Whistleblowing And Data Protection Principles: Is The Road To Reconciliation Really That Rocky?
Legislation in many countries now recognises that there is a public interest in the disclosure of wrongdoing. Not only can whistleblowers benefit their employers by offering solutions to work problems but they can play an important role in the fight against fraud and corruption. However, reporting procedures can cause problems because both whistleblowers and alleged wrongdoers may have rights as data subjects under the Data Protection Directive 95/46/EC. This article explores the areas where there might be conflicts between good practice in whistleblowing arrangements and data protection principles. It examines how the EU’s Article 29 Data Protection Working Party responded to the alleged clash between the requirements of the US Sarbanes-Oxley Act 2002 and the Directive. The author concludes that,although some tensions might exist,it is fairly easy for companies to comply with both EU and US legislation. Nevertheless, he suggests that it would be helpful if the Working Party issued a revised Opinion (or the Directive was amended)in order to reflect the enormous changes in the way information is acquired and disseminated since the Directive came into effect.