Last week, the National Labor Relations Board (NLRB) clarified when employers may prohibit employees from disclosing sensitive customer information. Unlike many recent NLRB decisions, this one contains some good news for employers. The NLRB recognized that despite recent precedent, employers might still protect certain sensitive customer information. It also shed light on how employers can prepare confidentiality policies and how the NLRB will view similar work rules in the future.

This case arose after the United Food and Commercial Workers Union challenged confidentiality rules issued by Macy’s department stores. Like many employers, Macy’s prohibited employees from disclosing a broad range of confidential information. For example, Macy’s prohibited employees from disclosing customer names, contact information and payment information that they obtained from Macy’s confidential records.

Historically, the NLRB has prohibited employers from issuing similar work rules. Under the NLRB’s view, an employer may not maintain any work rule that reasonably could discourage employees from exercising their right to engage in group activity to improve their working conditions (such as their right to publicize disputes with their employer). The NLRB has usually held that if an employer prohibits an employee from using or disclosing customer names, then that can unlawfully discourage the employee from publicizing a labor dispute. Although this view creates major practical problems for employers, the NLRB has eschewed it in favor of affording employees broad rights.

In this case, however, the NLRB recognized two key exceptions for employers. Most importantly, the NLRB held that an employer may bar employees from disclosing customer names and contact information that the employer keeps confidential. In other words, if a customer’s name is not publicly known, and if the employer takes steps to keep that name confidential, then the employer may prohibit employees from disclosing it.

Additionally, the NLRB recognized that an employer may protect “sensitive” customer information, such as their payment information, social security numbers or similar information. Although most employers would (rightfully) view this as common sense, the NLRB had previously made it unclear how far an employer could go to protect some of these types of information.

Despite the aforementioned, the NLRB nevertheless confirmed that some problematic rules still apply. For example, the NLRB reiterated its position that an employer may not prohibit employees from disclosing most information about their coworkers, including coworkers’ pay rates and job duties in most situations.

Ultimately, after years of the NLRB expanding employee rights in a broad and problematic way for employers, this case provides useful guidance and indicates the Board might start addressing these issues more reasonably. Employers should continue monitoring this area, especially given that the “Trump Board” likely will begin making significant changes later this year.