With no fanfare whatsoever, the U.S. Congress has passed legislation, signed into law by President Obama on May 11, 2016, that could encourage more employees to become SEC, CFTC or false claims act whistleblowers, assuming their employers provide adequate notice of the law's provisions to them. The pro-whistleblower language was added to the Defend Trade Secrets Act (DTSA), a trade secret protection bill that otherwise has nothing to do with whistleblowing. We owe this action in large part to Senator Sen. Charles Grassley, the rare Republican who actually supports whistleblowers, and Democratic Senator Patrick Leahy, who jointly inserted it into the bill on a unanimous floor vote. The law has important ramifications for protection of whistleblowers who provide confidential employer information regarding violations of law to the government. But the law's passage received little notice and it continues to fly well below the radar, probably unknown to many employers and certainly to most if not all potential whistleblowers.
The key issue may be the manner in which employees learn of these protections, even more than the protections themselves. If employees are given full and fair notice of the whistleblower protections, as ostensibly required by the law, that knowledge could entice more whistleblowers to file Dodd-Frank submissions, as it could substantially reduce their fear of retaliation actions by the employers. Corporate lawyers are studying the notice provision for loopholes, as we discuss below. Unfortunately, the Congress, even as it created the protections, also provided employers with several clever methods to basically avoid giving that notice, or bury it in such a way that it will rarely be fully disclosed to employees.
The DTSA makes it easier for employers to defend their trade secrets. In technical terms, the DTSA, codified at 18 U.S.C. Sec. 1831-1839, extends the Espionage Act of 1996 (EEA), which criminalizes trade secret theft, to allow private civil actions in federal courts to protect trade secrets. Virtually every type of confidential corporate information can qualify as a trade secret under the EEA so long as: (1) the information is actually secret; (2) the owner took reasonable measures to maintain that secrecy; and (3) independent economic value is derived from that secrecy. The information can be in any form "whether tangible or intangible, and whether or how stored, compiled or memorialized physically, electronically, graphically, photographically, or in writing." The DTSA has been called "a major step forward in the protection of intellectual property in the United States." 1
In summary, the DTSA will allow owners of such "trade secrets" to sue for misappropriation of such information in federal courts and even provides for ex parte seizures allowing a plaintiff to petition the government to seize such trade secrets from the defendant without giving the alleged misappropriator advance notice. This new procedural weapon is intended to assist the owners of trade secrets in preventing their disclosure before their value is essentially lost through that public disclosure. While this provision is restricted under the terms of the Act, it will be interesting to see how creative the corporate community will choose to use this in practice. In this age of intellectual property theft, cyber-crime, hacking and general chaos in the world of privacy protection, the DTSA could emerge as a major weapon for private plaintiffs, including employers going after their current or former employees.
THE SIGNIFICANT DTSA WHISTLEBLOWER PROVISIONS
Basically, the DTSA protects a whistleblower from criminal or civil liability for disclosure of a trade secret if the disclosure is made in confidence to a government official or to an attorney and is made for the purpose of reporting a violation of law. Specifically, it amends 18 U.S.C. Sec. 1833 to declare that "an individual shall not be held liable under any Federal or State trade secret law for the disclosure of a trade secret that (A) is made (i) in confidence to a Federal, State or local government official, either directly or indirectly, or to an attorney; and (ii) solely for the purpose of reporting or investigating a suspected violation of law; or (B) is made in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal."
Thus, the protection works both ways: if the company comes after the whistleblower claiming the theft of trade secrets the whistleblower has immunity if the information went to the government in confidence and reported a suspected violation of law. The whistleblower can also use the evidence to defend a retaliation case brought against him or her, provided that evidence is initially filed under seal. The risk to the employer is not just having the case dismissed but the possible public disclosure of the damaging information itself. Likewise, the whistleblower can use the information affirmatively if he sues the employer for retaliation, which he is permitted to do liberally under the Dodd-Frank act with large damage awards possible.
As the protections of the law become more widely known, the section of the DTSA regarding whistleblowers could become quite significant, and not just in the context described above in litigation. I represent such individuals and frequently have to advise them of the risks they may be taking in disclosing confidential corporate information to the government. The Dodd-Frank SEC and CFTC whistleblower programs have retaliation provisions, and SEC Rule 21 F-17 makes it unlawful to take "any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation..." But the practice of whistleblowing, especially if it involves providing the government with confidential corporate documents, is still a risky business which can expose the whistleblower to civil liability should the employer discover the identity of the whistleblower. Hopefully, the DTSA will emerge over time as an important legal protection for whistleblowers, especially to the extent is discourages employers from seeking to "legally retaliate" against whistleblowers through civil damage actions for alleged breaches of employment or confidentiality agreements. But in the long run it may be more significant because of the notice provision in the law, as described below.
