Chapter 7

Anonymity of whistleblowers

7.1        This chapter discusses the committee's consideration of public and private sector legislation for the following best practice criteria:

Provisions and protections for anonymous reporting

7.2        This section compares current legislation against the best practice criterion on anonymous disclosures. The section also covers statistics on anonymous disclosures as well as evidence put to the committee during the inquiry.

7.3        Existing legislation has varying arrangements in relation to anonymous disclosures:

Statistics on anonymous disclosures

7.4        A significant number of disclosures made under the PID Act are likely to be anonymous. Table 6.1 (in Chapter 6) indicates that a significant proportion of disclosures (11–18 per cent) are received from people deemed to be public officials. The Commonwealth Ombudsman noted that deemed public officials include anonymous disclosers or individuals who have inside information through their close connection with an agency or public official:

A significant proportion of those 'deemed' public officials are likely to have made anonymous disclosures, and the deeming decision would have been based on the fact that the person receiving the disclosure could not confirm whether the person was in fact a public official.[4]

7.5        While similar information is not available in the private sector, research has indicated that 76 per cent of organisations, including 79 per cent of private sector businesses, responded that they accepted anonymous wrongdoing concerns:

This was especially true of large organisations (92.5%) where anonymity is more feasible, as against small organisations (60.7%). Not-for-profits were least likely to accept anonymous concerns (60.9%).

...private sector protections such as Part 9.4AAA of the Corporations Act 2001 (Cth) require the reporter to first identify themselves. These results suggest such restrictions are widely out of step with corporate practices and preferences.[5]

7.6        Dr Olivia Dixon reported similar findings from her research on corporate sector codes of conduct, which indicated that:

In acknowledging that providing anonymous reporting may facilitate whistleblowing, over 65 per cent of companies allow for it. However, over 25 per cent of companies expressly discourage anonymous reporting on the basis that it will make investigation much more difficult.[6]

7.7        KPMG operates a whistleblower hotline service which provides whistleblowers with the option of being anonymous or providing their contact details. In 2016, 80 per cent of the whistleblowers who contacted the KPMG hotline elected to be anonymous. KPMG noted that this includes a proportion of whistleblowers who agreed to provide contact details to KPMG, whilst remaining anonymous to their employer.[7]

Evidence received on anonymous disclosures

7.8        Some submitters supported the requirement for a whistleblower to provide their name to a regulator.[8] Clayton Utz noted that there are practical difficulties in applying protections to whistleblowers who disclose anonymously and that anonymous disclosures are typically more difficult to investigate.[9]

7.9        The Law Council argued that whistleblowers should disclose their identity to the regulatory authority and be contactable at a later stage if required, provided that confidentiality arrangements are put in place to protect the whistleblower's identity from the company. The Law Council suggested that if adequate confidentiality protections are in place, whistleblowers may feel more comfortable disclosing their identity.[10]

7.10      Dr Dixon indicated that courts have warned that the prejudice that whistleblowers may face upon disclosure of their identity should not be underestimated. Dr Dixon suggested, however, that evidence with respect to anonymity is mixed:

Some studies have found that there is 'scant evidence that anonymity promotes whistle-blowing', while others find that individuals are more likely to voice dissenting views if offered anonymity.[11]

7.11      The Fund Raising Institute of Australia indicated that its complaint handling process does not currently provide for 'anonymous' reporting of breaches of its self-regulatory Code. Instead, a complainant is expected to participate in any hearing of the matter.[12]

7.12      The AIST informed the committee that it does not oppose broadening the whistleblower protection provisions to also cover anonymous disclosures. However the AIST noted that:

Anonymous disclosures can potentially limit the ability of parties who receive disclosures to investigate the matter thoroughly as they are unable to consult the discloser and this limitation should be considered as part of any future reform. Furthermore, anonymous disclosures limit the evidentiary testing of information as the original discloser may be unable to provide further evidence of the disclosed conduct.[13]

Support for allowing anonymous disclosures

7.13      However, there was generally much stronger support, including from law enforcement agencies and regulators, for allowing whistleblowers to disclose anonymously as discussed below.[14]

7.14      The AFP noted that for whistleblowers to provide information which law enforcement can use to commence or progress an investigation, an inability to maintain anonymity results in exposure to threats of reprisal, whether legal or physical in nature. The AFP argued that this has been a clear factor discouraging potential whistleblowers from cooperating with police. In the AFP's experience, protective regimes used by law enforcement in other criminal investigative contexts have proven less effective for investigations into corporate crime because the potential whistleblower jeopardises their current employment and future career prospects.[15]

7.15      ASIC Commissioner, Mr John Price, supported extending whistleblower protections to anonymous disclosures and ensuring that a whistleblower's identity should be the subject of absolute confidentiality.[16]

7.16      Professor A J Brown informed the committee that providing for anonymous disclosures is now standard in the Australian public sector whistleblowing legislation, and international principles. Professor Brown argued that:

This stands in contrast to Part 9.4AAA which deters disclosures by making it clear that a whistleblower is only protected if they identify themselves (equivalent to a message that people should only disclose if prepared to paint a target on themselves).

