Raiseaconcern responds to DPER consultative process on transposition of EU Whistleblowing Directive into Irish law.

 

Mr Michael McGrath TD

Department of Public Expenditure and Reform

Merrion Street

Dublin 2

 

July 2020

By email:   PDconsultation@per.gov.ie

 

Consultation on the transposition of Directive (EU) 2019/1937

of the European Parliament and the Council

on the protection of persons who report breaches of Union law

(EU Whistleblowing Directive)

 

Dear Minister

I refer to the invitation of your Department for submissions on the transposition of those aspects of the above Directive where Ireland must make a choice as regards implementation and attach our submission in response to the ten questions posed in this regard.

Our submission draws on our experience in specialising since 2013 in the field of Employee Disclosure (Whistleblowing) and in dealing with private sector employers and public bodies in the prevention, detection, investigation and remediation of workplace wrongdoing.  

If we can be of any further assistance in the legislative process of transposing this Directive or in the compilation of related Guidelines, please let us know.

Yours sincerely,

 

Philip Brennan

Managing Director

 

Question 1 (Article 6 – Conditions for protection of reporting persons)

Should Ireland avail of the option to require anonymous reports to be accepted and followed up?  Please provide reasons for your answer.

It is the view of Raiseaconcern that Ireland should adopt into the amended Protected Disclosures Act (’the amended Act’) a requirement for employers to accept and follow up on disclosures made by anonymous Disclosers. 

A key focus of the EU Whistleblowing Directive (‘the Directive’) is to encourage and protect those who wish to disclose concerns they have about possible work related wrongdoing (‘Disclosers’) to others and to facilitate them in doing so safely.  It is the experience of Raiseconcern that concern over their identity being revealed is the single biggest fear that Disclosers have and is the most significant deterrent to disclosure.  The amended Act should take all reasonable steps to meet the needs of Disclosers and this one is key.

Disclosers can be concerned about their identity being revealed for any one of a number of reasons.  The obvious ones are the potential for penalisation by management or detriment (which can potentially be serious detriment in the case a material disclosure) caused by impacted persons, colleagues or others.    However, it is also the experience of Raiseaconcern that Disclosers’ reluctance to come forward can simply arise from fear that the process will involve being challenged by superiors, from a fear of being mistaken, or from a fear that they will be made to feel that blame for the consequences of their disclosure rests with them, rather than with those involved in the reported malpractice or those who should have but did not call it out.  Employee disclosure is a stressful process and some Disclosers, understandably, are unwilling to subject themselves to any level of possible personal stress or risk. So, unless there is an option for them to report anonymously, they will never dare to come forward.

In its current form, the Act seeks to address this fear by placing an onus on the recipient of a disclosure to protect the identity of the Discloser, but with some permitted exceptions.  This is sufficient to assure many Disclosers but, for others, the risk of their identity becoming known is still too big.  The Act in its current form does not, for the most part, provide ‘protection’ (as its title suggests) prospectively against penalisation of or detriment to Disclosers.  It provides a form of redress retrospectively to those who successfully claim it through the mechanisms provided for in the Act.  For many, the very possibility of running the risk of being identified or having to engage in a manner where they can be identified - particularly facing the possibility of having to successfully make a claim through the courts (where their identity will become known) is too off-putting.  

Employers who focused on creating a culture of openness and who encourage employee disclosure recognise this concern of many employees and take steps to facilitate effective anonymity by providing alternatives.  The original reason we set up Raiseaconcern was to provide an intermediation facility for such employers whereby their employees could reveal their identity to Raiseaconcern, but with a commitment (with the employer’s agreement) that Raiseaconcern would not reveal their identity to their employer or others (unless required by law or court order).  This recognises and facilitates potential Disclosers with a deep fear of their identity being revealed to make a disclosure safely.  Details of the wrongdoing only are passed to the employer.  The focus is taken off the Discloser.

