Employers increasingly find themselves faced with employees who engage in misconduct by misappropriating confidential company information in violation of a confidentiality agreement.  However, the best way to address this situation and protect the company’s confidential and proprietary information is more difficult than it initially appears where the employee misconduct is taken as part of a purported whistleblower action.  Consider the following hypothetical:

John, a mechanical engineer for Company X, a large surveillance equipment manufacturer, signed a confidentiality and non-disclosure agreement.  Years later, John believes Company X intentionally failed to comply with safety regulations to win a government defense contract.  John complained to his supervisor about the safety regulations violation, and asked her to investigate.  After several months without word from his supervisor, John reports his complaint to human resources.  Weeks later, Company X merged with Company Y, creating Corporation Z and Corporation Z announced it would close the plant where John worked, and gave employees the option to apply for a position at a different location.  Although John was a high performer, he applied for mechanical engineer positions at several different locations, but never received a job offer.  While none of the decisionmakers were aware of John’s complaints, he was convinced his safety regulation complaints were the reason he did not get a job offer.  Days before the plant closes, John accessed the company’s database and downloaded thousands of files, including confidential and proprietary information, onto a flash drive. 

John files a qui tam action under the False Claims Act against Corporation Z alleging violations of the False Claims Act and retaliation for making complaints regarding the failure of the company to comply with applicable safety regulations.  Corporation Z counterclaims with a breach of contract action against John for downloading confidential and proprietary information in violation of his confidentiality and non-disclosure agreement.  Who prevails?

This scenario is all too familiar to many companies in today’s society of claims of corporate fraud and false claims against the Government.  This article explores the various whistleblower statutes; the competing interests at stake; the relevant case law; and best practices companies should follow when an employee or former employee misappropriates confidential information while also claiming whistleblower protection.

A.        Government’s Protection of Corporate Finance and Employees Allows Various Whistleblower Protections

In the past fifteen (15) years, Congress has enacted legislation that seek to protect corporate finance and employees by providing more oversight to prevent corporate scandals, fraud against the government, and reform the financial regulatory system.  The three major statutes behind this Congressional push are the Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, 116 Stat. 745 (“SOX”); the Fraud Enforcement and Recovery Act of 2009, Pub. L. No. 111-21, 123 Stat. 1617 (‘FERA”), which strengthened the False Claims Act, 31 U.S.C. § 3729, et seq. (“FCA”); and the Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, 124 Stat. 1376 (“Dodd-Frank”).

Following the highly publicized corporate scandals at Enron and Worldcom, Congress enacted SOX to protect investors from fraudulent accounting practices and improve financial disclosures.  The law also protects whistleblowers at publicly traded companies from discrimination and retaliation.[1] 

In response to the perceived regulatory inadequacies and market excesses that led to the “Great Recession of 2008,” Congress took further action in 2009 and 2010 by enacting FERA and Dodd-Frank.  Congress enacted FERA to strengthen the FCA, which is designed to prevent fraud against the government.[2]  Under the FCA, private citizens who have evidence that a corporation[3] is committing fraud against the government may bring a qui tam[4] action on behalf of the government.[5]  In exchange for bringing the suit, the qui tam plaintiff, often an employee of a major corporation, may also receive a portion, typically between fifteen (15) and twenty-five (25) percent, of funds recovered from the action.[6]  Since 1986, FCA actions have resulted in over $35 billion in funds recovered.[7]

In 2010, Congress enacted Dodd-Frank.[8]  The law provides oversight of financial institutions and reforms consumer protection regulations.[9]  Dodd-Frank also protects whistleblowers from discrimination and retaliation, and similar to the FCA, potentially provides monetary rewards for whistleblowers.  Under Sections 748 and 922 of Dodd-Frank, whistleblowers whose information results in sanctions that exceed $1,000,000.00 are awarded between 10% and 30% of the monetary sanctions.[10]

Congress has also enacted various other statutes that include whistleblowers protections,[11] and the Department of Labor (“DOL”) reiterated in January 2016 that whistleblower protection is a priority over the next four years.[12]  It should be no surprise that whistleblower claims have risen steadily over the past ten (10) years and show no signs of slowing.[13] 

B.        The Tension Between Government Goals, Whistleblower Protections, and Company Interests. 

As a result of the increased legislation, there is a rising tension between the government’s pursuit of protecting corporate finance and employees, the protections afforded whistleblowers, and legitimate corporate interests.  The government has an interest in protecting the public from unlawful and fraudulent activity.  Whistleblowers often use a company’s confidential and proprietary information as the basis for their whistleblower claim, however, corporations have legitimate interests in protecting their confidential and proprietary information.  Where an employee engages in misconduct, such as stealing documents or breaching a confidentiality agreement, while pursuing a purported whistleblower claim, these tensions rise against each other, creating a very difficult situation for employers. 