The protection of anonymous disclosures does not raise practical difficulties, since the protections and other obligations are only triggered if or when the identity of the whistleblower is subsequently revealed, and confirmed to be within the statutory definition above. The Committee should recommend amendment to extend the protections to all disclosures by such persons, irrespective of whether they initially identify themselves.[17]

7.17      Mr Joshua Bornstein, Director, Maurice Blackburn Lawyers argued that whistleblowers, other than those who make vexatious disclosures, should be protected from retaliation and have the option of anonymity.[18]

7.18      The GIA was in favour of allowing anonymous reporting and suggested to the committee that:

7.19      The Association of Corporate Counsel Australia (ACCA) informed the committee that many organisations across the public, corporate and not-for-profit sectors currently have anonymous hotlines for those who wish to report on organisational wrongdoing. The ACCA argued that these have been an effective deterrent in organisational wrongdoing and allow organisations to evaluate the legitimacy of a complaint. The ACCA suggested that rather than setting definitive obligations for private sector organisations, perhaps there should be non-mandatory guidelines for establishing anonymous hotlines.[20]

7.20      Deloitte noted the importance of independent hotlines in providing a mechanism for anonymous disclosures:

In our experience there is a potential risk in situations where whistleblowers who wish to remain anonymous are placed in direct communication with their employer, because of the potential to inadvertently identify themselves. This risk can be overcome if intermediaries such as external party service providers are used to appropriately check such communications and redact identifying material.[21]

Committee view

7.21      In 2004, this committee examined the CLERP Bill which proposed the introduction of the corporate sector whistleblower protections. In that inquiry the committee recommended allowing for anonymous disclosures.[22]

7.22      The weight of evidence that the committee has received in this inquiry is strongly in favour of allowing and protecting anonymous disclosures in the private sector. In fact, some of the evidence the committee received indicates that private sector codes of conduct and implementation of whistleblower schemes in the corporate sector are already allowing and protecting anonymous disclosures. In addition, evidence from the public sector indicates that significant numbers of disclosures are made anonymously.

7.23      In light of the above, the committee considers that providing for anonymous disclosures in the private sector would mean that another best practice criterion could sensibly be aligned between the public and private sectors, thereby enabling greater legislative consistency.

Recommendation 7.1

7.24      The committee recommends that private sector whistleblowing legislation (including legislation covering corporations and registered organisations) explicitly allow, and provide protections for, anonymous disclosures consistent with public sector legislation.

Continuity of protection

7.25      Another issue that came to the committee's attention during the inquiry was the continuity of protection. Consider the following scenario. If a whistleblower makes a disclosure that is assessed as meeting the criteria for disclosable conduct and the threshold for protection, a question arises as to whether the whistleblower would still attract the relevant protections if an investigation, court, or tribunal subsequently found that the conduct disclosed was not disclosable conduct.

7.26      Professor Brown informed the committee that it is likely that continuity of protection is implicitly provided for in the PID Act (section 26), FWRO Act (paragraph 337A(1)(c), and the Corporations Act section 1317AA(1)(d).[23]

Committee view

7.27      The committee considers that while a finding of no disclosable conduct may de-escalate the issues to some extent for the whistleblower, significant risks of reprisal may remain in many cases. The committee is therefore recommending that continuity of protection be made explicit in a consistent way for both the public and private sector whistleblower protection legislation.

Recommendation 7.2

7.28      The committee recommends that continuity of protection be made explicit in a consistent way for both the public and private sector whistleblowing protection legislation.

Protections for confidentiality

7.29      This section summarises the committee's consideration of best practice criteria on protecting the confidentiality of disclosures. The three Acts that the committee is considering have quite different provisions.

7.30      The PID Act has provisions which provide offences for the use or disclosure of identifying information (section 20) with some exceptions in subsection 20(3), and the protection of the identity of disclosers in courts or tribunals (section 21):

20 Use or disclosure of identifying information

Disclosure of identifying information

(1) A person (the first person) commits an offence if:

(a) another person (the second person) has made a public interest disclosure; and

(b) the first person discloses information (identifying information) that:

(i) was obtained by any person in that person’s capacity as a public official; and

(ii) is likely to enable the identification of the second person as a person who has made a public interest disclosure; and

(c) the disclosure is to a person other than the second person.

Penalty: Imprisonment for 6 months or 30 penalty units, or both.

(2) A person (the first person) commits an offence if the person uses identifying information.