Managing an obligation to protect the identity of a Discloser, as provided for in the current Act, can also be very onerous for employers - so using an intermediary such as Raiseaconcern can also be attractive for employers.  What better way for an employer to prove that they have met their responsibility to protect a Discloser’s identity than to be able to prove it was never known to them to start with?  A trusted intermediary can facilitate the two way communication required between employer and Discloser, but keep the focus on the alleged wrongdoing, rather than on the Discloser.

There has traditionally been a nervousness amongst many employers and advisers about acting on anonymous disclosures.  It is perhaps understandable, as any employee focused on knowingly and maliciously making claims against others that they know to be untrue can hide behind the veil of anonymity.  Our experience in Raiseaconcern is that it is very much the exception, rather than the rule, that employees use anonymous disclosures for malicious reasons.  The vast majority of Disclosers have a reasonable belief of wrongdoing.  It would, therefore, be a mistake to exclude anonymous disclosures from the amended Act based on this misconception.  It is far more likely that Disclosers will seek anonymity due to fear of retribution, rather than due to malicious intent.  Indeed our experience is that the bigger the fear retribution, the more likely it is that the Discloser will disclose anonymously – or not disclose at all. 

Those who seek anonymity when disclosing wrongdoing sometimes do so by going to the press and the weight of public interest in these circumstances often forces action.  In circumstances where Disclosers have not used other channels available them, this can result in loss of protection under the Act.  Why then should follow up of anonymous disclosures directly to an employer, through an intermediary or through a Competent Authority not be provided for in the amended act?  This is the type of disclosure the Directive is trying to encourage.  Just like the press it is open to all such parties to exercise the necessary caution and due diligence to evaluate if there is potentially substance to the disclosure.  When conducted thoroughly, that should provide the necessary protections for those against whom allegations of wrongdoing are made and mitigate the risk of malicious disclosure.  The entitlement of those against whom allegations are made to fairness and due process and their right of response is in no way impaired by reason of the anonymity of the Discloser.

It can be argued that the issue of Discloser protection does not arise if the Discloser is anonymous, and consequently the protections of the amended Act are not relevant.  Raiseaconcern do not agree with this line of argument.  Managers or colleagues of Disclosers who become aware of disclosures, particularly in small or medium sized enterprises or business units, often successfully speculate, by a process of elimination or otherwise, on the identity of a Discloser. 

Raiseaconcern advocates the value of intermediation, as it provides effective anonymity.  The Discloser gets the protection of the Act if their identity is speculated on but if they suffer resultant penalisation, evidence can be produced that they were the Discloser.  Yet, an open line of communication can be maintained with the Discloser to facilitate evaluation of matters disclosed and, if necessary, investigation.  It is our experience that where a Discloser gains trust in the process, confidence that their concern is being taken seriously and reassurance that they will be protected, the importance of anonymity often diminishes and ultimately, where it is necessary to progress the investigation, they agree to be identified and give evidence.

The view of Raiseaconcern is that anonymous disclosure is good for organisations.

The kind of information that can be unearthed from anonymous Disclosers may otherwise be almost impossible for management to detect through normal risk oversight channels.  Accepting disclosures from anonymous Disclosers increases the likelihood that such information will be forthcoming. This, in turn, enables managers to address the related misconduct sooner and thereby mitigates potential reputational and financial loss.

Facilitation of intermediary services facilitates and safeguards anonymous Disclosers.  Trustworthiness is everything. Any Discloser wanting to remain anonymous needs to trust that the organisational whistleblowing solution will safeguard their anonymity, all the way from reporting, to ongoing dialogue/interaction to feedback. 

Raiseaconcern recommends that Ireland should avail of the option to require anonymous reports be accepted and followed up.  We recommend that the provisions of Section 6(2)  are made more explicit, so that it is clear to workers that they can gain effective anonymity by use of an intermediary, while preserving the protections offered by the Act (if their identity is speculated on successfully and they are penalised).

Question 2  (Article 8 – Obligations to establish internal reporting channels)

Should Ireland provide that private sector entities with fewer than 50 employees should establish internal reporting channels and procedures? If yes, what sectors should this requirement apply to? Please provide reasons for your answer.

