Establishing confidentiality protocol in an internal investigation

Andrea Gonzalez, Senior Manager, Cendrowski Corporate Advisors LLC

On July 30, 2012, the National Labor Relations Board (“NLRB”) reached a decision ruling that Banner Health Systems non-union employer’s system of advising its employees to refrain from discussing ongoing internal investigation matters with fellow co-workers violated Section (a)(1) of the National Labor Relations Act. Prior to the Banner Health System decision, businesses had a certain level of discretion in implementing confidentiality requests. However, the freedom to make such requests may no longer be exclusively in the hands of management and may even no longer be permitted without special justification. Companies should take notice.

Courts and administrative agencies are cracking down on blanket employer requests for silence without adequate justification during investigations and the NLRB confirmed this standard in Banner Health System d/b/a Banner Estrella Medical Center, 358 NLRB No. 93 (2012) (“Banner”). The Banner decision came after a technician working for a hospital voiced concern to the hospital’s human resources consultant about certain practices he did not feel comfortable following and believed could cause a patient to become sick. After complaining to human resources, he was instructed to not discuss the matter with any of his co-workers while the hospital conducted its investigation. The same human resources consultant would routinely make identical confidentiality requests to other employees who made complaints that were subject to an investigation.

Given the recent Banner decision, corporate response plans must be sensitive to the level of confidentiality involved in internal investigation matters and specify the proper protocol for disclosing information within an organization.

Smart Business spoke with Andrea Gonzalez, senior manager at Cendrowski Corporate Advisors LLC, about the Banner decision and the potential trickle-down effect it could have on business confidentiality processes during investigations.

What should an organization learn from this decision regarding confidentiality issues in internal investigation matters?

Companies will need to have established protocol ready in the event an internal investigation is launched and the protocol will need to address the issue of confidentiality. There may be a valid justification for confidentiality between co-workers in an internal investigation. However, in order to withstand a challenge, such as the one in Banner, companies will need to be able to readily articulate these justifications. Blanket requests are likely to fail, but well-planned and established processes will not only survive any challenges but continue to allow for effective internal investigations consistent with management’s plan. Each corporate response plan needs to take confidentiality issues into account, be planned in advance and be individualized to the present issues so that it is not found to be overly broad or too burdensome.

How can an organization justify a confidentiality request and likely succeed if challenged?

In Banner, the NLRB discussed the appropriate criteria for determining whether an organization has met the burden of justifying its approach. Despite the hospital’s argument that the confidentiality was necessary for protecting the investigation, the Court stated the hospital needed to show (1) it was necessary for the protection of the witnesses; (2) evidence could potentially be destroyed; (3) testimony could be fabricated; or (4) there was a need to prevent a cover-up. The hospital was unable to do so.

Management should keep these factors in mind during the planning phase of their response plans and protocol should reflect this idea. Retroactive planning after an internal investigation has been launched should also be avoided.

In the event of a challenge to the confidentiality request, what is the best course of action?

One of the most important aspects of combating a challenge to a confidentiality request is an organization’s effort to document its basis for each confidentiality request. An individual file should be maintained with detailed and updated information regarding the investigation. A company should also consider engaging counsel to maintain privilege and identify additional information needed to support or contradict its position. A company may never have perfect information, but a well-maintained file is instrumental in its analysis of a challenge and the manner in which it should proceed.

How can an organization ensure their plan for confidentiality requests is implemented properly?

An organization should monitor guidelines or protocols in place and ensure any blanket policies have been removed. From the moment an investigation begins, the organization should continue to revisit their confidentiality requests and evaluate the facts of the current investigation. A check list of all questions and open items should be kept and findings should be reviewed for accuracy and completeness. The communications protocol to personnel involved in the investigation should also be presented to all parties in a clear and concise manner.

How can an organization gain confidence in established confidentially request guidelines and policies?

Organizations can engage a third party to perform a detailed independent review of an ongoing investigation to evaluate whether the established policies and procedures are being adhered to by individuals conducting the investigation. The third party can also assess whether the confidentiality requests would withstand a challenge under Banner.

