Government Rewarding Whistleblowers and Effective Whistleblower Policies

A little publicized provision in the new Dodd–Frank Wall Street Reform and Consumer Protection Act, “…requires the Commission to pay an award…to eligible whistleblowers who voluntarily provide the Commission with original information about a violation of the federal securities laws that leads to the successful enforcement of a covered judicial or administrative action…” 

In the end, the provision allows the commission to pay between 10 to 30 percent of any recovery over $1 million to whistleblowers who give original information of fraud. As the Wall Street Journal’s Law Blog points out, “It opens companies up to more scrutiny from the SEC, and will likely raise costs.”

Corporate compliance systems will be under increased scrutiny internally, as employees are given incentive to tell on their employers, and externally, from the SEC itself. It is of importance to develop a system to quickly conduct internal investigations and to develop a set of whistleblower policies conducive to such an environment.

An effective whistle blower policy will:

·         prohibit employees from interfering with the right of another employee to blow the whistle

·         prohibit employees from retaliating against an employee for having made a protected disclosure or for having refused an illegal order

·         provide a procedure for raising a concern to the corporate legal department

·         provide a procedure for filing and addressing complaints of retaliation for whistleblowing

Once these policies have been enforced, it is then vital to implement a robust investigation process – a process which manages internal reports of fraud and investigations directed by the SEC itself. The ability to quickly launch a thorough investigation, to identify areas of risk or to take action against open cases, becomes increasingly important as scrutiny increases. The Dodd-Frank bill pushes to light the mandate to create an environment of corporate transparency – an order now directly from Washington.

Investigations can take months to complete - disparate data sources and an incomplete data map can make collection a logistical nightmare. By deploying ZL Technologies’ Unified Archive, enterprises can manage and search through all of their unstructured data (including email and file shares) from one platform. This cuts down collection from days or weeks to seconds. With the Unified Archive, responding to an allegation of misconduct has never been simpler.

The Extended Functions of E-Discovery: Litigation Support, Regulatory Compliance, and Internal Investigations

E-discovery solutions have naturally been classified as litigation support, and in this post I'll go over why this area continues to be of growing concern. In another section, I will cover why the same solutions which provide litigation support can also help to solve internal investigations as well. 

First, rising litigation highlights the importance of e-Discovery. In Fulbright's most recent survey litigation survey, over 90% of U.S. and U.K. respondents expecting legal disputes to increase or remain the same:  

…93% of U.S. and 97% of U.K. respondents expecting legal disputes to increase or remain the same this coming year. This expectation comes during a year when 87% of U.S. respondents faced new litigation in the past year (up from 83% last year) and 53% of all respondents initiated a suit in the past year (up from 48% overall last year)....In the U.S. – and for large-caps in particular – intellectual property and patent litigation are also high on respondents’ radars. 

And, according to the same study, "More regulators have been investigating a greater variety of companies, from small to large and across sectors – particularly banking, health care and energy." Rampant regulatory changes and stricter enforcement seem to have increased the need for the ability to find documents within an enterprise.

Like most things, cost produces the constraints which this process work around. Bringing discovery in-house reduces the cost at an astonishing rate. Patrick Oot, a member of the Law Technology News Editorial Advisory Board, is director of electronic discovery and senior litigation counsel at Verizon, based in Washington, D.C. says:

In July 2008, our EDD team completed a business case that presented an opportunity for Verizon to save about $4 million in legal expenses in one year by establishing an in-house system, with support staff, infrastructure and software for internal data processing, hosting and review. We believe that over the next three years, this business case will yield up to potential 395 percent return on investment.

Following this example, both NBC and Microsoft have moved their discovery internally. At NBC, Jonathan Chow -Chief Information Security Officer (CISO) - heads the IT implementation and explained to ComputerWorld that, as with many corporations, the information security department includes e-discovery as a key responsibility for litigation support, M&A activities, and internal investigations. The move in-house allows NBC to administer searches and investigations internally without the dubious cost of hiring outside vendors.

E-discovery Used Internally

E-discovery solutions have traditionally only been seen as a litigation support tool. But no longer. Today, savvy businesses are using the same tools to solve internal investigations, regulatory compliance and records management issues. 

The use of e-discovery tools in internal investigations remains vital for international corporations as well as domestic outfits. All major companies need the ability to search electronically stored information ( ESI) to complete internal investigations that may be generated by HR or corporate security. No matter the regulatory environment, personnel misconduct and fraud detection must be of vital importance for any company - and a particular worry for CISOs, Chief Security Officers, General Counsels, and CEOs. Unauthorized access to sell or manipulate data and sexual harassment or other inappropriate communication has become all too common, and internal investigations have become ever more important as a result.

Compliance with government regulations remains of great importance to industries such as financial services and healthcare as well as the broader set of publically listed companies. NASD, SEC, and HIPAA govern strict regulations on the retention of e-mail and other ESI. As a part of information management and security, e-discovery tools like ZL’s Unifed Archive can manage the retention (or destruction) schedules for ESI based on a granular set of rules. If a company’s ESI were sand in a box, ZL’s proactive e-discovery tool is a very speedy fine-toothed comb.

As the application of e-discovery tools expand, many companies find that classifying them purely as litigation support can be a misnomer. The discovery function serves both litigation support and internal investigations due to the increasing need to hold employees accountable to company policies. No matter the name, the ability to search through a company's ESI remains a pillar of responsible corporate governance. 