Yes.  Setting a minimum standard requiring that employers with more than 50 employees establish internal reporting channels and procedures was an expedient well-intentioned compromise, amongst EU member states, to address the prospect of countries who currently have no domestic legislation in this area, having to introduce these provisions right down to micro and small enterprises in a single sweeping measure. 

65% of Member States currently have no overarching legislation protecting whistleblowers.  Ireland, on the other hand, has operated very progressive legislation granting such protection for six years now.  We are a leader in this area and the Act was used as an important reference point when drafting the Directive.

The key consideration in answering the question posed – leaving aside the matter of the cost of compliance (dealt with later) - is whether there are coherent principled reasons why employers with less than 50 employees should not be subjected to the same provisions as those with more than 50.   Are such small enterprises any less prone to wrongdoing?  Is the seriousness of any work related wrongdoing they encounter likely to be proportionate to the number of employees they have and therefore immaterial?  Are they less likely to penalise Disclosers?  Would implementing such provisions seriously impede their operations or act as a disincentive to setting up or to competing with other EU countries who may not adopt such provisions? 

Raiseaconcern’s view is that the answer to all of those questions is ‘no’.  Indeed it is possible that micro/small enterprises are more likely have underdeveloped control systems, thus adding to the benefit of facilitating all employees acting as quasi-Compliance Officers within the enterprise and assisting in the avoidance of wrongdoing by voluntary disclosure. 

In the operation of other aspects of legislation, Ireland does not apply exemption or ‘lite touch’ provisions for micro or small enterprises.  They must all adhere to the same tax administration provisions, the same health and safety provisions and the same environmental protection provisions (to name but a few) as medium and large enterprises. 

If enterprises with less than 50 employees are (as currently) subject to the Act, but simply not required to put internal reporting channels or procedures in place, would the Competent Authorities, to whom the responsibility for implementing and facilitating such reporting and other procedures would default, be equipped or resourced to deal with all such cases?  Would the micro or small enterprises even want these reporting or other provisions vested in the Competent Authorities – would a small employer prefer that an employee reported poor tax compliance by their manager to the Revenue Commissioners or to a designated person within the enterprise?

Unlike many EU countries, the notion of disclosure of work related wrongdoing has become far more socially acceptable in Ireland over recent years since enactment of the Act.  Our legislators should promote an environment where all enterprises, small as well as big, act legally and properly.  The reality is that the cost of setting up and operating an employee disclosure process in a micro or small enterprise should be low.  The Government of Ireland is required under Article 20 of the Directive to provide support on the design of policies and procedures and on their operation.  There is nothing to prevent government bodies, trade associations, voluntary bodies and others making template policies, procedures and processes available at no or low cost to micro or small enterprises.  Equally, a Government sponsored public awareness process would educate employees of enterprises of all sizes on their rights and protections.  After that, the only imposition on micro or small enterprises would be to examine and, if necessary, address any reasonable belief of wrongdoing brought to their attention by workers.  This should be part of everyday business and something that would be in their interest to do.

The view of Raiseaconcern is that Ireland should not differential between sectors in adopting the Directive.  All sectors, private and public, ‘for profit’ and ‘not for profit’ who have employees, irrespective of number, should be required to operate to the same provisions.

Government should actively promote the updating of the Act as something that is positive and good for business and other enterprises, micro and small as well as medium and large and indeed positive for citizens as a whole.

Question 3 (Article 8 – Obligations to establish internal reporting channels)

Recital 49 of the Directive provides that “This Directive should be without prejudice to Member States being able to encourage legal entities in the private sector with fewer than 50 workers to establish internal channels for reporting and follow-up, including by laying down less prescriptive requirements for those channels than those laid down under this Directive, provided that those requirements guarantee confidentiality and diligent follow-up”. Should Ireland lay down less prescriptive requirements for channels for private entities with fewer than 50 employees? What should these requirements be? Please provide reasons for your answer.

