Anonymous and confidential whistleblowing are two forms of reporting wrongdoings at companies under the EU Whistleblower Directive. The Directive regulates that every EU company with more than 50 employees must have a mechanism ensuring that their staff can safely report any type of suspicions, incidents, and nonconformities observed in the company.
Understanding the difference between confidential and anonymous whistleblowing solutions is an important step in determining whistleblowing policy and setting a whistleblowing channel. In this article, we will delve into two ways of managing whistleblowing reporting.
Accepted back in December 2019, EU Whistleblowing Directive was created to ensure transparency in companies and give a mechanism for safe reporting of any kind of wrongdoing that can cause significant troubles to companies: from damages to ethics & culture to considerable financial losses due to fraud or low-quality standards.
The most typical cases of whistleblowing reports are discrimination and harassment, crimes, bribery, corruption, mismanagement or power abuse, misuse of data, etc. Depending on the industry, it can also be a case of food safety or environmental protection, or similar.
Besides creating a legal protective mechanism, the EU Whistleblowing Directive significantly contributes to creating a healthy whistleblowing culture EU-wide and shifting the perception of whistleblowers from traitors and sneaks to responsible employees who follow the rules and want to prevent abuse of any power.
See the implementation status throughout EU member states (updates based on transposition status).
On 18 June 2022 following the EU Whistleblowing Directive, the Portuguese Whistleblowing Law “Regime Geral de Proteção de Denunciantes de Infrações” came into power, which obliged all companies with 50+ employees to implement a whistleblowing system until 18th of June 2022.
As it reads, the new law "benefits from the protection conferred by this law the whistleblower who, in good faith, and having serious grounds to believe that the information is, at the time of complaint or public disclosure, true, denounces or publicly discloses an offense under the terms established".
The new law also establishes the creation and operation of an institutional whistleblowing system and the prohibition of any form of retaliation accompanied by the establishment of protection and support measures for whistleblowers.
Denmark was the first EU Member State to adopt the Whistleblower EU Directive. On 24 June 2021, Denmark passed its new Whistleblower Act known as “Lov om beskyttelse af whistleblowere”. Having been adopted, the Whistleblower Act bound companies with more than 250 employees to implement the whistleblower system by 17 December 2021, and, further, companies with 50-249 employees ― by 17 December 2023.
“Lov om beskyttelse af whistleblowere” establishes a new whistleblowing reporting framework and protection from retaliation. It goes further than the required standards set by the EU Directive. Besides protecting reports of serious wrongdoing and violations of EU law, it also protects whistleblowers according to the national reports’ cases.
The initial deadline for the national law adoption should have been 17 December 2021, but it was postponed to later in 2022. On 27 July 2022, the German Federal Cabinet approved a government draft of the Whistleblower Protection Act “HinSchG (Hinweisgeberschutzgesetz), which initiated the further legislative process. The law is expected to be adopted in February 2023 and subsequently, come into power 3 months after the adoption.
The Hinweisgeberschutzgesetz (HinSchG) is the national Whistleblower Protection Act that protects the confidentiality needs of persons who got hold of any information about infringements and reported it to other accountable authorities. This covers both internal and external reports as well as public whistleblowing.
It is possible to submit whistleblowing reports completely anonymously if the company has the right whistleblower channel in place. Many companies allow this way of incident reporting to prompt employees not to be afraid to report wrongdoings if such take place.
At the same time, some companies may show concerns over anonymous reports connected with the fear of not being able to fully evaluate cases. That’s why some would prefer to have an alternative reporting option, not completely anonymous, but still very safe. In reality, as the EU Whistleblower directive requires companies to be able to request more details or clarification, it shouldn’t be an issue as long as they have a whistleblower system in place to follow up on incidents, even though they are anonymous.
However, besides individual inclinations, there are also legal frameworks that may make companies implement an anonymous whistleblower system. For example, the whistleblower anonymity law in Portugal, “Proposta de Proteção de Denunciantes”, states that all whistleblowers must have the option to remain entirely anonymous.
Along with an anonymous reporting hotline, companies can choose to offer a confidential one. The implementation of both shouldn’t be a problem, as long as you have a reliable whistleblowing system that supports both. For example, with Whistleblower Software companies can provide their employees with a choice between anonymous and confidential types of reporting.
Having said this, let’s have a look at the difference between anonymous and confidential whistleblowing.
As the name suggests, anonymous whistleblowing is the reporting of any possible wrongdoings to an employer or an external representative without disclosing any personal information, i.e. remaining completely anonymous.
Whistleblowers will use an anonymous whistleblower form provided by an employer, where they will be able to describe a case and enclose any supportive files, without presenting themselves and leaving any contact information. In this way, nobody in the organization knows whom the report came from.
The biggest advantage of anonymous whistleblowing is quite obvious. As there is still a perception of a whistleblower as a troublemaker instead of quite the opposite, the one who can help to identify a problem in its early stage, many employees feel hesitant to submit whistleblowing reports due to a fear of consequences. Being able to stay anonymous, ensures that employees will actually feel comfortable reporting wrong-doings instead of keeping silent and letting a matter escalate.
Existing concerns about not being able to communicate when a report was submitted anonymously is rather a myth, an outdated perception of whistleblowing practices.
However, to ensure that communication in an anonymous whistleblower system is properly set, a company needs a dedicated whistleblowing system.
Using the example of Whistleblower Software, we will show you how a company can communicate the case when they receive an anonymous whistleblower complaint.
The “Case Management” in a whistleblower system is an answer to how people will know the status of their reports.
Once anonymous reporters create a case, they get a unique password generated for their case.
It is important to save this password, as they later will need it to be able to access the report and see updates on it.
