Reporting your company or fellow employees is not a topic that is often discussed in polite circles. Someone who takes what they believe to be a moral stand and reports suspicious behaviour can be seen as disgruntled or stirring up trouble or, to put it another way, as a “snitch”. Sadly, outside the Harry Potter context, a snitch is not generally seen as a positive descriptor and, like the golden snitch, the reporting of another’s behaviour may result more in a chase to catch the person who has reported a problem than to rectify the problem itself.
However, whistleblowing can be vital for companies in understanding where internal problems may lie and in avoiding potentially costly litigation or bad publicity as a result of the actions of a few individuals. Datonomy provides the following information for the benefit of both the whistleblower, the whistleblowee (person reported) and the recipient of the sound of the blown whistle (employer). As always, comments — and any (anonymous) examples from personal experience — are extremely welcome.
What is whistleblowing?
Whistleblowing is, broadly speaking, where employees report unlawful or unethical conduct within their organisation. Many jurisdictions, including the UK, have specific statutory protection for employees who report such conduct, either using the organisation’s internal reporting procedures or through an external regulatory body. Companies are under an obligation not to obstruct employees from reporting misconduct and to ensure that such reporting is reliable.
How to blow the whistle in the UK
Employees in the UK are afforded protection for whistleblowing under the Public Interest Disclosure Act 1998 (PIDA). Since PIDA does not offer absolute protection, employees must ensure that they comply with the procedures set out in PIDA if they choose to blow the whistle.
A protected disclosure must qualify as such and relate to one of the following failures:
(i) a criminal offence;
(ii) the breach of a legal obligation;
(iii) a miscarriage of justice;
(iv) a danger to any individual’s health or safety;
(v) damage to the environment; and
(vi) deliberately covering up information in relation to (i) to (v).
The relevant failure can have occurred outside the UK and it does not matter if non-UK law applies to the failure in question. There are no specific restrictions on the subject matter of the disclosure, so long as it qualifies under one of the above headings.
Disclosures are only protected if they are made to an appropriate party. Whistleblowers are protected if they make disclosures in good faith (i) to their employer either directly or via an internal procedure, or (ii) to another person whom they reasonably believe to be solely or mainly responsible for the failure which is the subject of the disclosure.
Whistleblowers may also make disclosures to a regulatory body that is prescribed by the Secretary of State; however, in order to obtain protection they must satisfy the higher criteria of reasonable belief that the information disclosed is substantially true and that it points to one or more of the relevant failures. A whistleblower’s belief doesn’t need to be correct as long as it is honestly held. Anonymous reporting is permitted, provided that its use is proportional.
Certain types of disclosure are excluded, for instance, disclosures subject to legal professional privilege or those which are prohibited under the Official Secrets Act.
How is the whistleblower protected?
Employees who make “protected disclosures” under PIDA can claim unfair dismissal if their contracts are terminated due to the disclosures. These employees are also afforded protection from any other detriment which may result, including barriers to promotion, or failure to provide training opportunities. This means that if you are not an employee of the company (e.g. your employer is an agency), it is still possible to claim for “other detriment”.
An individual who is dismissed or suffers detriment can bring a claim before an employment tribunal. There is usually a three month limitation period within which to bring an unfair dismissal claim.
Whistleblowing and Data Protection Compliance
The ICO has not issued any guidance in relation to whistleblowing. Employers must however ensure that they comply with their data protection obligations when they receive complaints containing personal data. Employers are not required to set up a special procedure for handling whistleblowing complaints and individuals do not have to make a disclosure via a grievance procedure. Employers should notify employees about how they will process personal data received in connection with whistleblowing complaints.
A person accused by a whistleblower has a right of access to the whistleblowing report in order to correct or delete inaccurate data. Retention of data related to whistleblowing complaints must be proportional to the purpose for which the data is collected.
Many companies operate in a number of jurisdictions, and the interplay between the duty to provide certain fixed whistleblowing procedures (which may extend to all jurisdictions in which a company is based) and local data protection laws can be uncomfortable. Multinational companies should review the legal position relating to whistleblowing and associated issues in other jurisdictions.
This datonomite firmly believes in the importance of individuals being able to raise their concerns about the ethical conduct of their organisation without fear of recrimination and hopes that many of her readers will consider how whistleblowing could ultimately benefit their organisation.
Written by Rosie; posted by Jeremy