It is likely that litigated cases involving the DTSA immunity protection will be rare, especially if the whistleblower has provided the government with truly damaging information of violations of law by the employer. I am not aware of any such case having being brought against a Dodd-Frank whistleblower, who normally reports anonymously. The kind of information typically submitted by such individuals will most likely fit the broad definition of an economic or financial trade secret under the DTSA, and can be considered to be of financial value to the employer, in the sense that its disclosure to the government could hurt the company, and its disclosure to high level legal and compliance officers might help the company avert a fraud or bribery scheme that if left in place could be of substantial financial harm to the company. Likewise, most instances of employer retaliation against whistleblowers is not in legal arena, but of a subtler variety, such as reputational damage, "blackballing" from the industry in which the whistleblower works, or demotions, transfers, or adverse actions mischaracterized by employers as legitimate actions in response to poor performance or necessary personnel reductions. Suing a whistleblower employee for trade secret theft, especially if it opens up the employer to public disclosure of the allegations and evidence, could be the worst possible outcome for the employer. So the immunity provisions of the of the DTSA may not arise in most situations of relevant information supplied by bona fide whistleblowers.
More significant, in my opinion, than the immunity protection itself is the fact the DTSA requires employers to give notice to their employees for the first time of their rights to bring directly to the attention of regulators and law enforcement the possibility of illegal activity by their employer, with immunity from retaliation lawsuits. The notice must be made in all communications to the employee "in any contract of agreement with an employee that governs the use of a trade secret of other confidential information." This would include, inter alia, confidentiality, nondisclosure, code-of-conduct, severance, and non-compete agreements. The requirement is limited to "contracts and agreements that are entered into or updated after the date of enactment of the DTSA" [May 11, 2016]. The right to report illegal activity to regulators should be something that routinely made known to employees, even prior to the DTSA, but most employers are not eager to explicitly recognize this, or to give the impression to their employees that they encourage it. Rather, they ostensibly want employees to report wrongdoing, but do it internally and not to the SEC or any other law enforcement agency.
Corporate interests fought hard to require such internal reporting before reporting to the SEC in the Dodd-Frank rulemaking process, but lost. So the DTSA, which requires the employer to inform an employee that such action can be taken without fear of retaliation. will predictably be seen by the employer community as an invitation to open Pandora's Box. Congress probably recognized this as well (or was quickly educated by the employer lobbyists), and thus enacted a convoluted employer-friendly notice provision in the DTSA (18 U.S.C. Sec. 1833 (b)(3)) that may dampen the impact of the law if used by employers to curtail full and direct disclosure of the whistleblower provisions to employees. Indeed, how employers implement the notice provision should become a litmus test for how these companies might be evaluated by SEC, DOJ, CFTC and other regulators in their assessment of good faith in the companies' compliance efforts.
How important is the notice provision? The broad definition of a trade secret in the DTSA is in contrast to the Uniform Trade Secrets Act, adopted in many jurisdictions, which defines specific types of information as a trade secret which include device and process information as opposed to financial or economic data. The DTSA covers "all forms and types of financial, business...[and] economic...information...." Thus, confidential emails discussing financial matters, or internal compliance assessments, are arguably "trade secrets" covered by the DTSA. Documents which, for example, discuss accounting manipulation, attempts to evade detection by regulators, payments to consultants who may be using the money to bribe foreign officials, or the breakdown or undermining of compliance procedures and internal controls, should be considered "trade secrets" for purposes of the whistleblower protections of the DTSA, particularly as the whistleblower will presumably be providing the government with such evidence "solely for the purpose of reporting or investigating a suspected violation of law."
As a result, whistleblowers who provide incriminating emails (the "coin of the realm" for enforcement lawyers), can feel more confident (as can their lawyers) that the full force of the U.S. Code is now on their side in allowing them to carefully disclose such information to the government in confidence without fear of retaliation or liability. Likewise, corporate employers, and their lawyers (both in-house and outside counsel), will now have yet another reason to advise their clients that whistleblowers must not be discouraged or retaliated against in any form for providing the government information directly through the Dodd-Frank whistleblower program, or in a qui tam case under the false claims act, and for providing otherwise confidential corporate documents for the sole purpose of "reporting or investigating a suspected violation of law." In fact, the whistleblower may report, not just smoking-gun evidence of a crime, but information which merely raises sufficient suspicion to justify investigation of a violation of any crime, not just, for example, securities law or commodities act violations.
