Employment Non-Compete Clauses and Liquidated Damages in Iowa

Contracts & Licensing

If you have ever signed an employment agreement, or asked your employees to sign one, it probably had a covenant not to compete with the employer if the employee leaves the business. These clauses are usually called “non-competes.” They typically limit the time and the geographic area within which the former employee can perform the same kind of work and/or work in the same industry. But how enforceable are they? A recent Iowa Court of Appeals decision, Cedar Valley Medical Specialists, PC v. James Wright, M.D., shows both how these clauses are used and what the courts think of them.

Wright, a cardiothoracic surgeon, entered into an employment contract with Cedar Valley Medical Specialists, PC, in Black Hawk County, Iowa. In the contract, Wright agreed that if he left the employment he would not practice medicine within 35 miles of Black Hawk County for a period of two years after leaving. He also agreed that if he did not comply with the restrictions, he would pay as liquidated damages the greater of $100,000 or his last 6 months’ salary with the group.

Wright retired from the medical group and went to work for a local hospital the next day. The medical group sued to enforce the agreement and won in the district court. Wright appealed, and the Iowa Court of Appeals ruled on his case on October 9, 2019. 

The court began its analysis by stating the Iowa law on restrictive covenants, saying:

Because restrictive covenants involve the partial restraint of trade, we construe them against the party seeking enforcement and approve them with some reluctance. We apply a three-pronged test to determine whether an employment contract with a restrictive covenant is enforceable: (1) Is the restriction reasonably necessary for the protection of the employer’s business; (2) is it unreasonably restrictive of the employee’s rights; and (3) is it prejudicial to the public interest?

Cedar Valley Medical Specialists, PC v. James Wright, M.D.

As you can see, the courts do not automatically enforce these contractual provisions, but rather engage in a balancing of interests among the employer, the employee, and the public good. Moreover, the burden is on the employer to prove it is entitled to enforce the covenant.

As to the first prong, the court found the covenant was reasonably necessary to protect the employer. The market for Wright’s specialty was limited; Wright had confidential information about the medical group’s operations; and the group had supported, promoted, and invested heavily in Wright. When he left, the group lost the revenue he would have brought in.

The court next found that the restrictions were reasonable as to time and geographic area.

Wright argued that the public interest favored striking the clause. If he, the only cardiothoracic surgeon within 50 miles, was prohibited from practicing his specialty, there would be none. Lives hung in the balance. The court rejected this argument, noting that there were only three or four emergency cases annually and there were other providers close enough by. Besides, the former employer was not seeking an injunction (that is, it was not trying to prohibit Wright from practicing medicine); it was asking to enforce the liquidated damages provision to make up the losses it suffered when Wright went to work for a competitor. 

The second part of the analysis of this non-compete clause was the reasonableness of the liquidated damages provision. Liquidated damages are damages agreed to when a contract is made that will be paid if a party breaches the contract. They are enforceable if: 1) they were a reasonable estimate, at the time the contract was entered into, of the damages that will be suffered if the contract is breached; and 2) the amount of actual damage is difficult to determine. Given the investment the former employer made in Wright and the lost revenue it would likely suffer if Wright were to compete with them, the court found the clause to be reasonable and enforceable.

If you need assistance with an enforceable non-compete for your employees, feel free to contact us for assistance.

Iowa Supreme Court Takes Conservative Approach to Airspace Hazards

Iowa farm grain elevators have height restrictions near airports

Restrictions on land use near an airport are important for obvious reasons. Tall objects create hazards to ascending and descending aircraft, and local land uses that attract large numbers of people produce a greater risk of injury if something does go wrong on take off or landing. Various methods exist to limit building height and land uses; the most familiar are local zoning ordinances. 

The Federal Aviation Administration (FAA) has also enacted rules for airports, known as the Part 77 rules. These rules help ensure the safe operation of the airport by describing “imaginary surfaces” above and around the airport that cannot be penetrated by obstructions like buildings or trees. The rules require that any proposed construction within certain distances from an airport be submitted to the FAA for a hazard determination. Until the FAA performs its assessment, construction is prohibited. The regulations permit the FAA to determine that an obstruction may not be a hazard even if it penetrates a Part 77 surface, if certain mitigating measures are taken.

The Iowa Supreme Court recently decided a case, Carroll Airport Commission, v. Danner, in which local farmers (the Danners) wanted to build a  twelve-story grain leg (bucket elevator) in the flight path of the Carroll, Iowa, municipal airport.  Unbeknownst to the Danners, the airport commission had adopted zoning regulations that limited the height of structures in the vicinity of the airport. The regulations generally match the Part 77 height restrictions. The Danners began construction before notifying the FAA or the airport of their plans. 

