Anonymous whistleblowing banned in Portugal
Under new guidelines published by the Portuguese Data Protection Authority on the 1st October 2009, whilst whistleblowing is acknowledged as a matter of good corporate governance a whistleblower cannot make a report anonymously.
Over the last few years there has been a conflict of law between the US requirements of Section 301(4) of the Sarbanes Oxley Act for US regulated companies to have in place anonymous confidential whistleblowing systems on the one hand and comply with EU data protection and labour laws on the other hand.
Some EU member states do not allow anonymous whistleblowing unless it is as a last resort but the new guidelines from Portugal mean that they join Spain in outlawing unanimity completely.
Whilst the Portuguese guidelines are currently not available in English language we have been told by our colleagues at the Portuguese law firm of Coelho Ribeiro & Associates that the new guidelines recommend that:
-
a whistleblower cannot make a report anonymously
confidentiality of the whistleblower's data has to be maintained throughout an entire whistleblowing investigation process
-
authorisation of the Portuguese Data Protection Authority must be sought before implementing a whistleblower scheme
-
failure to obtain permission of the Data Protection Authority could lead to fines of up to €5,000 for an individual or up to €30,000 for a company
-
whistleblowers are only allowed to report on corruption, banking and financial crime and matters affecting internal accounting controls or auditing
-
whistleblowing is not allowed for breaches of general codes of conduct
-
whistleblowers may only report against individuals in managerial positions
-
ethical hotlines and web reporting should only be used in the absence of suitability of other normal reporting mechanisms.