How does whistleblowing work? WhistleB’s whistleblowing system guide step-by-step
Whistleblowing systems come in many shapes and sizes. They can be digital, telephone-based, face-to-face, email, external, internal or a combination of all the above. Any of these can also be referred to as a whistleblowing hotline. WhistleB provides customers one of the most advanced digital whistleblowing systems but, how does whistleblowing work?
How does whistleblowing work?
This is what happens in WhistleB’s whistleblowing system, in short:
- The whistleblower accesses the system online and sends a message about their concern, anonymously or openly, through the whistleblowing system’s communication channel.
- Appointed individuals receive a notification and log in to the whistleblowing system’s case management tool to read the message and to take action.
- To build trust, uncover information, and proceed with potential investigations, dialogue with the whistleblower – who can remain anonymous throughout – takes place through the system.
- Upon completion, cases can be closed, archived and deleted, in compliance with applicable data protection laws.
Let’s take a look at how each of these steps happens through the whistleblowing system.
STEP 1: The whistleblower sends a message through the whistleblowing system
The whistleblowing system contains a communication channel, which is the interface through which the organisation can communicate with the whistleblower, anonymously or openly. The whistleblower accesses the channel through the organisation’s specific whistleblowing system website. They can chose to access the website from a range of devices, such as smartphones, tablets or laptops, anytime and anywhere.
Once at the landing page, which will appear in the relevant country language, the whistleblower can read about how the whistleblowing system works, the data privacy protection applicable to them, and other information they need to feel safe. They can also select to report anonymously or openly.
The whistleblower submits a report by completing the questionnaire available through the website. Each organisation can customise its questionnaire so as to receive the information that is vital to the organisation. The whistleblower describes what has happened and can attach any relevant files such as photos. They then review the report and press submit to send it. The report is encrypted in transmission and storage.
After the report has been submitted, the whistleblower will receive a personal ID number and a password on screen. They use this to securely log in to the whistleblowing system and react to questions or follow up on the processing of their report. All information is encrypted. No IP addresses are stored and anonymity is secured at all times through the whistleblowing system.
STEPS 2 & 3: A whistleblowing team member accesses the report and takes action through the whistleblowing system
The whistleblowing system sends a notification to the appointed whistleblowing team member that a new whistleblowing report has been received. They select whether to be notified by e-mail or text message. They log in to the case management tool, often through an even more secure multi-factor authentication.
The team member reads the message and takes action as necessary. Action may include:
- Sending a follow-up question to the whistleblower for additional information
- Accepting or declining a whistleblowing message
- Escalating a message
- Appointing a case manager
- Starting an investigation
The whistleblowing system allows for secure dialogue with anonymous whistleblowers as well as with external stakeholders, and it has translation support for communication in any language. All actions are traceable as each case has a log. Whistleblowing team members receive an overall view of cases in the whistleblowing system and can generate documents, reports and on-line statistics.
The case management tool enables the case manager to adhere to legal requirements on whistleblowing in different national jurisdictions and the entire whistleblowing system is aligned with legislation for the correct handling of personal data.
STEP 4: Cases are completed and closed in the whistleblowing system
The whistleblowing system facilitates compliant handling of completed cases. Personal data included in whistleblowing messages and investigation documentation can be deleted when the investigation is complete. The whistleblowing system provides an additional security measure here; through the whistleblower case log deleting a case can be made impossible without notifying all whistleblowing team members.
Any personal data that must be maintained according to other laws can be stored in compliance with those laws.
We remind customers in the EU that investigation documentation and whistleblower messages that are archived should be anonymised; they must not include personal data through which persons can be directly or indirectly identified. The whistleblower system enables this by either deleting the case after the investigation, or by archiving it, after having deleted all personal data.
The WhistleB whistleblowing system has deep functionality that ensures whistleblower and data security, compliant and appropriate handling of cases and a user-friendly experience for both those submitting and managing reports.
Do you want to know more on how whistleblowing works? We would be very happy to provide you a free-of-charge demo of any of the above-mentioned features of WhistleB’s whistleblowing system.