C.        The Misappropriation of Confidential Information

Further complicating the issue for employers is the possibility of a reward, the use of “self-help discovery,” and concern for protecting information related to questionable employee actions has increased the likelihood that employees will misappropriate their employer’s confidential information in violation of a confidentiality agreement with the company.  As discussed above, several whistleblower statutes make monetary rewards available to whistleblowers for providing information that ultimately results in the company paying a penalty.  Employees may misappropriate confidential company information hoping to capitalize on a whistleblower reward whether or not the company actually engaged in unlawful activity. 

Employees also routinely violate company policy and/or confidentiality agreements when conducting “self-help discovery” by accessing databases and files to collect documents and data in preparation for bringing whistleblower or other employment-related claims.[14]  Finally, employees who engage in actions that are potentially unlawful may misappropriate the company’s confidential information in an effort to protect themselves in the event the company, or the government, scrutinizes their actions.  Employers must carefully evaluate the facts and assess how an employees protected internal complaint, if any, may impact the employer’s right to protect its confidential and proprietary information.

D.        Case Law and Agency Order Provide Employers Guidance

It is well-established that employees may disclose their employer’s unlawful conduct to the government, even if such disclosure is in violation of the company’s confidentiality policy.[15]  However, where the employer’s alleged conduct is not unlawful and the employee violates a confidentiality policy or agreement, it is not clear whether the employer can prevent the disclosure of confidential information.  Relevant case law provides helpful guidance for employers on how to handle this unique situation. 

1.                  Cafasso highlights potential for Employer to bring breach of contract action. 

In Cafasso v. General Dynamics C4 Sys., Inc.,[16] the plaintiff-employee made several complaints regarding defendant-corporation’s delay in giving the government notice of its intention to abandon patent prosecutions in violation of government regulations and company policy.  While the employee also believed this constituted fraud against the government in violation of the FCA, she never made such accusations.  After the corporation decided to eliminate her division, Cafasso removed eleven gigabytes of information without permission, but while she still had company computer access, in violation of a confidentiality clause in her employment contract.[17] 

After learning of this violation, the corporation brought a breach of contract action against Cafasso.  Cafasso then filed a qui tam action under the FCA, and a retaliation claim for engaging in protected whistleblower activity.[18]  The court granted the corporation’s motion for summary judgment on both of Cafasso’s claims, as well as the corporation’s breach of contract action against Cafasso.[19]  The court noted that the employee never alleged fraud, and was never cooperating with the government in any investigation.  The court noted that the FCA “required Cafasso to give the Government substantially all material evidence and information she possessed,” but not evidence she possessed unlawfully.[20]  The court specifically noted the vital economic importance of confidentiality agreements to companies and “Cafasso willfully compromised these interests for no legitimate litigation purpose, only the speculative pursuit of self-help discovery.”[21] 

Cafasso tells us that employers should pursue breach of contract and tortious interference claims against employees who unlawfully take company information, even though the employee may bring FCA and retaliation claims.

2.         JDS Uniphase permits Employers to bring breach of contract action where discovery of breach occurs after the company made termination decision.

In JDS Uniphase Corp. v. Jennings,[22] Jennings was employed as director of JDS’s tax accounting where he identified numerous tax issues to his supervisor and proposed solutions to tax problems.[23]  In October 2005, the company made the decision to terminate Jennings’ employment for failing to follow the company’s screening process.[24]  The next day, Jennings’ attorney sent the company a letter claiming retaliation for his reporting tax problems, which violates SOX.[25]   

During its investigation, the company discovered that Jennings possessed confidential information in violation of his confidentiality agreement, and promptly filed a breach of contract claim.[26]  The court granted the company’s summary judgment motion and disagreed with the employee’s defense that his confidentiality agreement was void as a matter of public policy because he needed to use the confidential information to pursue his wrongful discharge claim and his SOX whistleblower action.[27]  The court reasoned that ruling otherwise would allow employees to “help themselves to company files, computers, disks, or hard drives on their way out the door to use for litigation leverage or for mere spite” and that SOX “is not a license to steal documents and break contracts.”[28]  The court noted that its ruling would still allow whistleblowers to obtain key documents through legal processes, such as discovery.[29] 

JDS Uniphase guides Employers to pursue breach of contract claims against employees when the company learns of a breach of a confidentiality provision after it has made the decision to terminate the employee, despite the employee’s potential retaliation claim.