No.  As stated in answer to question 2, Raiseaconcern does no advocate differentiation between micro/small enterprises of less than 50 employees on the one hand, and medium/large enterprises of more than 50 on the other. Indeed to do so is in our view likely to introduce an unnecessary layer of confusion and complexity between sectors. 

Given the level of acceptance and understanding amongst many levels of the Irish public of the benefits of employee disclosure since the introduction of the Act in 2014 and the high profile cases that followed, Raiseaconcern considers that Ireland now has an opportunity to put itself forward internationally as a country that operates well governed and well managed enterprises at all levels and reduce the reputational and financial risk of workplace wrongdoing at all levels.

Raiseaconcern believes that a risk assessment of micro/small enterprises will show that the activities of many such enterprises may carry a level of residual risk (due to the absence or level of risk mitigants in place) that is higher than and not proportionate to their size.

The cost of compliance can be minimised if not eliminated by Government providing appropriate supports. 

The benefits to such enterprises themselves and to the public interest could be significant.

Question 4  (Article 8 – Obligations to establish internal reporting channels)

Should Ireland exempt public sector bodies with fewer than 50 employees from the obligation to establish internal reporting channels? Please provide reasons for your answer.

No.  It is the view of Raiseaconcern that this would be a dilution of the current provisions of the Act and a retrograde step. 

It is the view of Raiseaconcern that Article 25.2 of the Directive would prevent such action .

Question 5  (Article 8 – Obligations to establish internal reporting channels)

Should Ireland provide that municipalities (local authorities in the Irish context) can share internal reporting channels? Please provide reasons for your answer.

Local Authorities are already subject to the full provisions of the Act.  It is the view of Raiseaconcern that Article 25.2 of the Directive prevents any dilution of their responsibilities in this regard.

It is likely that your question relates to the matter of efficiency and the possibility of Local Authorities sharing resources to address their responsibilities under the Act. 

Our experience in Raiseaconcern of seeking to work collectively with public service bodies (not Local Authorities) is that they tend to be autonomous bodies with separate accountabilities, so sharing support structures that could involve staff from Local Authority being privy to information disclosed by workers from another is likely to be problematic.  That is not to say that Local Authorities could not work together to develop or commission common standards, processed or procedures.   The difficulty comes with information sharing relating to employee disclosures.

As you are aware, the Department of Public Expenditure & Reform has already set up and oversees a number of frameworks dealing with the outsourcing of the service of Confidential Recipient, disclosure evaluation, disclosure investigation and training.  Raiseaconcern see no reason why competency assessment and pricing efficiencies arising from services centrally procured under such frameworks would not meet the efficiencies that your question seeks to address.   

Question 6  (Article 11 - Obligations to establish external reporting channels and to follow up on reports)

Section 7 of the Protected Disclosures Act provides that the Minister for Public Expenditure and Reform can prescribe any person by reason of the nature of their responsibilities to receive reports of wrongdoing. This is similar to the approach taken in other countries with whistleblower protection legislation, such as France and Latvia. Some countries, such as the Netherlands, have a single competent authority that receives reports and either refers them on appropriate authorities for follow up or follows up itself. Should Ireland continue with the current approach to designating competent authorities or should an alternative model be considered? Please provide reasons for your answer.

The view of Raiseaconcern is that Ireland should continue with the current provisions contained in Section 7 of the Act.  Prescribed persons are best placed to understand and follow up on disclosures relevant to their area of specialisation – e.g. the Data Protection Commission is best placed to competently and properly follow up and address concerns about non-compliance with data protection law etc. 

Raiseaconcern can see no benefit and can envisage added complexity and inefficiency in adding an extra layer of administrative bureaucracy by interposing a single Competent Authority who would either receive reports and refers them onwards to appropriate authorities for follow up or follow up itself.  At best, such Authority would be no more than an administrative clearing house.  Ultimately, the Competent Authorities currently comprising the list of persons and bodies prescribed under Section 7 of the Act, as amended from time to time, would in any event have to consider and address the matters within their sphere of competence.  It would not be feasible, and indeed could be divisive, to have an overarching Authority competent to follow up on all areas of specialism.

