Anonymity of whistleblowers
This chapter discusses the committee's consideration of public and
private sector legislation for the following best practice criteria:
- provision and protections for anonymous reporting; and
- protection of the confidentiality of disclosers and disclosures.
Provisions and protections for anonymous reporting
This section compares current legislation against the best practice
criterion on anonymous disclosures. The section also covers statistics on
anonymous disclosures as well as evidence put to the committee during the
Existing legislation has varying arrangements in relation to anonymous
- subsection 28(2) of the PID Act explicitly states that a public
interest disclosure may be made anonymously;
- the FWRO Act does not appear to explicitly provide for anonymous
disclosures. However, the December 2016 amendments deleted the requirements for
a name to be provided by repealing subsection 337A(c);
- subsection 1317AA(1c) of the Corporations Act includes an
explicit requirement for whistleblowers to disclose their name when making a
Statistics on anonymous disclosures
A significant number of disclosures made under the PID Act are likely to
be anonymous. Table 6.1 (in Chapter 6) indicates that a significant proportion
of disclosures (11–18 per cent) are received from people deemed to be
public officials. The Commonwealth Ombudsman noted that deemed public officials
include anonymous disclosers or individuals who have inside information through
their close connection with an agency or public official:
A significant proportion of those 'deemed' public officials
are likely to have made anonymous disclosures, and the deeming decision would
have been based on the fact that the person receiving the disclosure could not
confirm whether the person was in fact a public official.
While similar information is not available in the private sector,
research has indicated that 76 per cent of organisations, including 79 per cent
of private sector businesses, responded that they accepted anonymous wrongdoing
This was especially true of large organisations (92.5%) where
anonymity is more feasible, as against small organisations (60.7%).
Not-for-profits were least likely to accept anonymous concerns (60.9%).
...private sector protections such as Part 9.4AAA of the Corporations
Act 2001 (Cth) require the reporter to first identify themselves. These
results suggest such restrictions are widely out of step with corporate
practices and preferences.
Dr Olivia Dixon reported similar findings from her research on corporate
sector codes of conduct, which indicated that:
In acknowledging that providing anonymous reporting may
facilitate whistleblowing, over 65 per cent of companies allow for it. However,
over 25 per cent of companies expressly discourage anonymous reporting on the
basis that it will make investigation much more difficult.
KPMG operates a whistleblower hotline service which provides
whistleblowers with the option of being anonymous or providing their contact
details. In 2016, 80 per cent of the whistleblowers who contacted the KPMG
hotline elected to be anonymous. KPMG noted that this includes a proportion of
whistleblowers who agreed to provide contact details to KPMG, whilst remaining anonymous
to their employer.
Evidence received on anonymous
Some submitters supported the requirement for a whistleblower to provide
their name to a regulator.
Clayton Utz noted that there are practical difficulties in applying protections to whistleblowers who disclose anonymously and that anonymous disclosures
are typically more difficult to investigate.
The Law Council argued that whistleblowers should disclose their
identity to the regulatory authority and be contactable at a later stage if
required, provided that confidentiality arrangements are put in place to
protect the whistleblower's identity from the company. The Law Council
suggested that if adequate confidentiality protections are in place,
whistleblowers may feel more comfortable disclosing their identity.
Dr Dixon indicated that courts have warned that the prejudice that
whistleblowers may face upon disclosure of their identity should not be
underestimated. Dr Dixon suggested, however,
that evidence with respect to anonymity is mixed:
Some studies have found that there is 'scant evidence that
anonymity promotes whistle-blowing', while others find that individuals are
more likely to voice dissenting views if offered anonymity.
The Fund Raising Institute of Australia indicated that its complaint
handling process does not currently provide for 'anonymous' reporting of
breaches of its self-regulatory Code. Instead, a complainant is expected to participate in any
hearing of the matter.
The AIST informed the committee that it does not oppose broadening the
whistleblower protection provisions to also cover anonymous disclosures.
However the AIST noted that:
Anonymous disclosures can potentially limit the ability of
parties who receive disclosures to investigate the matter thoroughly as they
are unable to consult the discloser and this limitation should be considered as
part of any future reform. Furthermore, anonymous disclosures limit the
evidentiary testing of information as the original discloser may be unable to
provide further evidence of the disclosed conduct.
Support for allowing anonymous
However, there was generally much stronger support, including from law
enforcement agencies and regulators, for allowing whistleblowers to disclose
anonymously as discussed below.
The AFP noted that for whistleblowers to provide information which law
enforcement can use to commence or progress an investigation, an inability to
maintain anonymity results in exposure to threats of reprisal, whether legal or
physical in nature. The AFP argued that this has been a clear factor
discouraging potential whistleblowers from cooperating with police. In the AFP's
experience, protective regimes used by law enforcement in other criminal
investigative contexts have proven less effective for investigations into
corporate crime because the potential whistleblower jeopardises their current
employment and future career prospects.