 A local airport commissioner saw the Danners’ construction taking place. The commission then told the Danners that the grain leg violated airport zoning regulations and would not be approved. The commission also asked the FAA to perform a hazard evaluation under Part 77. Though the proposed elevator leg exceeded the Part 77 height limits, the FAA made a “no hazard” determination “on the condition the farmer paint it and place blinking red lights on top.”  Despite the “no hazard” determination, the commission refused to grant a variance from its zoning height restrictions and sued to require the elevator leg be torn down as a nuisance. The Danners defended the suit on the basis that, once the federal agency made a “no hazard” determination, that ruling took precedence and the commission was preempted from enforcing a more rigorous requirement.

The Iowa Supreme Court had to decide whether the local airport zoning could be enforced even though it was more exacting than the FAA’s determination. This raises the question of when a federal government action preempts local regulation. The answer implicates the Supremacy Clause of the U.S. Constitution:

This Constitution, and the laws of the United States which shall be made in pursuance thereof; and all treaties made, or which shall be made, under the authority of the United States, shall be the supreme law of the land; and the judges in every state shall be bound thereby, anything in the Constitution or laws of any State to the contrary notwithstanding.

Article VI, Clause 2, United States Constitution

The Supremacy Cause makes federal law the supreme law of the land, which controls over conflicting local law. This leaves open the possibility that local law is enforceable where it does not conflict with federal law. After analyzing the federal regulations, case law, and Iowa law, the Iowa Supreme Court determined there was no conflict between federal and local law here and, in fact, the federal laws contemplated that local rules could be more restrictive. In conclusion, the Court upheld the commission’s finding that the grain leg was a nuisance and a hazard to air navigation and ordered the structure removed.

Eminent Domain and the Bakken Pipeline Redux

Iowa farm land

The Dakota pipeline carries oil from North Dakota to Illinois through Iowa, but does not pick up or drop off product in this state. A while back, I wrote a post about the pipeline and the fight over the use of eminent domain to acquire Iowa land for its construction. That post noted that in May 2016, the Iowa Utilities Board (IUB), over the objections of certain environmental groups and landowners, granted the pipeline company a permit for the pipeline’s construction. The IUB found that the pipeline would “promote the public convenience and necessity,” in the language of the statute. The IUB then granted the company the right to use eminent domain if necessary to acquire right of way for the project. The objectors appealed to the Iowa district court, which upheld the IUB’s ruling. The objectors then appealed to the Iowa Supreme Court, which issued its ruling on May 31, 2019, upholding the IUB’s decision, 4-3.

The initial question the Court needed to answer was who, in the first instance, decides whether a project “promotes public convenience and necessity,” the agency or the courts.  The Court found that the legislature intended that the IUB be the body that determines what projects meet the test. That being the case, on judicial review of the agency’s decision the courts, following general principles of administrative law, do not remake the determination. Instead, the courts review the IUB’s decision to ensure that it was not “[b]ased upon an irrational, illogical, or wholly unjustifiable application of law” and that its factual determinations were supported by “substantial evidence.”  The Court held the IUB’s ruling had met the tests; that is, it was rational and based on the evidence presented. 

Next, the Court took on what it called the most significant issue in the case: whether the use of eminent domain for the Dakota Access pipeline violated the Iowa Constitution’s prohibition on taking private property except for public use. The Court’s focus was on whether the public benefits of a project must be direct or whether indirect benefits are enough. In that regard, the Court found that, even though Iowans could not directly access the pipeline, the pipeline provides beneficial side effects in the form of cheaper and safer transportation of oil, which in a competitive marketplace results in lower prices for petroleum products for all, including Iowans. The Court noted that Iowa benefits significantly from lower fuel prices pointing out the very interesting facts that, “Iowa is fifth in the country in per capita energy use [and] eighth in the country in per capita gasoline consumption.”

The decision was not unanimous, however. Justice Wiggins, joined by Justice Appel, dissented, arguing that the use of eminent domain to acquire the necessary right of way for the pipeline that simply runs through the state is not authorized by the Iowa constitution “because the Iowa public cannot use and does not derive a direct benefit from it.” He argued that the indirect or secondary benefits to Iowa relied on by the IUB are not sufficient.

Justice McDonald also dissented, but on the grounds that the case was moot. By the time the case got to the Supreme Court, the pipeline was built and operating. Therefore, there was nothing meaningful for the Court to do. Or, as Justice McDonald put it, “What’s done is done.”

Upcoming Event: Local Government Law CLE

We are pleased and excited to announce that David Ferree will be speaking at the upcoming Continuing Legal Education event for the National Business Institute on Tuesday, December 5, 2017, in Des Moines:

Local Government Law: What Attorneys Need to Know, covering topics including:

  • Open Meeting Laws
  • Public Records Issues
  • Human Resources Issues
  • Budgets and Local Government Legalities
  • Public Contracts and Procurement
  • Cybersecurity
  • Ethics

6 Iowa CLE credits are available for attendance. Follow the link to learn more and sign up to attend!

You Detected a Data Breach. Now What?

You have detected a data breach. Alert!

You are the CEO of a mid-size company. As you are going about your day, minding your business, you get a call from your security department. It’s a call you really didn’t want. Security has detected suspicious file movements and wants your directions about what to do next. You have likely suffered a data breach.

Now what?

