When it comes to controlling leaks of sensitive information, the government has a huge advantage over private organizations. The federal government can use the Espionage Act to crack down on would-be whistleblowers and has done so with vigor in recent years. As I wrote recently in The Boston Globe, such actions have been on the rise in recent years – as the Obama administration prosecuted eight leakers under the Espionage Act and the Trump administration has already arrested a ninth. There were four such prosecutions in all preceding presidential administrations.
Private organizations have no such weapons at their disposal. In fact they face the opposite situation. Would-be whistleblowers not only can sue for retaliation if their employer demotes or fires them, but they can also collect millions of dollars in bounties if they share confidential information with the government or outside attorneys. The Securities and Exchange Commission (SEC) even has a special office to handle whistleblower complaints, which lists more than $150 million in payouts to reporters since 2011.
The stakes are high. And the more executives and board members see big dollar fines, the more they should be paying attention to the corporate cultures they are cultivating within their organizations. Culture will determine whether an employee reports internally to the benefit of an organization, or externally to its detriment. It’s no corporate Espionage Act, but it is the private sector’s means of controlling leaks.
External Whistleblowers Becoming More Confident & Credible
Many organizations use confidentiality and non-disclosure agreements to maintain control over sensitive information, and courts recognize in enforcing such agreements that protecting confidential information is a legitimate business interest. But such contracts are not always enforceable when dealing with a whistleblower. Precedent, including some recent high-profile cases, shows how some judges will weigh the importance of honoring a contract against the public-policy interest in exposing corporate wrongdoing – and sometimes excuse employees who take confidential information and share it with the government or outside attorneys.
In the language of one judge who refused to enforce a confidentiality agreement against a would-be whistleblower, downloading confidential documents “may be protected activity … since whistleblowers often need documentary evidence to substantiate their allegations.”
Convince Whistleblower to Become Internal Reporters First
There are important lessons to be learned from whistleblower cases involving private organizations:
- Don’t rely on confidentiality agreements and trade-secret law to keep your information confidential. As the federal government has cracked down on leakers, protections for private whistleblowers have expanded. Given the choice between enforcing a non-disclosure agreement or allowing a whistleblower case to proceed, some judges will choose the latter.
- Invest in robust internal reporting systems. Your organization can’t keep employees from sharing confidential information with outsiders. But you can make it safe and easy for them to share it internally first. You must have multiple secure channels for receiving complaints – phone, web-based, external – so employees feel they can be open without fear of retaliation.
- Follow up on all complaints. The only way to create a culture of compliance and transparency is to listen and respond when employees speak. Unless employees feel their concerns are being acted upon, they won’t bother to participate in internal compliance systems.
- Keep the C-suite and board of directors informed. Top executives and directors need to be trained in ethics and compliance management and should receive regular reports on the incident management system, including closure rates and times. Are particular regions seeing a spike in complaints? Has a certain type of complaint increased? This information is vital to assessing the performance of internal compliance systems as well as measuring management’s commitment to building a responsive and ethical culture.
As an attorney who defends companies in whistleblower cases and as a former member of the Labor Department’s Whistleblower Protection Advisory Committee, I know how painful and expensive these investigations can be. Both the Department of Labor and the Equal Employment Opportunity Commission strongly advise employers to invest in training to reduce the risk of non-compliance and enforcement actions. Labor even has a policy requiring investigators to consider such programs when assessing punitive damages. California also recently passed legislation mandating sexual harassment such training for employers.
I adhere to the “nip it in the bud” theory: If you don’t have a robust compliance program – that includes strong reporting systems as part of the overall compliance ecosystem – you’re likely to find yourself with a little problem becoming a big problem. Don’t give a disgruntled employee the excuse to go to the government or an outside law firm. Listen first, respond appropriately, and do your best to turn them into a non-disgruntled employee.