ASIC Commissioner, Mr John Price, supported extending whistleblower
protections to anonymous disclosures and ensuring that a whistleblower's identity
should be the subject of absolute confidentiality.
Professor A J Brown informed the committee that providing for anonymous
disclosures is now standard in the Australian public sector whistleblowing
legislation, and international principles. Professor Brown argued that:
This stands in contrast to Part 9.4AAA which deters
disclosures by making it clear that a whistleblower is only protected if they
identify themselves (equivalent to a message that people should only disclose
if prepared to paint a target on themselves).
The protection of anonymous disclosures does not raise
practical difficulties, since the protections and other obligations are only
triggered if or when the identity of the whistleblower is subsequently
revealed, and confirmed to be within the statutory definition above. The
Committee should recommend amendment to extend the protections to all
disclosures by such persons, irrespective of whether they initially identify
Mr Joshua Bornstein, Director, Maurice Blackburn Lawyers argued that
whistleblowers, other than those who make vexatious disclosures, should be
protected from retaliation and have the option of anonymity.
The GIA was in favour of allowing anonymous reporting and suggested to
the committee that:
- a whistleblower should qualify for protection at the point they
disclose their identity or their identity becomes known, but that protection
should extend retrospectively to the point of that disclosure; and
- a company should be subject to the requirement to protect a whistleblower's
anonymity in the event that a whistleblower has made disclosure to the company
on an anonymous basis.
The Association of Corporate Counsel Australia (ACCA) informed the
committee that many organisations across the public, corporate and not-for-profit
sectors currently have anonymous hotlines for those who wish to report on
organisational wrongdoing. The ACCA argued that these have been an effective
deterrent in organisational wrongdoing and allow organisations to evaluate the
legitimacy of a complaint. The ACCA suggested that rather than setting
definitive obligations for private sector organisations, perhaps there should
be non-mandatory guidelines for establishing anonymous hotlines.
Deloitte noted the importance of independent hotlines in providing a
mechanism for anonymous disclosures:
In our experience there is a potential risk in situations
where whistleblowers who wish to remain anonymous are placed in direct
communication with their employer, because of the potential to inadvertently
identify themselves. This risk can be overcome if intermediaries such as
external party service providers are used to appropriately check such
communications and redact identifying material.
In 2004, this committee examined the CLERP Bill which proposed the
introduction of the corporate sector whistleblower protections. In that inquiry
the committee recommended allowing for anonymous disclosures.
The weight of evidence that the committee has received in this inquiry
is strongly in favour of allowing and protecting anonymous disclosures in the
private sector. In fact, some of the evidence the committee received indicates
that private sector codes of conduct and implementation of whistleblower schemes
in the corporate sector are already allowing and protecting anonymous
disclosures. In addition, evidence from the public sector indicates that
significant numbers of disclosures are made anonymously.
In light of the above, the committee considers that providing for
anonymous disclosures in the private sector would mean that another best
practice criterion could sensibly be aligned between the public and private
sectors, thereby enabling greater legislative consistency.
The committee recommends that private sector whistleblowing legislation (including
legislation covering corporations and registered organisations) explicitly allow,
and provide protections for, anonymous disclosures consistent with public
Continuity of protection
Another issue that came to the committee's attention during the inquiry
was the continuity of protection. Consider the following scenario. If a
whistleblower makes a disclosure that is assessed as meeting the criteria for
disclosable conduct and the threshold for protection, a question arises as to
whether the whistleblower would still attract the relevant protections if an
investigation, court, or tribunal subsequently found that the conduct disclosed
was not disclosable conduct.
Professor Brown informed the committee that it is likely that continuity
of protection is implicitly provided for in the PID Act (section 26), FWRO Act
(paragraph 337A(1)(c), and the Corporations Act section 1317AA(1)(d).
The committee considers that while a finding of no disclosable conduct
may de-escalate the issues to some extent for the whistleblower, significant
risks of reprisal may remain in many cases. The committee is therefore
recommending that continuity of protection be made explicit in a consistent way
for both the public and private sector whistleblower protection legislation.
The committee recommends that continuity of protection be made explicit
in a consistent way for both the public and private sector whistleblowing
Protections for confidentiality
This section summarises the committee's consideration of best practice
criteria on protecting the confidentiality of disclosures. The three Acts that
the committee is considering have quite different provisions.
The PID Act has provisions which provide offences for the use or
disclosure of identifying information (section 20) with some exceptions in subsection
20(3), and the protection of the identity of disclosers in courts or tribunals (section
20 Use or disclosure of identifying information
Disclosure of identifying
(1) A person (the first person) commits an offence if:
(a) another person (the second
person) has made a public interest disclosure; and
(b) the first person discloses
information (identifying information) that:
(i) was obtained by any person
in that person’s capacity as a public official; and
(ii) is likely to enable the
identification of the second person as a person who has made a public interest
(c) the disclosure is to a person
other than the second person.
Penalty: Imprisonment for 6
months or 30 penalty units, or both.