Ideally, you will go to your shelf and pull out your executive copy of the company’s data breach plan. But what if you don’t have a plan?

As with most policies, the time to develop your data breach plan is “before you need it.” In this case, it’s important for two main reasons. First, the law requires you to have a plan if you have Massachusetts customers (as part of a Written Information Security Plan, or WISP) or are in one of any number of regulated industries. Second, odds are high that your business will suffer a data breach sooner or later.

If you don’t have a plan yet, you are not alone. About 20% of companies have not yet developed a plan, according to a 2015 Ponemon study. If you do have a plan but aren’t totally confident in it, again, you are not alone. About 2/3 of companies with a plan weren’t confident in their plans in the same study. If you don’t have a plan, or if you do have a plan and wonder whether it covers everything it should, this post is for you.

Your company’s data breach plan should include each of these important elements:

    The Right Crowd. When you develop your plan, you should include at minimum your security, technology, legal, customer service, and PR/communications folks, as well as representatives from any areas specifically affected. For example, include someone from HR when developing policies about handling HR data. Depending on the size of your organization, this group might include anywhere from 2 people to 20. In final form, your plan should include the roles and responsibilities of people from all of these groups as well. If you don’t have the right people in the room from the start, you face the very real possibility of chaos when a data breach occurs.

    Administrative, Technical, and Physical Safeguards. Your plan should cover how you are going to keep your data as safe as possible. You may not be able to prevent every breach, but you can reduce the number and severity of breaches by taking some basic cybersecurity steps. Administrative safeguards have to do with people’s behaviors and knowledge. Examples include policies about access to and use of data, hardware, and software; background checks; agreements; and training. Technical safeguards have to do with preventing access electronically. Examples include encryption, separating identifier and content data, roles-based systems access, and regular logging and auditing of access to systems. Physical safeguards have to do with preventing physical access to sensitive information. Examples include locked filing cabinets, secure workstations, video surveillance, biometric locks, and ID badges.

    Business Continuity. Your plan should tell you how to keep your business running if you do not have access to your computers or files. This may or may not be included in your normal business continuity plan, so be sure to check. A natural disaster that takes out one of your two locations will play out very differently from a ransomeware attack that ties up your entire network.

    Specific Steps. A data breach plan should ideally cover exactly who does what, and when. In the heat of the moment, your employees may not be thinking clearly; your plan should guide them so that they avoid panicked mistakes. In creating the plan, your organization should spend some time figuring out what its greatest vulnerabilities are and how it will address a resulting breach should it occur. (Ideally, of course, you will find ways to reduce these vulnerabilities during the course of developing your plan, but we live in the real world where time and budget are always constraints.) A data breach plan should cover these specific steps:

    • Escalation: When do you contact your internal and external security team and lawyers? When do you contact your Chief Information Officer? CEO? Your board? If there is any indication of a major incident, your first call should be to your data forensics consultant; the consultant will help you avoid accidentally harming your own systems or destroying any evidence. Beyond that, your next calls will depend a great deal on your organizational structure and preferences.
    • Investigation. If your business can afford it, you should enlist outside help with a data breach; legal, PR, and data forensics consultants will have experience that you may not have internally. They will also be able to give you perspective in a stressful situation. It is important to know who you will contact for outside help ahead of time. Be sure to keep their contact information in your breach plan. During the course of investigation, no matter who is conducting it, it is most important that you avoid destroying evidence, notify law enforcement, and ask the right questions: What specifically was compromised? What can we do to prevent further damage? Can this system be quarantined? What data can be salvaged? What data can we still trust? Can we trace who did it? And perhaps most importantly, is it a data breach as defined by law?
    • Most laws and regulations define “data breach” slightly differently from one another. Generally, though, a data breach is the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a data collector.

    • Responses/Reporting. If you determine that your incident is a data breach under applicable law, you will need to report the breach. The law or regulation that applies to your situation will tell you who you need to contact. Most of the time, you will need to tell law enforcement and the people whose information was affected by the breach. You may also need to tell investors, state attorneys general, regulators, credit reporting agencies, or the media. In order to expedite reporting, you should consider having template versions of communications to these parties in your data breach plan.
    • Remediation. First, protect your customers from further damage. Make sure that any information that has been placed on the web is removed, including information on cached sites. Second, make sure that your company is protected for the future. Ideally, the same kind of incident should never happen to the same company twice. After the excitement has died down, evaluate what happened. Follow any steps recommended by your data forensics consultant. Consider whether you need to revamp any contractor relationships, contracts, technology, training programs, or physical safeguards.
    • Re-Evaluation and Practice. Take a look at your breach plan. How well did it perform? Would you do something differently next time? If so, amend the plan. If the plan worked well, practice it. You should run internal and external drills regularly, so use this opportunity for another run-through.

And now? If you already have a plan, great! You should make sure it contains all of these elements, then practice it this week. If you do not have a plan, don’t panic! Gather the folks in your company who need to be involved and develop one. This week.

Does your company have a plan? Do you trust that it will work if you need to implement it tomorrow?