The feedback provided by the third party would enable the organization to adjust their guidelines and policies to help ensure future confidentiality requests succeed if challenged.


Andrea Gonzalez is a senior manager at Cendrowski Corporate Advisors LLC. Reach her at (866) 717-1607 or [email protected]

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC

SEC probes some Wall Street trades after 2008 meet with Henry Paulson: WSJ

NEW YORK, Fri Sep 14, 2012 – The U.S. Securities and Exchange Commission (SEC) is probing possible insider trading activities by Wall Street professionals who were present in a private meeting with the then Treasury Secretary Henry Paulson in 2008, the Wall Street Journal reported, citing people familiar with the investigation.

The SEC is trying to find out if Paulson suggested in the meeting that the government was willing to bail out struggling mortgage-finance companies Fannie Mae and Freddie Mac, the WSJ said.

Subsequently, the federal government took over Fannie and Freddie amid heavy losses less than two months after the meeting.

SEC recently sent subpoenas to parties who were present at the July 2008 meeting, the Journal said adding that Paulson hasn’t been handed one.

Parties present at the meeting included Taconic Capital Advisors, GSO Capital Partners, now part of Blackstone Group LP, Lone Pine Capital LLC, Och-Ziff Capital Management Group LLC and TPG-Axon Management LP, WSJ said.

Taconic confirmed the receipt of a subpoena and declined any wrongdoing, the Journal said.

Google fined $25,000 for impeding FCC investigation on Street View

WASHINGTON, Mon Apr 16, 2012 – Google Inc. has been fined $25,000 for impeding a U.S. investigation into the Web search leader’s data collection for its Street View project, which allows users to see street level images when they map a location.

The Federal Communications Commission imposed the fine late on Friday, saying Google had collected personal information without permission and had then deliberately not cooperated with the FCC’s investigation.

“Google refused to identify any employees or produce any e-mails. The company could not supply compliant declarations without identifying employees it preferred not to identify,” according to an FCC order dated April 13.

“Misconduct of this nature threatens to compromise the commission’s ability to effectively investigate possible violations of the Communications Act and the commission’s rules.”

Google said in a statement said it turned over information to the agency and challenged the finding that it was uncooperative.

“As the FCC notes in their report, we provided all the materials the regulators felt they needed to conclude their investigation and we were not found to have violated any laws,” the company said in a statement. “We disagree with the FCC’s characterization of our cooperation in their investigation and will be filing a response.”

Between May 2007 and May 2010, Google collected data from wi-fi networks throughout the United States and across the world as part of its Street View project, which gives users of Google Map and Google Earth the ability to view street-level images of structures and land adjacent to roads and highways.

But Google also collected passwords, Internet usage history and other sensitive personal data that was not needed for its location database project, the FCC said.

Google publicly acknowledged in May 2010 that it had collected the so-called payload data, leading to an FCC investigation on whether it had violated the Communications Act.

U.S. regulators upgrade Jeep Liberty airbag probe

AUBURN HILLS, Mich. – U.S. safety regulators have upgraded an investigation into almost 387,000 Jeep Liberty sport utility vehicles for potential inadvertent airbag deployment, increasing the possibility of a recall.

The National Highway Traffic Safety Administration said it was upgrading its investigation of the 386,873 Chrysler SUVs from model years 2002 and 2003 to an engineering analysis, a step in a process that could lead to a recall if regulators determine that a manufacturer needs to address a safety issue.

In two separate other NHTSA filings, Mazda Motor Corp. is recalling more than 52,000 older Tribute SUVs for potential brake fluid leaks, and Daimler AG’s Mercedes-Benz has begun investigating consumer complaints of fuel odor that may be a leak in about 8,000 older E55 AMG sedans and wagons.

For the Chrysler issue, NHTSA said it had identified 87 reports of inadvertent driver or passenger front airbag deployment, resulting in 50 alleged injuries, including burns, cuts and bruises to the upper body, according to documents filed online.

Forty-two of the 87 incidents involved the driver front airbag deploying without a crash, occurring at vehicle startup and while driving on the road, according to NHTSA. The remaining 45 involved both the driver and passenger front airbags, NHTSA said.