Imagine how you might react if an employee who agreed to keep your information confidential made it public, submitted it to a court as evidence in a public forum, or disclosed it to a jury. Furious may not even begin to describe it. Perhaps you would even seek legal recourse against that employee. But then you peel back a layer and find that the employee is claiming whistleblower status and arguing they should be protected from any such legal violations given their bona fide concerns. That is essentially what happened in two cases out of California that give employers yet another reason to take employee complaints seriously and rethink data protection policies.

In Erhart v. BofI Holding, Inc., the U.S. District Court for the Southern District of California found that an employee’s whistleblower disclosures had the potential to excuse the breach of confidentiality agreement between him and his employer where the employee claimed that the Bank retaliated against him for reporting illegal conduct to the SEC and the Department of Treasury. The Bank alleged that Erhart breached his employee confidentiality agreement by misappropriating confidential data when he printed documents with customer account information; accessed electronic data on an unsecured computer; and disclosed confidential information in his publicly filed whistleblower complaint. The court found that the public policy considerations of reporting wrongdoing to government regulators, and filing a whistleblower complaint, far outweighed enforcement of the parties’ confidentiality agreement. 

Meanwhile, in Northern California, a federal jury awarded an $8 million verdict last month to Bio-Rad’s former general counsel for disclosing his suspicions that the company was violating the Foreign Corrupt Practices Act. The critical blow in the case came last December when a magistrate judge allowed the whistleblower, Sanford Wadler, to submit privileged information as evidence. Like the court in Erhart, the judge held that whistleblower protections outweighed the company’s right to keep information confidential – thereby preempting state bar ethical obligations regarding attorney-client privilege. Even though “virtually every document in the case” could be subject to attorney-client privilege, the documents were shown to the jury. 

However, these cases do not give a blank check to employees to engage in misconduct. Courts have limited an employees’ protection for such conduct such that the conduct must be tailored and “reasonably necessary” to support the allegations of wrongdoing. Nor may an employee indiscriminately remove information without showing that they feared that the company would destroy that information. So what steps should companies take to protect themselves?

  1. Pay attention to employee complaints. We live in an age where whistleblowing or voicing dissent is not only encouraged, but admired. Even in the most seemingly silly cases, it is important to give employees a voice in an established complaint or grievance process. Employees may be less likely to report grievances externally if they have a secure and reliable way to report such information within the company. Such policies also portray companies in a positive light, demonstrating their commitment to investigating complaints and allegations of unethical or illegal behavior. 
  2. Protect your data. As technology makes misappropriation more and more likely, companies should consider implementing policies that make data more secure – limiting the extent to which employees can access and disseminate such data. Written policies should designate a chief information officer and detail security processes utilized to protect data and ensure its integrity.
  3. Keep clear and up to date personnel files. Whistleblower complaints are premised on allegations of retaliation. However, these allegations fail where an employer can show a clear record demonstrating that discipline is unrelated to whistleblowing activity. Companies should carry out regular performance reviews and keep a written record of poor employee conduct. 

These cases serve as a valuable reminder that courts may choose to place the public’s interest in whistleblowing above a company’s right to protect confidential, proprietary information. Whether employees have signed a confidentiality agreement or function as in-house counsel, they are still employees afforded federal and state anti-retaliation protections. By taking reasonable steps to get in front of complaints and keep data secure, companies can proactively protect their confidential and proprietary data. 

About the author: Sarah Nash is an associate with PilieroMazza in the Labor and Employment Group. She may be reached at [email protected].