Whistleblowing legislation
What's what in the world of whistleblowing ethics and compliance.
There is without doubt a genuine business need and benefit for organisations to strengthen their ethics and compliance programmes by providing a whistleblowing hotline, but ensuring it meets the needs of different data protection and privacy laws in each country is becoming more complex. It is Expolink's aim to help guide its clients' through this maze and below are introductions to the main laws, and links to documents which will help outline what needs to happen for the successful introduction of a whistleblowing hotline in key countries.
Corporate Governance Policies
- The United Kingdom
- The United States of America
- France
- Netherlands
- Belgium
- EU Data Protection
- International Whistleblowing
Whistleblowing in the United Kingdom
Public Interest Disclosure Act (PIDA)
The Public Interest Disclosure Act (PIDA) came into force in July 1999 with the specific aim of protecting whistleblowers. It gives protection in defined situations to employees who do not raise the matter internally first but go outside, because they reasonably believed they would be victimised by raising the matter internally. Victimised whistleblowers are able to claim compensation at an Industrial Tribunal with awards being uncapped and any “gagging” clauses in employment contracts are void when they conflict with the Act’s protection. The Act also covers trainees, agency staff, contractors and home workers - even when the malpractice occurs overseas. Establishing clear channels of communication for employees to disclose their concerns without fear of reprisal, victimisation or dismissal can help to protect your company from claims arising under PIDA legislation.
See attached pdf for detailsThe Combined Code on Corporate Governance 2003
This Code supersedes and replaces the Combined Code issued by the Hampel Committee on Corporate Governance in June 1998. It derives from a review of the role and effectiveness of non-executive directors by Derek Higgs and a review of audit committees by a group led by Sir Robert Smith. The publication includes guidance on how to comply with particular parts of the Code: first, “Internal Control: Guidance for Directors on the Combined Code”, produced by the Turnbull Committee, which relates to Code provisions on internal control (C.2 and part of C.3 in the Code); and, second, “Audit Committees: Combined Code Guidance”, produced by the Smith Group, which relates to the provisions on audit committees and auditors (C.3 of the Code). In both cases, the guidance suggests ways of applying the relevant Code principles and of complying with the relevant Code provisions.
Whistleblowing in the United States of America
Sarbanes- Oxley Act 2002
The Sarbanes-Oxley Act of 2002, was introduced by Senator Paul Sarbanes and Representative Michael Oxley, it represents the largest change to federal securities laws. It came as a result of the biggest corporate financial scandals involving companies such as Enron and WorldCom. From 2004, all publicly traded companies are required to present an annual report of their internal accounts to the Securities and Exchange Commission (SEC). As part of this Act all companies listed in the USA are to establish procedures allowing employees to whistle blow and afford them protection of confidentiality if whistleblowing reports are made to the audit committee.
Whistleblowing in France
Commission nationale de l’informatique des libertes (CNIL)
CNIL is an organisation in France that regulates the approval of “whistleblowing” schemes for organisations and companies either based or operating in France. It is compulsory. The use of whistleblowing hotlines and reporting in France is restricted to accounting, auditing, financial misconduct or corrupt practices such as bribery, collusion or conflicts of interest.
You can apply to register your whistleblowing scheme online via www.cnil.fr
An acknowledgement receipt (“récépissé”) is then sent to your company or organisation and this constitutes an authorisation of the notified system as well as, if relevant, an authorisation of the international data transfers taking place in the context of running the whistleblowing system.
Whistleblowing in Netherlands
Code Tabaksblat 2003 and Update 2006
The Code of Corporate Governance in the Netherlands stipulates the following as regards whistleblowing provision:
“The management board shall ensure that employees have the possibility of reporting alleged irregularities of a general, operational and financial nature in the company to the chairman of the management board or to an official designated by him, without jeopardising their legal position. Alleged irregularities concerning the functioning of management board members shall be reported to the chairman of the supervisory board. The arrangements for whistleblowers shall in any event be posted on the company’s website.”
Whistleblowing in Belgium
The Belgian Privacy Commission recently issued a recommendation with respect to the compatibility of whistleblowing schemes with the Belgian Private Data Protection Law of 8 December 1992.
In this recommendation, the Belgian Privacy Commission indicated that since the Private Data Protection Law applies as soon as personal data is processed by automatic means or is filed or is intended to be filed, it will apply to almost all whistleblowing schemes. The Commission outlined a number of basic principles, which should at least be respected by whistleblowing schemes to be compatible with the Private Data Protection law. These principles are more detailed than the earlier recommendations of the Article 29 Working Party and relate to (i) honesty, legitimacy, purposefulness of the scheme, (ii) proportionality, (iii) accuracy of the personal data, (iv) transparency, (v) security of the processing operations and filing, (vi) rights of all persons involved (whistleblower, reported person and third parties), and (vii) registration of the database if the data will be automatically processed or at the request of the Belgian Privacy Commission.
The recommendations of the Belgian Privacy Commission are not binding but have an important persuasive authority, and are normally followed by the courts. Therefore, their practical impact is significant and the basic principles can be used as a guideline for companies wishing to implement whistleblowing schemes in Belgium.
Whistleblowing and EU Data Protection
Article 29 Data Protection Working Party offers an opinion and guidance on how internal whistleblowing schemes can be implemented in compliance with the EU data protection rules enshrined in Directive 95/46/EC.2. This document only forms an opinion and is not legislatively mandatory.
Whistleblowing Internationally
This publication, made available with the kind permission of CMS, an alliance of major independent European law firms providing their clients with a full range of legal and tax services (www.law-now.com), analyses the current legal status and identifies the relevant legal issues in several European jurisdictions. It gives practical guidelines on how ethical codes of conduct and whistleblowing hotlines should be implemented in these countries in accordance with their applicable national laws, while still complying with Sarbanes Oxley.
To find out more
To learn more about Expolink's Hotline solutions, contact Expolink today by phone (24 hours): 01249 661604, email: hotline@expolink.co.uk or complete the following form:
