Taking Company Documents to Support Whistleblowing - When Is 'Self Help' Unlawful?

Even as federal protections for whistleblowers have expanded, employers can still take strategic actions to address employees taking confidential and proprietary business information to provide to a governmental agency or for use in a whistleblower action.

The Current Conflict

Two business-critical policies underlying U.S. law are clashing. One policy protects companies against theft and disclosure of trade secrets. The other allows whistleblowers to take information without permission and disclose it to government agencies and courts.

Gaining momentum after Sarbanes-Oxley’s passage in 2002, Congress has passed new statutes to foster and reward corporate whistleblowing. The Dodd-Frank Act is one and OSHA [Occupational Safety and Health Act] now enforces 22 federal statutes that protect whistleblowers.

Also, the SEC [U.S. Securities and Exchange Commission] has aggressively enforced SEC Rule 21F-17 by assessing six-figure monetary penalties against companies that use standard confidential business information agreements—or “NDAs”—that lack carve-outs for whistleblowers to communicate corporate wrongdoing to the SEC. The SEC has even required some of these companies to inform former employees—sometimes going back five or six years—that they do not have to honor an NDA that does not include a carve- out for reporting unlawful conduct to the SEC. For some companies, this has required notifying thousands of former employees.

At the same time, virtually every day somewhere in the United States, employers have filed state law trade secret misappropriation claims against former employees leaving with trade secrets. At the federal level, the U.S. government has prosecuted and imprisoned a number of trade secret misappropriators under the Economic Espionage Act (EEA).

Then, in May 2016, Congress enacted the federal Defend Trade Secrets Act (DTSA), which amended the EEA to provide a federal civil remedy against trade secret misappropriators. Since the DTSA’s enactment, federal courts across the United States  have granted injunctive relief to employers against misappropriators.

What if Trade Secret Information is Also Necessary to Pursue a Whistleblower Retaliation Claim?

Recognizing the equally important but conflicting policies between encouraging whistleblowing and protecting trade secrets, the DTSA amended the EEA with a unique legal immunity for whistleblowers. This immunity protects whistleblowers from civil and criminal trade secret law liability if they misappropriate trade secret information for specific reasons and in specific ways as defined in the DTSA. 18 U.S.C Section 1833(b) of the DTSA provides: (1) An individual shall not be held criminally or civilly liable under any federal or state trade secret law for the disclosure of a trade secret that: (A) is made: (i) in confidence to a federal, state, or local government official, either directly or indirectly, or to an attorney; and (ii) solely for the purpose of reporting or investigating a suspected violation of law; or: (B) is made in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal.

Possible Employer Legal Actions Against Misappropriators

Even as federal protections for whistleblowers have expanded, employers can still take strategic actions to address employees taking confidential and proprietary business information to provide to a governmental agency or for use in a whistleblower action.

Littler Mendelson’s latest annual survey asked 1,100 employers what steps they are taking. The top two options selected were consistently emphasizing a “confidentiality culture” (37 percent) and creating a culture of trust with employees (32 percent). This shows that a substantial portion of employers understand the importance of creating both a culture of confidentiality and trust with employees.

However, 25 percent said they had no employee theft protections in place. This is troublesome given the DTSA’s civil and criminal immunity protections. But, the DTSA’s immunity rights are fairly narrow and do not apply to unauthorized misappropriation of trade secrets beyond what Section 1833(b) allows. In addition, the immunity is only for violations of federal and state trade secret laws, and there is no immunity if the information taken is not a “trade secret” as defined in the EEA. See 18 U.S.C Section 1839(3).

Thus, there is no legal immunity for the “grab and bolt” misappropriation of trade secrets done solely for competitive business purposes. If a trade secret misappropriator takes and discloses an employer’s trade secrets other than to disclose them “in confidence to a federal, state, or local government official, or to an attorney” and “solely for the purpose of reporting or investigating a suspected violation of law,” the misappropriator—even if a whistleblower—is exposed to: the EEA’s criminal penalties, the DTSA’s civil remedies.

In addition, the DTSA’s immunity protections do not provide whistleblowers legal protection against other types of civil and criminal laws, including:

  • State-law remedies—such as for breach of contract for violating an NDA and/or common-law conversion or breach of fiduciary duty.
  • Federal and state computer-use laws, such as the Computer Fraud and Abuse Act and comparable state computer-use laws.

Caution: Court Protection for Whistleblowers

A body of federal case law also is emerging that addresses whistleblower “theft” of a company’s internal business information, whether to support whistleblowing to a government agency or to support a whistleblower’s retaliation lawsuit. There is a split in the courts for when a whistleblower may be “excused” from violating a nondisclosure agreement (NDA) and other laws despite theft of a company’s trade secrets and other confidential information. Generally, the courts have focused on: (1) what information was taken; (2) how it was taken; (3) why it was taken; and (4) to whom it was given.

A recent example can be seen in the U.S. District Court for the Southern District of California’s order in Erhart v. BofI Holding. In Erhart, the whistleblower—an internal auditor for a federally chartered bank—removed the bank’s highly confidential and trade secret information, including internal audit reports, audit committee meeting minutes, bank regulators’ supervisory information, lists of accounts, specific customer account information, customer Social Security numbers, law enforcement and SEC inquiries concerning a customer, wire transfer details and portions of loan files.

The Erhart court held that under California contract law, the whistleblower may not have violated a standard NDA entered into with the bank. Ruling against the bank’s motion for summary adjudication, the court discussed at length how a California court will not enforce an NDA if doing so will violate California public policy, including California’s strong policy in favor of whistleblowing. Other courts—including outside of California—have reached similar conclusions; however, courts have also ruled against whistleblowers.

Bottom line—under current federal and state law, a whistleblower’s “self-help” may be permissible, depending on what information the employee takes; whether the employee took it with permission or lawfully under the DTSA; to whom the employee gives it; and how it is then used. In determining legal options, employers need to assess the particular facts and circumstances of each situation.


Ed Ellis is a shareholder, and co-chair of the whistleblowing and corporate ethics practice group at Littler Mendelson, based in the Philadelphia office. A former assistant U.S. attorney for the Eastern District of Pennsylvania, Ellis has tried more than 40 cases to verdict before juries and has represented clients at hundreds of bench trials, arbitration and administrative proceedings. He can be reached at eellis@littler.com.

Kevin Griffith, office managing shareholder for Littler’s Columbus, Ohio, office, has extensive litigation experience in cases involving trade secrets and covenants-not-to-compete, the protection of business information, and compliance with the whistleblower provisions of the Sarbanes-Oxley Act and Dodd-Frank Act, among other areas of employment law. He can be reached at kgriffith@littler.com. To access The Littler Annual Employer Survey, 2018, visit: https://www.littler.com/2018-employer-survey

Reprinted with permission from the June 5, 2018 issue of Corporate Counsel. ©2018 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.