THE DTSA's CONVOLUTED NOTICE PROVISON-WILL EMPLOYERS GIVE ACTUAL NOTICE?
As noted above, the potentially most significant part of the DTSA's assistance to whistleblowers may well be the immunity notice provision. Basically, it requires employers, apparently for the first time under federal law, to inform employees in future agreements and communications that they are allowed (with immunity from liability) to confidentially report "suspected violations of law" by the employer to "a Federal, State or local government official." The law says employers "shall" give such notice, but the only sanction it explicitly provides for failure to provide that notice is to deny the employer the right to exemplary damages or attorney's fees for wrongful trade secret disclosure "against an employee to whom notice was not given." Imagine the consternation in the C Suites were such a notice to be posted over the watercooler in down in the lunchroom, preferably in large type. Including it specifically in every employment, severance, confidentiality or other employee agreement from now on will be viewed by management as almost as bad.
However, while the Congress provided an important protection for whistleblowers with the mandatory notice provision, it has virtually invited employers to ignore that requirement with only a minor penalty (loss of exemplary damages and attorney's fees in a successful case against the employee). The case can still be brought. As most employees will probably be unable to pay even normal damages in such a case, the potential loss of exemplary damages isn't much of a detriment to the employer. Some may choose to simply forgo the notice altogether.
The convoluted way in which the DTSA's notice provision operates can materially reduce its impact. Initially the law says that the employer "shall provide notice of the immunity set forth in this subsection in any [future] contract or agreement with an employee that governs the use of a trade secret or other confidential information." This appears to mean the company has to put the notice on whistleblower protection in the employment or severance agreement, where the employee will probably see it and get the message that he has the right to report illegal activity at the employer directly to the government without fear of retaliation. This notice packs some punch, and I suspect would become widely known among employees.
But as enacted into law, the DTSA notice provision goes on to state that the employer "shall be considered to be in compliance with the notice requirement if the employer provides a cross-reference to a policy document provided to the employee that sets forth the employer's reporting policy for a suspected violation of law." Translation--the employer does not have to put the notice in the agreements and communications seen directly by the employee and which are most likely to be reviewed, such as the confidentiality and/or severance agreements. Rather, notice, or some cleverly worded form of it, can be buried in a 200-page employee handbook, as part of a lengthy impenetrable discussion of "the employer's reporting policy" regarding legal violations. There is even some ambiguity as to whether the Act requires the specific terms of the DTSA whistleblower provision to be disclosed at all. We can safely predict that this important provision allowing for employees to report wrongdoing at their employer will NEVER be posted in that lunchroom, or otherwise highlighted in any meaningful way that might cause most employees to actually find out about it, if it is disclosed at all.
LAW FIRMS ARE FINDING LOOPHOLES TO MINIMIZE OR AVOID NOTICE
Strategies that employers' counsel have been suggesting to their clients about how to use these provisions to avoid or obscure the notice are demonstrated by a "Legal Alert" issued by the Sutherland law firm on May 18, 2016, just one week after the DTSA was signed into law, titled "Implementing the Whistleblower Immunity Notice Provision under the Recently-Enacted Federal Trade Secrets Act." Sutherland says this about the notice provision: "The only sanction for an employer failing to give whistleblower notice is the inability to obtain exemplary damages (punitive damages) or attorney's fees 'against an employee to whom notice was not provided.' Based on these facts, employers can choose not to give their employees, individual independent contractors and individual consultants notice of the whistleblower protections. Employers must decide what they value more highly: avoiding the current burden and organizational impact of providing affirmative notice of the whistleblower provision, or preserving the value of a possible future court judgement against an employee... which may not be collectible against many employees." (italics added).
Sutherland then suggests another option, providing the notice but in the back-door manner provided by Congress to reduce the chance employees may ever see it: "Providing the notice may also increase employee awareness of whistleblower protections. Fortunately, the [DTSA] allows cross-reference to an updated policy document containing the notice provision, instead of requiring direct notice to each employee of the whistleblower protection found in the Act." (italics added).
The "Legal Alert" goes on to state the language of the notice provision that is required, but suggests that the employer "might want to include the following language with the notice:
Any employee, contractor, or consultant who is found to have wrongfully misappropriated trade secrets may be liable for, among other things, exemplary damages and attorneys' fees.
