Regardless of whether an unlawful event is greatly against public interest or is a personal wrongdoing with limited interactions, the risks of blowing the whistle are great, and the impacts can last a lifetime. Often the person making the report only gained the insights and access to confidential information because they were in a senior role in the organisation, and after making the report they were no longer welcome in that position – and sometimes unwelcome in other organisations, either. Yes, there are whistleblower protection laws and regulations to avoid retaliation, but whistleblowers find themselves confronting a long and lonely fight with many consequences. An example of this is Kim Yong-chul, the former general counsel of Samsung and former prosecutor who blew the whistle on Samsung’s misdeed practices. Kim significantly contributed to eliminating the Korean chaebol’s unlawful practices, but ever since he has run a bakery in his hometown to make a living.
Even though it’s common knowledge that whistleblowers play a vital role in making society more transparent, in reality, a whistleblower or accuser is not generally appreciated in many social environments. In almost 80% of European countries, more than half of the people think it is socially unacceptable to report misconduct. This implies people will push back on reporting wrongdoings, even if someone has committed a serious crime.
Pushback and internal pressure from authorities is well documented in the movie A Few Good Men, but unfortunately it isn’t only happening in the movies. Ironically, in many countries there are double traps for whistleblowers, such as in Korea, where public servants are obliged to report witnessed misconduct, yet there is also a rule that ‘harmful acts to the authority result in disgrace’, leaving the reporter vulnerable to punishment. This is similar to the story of Edward Snowden, who greatly contributed to the protection of privacy information from being misused by homeland security, but is now a refugee because he violated the national security laws of his home country.
Anonymous reporting should be allowed in whistleblowing programmes, not only to encourage people to report, but also to protect whistleblowers from possible retaliation, including being killed. When a reporter gives their name, even though the investigation body tries to protect their identity, it’s not uncommon for the accused to find out who made the report, leading to retaliation. Even so, anonymous reporting is generally not recommended because:
When a reporter can’t be reached after the making their initial report, it is hard to get a response in a timely manner or to even progress to an investigation. Yet, in today’s world, there are many methods to reach an anonymous reporter through their personal device, allowing for timely notifications and updates while securing anonymity.
While it is true that anonymous reporting can increase false accusations, more than 50% of misconduct cases go unreported or are not investigated unless anonymity is offered. This, as well as the vast risk any whistleblower takes, means it is fair to keep the door open for anonymous reporting.
Many companies make various reporting channels available, including landline, fax, email, web form and open-door policy. No matter which channel the reporter used, keeping the information secure and addressing the issue immediately are key. Whether the information is gathered by a third party or in-house, it needs to be confidential and only shared on a need-to-know basis. When you keep the reporter’s information, it’s recommended to remove or redact the names and any other sensitive information as soon as the report comes in, to make sure the identity of the reporter is protected.
When a case report comes in, the hotline manager (e.g. the HR manager or compliance officer) must have a clear reporting line based on the issue. Some reports could involve the highest position in the organisation (such as the CEO), and it is critical that the case information isn’t shared with any involved personnel.
A case management system is a useful tool for the investigative team to share and track documents, information and case progress. At the same time, though, it is essential to be cautious of who can access and view case information and restrict users of the platform. Ideally the system could be configured for each case.
As per GDPR guidelines, case data should be completely removed from your system after the case is closed, not only for data protection but also for the whistleblower’s protection. If the company keeps the case data for an audit trail, any identifying information should be removed or redacted.