3.         Head allows Employers to succeed on an employee’s disparagement claim when the comments were made outside whistleblower action. 

In Head v. Kane Co.,[30] the company terminated Head for poor performance,[31] and one month later, Head filed a sealed complaint alleging violations of the FCA.[32]  Two weeks later, the Kane Company (“Kane”) and Head entered into a Separation Agreement whereby Head warranted he had turned over or would turn over to Kane any correspondence or other records concerning the Company’s operation, and would not disparage or criticize Kane.[33] 

Approximately four years later, the United States intervened as plaintiff on Head’s FCA claims, and Kane counterclaimed against Head for breaching the parties’ Separation Agreement by failing to return an email used in his FCA complaint and for disparaging the company.[34]  The court granted Head’s motion to dismiss the breach of contract counterclaim regarding the failure to return the email used in the FCA complaint, stating “[e]nforcing a private agreement that requires a qui tam plaintiff to turn over his or her copy of a document, which is likely to be needed as evidence at trial, to the defendant who is under investigation would unduly frustrate the purpose” of the FCA.[35]  However, the court denied Head’s motion to dismiss Kane’s breach of contract counterclaim related to Head’s failure to refrain from disparaging the company,[36] because Head’s disparaging comments were made to parties outside of his FCA complaint and therefore “would not implicate Head’s ability to bring” his FCA action.[37]  Head leads employers to consider bringing disparagement claims against employees where facts allow and where the purported whistleblower has made disparaging statements to third parties outside of the whistleblower action.

4.         Rule 21F-17 may require Employers to modify confidentiality provisions of agreements.

The Securities and Exchange Commission (“SEC”) has also increased its enforcement of Rule 21F-17 of Dodd-Frank.  Under Rule 21F-17 “[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”[38]  Where an employer’s confidentiality agreement “in word or effect stop[s] their employees from reporting potential violations to the SEC” the commission may consider the agreement void and impose penalties against the company, regardless of whether the company tries to enforce the agreement.[39] 

The SEC recently enforced Rule 21F-17 and ordered a company to amend its confidentiality agreements that prohibited employees who were witnesses in internal investigations from discussing the internal matters without prior approval of the company’s legal department.[40]  To avoid Rule 21F-17 implications, employers should analyze their confidentiality agreements to ensure they do not prohibit employees from reporting potential securities law violations, and, if the language of the agreement can be read to potentially violate the rule, modify the agreement.

E.        Best Practices for Handling Alleged Whistleblowers Who Engage in Misconduct.

In order to properly determine how best to protect its confidential and proprietary information, companies encountering purported whistleblowers who engage in misconduct should conduct a thorough investigation to ensure that it fully understands the facts.  Part of the investigation should determine whether the employee is making a protected claim and whether they have actually taken confidential information.  Given all the facts, the company must determine what route to pursue.  The company may consider taking no action if the misappropriated information has no potential impact on the company or if the misappropriated information is confidential or a protectable trade secret, the company may consider filing an injunction to prevent the employee from disclosing the information. 

If the employee unlawfully took the information in violation of a confidentiality agreement, especially where the company decided to discipline or terminate the employee prior to learning of the employee’s whistleblower claim, the company may pursue breach of contract and tortious interference claims to protect its confidential information.  Even where a breach of contract claim for violating a confidentiality agreement may not be available, depending on the facts, companies may consider bringing a claim for disparagement to protect its reputation where a purported whistleblower is making disparaging statements about the company to third parties who are not involved in the whistleblower action.  Companies should also analyze their employment agreements, including confidentiality provisions in severance and release agreements, to ensure that the agreements do not prohibit employees from communicating with the SEC about possible securities law violations in violation of Rule 21F-17 of Dodd-Frank. 

[1] See 18 U.S.C. § 1514A. 

[2] TAF Education Fund, False Claims Act Overview, Taxpayers Against Fraud Education Fund, http://www.taf.org/resource/fca/false-claims-act-overview (last accessed Feb. 22, 2016).