This ominous language appears designed to impress upon the employee who may find the actual notice language and be giving thought to becoming a whistleblower: be careful, if you are sued and lose, you have no immunity and can be liable for potentially massive punitive damages and attorney's fees (including outside counsel's fees). The deterrent purpose of the suggested language is underscored in the next paragraph of the Alert:
Although notice of liability is not a required part of the notice provision under the Act, including that paragraph might remind employees of their responsibility to protect company information, while indirectly deterring frivolous whistleblowing otherwise encouraged by the whistleblower notice provision alone (italics supplied).
"Frivolous whistleblowing" is not defined. Sutherland points out the benefit for employers, if they choose to give the notice at all, of choosing to cross-reference to another document for the notice requirement:
The Act allows for compliance of the immunity notice through cross-referencing a policy document instead of having to include the entire immunity provision in each contract. The employer can also choose to include the whistleblower notice in every employee agreement, but need not do so if the agreements incorporate the policy document by reference. In most situations, exercising the option to cross-reference will provide an employer with the benefit of immunity protection while limiting publication of the specific whistleblower protections under the Act." (italics supplied).
Of course, that document may be hard to find (maybe available only at HR or the general counsel's office), or quite lengthy, or just not be readily available to the average employee. Like the back of a rental car agreement, chances are the average employee will never read it, and will remain ignorant of the whistleblower protections of the DTSA
Nevertheless, toward the end of its Alert, Sutherland did recommend giving the notice in some fashion, as giving notice "allows an employer to preserve maximum recoveries for trade secret misappropriation cases against an 'employee.'" But the firm was candid about the legal options open to employers. I suspect this kind of counsel will be given in private to many employers by their counsel when a corporate strategy is devised to counter the pro-whistleblower impact of the DTSA notice provision. Ignore the notice altogether, with little downside, or bury it in another document where it is unlikely to be seen by most employees, and then surround the notice, in whatever obscure place it ends up, with a not-so-subtle admonition that "frivolous whistleblowing" activity will expose the employee to personal liability that could include "exemplary damages and employee's fees" against the employee. It is discouraging to assume, but entirely consistent of the manner in which many employers regard whistleblowers, that the alternative of wide and direct disclosure of the notice encouraging whistleblowers to report potentially criminal activity by the employer directly to the government will probably be the last, and least favored, option considered by those employers.2
THE SEC CRACKDOWN ON RESTRICTIVE CONFIDENTIALITY AGREEMENTS
By the time they contact me, some would-be whistleblowers have already signed, usually either at the beginning of their employment or at their termination, agreements which severely restrict, and sometimes forbid entirely, their disclosure of any of "confidential" information to anyone outside the company. While such provisions are properly used to prevent the theft of true "trade secrets" they can be and have been routinely used to discourage potential whistleblowers. In fact, creative corporate lawyers have in recent years used threatening language in confidentiality and severance agreements to forbid departing employees from filing whistleblower cases or accepting awards which are specifically allowed by federal law. This language has been expressly sanctioned by the SEC3 but continues to linger in some form or another in many such agreements.
Whistleblowers are generally not deterred by such outrageous agreements and warnings, but I am concerned that some employees are simply too fearful of economic, reputational, and sometimes even physical retaliation to make the decision to become whistleblowers and bring forward evidence of illegal activity at their employers. With the provisions of the DTPA, I can now inform them that there is specific language in the U.S. Code protecting them from civil liability under federal or state trademark laws for making such disclosures to the government. Likewise, I can inform them that if necessary they could use such damaging information in support of a retaliation case against, or the defense of a trademark breach lawsuit brought by, the employer. 4 I will also be asking them if their employer has added language required by the DTSA to give them notice of these rights. If not, the whistleblower submission will probably note that fact.
CONCLUSION—GIVE THE NOTICE OR TAKE THE CONSEQUENCES
I expect that many employers will choose the path of least disclosure of the notice, or no disclosure at all, with the comfort that they can rely on advice of counsel that their actions are within the letter of the law. And chances are that most employees in those companies will never learn of the strong whistleblower protections set forth in the DTSA. But this does not erase the fact that this law, and the requirement to give notice of it, is now the law of the land. Lawyers will continue to point it out to their whistleblower clients, and try to make the DTSA known generally to employees. I predict as well that the SEC, CFTC, and other regulators, will not look kindly on employers who go out of their way to hide the notice from their employees, regardless of what the law may allow.5 I trust that someday an employer will be seeking leniency in an enforcement proceeding and will claim it has a vigorous, bona-fide compliance program. In response, the government will look to see where and how the DTSA notice is published.