Raiseaconcern foresee that the resourcing and equipping of prescribed persons to address the expanded emphasis in the Directive on disclosures to Competent Authorities will need to be addressed in order to meet the added responsibilities placed on them.  Raiseaconcern sees benefit in common systems and processes being collectively developed and adopted across Competent Authorities under the oversight of a single Department, such as the Department of Public Expenditure & Reform.  This should ensure that uniform standards are applied. 

Raiseaconcern would recommend that Competent Authorities should be required to report publicly on dealing with disclosures and the types of issues that have been reported to them and on their success in ensuring that corrective action is taken by the impacted enterprises that were the subject of the disclosures.  While such reporting would broadly mirror the provisions of Section 22 of the Act for disclosures made by workers to public bodies, Raiseaconcern would recommend that Competent Authorities would also be required to report on the status of  corrective actions they impose on enterprises the subject of disclosures.

Given the added pressures that increased reporting to Competent Authorities and their accountability for dealing with this will bring (particularly if enterprises with less than 50 employees are not required to put in place their own internal procedures), provision should be made for Competent Authorities to outsource discreet aspects of meeting their accountability to suitably experienced and qualified service providers.

The opportunity should be taken when transposing the Directive to review the list of designated bodies and to ensure that a complete and current list of all bodies with such status is put in place. 

Raiseaconcern recommends that rather than being regarded as an ‘add on’ to existing responsibilities, the emphasis placed by the provisions of the Directive on reporting by Disclosers to Competent Authorities should be viewed as an important addition to assisting such Authorities in the optimisation of regulatory compliance and in breaches detection across the area of competence of each Authority.  Competent Authorities should be resourced and trained accordingly.

Question 7   (Article 11 - Obligations to establish external reporting channels and to follow up on reports)

What procedures under national law should apply in Ireland in respect of communicating the final outcome of investigations triggered by the report, as per paragraph 2(e) of Article 11? Please provide reasons for your answer.

The view of Raiseaconcern is that while an underlying principle of maximum transparency should underly the communication of the final outcome of an investigation to the Discloser by the enterprise the subject of the disclosure, national law must provide sufficient latitude to vary the content of such communication so as not to compromise the rights of all interested parties.

Raiseaconcern has always advocated to clients that the key provisions contained in the Directive with regard to updating a Discloser on progress with evaluating or investigating their concern raised, and with regard to the final outcome of investigations should be followed.  However, our guidance has always been that great care should be exercised in doing so. 

The Experience of Raiseaconcern is that, at minimum, Disclosers will expect to be told whether or not their concern was well founded, not well founded, or partly well founded.  Going beyond that can, in certain circumstances, present difficulties.  If the disclosure is process related and the findings of an investigation are similarly process related, there may be circumstances where a fulsome explanation may be given to the Discloser of what was discovered, the process/procedural changes or additional training requirements arising or any restitution being made to impacted parties etc.  However, oftentimes investigations of wrongdoing involve people and personal accountability.  Typically, the finalisation of an investigation process may only be the start of another follow on process.  The investigation findings or process may be open to appeal  by impacted parties.  The investigation process may lead on to a disciplinary process against one or more persons found by the investigation to have been involved in wrongdoing. Legal action against employees or third parties may arise.  Issues regarding accountability for management oversight may arise.  In all of these cases, those involved are fully entitled to fairness and due process while the case against them is being processed.  Nothing in the feedback process to a Discloser should compromise the right of impacted parties to fairness and due process.

One of the criticisms frequently levelled at the Act was that it was heavily weighted to the rights of the Discloser with little recognition of the rights of those against whom allegations were made.  The Directive in Article 22 makes a welcome move to address this imbalance.  The procedure under national law in Ireland for communication of updates or the final outcome of an investigation triggered by a Disclosure should be consistent with provisions adopting Article 22.

