Tips for Whistleblowers: Dos and Don’ts of Evidence Collection
1. Take What You Need to Prove Claims, But Take Only What You Need to Prove Claims.
Of course, you want to gather any documentation or evidence that supports your claim. And the general rule is the more the better; not having the proof for your claim may be fatal to an intervention decision or leave you without the factual basis to withstand a motion to dismiss. You don’t necessarily need to collect everything. Exemplar documents showing the full lifecycle of the fraud, including evidence that the government was billed for or paid for the allegedly fraudulent goods or service, are especially important. Financial or billing information can be necessary support in some jurisdictions.
Relators do have some protection for evidence collection. Courts have recognized that the public policy against fraud extends that protection even when the relator is subject to a nondisclosure agreement. HIPAA laws that protect the privacy of patient health records include an exception to allow a relator to disclose to his or her lawyers and the government confidential medical records that support a claim of fraud (see 45 CFR § 164.502).
But taking too much can backfire—by weakening your credibility or resulting in counterclaims based on violation of fiduciary duty or breach of a nondisclosure agreement. Be mindful not to gather material indiscriminately. The best practice is to take only those documents that you reasonably believe are related to the claims at issue. Downloading entire folders or hard drives solely because you suspect the folder or drive might contain a relevant document may be seen as overreaching and could support a claim against the relator or even a motion to compel the return of all documents.
Don’t download indiscriminately.
Don’t take entire hard drives or files if all of the information on the drive or in the file is not related to your claims.
2. Collect only what you have access to through normal job functions.
You may collect documents through any source you have legitimate access to. For example, if you have access to billing records as part of your job, you may gather copies of those records to support the claim. But you should not attempt to gather records you are not authorized to access.
Generally, you should not access documents after you are terminated or suspended from work. If you have accessed documents while terminated or suspended, explain the circumstances—and the documents involved—in detail to your lawyer. It may be better to return or destroy documents you did not have legitimate access to than to defend having taken them.
Accessing records that you don’t have access to may violate your duties as an employee and may even violate state and federal computer fraud laws. To avoid counterclaims or other actions that could weaken your case or put you at risk of legal action, preserve information that shows that you had legitimate access to any information you gathered.
Don’t access computer systems or files you aren’t authorized to access.
Don’t access or attempt to access systems after your employment is terminated.
Don’t use someone else’s username or password to access a system.
3. Exercise caution in collecting information.
You need to collect information to support your claims, but you also need to protect yourself and avoid violating the law.
First, be aware that sophisticated corporate IT departments may well be monitoring activity on the company’s networks and hardware. They will know if your activity patterns change, for instance if you are emailing information to yourself, plugging in USB drives, or printing many documents. Avoid, as much as possible, unusual activity that could raise a flag. For instance, rather than downloading or emailing yourself information contained in a database, use your personal phone to take pictures of information on your computer screen. You might also consider preserving information on your company’s drives, for instance in a private (unshared) folder within a larger file management system, and recording its location to share with government investigators. (Information about where information can be found, whether electronically or physically, and in what format will be immensely helpful to government investigators, even if you do not actually have the information.) If you are reporting the conduct to the company’s Compliance or Legal Department first, compile the information for that department and let investigators know to whom you passed the information and in what context.
In the same vein, approach potential witnesses with extreme caution. Certainly identify useful witnesses to your lawyer (and eventually government investigators). One of the exhibits you’ll want to provide to the government is a list or table of witnesses. That list should provide the name, position in the company, and contact information for each witness. (Especially valuable to investigators will be noncompany channels, such as personal email addresses or cell phone numbers.) Ideally, you should indicate what each witness is likely to know, if you think they are culpable for the bad acts, and whether they are likely to be willing to cooperate. But actually speaking with witnesses is risky. If you’ve misread the witness, you might put your investigation, or your job, at risk. A witness who disagrees with you may tell your employer what’s happening, resulting in your termination and perhaps undermining your case. Or a person you saw as a witness for your case could decide to file their own, which could affect your case. Once you’ve engaged an attorney, always speak with your attorney before speaking to any potential witness, or anyone else.
