When Rights Collide: How to Respond — Legally, Ethically and Rationally — to Whistleblower Demands

Scenario: Your company’s in-house employment lawyer stops by your office in the middle of your busy workday. The lawyer has a copy of a legal threat letter, a seven-figure settlement demand and draft lawsuit. The letter and draft lawsuit contain a former employee’s allegations of financial fraud occurring within the company.

The allegations pertain to the company’s internal sales plan, which incentivizes sales employees to sell monthly maintenance service contracts for software programs. The former employee alleges the software programs do not need monthly maintenance and claims the maintenance services do not actually enhance program operation.

The former employee was a top sales producer. They allege the company terminated them unlawfully in retaliation for complaining to HR about the fraudulent nature of the sales incentive plan and for trying to stop the company from further using the plan. The draft lawsuit alleges various federal- and state-law whistleblower retaliation claims and other wrongful termination claims.

Both Parties Have Rights and Obligations

The scenario above identifies two competing but equally important legal concepts. One concept concerns the company’s long-established legal right to protect its creation of, and economic investment in, its competitive business information. The other concept involves an equally important policy to foster whistleblowing and protect the legal rights of legitimate whistleblowers from unlawful retaliation.

Where these legal concepts clash, the law provides certain protections to both the company and to the whistleblower. But it also imposes certain legal obligations on both parties. In the end, legal protections and obligations can become blurred with neither side enjoying complete legal protection.

What Do We Do Now?

Making sense of the many overlapping rules can be overwhelming. Still, your company needs to act, and indeed, there are actions to be considered. So, for those seeking an action plan, here are some practical suggestions:

Contact IT

Immediately alert the company’s IT department about the situation and determine the location of whatever computer and other electronic devices the employee was using for the company’s business purposes. If it has not been done already, ask IT to shut down access to the company’s computer system and data.

Also, ask IT if it can image and search the hard drive of the computer the employee was using to determine if they recently downloaded any internal company information to a thumb drive or similar device or emailed information to a Gmail or other cloud email account. If they did, ask IT for an inventory that includes dates, times and subject matter.

If the company owns the mobile phone the employee was using, demand its immediate return. Then have IT image and search the device.

If the employee owns the phone, if possible, ask the employee counsel to make it available to IT first for imaging and then wiping of the company’s business information. There should be a protocol in place for IT to accomplish this remotely, including without obtaining or viewing the employee’s personal information, photographs, videos, etc. If IT cannot handle these tasks, consider retaining and using a third-party forensics computer firm.

Locate and Review Any NDA or Other Restrictive Covenant Agreements

Review and assess any NDA and other restrictive covenant agreement the company has in place with the employee. Is the employee’s soon-to-be disclosure of the company’s confidential business information and trade secrets permitted under any carve-out in the NDA? If so, to what extent precisely? If not, consider whether they will be in breach of the NDA if they end up filing a lawsuit.

Are there any other post-employment covenants contained in the NDA? Note those and what the company expects from the employee as far as compliance with any other post-employment covenants. Also, note what remedies the NDA provides to the company for enforcing a breach. In particular, does the NDA provide for the recovery of attorneys’ fees to either party, depending on who prevails? Also, is there an agreed venue and choice of law provision that would govern any lawsuit?

Assess the Parties’ Respective Rights Under the DTSA

Note the employee’s trade secret misappropriation civil and criminal immunity rights under the Defend Trade Secrets Act (DTSA). Ask the company’s in-house counsel to remind the employee counsel that any complaint that contains any company trade secret information must be filed under seal. Note the company’s own legal and equitable remedies under the DTSA, and under state common law, where no DTSA immunity exists.

Ask In-House Counsel to Contact the Employee’s Legal Counsel

Contact the former employee’s counsel and acknowledge receipt of the threat letter, money demand and draft complaint. If authorized by the company, have in-house counsel indicate to the employee counsel a willingness to discuss the allegations and demands. But, as a condition for the same, ask for more time than five business days and for the agreement to delay filing any lawsuit if and while the parties are talking and exploring a possible resolution.

Ensure They Preserve the Status Quo

The company can certainly demand the immediate return of any documents and electronically stored information (ESI) that constitute or contain confidential business information and trade secrets. But as set forth above, the employee may also have certain legal rights to possess and use the same for purposes of the whistleblowing and anti-retaliation lawsuit.

A nuanced and compromise approach is to instruct the employee counsel, in writing, about:

• The company’s rights under the NDA and the DTSA to maintain the confidentiality of its trade secret and other internal business information.
• The employee legal obligations to do the same, noting any carve-out in the NDA but including its filing-under-seal requirements.
• The company’s request that the employee preserve the confidentiality of the information and not use or disclose it for any other purpose while the parties are in discussions. In other words, for example, the employee cannot disclose the information to or use it for the benefit of a business competitor.

Another possibility is to propose downloading and transferring all such information into a secure file-sharing site, with a password-protected portal, so that both the company and the former employee and the employee counsel will have access to the same information until the matter, including any litigation, is resolved. Who pays for setting up the site, who will have access to it and who will pay to maintain it all become a matter of negotiation between the parties.

To Sue or Not to Sue

If talks and negotiation fail to reach a resolution, the company may determine it needs to sue the former salesperson to try to secure and seek the return of its confidential business information and trade secrets. Certainly, this is an option if the facts and applicable law support doing so, subject to any NDA carve-out or DTSA provision.

But keep in mind that even if there is a factual and legal basis for suing the whistleblower, doing so may create a perception that the company is trying to silence and punish the whistleblower or has something to hide. So, in drafting any lawsuit or counterclaim and in advancing litigation, keep the company reputation in mind.

Evaluate Potential Criminal Prosecution

This is a possibility under the Economic Espionage Act (and possibly under some state laws) for trade secret misappropriation. State-law criminal theft of property and/or unauthorized use of a computer system are other possibilities.

But triggering such a prosecution has its risks and challenges. Also, ethically, in-house and outside counsel cannot present or threaten to present criminal charges solely to obtain an advantage in a civil matter.

So, a threshold decision needs to be made on whether to contact criminal law enforcement right away, or to try to resolve the matter civilly and then subsequently contact law enforcement.