By now you’ve heard the news stories about how the home of Rebekah Jones was raided by Florida law enforcement officials. The claimed purpose was to obtain potential evidence in support of allegations that she did not have the authorization to use a government messaging system to communicate with others when asking them to speak out about the coronavirus.
Ms. Jones and others claim the raid was in retaliation for her criticism of Governor Ron DeSantis’ approach to dealing with the coronavirus in Florida. Earlier in the year, Ms. Jones also filed a whistleblower complaint, claiming she was fired in retaliation for refusing to skew Florida’s coronavirus data.
So who’s right? It’s hard to say until more information comes out. But regardless of how her situation ends up, what happened to Ms. Jones is illustrative of a major question that many prospective and current whistleblower face: where’s the line between a protected whistleblowing activity and unlawful behavior that could lead to civil or criminal liability?
The short answer is that the line is very blurry and depends on a wide range of factors. To make matters more complicated, there is no single whistleblower law that applies to all or even most whistleblowing cases. For example, there are dozens at the federal level, including those found within the following laws:
- Occupational Safety and Health Act of 1970
- Sarbanes–Oxley Act of 2002
- Asbestos Hazard Emergency Response Act of 1986
- Whistleblower Protection Act of 1989
- Whistleblower Protection Enhancement Act of 2012
- Intelligence Community Whistleblower Protection Act of 1998
- Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.
Then there are many whistleblower laws at the state level. So what might be protected in one state isn’t protected in another. However, some overarching principles can help determine if a given disclosure will receive whistleblower protections.
What Information Is Taken
In practically every whistleblower case, the information disclosed to the general public will be confidential. After all, if the information was freely available, then there wouldn’t be a need for the whistleblower. But there’s the issue of how that information is protected.
Was it protected by privilege, such as an attorney-client privilege? Was it protected because the law provides it with special protections, like trade secrets? Are there national security concerns for keeping the information secret? Or was the information simply confidential because it would serve as evidence of illegal activity?
As you can imagine, courts will be far more protective of information that relates to protecting human life and national security as opposed to information that might simply serve as proof of a CEO’s unlawful behavior.
Bottom line: the more that’s at stake in keeping information secret, the harder it will be for an individual to keep his or her whistleblower protections.
How the Information Is Taken
When a whistleblower reveals protected information, one method authorities use to go after them or retaliate is by focusing on how the whistleblower obtained the information. For example, with so much sensitive information being stored on a computer, courts will often allow the prosecution of the whistleblower through anti-hacking laws, like the Computer Fraud and Abuse Act (CFAA).
The CFAA was originally intended to allow for the criminal and civil prosecution of computer hackers who cause harm to computers used in interstate commerce. But it’s also being used to go after whistleblowers who allegedly go after computer data without authorization or who have exceeded their authority.
Yet there is a dispute among federal courts as to what constitutes “authorization.” For example, some courts hold that as long as the whistleblower had authorization at the time they accessed the information, they were “authorized.” But other courts conclude that a whistleblower lacks authorization when they access a computer system because they are motivated to do so by reasons that are adverse to their employer.
Bottom line: if a whistleblower gathers the information using proper authority, there’s still a chance they could get into legal trouble. But the chances are smaller than if they obtained the information in direct violation of a law or company rule.
The Amount of Information Taken
When it comes to whistleblowing, knowing information relating to improper conduct is one thing, but proving it is something else. That’s why getting corroborating evidence to support what the whistleblower says is so important.
But in this quest for evidence, whistleblowers may go too far. For example, when copying electronic files onto a USB flash drive, the whistleblower should focus on copying only the files that directly relate to the reason for the whistleblowing.
If instead of copying over individual files, a whistleblower copies over complete folders, many of which contain trade secrets, classified information or proprietary information that have nothing to do with the reason for whistleblowing, then the whistleblower’s actions may not receive protections.
Courts understand the difference between protecting whistleblowers who access specific pieces of information to support their claims and whistleblowers who are sifting through massive amounts of sensitive information looking for unlawful conduct.
Bottom line: whistleblower protections may not apply if it appears that the whistleblower is going on a “fishing expedition” to find incriminating information.
The Extent of Information Disclosed by the Whistleblower
If it’s not obvious yet, whistleblower protections exist as a compromise between protecting the interests of the general public and the right of private and public organizations to keep information confidential. Therefore, courts want to protect a whistleblower only to the extent necessary to allow them to reveal enough information in matters of public concern.