Question 8   (Article 11 - Obligations to establish external reporting channels and to follow up on reports)

Should Ireland provide that competent authorities may close or prioritise reports received in accordance with paragraphs 3, 4 and 5 of Article 11? Please provide reasons for your answer.

Yes.  The reality is that worker disclosures can vary widely in importance and urgency.  Some disclosures can be urgent and/or critically important.  Others may be minor or unintentionally overrated in relative importance or urgency by the Discloser, due to an incomplete or misguided view of the risk.  Disclosures can be repeated, sometimes with minor variations, from different Disclosers.  The Act should provide Competent Authorities with the scope to prioritise their resources and the timing of action to disclosures where the risks are highest and to aggregate effort if addressing similar disclosures.

Our experience in Raiseaconcern, where we deal with both disclosures and investigations of wrongdoing, suggests that a type of triage process should be operated where disclosures are prioritised at initiation or evaluation stage, using standard risk rating processes which take account of the likelihood and impact of the matter disclosed materialising.  This should be undertaken under the authority of the Competent Authority but taking account, as necessary, of the initial feedback of the enterprise the subject of the disclosure.

In our experience, not all cases of worker disclosure require investigation.  Investigations can be lengthy, expensive and disruptive.  There may be circumstances where a detailed evaluation carried out under the oversight of the Competent Authority can get to the root cause of a problem and a remediation plan can be agreed between the Competent Authority and the enterprise the subject of the disclosure without a formal investigation.  Equally, such evaluations can conclude that there is no problem, or that a problem did exist in the past but has since been addressed.   More serious cases of concern will, quite clearly, require investigation, where attention to due process is critically important.

Raiseaconcern recommends that the amended Act should provide that a Competent Authority, having duly assessed a disclosure, can decide that a reported breach is insignificant and does not require further follow-up, other than closure of the procedure. This should not affect minor obligations which the Competent Authority may feel need to impose on the enterprise the subject of the disclosure.  Nor should it affect or the protection granted by the Act to the Discloser. The Competent authority should be required to notify the Discloser of their decision and the reasons for it.   We recommend that the Discloser should have a right of appeal to the Competent Authority, on foot of a concern that their explanation of the reasons for not following up suggests that the mandated process for evaluation was not followed or that the evidence presented was not properly or fully considered.  Such appeals should be considered independently.

Raiseaconcern recommends that Competent Authorities should be required to reopen cases, under advice to the Discloser, if material new information comes to light.

Raiseaconcern recommends that the Act should provide that in the event of high inflows of reports, Competent Authorities may deal with disclosures of serious breaches or breaches of essential provisions falling within the scope of this Directive as a matter of priority, without prejudice to the timeframe as set out in Article 11, Paragraph 2 (d).

Raiseaconcern recommends that in an effort to assist them in exercising their accountabilities, Competent Authorities should be authorised to outsource evaluations and investigations to competent third party service providers to assist them in exercising their accountability, where high inflows of disclosures arise.

Raiseaconcern recommends that the risk ratings of each disclosure should be kept under constant review by Competent Authorities.  In our experience, evaluations and investigations are iterative processes.  The experience of Raiseaconcern is that initial risk rating can vary materially, as more information becomes available. 

Question 9   (Article 20 – Measures of Support)

What measures of support should Ireland provide for reporting persons? What mechanisms might be used to provide such support? Who should provide that support? Please provide reasons for your answer.

It is the experience of Raiseaconcern that Disclosers often find the process of making a disclosure traumatic and stressful.

