Why email is a risky whistleblower reporting channel

Three reasons why an e-mail address is not a good reporting channel in companies

Sabine Stöhr

Chapters

Many companies decide to implement a simple whistleblower email address and inbox when setting up their whistleblower reporting system. This option can be set up quickly and is inexpensive. Despite these perks, implementing an email whistleblower reporting channel could be a big mistake, having serious consequences for your company and employees.

Here are 3 reasons email shouldn’t be used as a whistleblower reporting channels:

Integrity Line Blog - Email Whistleblowing

Reason 1: Your data is exposed to security and data protection risks

When a whistleblower reports potential misconduct, sensitive personal data is captured. However, email does not have any encryption mechanism. This makes it possible for unauthorized parties to not only read sent emails, but also to change them. As a result, neither the transmission, nor the processing of reports, is audit-proof and the integrity of the data is at risk. This may invalidate information used for internal and external investigations. In addition, GDPR compliance cannot be guaranteed, as data security requirements (article 32) are not fulfilled. GDPR requires that sensitive information be stored in high-security data centers, which is difficult to achieve with email.

Reason 2: Your employees may not trust an email whistleblower reporting system

Gaining the trust of potential whistleblowers is critical to ensuring that relevant reports are submitted. For this reason, employees must be 100% confident in the security of the system and the manner in which reports are processed. If not, potential whistleblowers will be much less likely to speak up internally, and may even turn to the authorities or media. A study conducted by EQS Group and the University of Applied Sciences HTW Chur has shown that organizations with a specialized reporting channel, such as a digital whistleblowing system, are more likely to receive relevant whistleblowing reports than companies with more simple reporting channels, such as an email address. Furthermore, the study showed that having the ability to report misconduct confidentially or anonymously significantly increases the likelihood that an employee will use a whistleblowing system.

Reason 3: Email doesn’t allow for efficient case processing

In addition to data security and employee trust, ease of processing reports is another factor that should be considered when choosing a whistleblowing system. With an email-based system, all of the data that is received will need to be logged manually in the case management system. Furthermore, there may not be a case management system at all, resulting in inefficient case reviews. This also means that it is almost impossible to effectively investigate an incident, and often whistleblowers don’t receive sufficient feedback on their submitted report, or in some cases, no feedback at all.

Alternative to an email-based whistleblowing system

As we have seen, there are some potential disadvantages to using non-specialised whistleblowing systems. For that reason, it’s worth considering the alternatives, for example, introducing a digital whistleblowing system. With this method, all communications with the whistleblower are encrypted and stored in high-security data centers. This makes it easy to meet the legal requirements regarding data protection and data security.

Digital systems also foster more trust from employees, resulting in higher rates of employees reporting compliance-relevant irregularities without fear of retaliation. Reports can also be submitted confidentially or anonymously, if preferred. Finally, an integrated case management area allows you to process incoming cases efficiently and gives you a detailed overview of all existing cases and their status.

You can learn more about the advantages and disadvantages of different whistleblowing channels in our free white paper “Which Reporting Channels Are Suitable for Your Organisation?”.

Guide to the Introduction of Whistleblowing Systems

How to successfully implement a whistleblowing system in your organisation.

Share this blog post on

Share on linkedin
Share on xing
Share on twitter
Share on facebook
Sabine Stoehr contact image | integrityline.com

Sabine Stöhr

Senior Product Manager | EQS Group
As Senior Product Manager for EQS Integrity Line Sabine is an expert on the implementation of whistleblowing systems. She is based in our Zurich office.
We reveal what you need to know about whistleblowers and shed light on the legal basis.