Maybe the SEC will even conclude that hiding the notice, or not giving it at all, violates Rule 21F-17. Lack of publication, or non-transparent publication, may be treated as a fact to be counted against the employer for purposes of penalties. Some among us can also hope that, somewhere down the line, the whistleblower immunity section of the DTSA, the notice of which has providently come to the attention of one or more honest and courageous employees, will be the spark that causes them to come forward with evidence of corporate misconduct and set in motion significant enforcements actions.
1. Peter J. Toren, "Five Things to Know About the Defend Trade Secrets Act", IPWatchdog, May 11, 2016.
2. A Nixon Peabody LLP "Employment Law Alert" of May 18, 2016 suggested that "non-compliance with the DTSA notice provision...may be inconsequential in practice" for the employer. The Alert advises that employers could still sue their employees under state trade secret law: "nothing in the DTSA suggests that non-compliance would render these remedies unavailable under state trade secret law, i.e. the UTSA. Thus, an employer might be able to forgo including the [DTSA] immunity notice in its covered [employee] agreement and still be able to recover exemplary damages and attorney's fees under the UTSA in a subsequent trade secret suit." The Nixon Alert did acknowledge this "assumes that courts would not interpret the DTSA's non-compliance provision expansively so as to preclude state law remedies not explicitly listed in the statute." Given that the DTSA expressly preempts state law, that "expansive reading" is a real possibility. Nevertheless, Nixon concludes "employers should think critically about providing a detailed notice of whistleblower rights if not providing such notice is unlikely to have any material consequences." Indeed, in Nixon's view "[s]uch notice might encourage an employee planning or engaging in misappropriation to manufacture a bogus 'whistleblowing' issue in order to shield or obfuscate his or her misconduct." In contrast, one well known employer's firm observed: "...the practical implications of noncompliance [with the DTSA] are limited, although that could change as courts begin to construe the scope and meaning of the notice requirement. For that reason, compliance is recommended wherever possible...the most conservative approach involves mirroring the language of the statute." Ogletree Deakins "Five Questions You Should Ask About the Defend Trade Secrets Act." Our Insights, June 21, 2016.
3. In August 2016 the SEC issued two explicit cease-and-desist orders, one against building-products wholesaler BlueLinx Holdings, Inc. imposing a $265,000 penalty, and the other against health insurance provider Health Net, Inc. imposing a $340,000 penalty, requiring the companies to reform all agreements with their employees to comply with SEC Rule 21F-17 (which prohibits any action to impede someone from communicating with the SEC about possible securities law violations). For the first time the SEC specifically rejected provisions in severance agreements intended to impede whistleblowers by requiring them to waive their right to an SEC whistleblower award. Prudent companies should now move promptly to eliminate such language from their employee agreements.
4. The DTSA's protections are not unlimited. The Senate Report describing the whistleblower provision cautions: "The Committee stresses that this provision immunizes the act of disclosure in the limited circumstances set forth in the provision itself; it does not immunize acts that are otherwise prohibited by law, such as the unlawful access of material by unauthorized means." This language is codified in amended 18 U.S.C. Sec. 1833 (b)(5). Presumably this means, for example, that the DTSA would not protect rogue employees who abuse their authority to obtain confidential information and use it for other than legitimate law enforcement objectives. But the trend in the courts is to find whistleblower disclosures, if they are bona fide and limited to information and documents directly involving the alleged wrongdoing, protected by public policy considerations (see discussion of cases in Shmushkovich et al v. Home Bound Healthcare, et al, No 12 C 2924, 2015 U.S.D. 81389, 2015 WL 3896947, D. Ill., June 22, 2015, Durkin J.). Using the DTSA preemption language over state law, and public policy considerations, the DTSA protections might be expanded by a court on such grounds to cover the whistleblower if the employer's pleadings are in reality an attempt to avoid the Act's protections, such as by pleading a state breach of contract case.
5. "Failure to give notice may be viewed with disfavor by regulators and government entities such as the [SEC] that investigates suspected legal violations and that are increasingly scrutinizing contracts and other actions that could chill whistleblowing." Sidley News and Insights, Defend Trade Secrets Act Creates Federal Claims, Seizure Remedy, Whistleblower Immunities and Required Disclosures, May 4, 2016.
Daniel J. Hurson is former Assistant Chief Litigation Counsel at the SEC and a former federal prosecutor. He practices securities enforcement defense in Washington, D.C., and represents SEC whistleblowers. His email is firstname.lastname@example.org. His website is http://www.hursonlaw.com
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.