Penalty: Imprisonment for 6 months or 30 penalty units, or both.[24]

21 Identifying information not to be disclosed etc. to courts or tribunals

A person who is, or has been, a public official is not to be required:

(a) to disclose to a court or tribunal identifying information that the person has obtained; or

(b) to produce to a court or tribunal a document containing identifying information that the person has obtained;

except where it is necessary to do so for the purposes of giving effect to this Act.[25]

7.31      The FWRO Act does not appear to explicitly provide for protecting the confidentiality of the disclosure or the discloser.[26]

7.32      The Corporations Act does not appear to protect the identity of whistleblowers in courts and tribunals, however, section 1317AE provides offences for disclosing:

7.33      During its consideration of the CLERP Bill to establish the whistleblower protections in the Corporations Act in 2004, the committee made the following observations:

The Committee believes that the confidentiality provisions in any whistleblower scheme are central to building public trust in the system and to preserving its integrity. Any doubts about the protection of the identity of a whistleblower should be clarified in the legislation which should provide a guarantee of anonymity. Again while the Explanatory Memorandum offers some advice on this matter in regard to privacy concerns with disclosures to ASIC, there is no mention of such safeguards with disclosures made within an entity. The Committee would like assurances from the Government that there are adequate safeguards in the proposed legislation for the protection of confidentiality and that they are expressly stated.[28]

7.34      In 2004, the committee went on to recommend that a provision be inserted in the proposed whistleblowing scheme that expressly provides confidentiality protection to persons making protected disclosures to ASIC or making such disclosures to the designated authorities within a company. The committee also recommended that similar provisions should be inserted to protect the rights of persons who are the subject of a disclosure.[29]

Support for the protection of confidentiality

7.35      There was broad support amongst submitters for protecting the confidentiality of disclosures and disclosers.[30]

7.36      The Queensland Ombudsman informed the committee that preserving confidentiality is a key element in protecting a whistleblower from reprisals, by minimising those persons who have access to information which may identify the whistleblower.[31]

7.37      The Australian Bankers' Association (ABA) informed the committee that it's guiding principles for whistleblower protections include provisions to make sure the identity of the whistleblower and the details of the investigation are kept confidential.[32]

7.38      The ACCC argued for specific protections for information or documents that disclose the identity of whistleblowers as part of a whistleblower regime under the CC Act.[33]

7.39      KPMG submitted that the identity of the whistleblower and any information given that may reveal their identity should be subject to confidentiality (including in matters before the courts) with only limited exceptions.[34]

7.40      ASIC noted that for the proposed tax whistleblower scheme, the identity of a whistleblower, and the disclosure of any information which is capable of revealing their identity, could be subject to an absolute requirement of confidentiality. ASIC also advocated that:

...the new whistleblowing legislation should clearly outline the circumstances under which regulators should be able to resist an application for the production of documents that may reveal a whistleblower's identity.

This would prohibit the release of any information by anyone to anyone, including to a court or tribunal, unless the whistleblower gives informed consent to the release of their identity or the revelation is necessary to avert imminent danger to public health or safety, to prevent violation of any criminal law, or to enable the whistleblower to secure compensation for reprisals.[35]

7.41      Dr Dixon reported findings from her research on corporate sector codes of conduct, which indicated that:

A vast majority of the Codes state that some or all reports will be treated confidentially; with a substantial number including carve outs for investigation or as required by law.[36]

7.42      However, Dr Dixon also pointed to a loophole in the Corporations Act which may result in the potential breaching of confidentiality:

Only 27.7 per cent state that a report will be kept confidential in the absence of consent of the whistleblower, a requirement under the Corporations Act. This may be due to the loophole which currently exists, whereby a third party who receives information with the whistleblower's consent is not subject to the same confidentiality requirements as the person who initially received the information.[37]

Committee view

7.43      The committee considers that the weight of evidence put forward in this inquiry is in favour of effective requirements for protecting the confidentiality of whistleblowers and their disclosures. The committee notes its previous 2004 recommendation (discussed above) supporting confidentiality for whistleblowers. The committee considers that while some protections in the private sector exist in the Corporations Act, they could be improved to make them consistent with the PID Act. Such protections should also be made explicit for registered organisations if registered organisations are not covered by a single Act covering the whole private sector.

7.44      In particular, the committee recommends adapting sections 20 and 21 of the PID Act for inclusion in a Whistleblowing Protection Act which would strengthen the protections for confidentiality in the private sector and prevent a private sector employee from being identified in court or tribunal hearings, as is currently the case in the public sector.

Recommendation 7.3

7.45      The committee recommends that protections for confidentiality be unified across the public and private sectors (including registered organisations), bringing together the best features of the Public Interest Disclosure Act 2013 (such as sections 20 and 21) and other Acts, including offences for:

Navigation: Previous Page | Contents | Next Page