[3] Id. While the FCA applies to fraud involving federally funded contracts, FCA actions generally target corporations because they have the financial ability to pay penalties and awards.

[4] Id.  “Qui tam is a unique mechanism in the law that allows citizens with evidence of fraud against government contracts and programs to sue, on behalf of the government, in order to recover the stolen funds.”

[5] Id.

[6] Id.

[7] Joel D. Hesch, The False Claims Act Creates a ‘Zone of Protection’ That Bars Suits Against Employees Who Report Fraud Against the Government, Lib. Univ. (April 2014).

[8] Michael W. Peregrine and Timothy J. Cotter, Dodd-Frank: The Spillover Impact on Nonprofit Healthcare, 8 Health Lawyers Weekly 29 (July 30, 2010).

[9] Id.

[10] See 15 U.S.C. § 78u(b); 7 U.S.C. § 26; see also Jill L. Rosenberg and Renée B. Phillips, Whistleblower Claims Under the Dodd-Frank Wall Street and Consumer Protection Act: The New Landscape, New York State Bar Association https://www.nysba.org/Sections/ Labor_and_Employment/Labor_PDFs/LaborMeetingsAssets/Whistleblower_Claims_Under_Dodd_Frank.html (last accessed Feb. 22, 2016). 

[11] See, e.g., the Consumer Product Safety Act of 2008, 15 U.S.C. § 2087, the IRS Payment for Detection of Fraud and Underpayment of Taxes, 26 U.S.C. § 7263, the Patient Protection and Affordable Care Act § 1558 of Pub. L. No. 111-148, 29 U.S.C. §218C, and the Food Safety Modernization Act of 2010, 21 U.S.C. § 391, et seq.

[12] Heather Bailey and Jon Hoag, OSHA Deeply Focused On Protecting Whistleblowers And Remedying Employer Retaliation, Vending Marketwatch (Feb. 11, 2016) http://www.vendingmarketwatch.com/ blog/12169010/osha-deeply-focused-on-protecting-whistleblowers-and-remedying-employer-retaliation (last accessed Feb. 22, 2016).

[13] Ben James, Whistleblower Cases on the Rise, OSHA Stats Show, Law 360 (Jan. 29, 2013) http://www.law360.com/articles/411059/whistleblower-cases-on-the-rise-osha-stats-show (last accessed Feb. 22, 2016); see also Bailey and Hoag, supra note 12.

[14] Connie N. Bertram, Self-Help Discovery by Current Employees: Protected Activity or Terminable Misconduct? American Bar Association (Oct. 2, 2015) http://www.americanbar.org/content/ dam/aba/events/labor_law/2015/november/annual/papers/140.authcheckdam.pdf (last accessed Feb. 22, 2016).

[15] See, e.g., Grandeau v. Cancer Treatment Centers of Am., 350 F. Supp. 2d 765, 773 (N.D. Ill. 2004); Green v. Northrom Corp., 59 F. 3d 953, 962-63 (9th Cir. 1995); see also Press Release, Securities & Exchange Commission, SEC: Companies Cannot Stifle Whistleblowers in Confidentiality Agreements (Apr. 1, 2015) http://www.sec.gov/news/pressrelease/2015-54.html (last accessed Feb. 22, 2016) (hereinafter “SEC Press Release”)

[16] Cafasso v. General Dynamics C4 Sys., Inc., 2009 WL 3723087 (D. Ariz. Nov. 4, 2009); aff’d sub nom. Cafasso v. General Dynamics C4 Sys., Inc., 637 F.3d 1047 (9th Cir. 2011).

[17] Id. at *1. 

[18] Id.

[19] Id.

[20] Id. at *3 (internal quotations omitted). 

[21] Id. at *6.

[22] JDS Uniphase Corp. v. Jennings, 473 F. Supp. 2d 697 (E.D. Va. 2007).

[23] Id. at 698-99.

[24] Id. at 699-700.

[25] Id.

[26] Id. at 700-01. 

[27] Id. at 702. 

[28] Id. at 702-03. 

[29] Id. at 703.

[30] Head v. Kane Co., 668 F. Supp. 2d 146 (D.D.C. 2009). 

[31] Id. at 149. 

[32] Id.

[33] Id.

[34] Id. at 150.

[35] Id. at 152. 

[36] Id.

[37] Id.

[38] See 17 C.F.R. § 240.21F-17.

[39] See SEC Press Release, supra note 15.

[40] Id.