After reporting anonymously, it is still possible to communicate with whistleblowers without revealing their identities. The problem with communication in anonymous whistleblowing used to be an issue when the only whistleblowing channel was a digital mail, phone, or physical address of a company. Luckily, those times are gone.
Today companies can easily communicate with anonymous whistleblowers knowing that all communication channels are secured with required IT security measures. To ensure safe communication for our customers who use Whistleblower Software we implement the following:
As you can see on the screen above when submitting a report there is a possibility to leave an email address. This feature is offered to enable whistleblowers to receive notifications on cases immediately - no need to go to the platform to check the status all the time.
Leaving a digital mail doesn’t mean providing a case worker with your email address. At Whistleblower Software, all emails are safely protected and are not visible to anyone, particularly to an employer or a case handler.
Read more about specific IT security measures here.
Confidential whistleblowing requires whistleblowers to disclose a bit more information about themselves. One can’t be completely anonymous in confidential whistleblowing, however under the EU Whistleblower Directive confidential hotlines still ensure a high level of security for those who submit confidential incidents.
Does it mean that employees are sensitive when sending confidential reports? Not at all. If employees send a confidential report, they are guaranteed that all their contact information is safe and not shared with anyone else but the appointed case handler. Depending on the settings done by a company, some whistleblowing cases might even not be shared with all case handlers, if there is more than one in a company. In this way, you know that the only person who knows about the case is an unbiased advisor, whose duty is to ensure the privacy of your identity. Thus, a whistleblower can still report wrongdoings knowing that he or she is protected by the law against the most commonly feared consequences.
Further, sending a confidential report in most cases will be more beneficial than sending an anonymous one in terms of whistleblower protection. Once a person sends a confidential report, he or she is automatically covered by the Whistleblower Protection Act.
While some countries are bidden by law to introduce anonymous reporting, they still have a choice whether to introduce both anonymous and confidential hotlines or stay only with an anonymous one. And before you shape your preferences, we deem it important to cast the light on a few aspects of anonymous reporting versus confidential reporting.
While anonymous reporting can make it easier for employees actually blow a whistle, it might be a case that without further details, or sometimes direct contact with a person, it can be difficult to solve the issue. Thus, the risk arises that the problem might not be properly solved. This is for concerns on behalf of employers.
But if speaking about employees, the biggest fear on their side is that the management will figure out their identity and they will be overtaken by negative consequences. The latter is possible if a company still has the approach to whistleblowing as “complaints behind the back”. If instead of solving a problem a company decides to get back at employees, then employees are not protected and can’t avoid being dismissed or lowered in their position.
From this perspective, confidential reporting has a huge advantage - EU Whistleblower Directive determines the legislative framework to protect whistleblowers from any sanctions and dismissal. This is what the directive is for ― to ensure the proper communication of wrongdoings without people being hindered from speaking out because of fear of dismissal.
The introduction of both anonymous and confidential reporting or only one of them is up to each company’s decision, which is also greatly influenced by respective national legislation. The general recommendation would be to have both to fit several needs.
Understanding the complexity of whistleblowing requirements EU-wide, we at Whistleblower Software provide both options, all up to the highest data privacy requirements. See how you can manage anonymous and confidential reports.
Is whistleblowing anonymous? Or should it be anonymous? There is no single answer. While some national legislations oblige companies to offer an anonymous whistleblower form, along with it companies could also provide a confidential whistleblowing channel as an option. In case of high mistrust among some employees, having an anonymous reporting channel is definitely highly recommended. Otherwise, companies may not get serious violations reported to them.
However, with the national legislation under the EU Whistleblowing Directive in place, whistleblowers are protected in case of any consequences. Being protected by the national Whistleblower Act makes their position more protected, and thus beneficial, compared with anonymous whistleblowing. Because, if the identity of anonymous whistleblowers somehow gets discovered, then there is no law protecting them as they lack proof that it was they who blew the whistle.
If employees want to report anonymously, it doesn’t mean that there is no way to connect with them. But the range of options can vary depending on the platform that a company uses for whistleblowing.
At Whistleblower Software, we offer a channel where an employee can send a report anonymously and get a unique password that allows checking the status of the case. Also, an HR manager, a case handler, or any other person responsible for case management, can anonymously communicate with an employee. Employees can even choose to leave their email addresses, which will be used only for automatic notifications about case updates and will remain invisible to employers.
It is highly recommended to have both to accommodate the needs of employees, particularly those with some phycological barrier to sending reports. Some countries are required to provide anonymous reporting, but then they still prefer to offer both anonymous and confidential reporting options.
The safety of whistleblowers depends directly on the National laws adopted under the framework of the EU Whistleblowing Directive. The Directive stimulates all EU member states to adopt its principles in their legislation to protect whistleblowers from any consequences if the management of the company is not happy about things coming out.
However, you need to be careful with anonymous reporting. While in this case a whistleblower leaves no personal information and can’t be tracked back, there might be other factors that can give a whistleblower away. As a rule, the chances for this to happen are rather low, and they mainly depend on the situation in the company and communication between implicated parties. The point is that in many anonymous cases, people can’t provide any evidence that it was them in order to be covered by the whistleblower anonymity protection.
Try the Demo tour throughout the platform.
Our system is specifically developed for the purpose of meeting the legal requirements in relation to companies' whistleblower schemes in your country and for whistleblowing- and data protection regulations for EU- and non-EU countries. We go 'all-in' to give you and your employees the best experience.
Securing your data is our first priority. Our system uses end-to-end encryption, secure servers, and multi-factor authorizations to ensure your company's data is protected at all times, against all threats. Privacy is at the center of all we do.
This article was developed for information purposes only. For legal advice, contact your trusted advisor. Alternatively, Whistleblower Software can connect you with a local legal expert.