SOX Whistleblowers Protection

The latest step in the development of a whistleblower format for companies operating in the E.U. has come from Germany.  German authorities have issued new whistleblower guidelines, which allow U.S. companies to implement Sarbanes-Oxley hotline compliance for U.S. public companies, and for privately held companies with branches in Germany.

The regional German data protection authorities’ working group, referred to as Düsseldorfer Kreis (or “Düsseldorf Circle”) met in late April 2007 and issued the guidelines, which are now translated into English.

The new guidelines note that the German Data Protection Act does impose certain obligations on the company, which include

• confidential reporting, but allowance for anonymous reporting;
• notice to employees of the program;
• notice to the accused person of facts alleged, with delays in same if evidence needs to be preserved;
• permitted use of third parties as data processors for the program;
• limitations on unnecessary internal data transfer or to third parties unless criminal proceedings;
• security processes and procedures to protect unauthorized access to the data;
• data storage limitations, including deletion/archiving (generally two mos. after close of investigation unless discipline, litigation or criminal proceedings).

These obligations are generally consistent with previous whistleblower guidance issued by the E.C. Art. 29 Working Party on Data Protection (W.P. 117) last year.

SOX whistleblowers

whistleblowers help

whistleblowers protection

wrongful termination