January 17, 2012
The U.S. Department of Labor recently issued a final decision through its Administrative Review Board (ARB) in a case where an employee reported a conflict in his employer's document retention policies. The ARB decision expanded the interpretation of the anti-retaliation protection that the Sarbanes-Oxley Act of 2002 (SOX) provides to whistleblowers. The decision is Prioleau v. Sikorsky Aircraft Corp., DOL ARB, No. 10-060 (2011)(Prioleau). Section 806 of SOX prohibits public companies subject to SOX from retaliating against employees (through such actions as discharge, demotion, or suspension) for providing information or assisting in investigations related to certain types of fraudulent acts. For an employee to be protected under Section 806, he or she must have reasonably believed that they were giving information about a violation of the federal fraud statutes, any rule of the Securities and Exchange Commission (SEC), or any provision of federal law related to fraud against shareholders. The issue before the ARB in Prioleau was whether the employee seeking whistleblower protection could have reasonably believed he had reported information covered under Section 806.
Keith Prioleau worked for 10 years as a systems engineer for Sikorsky Aircraft Corporation (Sikorsky), a subsidiary of United Technologies Corporation (UTC). Prior to his employment with Sikorsky, Prioleau was a computer scientist for Computer Sciences Corporation (CSC), where he was part of a team that helped design UTC's computer infrastructure. In June 2009, Sikorsky's legal department sent an email to Prioleau and other salaried Sikorsky employees stating that certain electronically stored information (ESI) should be retained when the legal department issued a legal hold notice for that information in specific circumstances. Those circumstances were when ESI was needed in connection with pending or anticipated litigation, government or internal investigation, or a subpoena. A few days later, Prioleau received an email from CSC, warning that there was a UTC retention policy. This policy consisted of a software application that automatically placed emails older than 30 days in a folder where they would be automatically deleted after 21 days.
Two days after receiving the CSC email, Prioleau electronically submitted a report that explained that the ESI retention policy and UTC retention policy conflicted with each other and that a procedure needed to be implemented to resolve the conflict. The report did not mention fraud or violations of the securities laws. The next day he went on authorized leave and when he returned to work two weeks later, his employment was immediately terminated.
Prioleau subsequently filed a SOX whistleblower complaint with the Occupational Safety and Health Administration (OSHA) within the Department of Labor (the agency with jurisdiction to enforce various federal whistleblower provisions, including Section 806 of SOX). He alleged in his complaint that Sikorsky had unlawfully retaliated against him for reporting violations of shareholder fraud and of Section 404 of SOX requiring companies to assess their internal controls. He mentioned in his complaint that based on the SOX training he received from Sikorsky and his experience in information security controls and audit, it was clear to him that he was dealing with a SOX internal controls issue. OSHA staff dismissed the complaint upon finding that Prioleau did not engage in protected activity. On further review, an OSHA administrative law judge (ALJ) affirmed the staff's findings, observing that Prioleau had not alerted Sikorsky in his report of any suspected fraud against shareholders. Prioleau then filed an appeal to the ARB.1
Two of the three administrative appeals judges on the ARB panel issued a majority opinion reversing the ALJ. They found that the ALJ erred in finding that the protected activity must relate to shareholder fraud. They noted that the language of Section 806 protects employee complaints about fraud falling into six categories, only one of which is shareholder fraud. In addition, they said that the analysis the ALJ should have undertaken was to determine whether Prioleau reasonably believed that he reported a violation of the Securities and Exchange Act to Sikorsky. The majority observed that with his SOX training, past involvement in an internal audit in preparation for SOX compliance, and experience in information technology, Prioleau could have a reasonable belief that the conflict between the legal hold and automatic deletion policies could potentially lead to fraudulent financial reporting in violation of the securities laws. The majority remanded the case back to the ALJ to conduct an evidentiary hearing in which Prioleau would have to submit factual proof showing he had a reasonable belief his report constituted protected activity.
The ARB's decision in Prioleau is significant because it demonstrates that SOX-protected whistleblower activity can extend to an internal report an employee submits to his or her employer about a policy conflict, even if it does not communicate a belief that any type of fraud has been committed or that SOX or the securities laws have been violated. Apparently, all that is necessary for SOX protection to apply is that the reporting employee has a reasonable belief that the policy conflict could lead to fraudulent financial reporting.
 A decision issued by the ARB serves as the final decision of the Department of Labor. Further appeals must be pursued through federal courts of appeals.