Raiseaconcern recommends that the Act makes provision for the following supports:

  1. A government sponsored or supported independent information and guidance centre which is easily accessible and staffed by persons competent to provide such information and guidance.  This service should dispense information to enquirers on procedures and protections  under the Act in understandable terms.  It should be free of charge.
  1. A requirement for all employers and other impacted enterprises, such as charities, to provide access to a similar service as in (a) either directly within the enterprise or by a third party, in both cases staffed by persons who are trained and competent to provide such guidance.  This service should be supplemented, where the Discloser so requires, with the provision of effective assistance in preparing a disclosure to the employer.
  1. A requirement for all Competent Authorities listed as designated persons to provide access to a similar service as in (a) either directly within the Competent Authority or by a third party, in both cases staffed by persons who are trained and competent to provide such guidance.  This service should be supplemented, where the Discloser so requires, with the provision of effective assistance in preparing a disclosure to the Competent Authority. As well as providing general guidance on the Act, this service should be specifically focused on the subject of competence of the Authority.
  1. A process for facilitating the application by Disclosers for employer sponsored independent legal support, subject to meeting requisite and reasonable criteria set, where the matters subject to the disclosure are subject to legal proceedings.
  1. A process for facilitating the application by Disclosers for employer sponsored independent employee assistance or professional psychological support, subject to meeting requisite and reasonable criteria set, including a requirement, where a professional psychologist is used, that the professional psychologist assesses that the necessity for treatment is reasonably associated with stress arising from the disclosure made.

The reason that Raiseaconcern recommends these supports is because in many, but not all, cases Disclosers find the experience, and sometimes even the prospect of making a disclosure stressful and daunting.  The more serious the issue and the consequences, the more likely it is that employee supports will be needed.  Providing the requisite support to facilitate disclosure or to help the would be Discloser to articulate or express their concerns and deal with the resultant stresses or legal risks is, in the view of Raiseaconcern, an important aspect of creating the appropriate environment for employee disclosure. 

Question 10 (Article 23 – Penalties)

What penalties should Ireland impose under this Article? What will make these penalties “effective, proportionate and dissuasive”? Please provide reasons for your answer.

Hindering or attempting to hinder a Discloser wishing to report a reasonable belief of wrongdoing; retaliating against such a person;  bringing vexatious proceedings against Disclosers and breaching the requirement to maintain the confidentiality of the identity of a Discloser are all serious offences which go to the heart of the Directive.  Effective, proportionate and dissuasive measures are required to encourage compliance and to penalise non-compliance.

Raiseaconcern view existing measures for addressing dismissal in Section 11 of the Act, for addressing penalisation in Section 12 of the Act, for tort action in Section 13, where a Discloser suffers detriment because of making a disclosure and the remedies available to Disclosers in Section 16, where information is disclosed that identifies the Discloser, are effective, proportionate and dissuasive. 

The definition of ‘penalisation’ in the Act will require extension to cover the additional provisions contained in the Directive.  The definition should include bringing vexatious proceedings against Disclosers following disclosure. 

The Act is currently silent on hindering or threatening a Discloser wishing to make a disclosure.  This should be addressed.

Currently, only public bodies are required under Section 21 of the Act to have internal procedures for protected disclosures made by workers.  This will need to widened to cater for the new provisions of the Directive.  Raiseaconcern recommends that a penalty is introduced, set at a dissuasive level, to ensure compliance by all impacted private and public sector employers and by Competent Authorities. 

A Department of Government should have oversight responsibility for compliance with the requirement by all impacted enterprises to put in place procedures, and workers should be at liberty to report non-compliance to this Department. 

Equally, failure by an employer to take action to address wrongdoing identified will need to be addressed by imposing a penalty for non-compliance, set at a dissuasive level.  Practical implementation of this requires consideration, but it would seem to Raiseaconcern that Competent Authorities, many of who carry their own suite of sanctions, are the bodies most likely to be in a position to play a meaningful role in addressing this.

For penalties to act as a deterrent, they must be implemented.

Currently, the only penalty applicable to Disclosers who knowingly or wilfully make a disclosure of information with malicious intent that they know to be untrue is that they lose the protections of the Act.  While this in itself should be a serious deterrent and while the Act should not deter worker disclosure, consideration should be given to introducing a proportionate penalty to act as an explicit deterrent to malicious disclosure.

_________

 

 

 

 

 

 

 

 

This project has been supported by Kildare Local Enterprise Office which is co-funded by the Irish Government and the European Union under Ireland's EU Structural Funds Programmes 2007 - 2013.