A proposal by the European Commission would also protect those who expose fraud and tax evasion from retaliation.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- New rules proposed by the European Commission would protect IT whistleblowers from retaliation from their firms after exposing a data breach.
- The new rules would also protect those who act as a source for investigative journalists and work to expose other illegal activities such as fraud.
IT whistleblowers in the EU who expose massive corporate data breaches might soon be protected from retaliation under new rules proposed by the European Commission Monday.
As noted in a Reuters report, the rules would also protect those who blow the whistle on tax evasion, fraud, food safety issues, along with privacy and data protection concerns. The report also noted that the proposed changes came in response to mounting criticism from transparency advocate sin the EU.
Under the new rules, EU firms would have to set up an internal channel; for whistleblowers and protect them from being demoted, fired, or sued. It will also protect them from negative reports from superiors, the report said.
SEE: Network security policy (Tech Pro Research)
One of the examples given by the European Commission was LuxLeaks, when former PwC employee Antoine Deltour exposed some controversial tax deals set up by the Luxembourg tax office with companies such as Burberry, Pepsi, and more. Deltour was found guilty and given a suspended sentence.
"There should be no punishment for doing the right thing," Commission Vice President Francs Timmermans said, as reported by Reuters.
Before becoming law, the whistleblower protection rules need to be approved by the EU member countries and the European Parliament. At the time of this writing, "10 EU countries offer full protection to whistleblowers," the report said.
"Companies have to see speak-up as something that would help them manage risks and avoid more serious issues such as violation of law, inappropriate conduct, crime or any type of harms," ACCA head of corporate governance Jo Iwasaki said in the report.
The conversations around whistleblowing ramped up following the the revelations of former NSA contractor Edward Snowden. While it's unclear if the new rules would have protected an individual in a similar position as Snowden, the formal use of Deltour as an example could point to some level of protection for that type of behavior.
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- OAIC received 31 notifications in the first three weeks of data breach scheme (ZDNet)
- EU General Data Protection Regulation (GDPR): A cheat sheet (TechRepublic)
- Data firm leaks 48 million user profiles it scraped from Facebook, LinkedIn, others (ZDNet)
- 8 steps to take within 48 hours of a data breach (TechRepublic)