(2) A person (the first person) commits an offence if the
person uses identifying information.
Penalty: Imprisonment for 6
months or 30 penalty units, or both.
21 Identifying information not to be disclosed etc. to
courts or tribunals
A person who is, or has been, a public official is not to be
(a) to disclose to a court or tribunal identifying
information that the person has obtained; or
(b) to produce to a court or tribunal a document containing
identifying information that the person has obtained;
except where it is necessary to do so for the purposes of
giving effect to this Act.
The FWRO Act does not appear to explicitly provide for protecting the
confidentiality of the disclosure or the discloser.
The Corporations Act does not appear to protect the identity of
whistleblowers in courts and tribunals, however, section 1317AE provides
offences for disclosing:
- the information disclosed in the qualifying disclosure;
- the identity of the discloser; or
- the information that is likely to lead to the identification of
During its consideration of the CLERP Bill to establish the
whistleblower protections in the Corporations Act in 2004, the committee made
the following observations:
The Committee believes that the confidentiality provisions in
any whistleblower scheme are central to building public trust in the system and
to preserving its integrity. Any doubts about the protection of the identity of
a whistleblower should be clarified in the legislation which should provide a
guarantee of anonymity. Again while the Explanatory Memorandum offers some
advice on this matter in regard to privacy concerns with disclosures to ASIC,
there is no mention of such safeguards with disclosures made within an entity.
The Committee would like assurances from the Government that there are adequate
safeguards in the proposed legislation for the protection of confidentiality
and that they are expressly stated.
In 2004, the committee went on to recommend that a provision be inserted
in the proposed whistleblowing scheme that expressly provides confidentiality
protection to persons making protected disclosures to ASIC or making such
disclosures to the designated authorities within a company. The committee also recommended
that similar provisions should be inserted to protect the rights of persons who
are the subject of a disclosure.
Support for the protection of
There was broad support amongst submitters for protecting the
confidentiality of disclosures and disclosers.
The Queensland Ombudsman informed the committee that preserving
confidentiality is a key element in protecting a whistleblower from reprisals,
by minimising those persons who have access to information which may identify
The Australian Bankers' Association (ABA) informed the committee that it's
guiding principles for whistleblower protections include provisions to make
sure the identity of the whistleblower and the details of the investigation are
The ACCC argued for specific protections for information or documents
that disclose the identity of whistleblowers as part of a whistleblower regime
under the CC Act.
KPMG submitted that the identity of the whistleblower and any
information given that may reveal their identity should be subject to
confidentiality (including in matters before the courts) with only limited
ASIC noted that for the proposed tax whistleblower scheme, the identity
of a whistleblower, and the disclosure of any information which is capable of
revealing their identity, could be subject to an absolute requirement of
confidentiality. ASIC also advocated that:
...the new whistleblowing legislation should clearly outline
the circumstances under which regulators should be able to resist an
application for the production of documents that may reveal a whistleblower's
This would prohibit the release of any information by anyone
to anyone, including to a court or tribunal, unless the whistleblower gives
informed consent to the release of their identity or the revelation is
necessary to avert imminent danger to public health or safety, to prevent
violation of any criminal law, or to enable the whistleblower to secure
compensation for reprisals.
Dr Dixon reported findings from her research on corporate sector codes
of conduct, which indicated that:
A vast majority of the Codes state that some or all reports
will be treated confidentially; with a substantial number including carve outs
for investigation or as required by law.
However, Dr Dixon also pointed to a loophole in the Corporations Act
which may result in the potential breaching of confidentiality:
Only 27.7 per cent state that a report will be kept
confidential in the absence of consent of the whistleblower, a requirement
under the Corporations Act. This may be due to the loophole which currently
exists, whereby a third party who receives information with the whistleblower's
consent is not subject to the same confidentiality requirements as the person
who initially received the information.
The committee considers that the weight of evidence put forward in this
inquiry is in favour of effective requirements for protecting the confidentiality
of whistleblowers and their disclosures. The committee notes its previous 2004
recommendation (discussed above) supporting confidentiality for whistleblowers.
The committee considers that while some protections in the private sector
exist in the Corporations Act, they could be improved to make them consistent
with the PID Act. Such protections should also be made explicit for registered
organisations if registered organisations are not covered by a single Act
covering the whole private sector.
In particular, the committee recommends adapting sections 20 and 21 of
the PID Act for inclusion in a Whistleblowing Protection Act which would
strengthen the protections for confidentiality in the private sector and
prevent a private sector employee from being identified in court or tribunal
hearings, as is currently the case in the public sector.
The committee recommends that protections for confidentiality be unified
across the public and private sectors (including registered organisations),
bringing together the best features of the Public Interest Disclosure Act
2013 (such as sections 20 and 21) and other Acts, including offences for:
disclosure or use of identifying information or information
likely to lead to the identification of the discloser; and
protection of the identity of disclosers in courts or tribunals.
Navigation: Previous Page | Contents | Next Page