Finally, beware of violating the law yourself as you collect information. You could do that by collecting information unlawfully, including information associated with protected trade secrets or subject to special confidentially considerations. You may also do that by recording conversations in a way that violates your state law. If you don’t understand the distinction between single-party consent and two-party consent to recording, speak with your lawyer before recording any conversations (or before sharing with anyone, including your lawyer, any recordings you’ve already made).
Don’t record conversations until you’ve verified recording complies with the laws of your state (and the states where other parties are, if that’s different).
Don’t communicate with your lawyer or government investigators via company-provided email, phone, or cell phone (including texting!).
Don’t use company-provided email, file storage utilities or cloud services, or other channels to convey information to yourself for preservation.
4. Keep potentially privileged (attorney-client) materials separate.
Just as your communications with your attorney are privileged—not subject to disclosure to others—a company’s communications with its attorneys are also privileged. Courts have interpreted this privilege to include a corporate attorney’s communications with employees, especially employees responsible for the leadership of the company and employees involved with a matter that is being or may be litigated. If you spoke to a company attorney about the issues you’re now seeking to report, those conversations are likely privileged. And the law may limit whether you can share any information you got from those conversations (or accessed as a result of those conversations), even with your lawyer. The government attorneys who investigate your claim do not want to see such information because that knowledge may “taint” the investigation, leading to claims being dismissed or limited.
Keep in mind that company attorneys don’t only work for the Legal Department. Corporate attorneys may work in other departments, such as Compliance or Regulatory Affairs, or they may work in a particular business unit.
Privilege is a complicated area of law, and it can get confusing. Even courts sometimes struggle with corporate attorney-client privilege. If you’re not sure whether a given communication, conversation, or information set is privileged, talk to your attorney. Don’t provide the privileged communication or information—your attorney may not be able to look at it either—but describe the context and the position of the person you talked to. If you’re still not sure, err on the side of caution, and don’t provide the information. In any event, keep that questionable information separate from other information you provide to your attorney.
If your case is complex, you have a lot of potentially privileged information, or the privileged information is difficult to separate from the non-privileged, your lawyer may create something called a “taint team.” The taint team is a team of lawyers and paralegals, separate from your primary legal team, that reviews all of the information, documents, and data you provide for privilege issues and pulls out what is likely privileged before your legal team sees it. As the name indicates, that process ensures the information on which your legal team builds your case is not tainted by privileged information they should not see or know of.
Don’t collect information from or record conversations or meetings that include company attorneys.
5. Only disclose what you collect with your lawyer and the government (through your lawyer).
As we noted above, whistleblower law provides some protections from nondisclosure or confidentiality laws. But no whistleblower protection allows you to talk about what you know to your friends and family, other employees, or the public at large. Doing so may make you ineligible for a whistleblower program, and any associated awards. And worse, it can make you vulnerable to lawsuits or other action from the target of your whistleblower action.
Once you have engaged a lawyer, your best course is to talk only to your lawyer and to provide documents and information only to your lawyer. Even once your case is filed, the government agencies involved will communicate with you through your lawyer. Sidestepping your lawyer or talking to anyone outside your lawyer’s office—including directly to government attorneys or investigators—can, at best, cause needless confusion. At worst, you could inadvertently compromise your own interests or undercut your case altogether.
On related note, make sure to tell your lawyer everything—even information you think may be unhelpful to your case. Your lawyer is there to support you, and to help you build the strongest case possible. They can’t do that effectively if they don’t know the whole story.
Don’t post on social media about any aspect of your case — the company’s conduct, your allegations, or even that you have retained a lawyer.
Don’t communicate with news media, reports, podcasters, or anyone else; “taking your story public” will endanger your case and may open you to charges of defamation or violation of various confidentiality duties or agreements.
Don’t hold information back from your lawyer.
This piece was written by Darth Newman, Founding Attorney at The Law Offices of Darth M. Newman. This post was edited by MaryAnne Hamilton, Attorney at Miller Law Group, PLLC and Rich Harris, Founding Attorney at Richard J Harris Law PC.