economic espionage.
These news reports triggered significant concerns among Chinese and Chinese-American scientists, engineers and researchers working in the U.S. It is a lose-lose situation for both employers and employees as the employers lost valuable talents and the employees lost their jobs and exposed themselves to potential civil and criminal charges.
This article sets out to provide practical tips without engaging in a discussion on broader principles such as racial profiling and academic freedom. For a discussion of these principles, please see the recent dialog between Chinese-American scientists and Francis S. Collins, Director of the National Institutes of Health (“NIH”), on Science.1 The article is structured as a Q&A to address some of the most common questions that concern scientists, engineers and researchers with regard to the confidentiality and ethical requirements under agreements, employment policies and U.S. law.
本文旨在为工程、科研人员提供实务建议，并未对种族归纳（racial profiling）和学术自由等更广泛的原则进行讨论。对于该等原则的讨论，详见《科学（Science）》期刊中刊登的美籍华裔科学家与美国全国卫生研究院（NIH）院长Francis S. Collins的近期对话。本文将通过问答的形式，对部分科学家、工程师和研究人员所关注的，在协议、雇主政策和美国法律项下、关于保密和道德规范要求最为常见的问题进行讨论。
Question 1. What information falls under the scope of “confidential information”?
Answer: The term “confidential information” has a broad meaning and should be distinguished from “trade secrets.” The term “trade secrets” is defined by state law. Most of the states in the U.S. have defined trade secrets under some version of the Uniform Trade Secrets Act (“UTSA”). The definition of “trade secrets” under the UTSA can be summarized as: any information that is (a) not known or available to the public; (b) of economic value; and (c) the subject of reasonable efforts to maintain its secrecy or confidentiality.
While the definition of “trade secrets” under UTSA is already very broad, the scope of “confidential information” can be even broader. As the law does not clearly provide what information constitutes “confidential information,” parties are free to provide the definition of such term in a non-disclosure agreement (“NDA”). Even if a certain type of information has no economic value, as long as it is not publicly available, the owner of such information may have such information protected by contract. As a rule of thumb, if a certain type of information is not open to the public, such information may fall under the scope of “confidential information” as long as it is captured by the definition clause in an NDA.
Question 2. Why am I subject to confidentiality obligations?
Answer: An individual’s confidentiality obligation may originate from his/her NDA with the data-owner, such as his/her employer or a research program sponsor. In addition, the individual also needs to comply with any confidentiality requirements set forth in the internal policies and regulations of his/her employer. Moreover, applicable state and federal laws also provide protections to certain types of confidential information, which the individual must abide by. For example, most states have statutes or common law prohibiting misappropriation of trade secrets; the Economic Espionage Act (“EEA”) outlaws intentional theft or misappropriation of trade secrets to benefit foreign countries or a party other than the owner; the Export Administration Regulations (“EAR”) and International Traffic in Arms Regulations (“ITAR”) impose strict control over export of information that has military (or civil-military dual use) applications.
Question 3. What will be my liabilities if I violate applicable confidentiality requirements?
Answer: The liability could be multifold depending on the circumstances. The owner of the confidential information may file a civil lawsuit against you for remedies. In addition, such violation may be regarded as a material misconduct under the employment policies, which might entitle the employer to unilaterally terminate your employment. If you participate in a research program funded by a federal government agency (such as NIH, Department of Health and Human Services, Department of Defense, and Department of Agriculture), your non-compliance of the confidentiality (and other) requirements under such program may result in, among others, withholding of a continuation award, suspension or termination of the grant in whole or in part, or debarment by the federal agency.
Under certain circumstances, you may also be subject to criminal liabilities. For example, according to Section 1831 of the EEA and its amendment in 2013, the theft or misappropriation of a trade secret with the intent or knowledge that such offence will benefit a foreign government, foreign instrumentality or foreign agent constitutes economic espionage, which could subject the individual offender to a maximum sentence of 15 years in prison and/or a fine of up to USD 5 million. A person who discloses controlled technical data to a foreign country in violation of the EAR and ITAR may also be subject to a fine and/or imprisonment depending on the circumstances. There might be further penalties if the offender destroys evidence or lies to an investigator.
Question 4. Can I engage in research, business or other activities unrelated to my employment if I keep the confidential information of the employer in strict confidence?
Answer: It depends on the employer’s policies and the terms of the employment. Often times, universities and other academic institutions have more lenient policies than private sector employers do. In general, most employers have some level of internal policies prohibiting conflict of interests. Under these policies, employees can be required to make report to and obtain approval from their employer in order to engage in activities outside of their employment, failure of which may constitute a violation of the employer’s policies and result in disciplinary actions against the employee, including termination of his/her employment. Therefore, if you participate in a research program or other activities in China or other countries outside of your job without obtaining prior approval from your employer, the U.S. employer may take a disciplinary action against you regardless of whether you breach your confidentiality obligation. Furthermore, if you fail to disclose such outside activities or misrepresent to a federal agency in connection with an application for a federal grant in violation of the grant rules, the program may be terminated, the funds may be withdrawn and you may be subject to civil or even criminal liabilities for grant fraud depending on the circumstances.
Question 5. What should I do to avoid compliance risks?
Answer: We recommend the following measures to avoid compliance risks:
- Carefully review relevant NDA, grant terms and conditions, and employment policies (including any code of conduct and ethical policies) to know your confidentiality and ethical obligations (or have a lawyer go through the requirements under these lengthy documents with you) and comply with such obligations;
- Follow the data owner’s guidelines and requirements when dealing with its confidential information;
- Avoid disclosing confidential information outside the employing organization;
- Store confidential information in designated system or device and avoid transferring such information to personal or third-party systems or devices unless approved or required by the data owner;
- Obtain prior approval from the data owner/employer before disclosing confidential information to a third party or engaging in any outside activities; and
- Consult with a lawyer whenever you have a question regarding your obligation or feel you have been treated unfairly or unlawfully.
Question 6. What should I do when I find myself at risks of a violation?
Answer: Under such circumstances, we recommend that you take the following measures to mitigate compliance risks:
- DO NOT ignore such risks;
- Immediately stop any questionable activities;
- If any confidential information has been provided to a third party that is not supposed to receive such information, request the third party to immediately return such information;
- Immediately contact a lawyer for advice; and
- DO NOT delete or destroy any confidential information before receiving advice from the lawyer, because such actions might result in more serious liabilities.
1 See “Racial profiling harms science,” Science 22 Mar 2019: Vol. 363, Issue 6433, pp. 1290-1292
参见《科学（Science）》期刊所载“种族归纳阻碍科学（Racial profiling harms science）”一文，2019年3月22日第363卷，第6433期，第1290-1292页