As a result, courts will look at the reasonableness and extent of the disclosures. The more information an individual releases that goes beyond what’s necessary to alert the public of potential wrongdoing, the less likely the individual will receive whistleblower protections.
Bottom line: a whistleblower should only disclose the amount of information necessary to support his or her claims.
Who the Information Is Given To
Even if the law accepts how a whistleblower takes information, as well as the kind of information disclosed, there’s still the issue of how the whistleblower handles that information. An individual is far more likely to possess whistleblower protections when they act properly in disclosing that information.
What constitutes a “proper disclosure?” That depends. There might be a statute that explicitly outlines who a whistleblower must provide the information to enjoy whistleblower protections. One good example of this is the Intelligence Community Whistleblower Protection Act of 1998 (ICWPA).
The ICWPA outlines two main ways an individual can blow the whistle in situations that deal with information that is classified or otherwise sensitive to the interests of national security.
First, they go to the Intelligence Community Inspector General (ICIG). Second, they can go straight to Congress, but only if the ICIG decides the whistleblowing complaint is not credible or is not an urgent concern.
If a whistleblower were to reveal classified information outside either of these two procedures, they will likely have no whistleblower protections and might be prosecuted for the disclosure of classified information.
ICWPA isn’t the only law like this. There are other whistleblower laws that will specifically instruct who whistleblower should provide any evidence of wrongdoing.
One of the best ways for an individual to lose any potential whistleblower protections is to first give the information directly to the press. This isn’t a hard and fast rule thanks to the First Amendment, but it’s a good rule of thumb to follow.
Finally, there are situations where it may not be clear where the whistleblower should report the wrongdoing. In that case, it’s best to first consult with an attorney.
Bottom line: unless the whistleblower’s attorney says otherwise, they should not blow the whistle by first going to the press. Instead, a whistleblower should see if the applicable law outlines the specific process for reporting unlawful activities.
The Existence of a Contract Prohibiting Disclosure of the Information
One tool companies and government employers have used to stop or discourage whistleblowing is the use of confidentiality or non-disclosure agreements (NDAs). So do NDAs work? It depends on the facts surrounding the whistleblowing, including the applicable law.
For example, pursuant to Rule 21F-17 under the Dodd-Frank Act, an employer cannot use an NDA to stop a potential whistleblower from reporting a possible securities law violation to the Securities and Exchange Commission.
Federal employees that fall under the jurisdiction of the Whistleblower Protection Enhancement Act of 2012 must be given notice that any NDA they sign cannot “supersede, conflict with, or otherwise alter the employee…rights…created by…any other whistleblower protection.”
But what if there is no specific statutory protection allowing an employee to lawfully breach an NDA?
There are common law contract principles. One in particular is the idea that a contract’s provision cannot be enforceable if it violates public policy. Depending on the misconduct being reported, a court may conclude that it goes against public policy to enforce an NDA against a whistleblower.
Bottom line: if there is no statute providing a whistleblower exception to an NDA breach, a whistleblower may still be protected if there is sufficient justification on public policy grounds.
Use of Internal Reporting Channels
To facilitate the rooting out of corruption, fraud, waste and other wrongful conduct, organizations will sometimes have internal reporting procedures in place. The goal is for employees to be able to blow the whistle internally.
Using an internal reporting channel doesn’t automatically mean an individual loses whistleblowing protections. However, it may provide a false sense of security.
There are cases where an employee who reported potential misconduct internally, and not through means outlined by whistleblower protection laws, did not receive whistleblower protections. One notable case that demonstrates this is Digital Realty Trust, Inc. v. Somers.
Bottom line: unless instructed otherwise by their attorney, employees should avoid using internal reporting channels as the sole means of blowing the whistle.
Summing it Up
Determining when a whistleblower will receive legal protections for revealing misconduct is not always an easy task, as any decision will be very fact-specific.
When in doubt, it’s best not to take information or disclose it without first consulting with a whistleblowing attorney. Instead, an individual should make note of the information they want to take or reveal, including what it proves and where it can be found. From there, they can decide, with the help of legal counsel, how to proceed. In the end, it might involve going to the press or reporting it to a government agency.
Help us to become independent in PANDEMIC COVID-19. Contribute to diligent Authors.