Qualcomm v. Broadcom

We've been swamped over here lately, but while you are waiting in eager anticipation for the next post, check out Law.com's revisit of the 3 year old  Qualcomm Inc. v. Broadcom Corp. 

During trial, the court learned that Qualcomm and its counsel did not produce more than 200,000 pages of relevant electronic documents. As a result, Qualcomm was ordered to pay Broadcom's hefty legal fees ($8.5 million)...

This is, according to e-discovery expert Adam Sand, one of the heaviest e-discovery fines. And although this might be 'old' news by now, I think that it is still highly relevant. Cases of such gross negligence are hard to come by, but it does prove that it can happen. And 8.5 million is a lot.

IBM Acquires PSS Systems

Breaking news from IQPC Oil & Gas. You can find the press release here. With the combination of Symantec taking in LiveOffice last month, industry consolidation seems to be picking up steam.

Here's an interesting excerpt from the article [emphasis mine]:

A recent study by the Compliance, Governance and Oversight Council found that fewer than 25 percent of organizations were able to dispose of data properly because they lacked rigorous legal hold management practices and effective record retention programs. The report also estimates that that costs associated with legal electronic discovery average more than $3 million per case and about 70 percent of information is often needlessly retained.

I do not doubt that electronic discovery can cost, on average, $3 million. With painful manual collection and export to numerous review platforms/counsels the time and fees spend can be enormous. Moving e-discovery in-house is the only way to get a hold of these costs. See how at www.zlti.com.

Avoid the Big House: Bring e-Discovery In-House

Over at Law.com you can find an extensive examination of the recently filed Victor Stanley Inc. v. Creative Pipe Inc ruling. Here's a valuable excerpt [emphasis mine]:

Magistrate Judge Paul Grimm's lengthy opinion in Victor Stanley Inc. v. Creative Pipe Inc., filed Sept. 9, is worth the read... But the opinion is newsworthy because it sets out a harsh remedy for the defendant whom he found had destroyed evidence, lied to the court and dragged out proceedings -- civil contempt, with the defendant facing severe costs and fines or a two-year prison sentence if he fails to pay that fine. 

The court's focus upon and analysis of the costs -- in time, money, effort, and expertise -- of spoliation and dilatory tactics to the justice system is both spot on and timely.

What this has done is to highlight how important it is to follow a defensible discovery collection process and reinforce the fact that spoliation can directly lead to jail time. The importance of a legally defensible and thorough discovery process cannot be overstated.

It is not just one tool which can be a panacea, but the build-out of an entire data management process which will reduce risk. The industry standard, Electronic Discovery Reference Model (EDRM), serves as a decent guide:



The EDRM, although a good guide, can be limiting, as its flow does not represent the continuous nature of many discovery processes. At ITBusinessEdge I found another way to look at managing the process:

This visualization, unlike the one-way EDRM, views information management and discovery as part of a continuing process. I believe that this is much more accurate, as discovery can last for years (in the case of Victor Stanley, four years) and can involve going back to the data well many times for a multitude of matters or custodians. The process involves many more parties than purely Legal or IT, but touches upon the foundation of a company's technology strategy.

In order to develop a thorough discovery process, GCs and, increasingly, CIOs need to bring as much e-discovery in-house as possible. CIO.com states that:

The other critical remedy to minimizing risks and costs is bringing as much of the e-discovery process as possible “in-house”. Of course, this means that in-house staff must have a thorough working knowledge of the relevant processes, organizational archiving and data structure and enough technical know-how to choose and implement the right tools to support the required processes, which include (data) identification, preservation, collection, processing, review, analysis, production and presentation.

ZL Technologies developed our solution exactly so that companies can have this level of control over their data. Streamlining the discovery process is only one function of managing data, yet it may well be the most important, as emphasized by Judge Grimm in Victor Stanley Inc. v. Creative Pipe Inc. Corporations should get control of their data and discovery...and leave prison to the murderers.

Facebook Update: Download Your Information

Here is an excerpt from Mashable.com's blog today covering Facebook's latest announcement:

10:49: Announcement: Download Your Information. It’s exactly as it sounds; it lets you download your Facebook data.

10:50: Dashboard for Applications You Use revealed. Alllows you to anage your apps in a simple way.

10:51: Now the company’s product manager for open source is on stage discussing Download Your Information.

10:53: It’s made for regular users. You start the process, Facebook lets you know when your data is ready to be downloaded, and then you have a zip file with your profile info, photos you’ve been tagged in, videos, friends, etc

It looks like we will soon be able to gather all of our data from Facebook. I can only imagine that this will again increase the amount of data we have to deal with, and will bring up security issues as well. That shouldn't be a huge problem for individuals, who can opt-in/out as they choose, but perhaps for corporations with pages and profiles on Facebook that would be some very good information indeed (data mining anyone?), as they can see who their friends and fans consist of. That kind of information can be very valuable.

Facebook also announced a few more handy features, like design changes and a change in the way groups operate, namely that they will try to facilitate your social circles more rather than be simple constructs to organize people. Check out more at Gizmodo, who has done a good job summarizing.

Obama Administration and Email Privacy

Check out this article posted today on BoingBoing about Obama's policy on encrypted e-mails. The administration wants to keep back doors open for the government to get to encrypted messages to ensure that they have access to sensitive or potentially threatening information. Personally, I view this as an attack on privacy altogether. Individuals, employees, and especially companies have good reason to secure their communications (i.e. intellectual property) and any back doors can be exploited.