It is common for employers to require employees whose job duties require access to confidential, sensitive, and/or proprietary information to sign confidentiality and/or non-disclosure agreements as a condition of employment. However, at least in limited circumstances involving whistleblowers, employers are finding that they may not be permitted to enforce such agreements under all circumstances.
In a recent case, Erhart v. BofI Holding, Inc., No., 15-cv-02287, 2017 WL 588390 (S.D. Cal. Feb. 14, 2017), the United States District Court for the Southern District of California considered the balance of public interests associated with, on the one hand, allowing companies to protect their confidential and proprietary information and, on the other hand, protecting employees who disclose confidential information in furtherance of a whistleblower complaint. In denying a motion to strike several affirmative defenses asserted by Erhart, the Court found that, at least in certain circumstances, the balance of public policy considerations may weigh in favor of whistleblowing.
Bank of the Internet (“BofI”) employed the plaintiff, Charles Erhart, as an internal auditor. In his position, Erhart had access to proprietary and confidential information including consumer banking information, nonpublic communications between BofI and its regulators, communications between BofI’s attorneys and its agents, internal audit findings, and BofI’s employees’ personal information. As a condition of his employment with BofI, Erhart was required to sign and abide by a Confidentiality and Non-Disclosure Agreement.
While employed at BofI, Erhart allegedly reported conduct he believed to be wrongful to BofI’s principal regulator, the Office of the Comptroller of the Currency (“OCC”), as well as to the SEC. Not long thereafter, BofI terminated his employment. Erhart sued under federal and state whistleblower laws, alleging BofI retaliated against him for reporting unlawful conduct to the government by terminating his employment. The day after filing his court complaint, The New York Times published an article entitled “Ex-Auditor Sues Bank of Internet,” which referenced some of the allegations in the complaint. The share price of BofI’s publicly-traded holding company plummeted thirty percent. A few days later, BofI brought a countersuit against Erhart asserting a panoply of claims, including breach of contract and violation of the federal Computer Fraud and Abuse Act, claiming that Erhart wrongfully published BofI’s confidential information and deleted hundreds of files from his company-issued laptop.
BofI filed a motion for summary adjudication as to various affirmative defenses asserted by Erhart that his disclosure of confidential information was protected under federal and state whistleblower laws.
Erhart’s Disclosures of Confidential Information:
The parties did not dispute that Erhart disseminated confidential information in the following ways.
First, Erhart contacted the SEC regarding a BofI loan customer who he believed was “suspicious” and may have been operating as an unregistered investment advisor. Second, Erhart used his personal gmail account to email files that were stored on BofI electronic media, such as customer bank account information and internal audit reports. Third, Erhart sent an email to his mother that included a spreadsheet containing BofI customer social security numbers. Fourth, Erhart downloaded BofI files, including OCC supervisory information, audit findings, draft audit committee meeting minutes, wire transfer details, and bank account information to a personal USB drive. Fifth, Erhart used his live-in girlfriend’s computer to access some BofI documents. In defending his actions, Erhart relied upon a variety of laws and their retaliation provisions, including the whistleblower provisions of the Sarbanes-Oxley and Dodd-Frank Acts.
To determine whether Erhart’s affirmative defenses could be valid as a matter of law, the court examined Erhart’s conduct and analyzed whether public policy in favor of whistleblower protection outweighed BofI’s interest in enforcing its confidentiality and non-disclosure agreement. Not surprisingly, the court found that Erhart’s alleged communications to the government would be protected under whistleblower laws and that this would trump BofI’s breach of contract claim.
With regard to the disclosures to Erhart’s mother, downloading of sensitive information to a personal USB drive, and use of his girlfriend’s computer, the court found that protection of Erhart as a whistleblower could outweigh BofI’s right to enforce of the confidentiality agreement if the evidence revealed that information transmitted by Erhart was relevant to his whistleblower reports, that the information was transmitted because he had a reasonable concern the information might be destroyed, and that Erhart’s motivation for forwarding the information was to support his allegations of wrongdoing. The court noted that it would be Erhart’s burden to prove that his actions were reasonable.
With regard to the allegation that Erhart leaked confidential information to the media, the court noted that although “[l]eaks to the media” are not protected by Sarbanes-Oxley’s anti-retaliation provision, BofI had not established that Erhart or his counsel actually provided confidential information to The New York Times – only that they communicated with a reporter, and thus denied summary adjudication on this issue as well.
In light of the decision in Erhart, companies should exercise caution when dealing with apparent employee misappropriation of confidential company information. While in the past it may have been a safe course to simply terminate an employee for such activity, the issue is no longer clear-cut. Employers should engage in a case-by-case analysis in such situations to minimize the risk of legal exposure.