Under guidelines published by the Portuguese Data Protection Authority on the 1st October 2009, a whistleblower cannot make a report anonymously. I have to admit that I can’t read Portuguese, so reading Deliberação Nº 765 /2009 does not help me much in interpreting the limitations. (Google translate helps.)
Most EU member states allow anonymous reporting as a last resort. Portugal went a step further and outlawed anonymous reporting completely.
The Portugal guidelines also limit hotline use to reports of corruption, banking and financial crime and internal accounting controls. It’s not allowed for breaches of general codes of conduct. To go a step further, whistleblowers may only report against individuals in managerial positions.
If you are a public company with operations in Portugal and required to have whistleblower hotline under Sarbanes-Oxley, you need to look at these limitations. They seem to be in direct conflict.
Thanks to Bill Piwonka of EthicsPoint for letting me know about this. EthicsPoint supplies my company’s hotline.
Sources:
- Deliberação Nº 765 /2009 (in Portuguese) Principles Applicable to the Treatment of Personal Data the Purpose of Acts of Internal Communication Management Financial Irregular (Lines of Ethics)
- Anonymous whistleblowing banned in Portugal by Robert Bond of Speechly Bircham LLP