Jonathan Armstrong of Eversheds gave this webinar. (You can watch it yourself after a free registration: Whistelblowing: Challenges in running a helpline in Europe) These are my notes:
Why have a hotline? A hotline can help the headquarters connect with offices abroad. They can help internalize issues and the flow of information. The main reason for a hotline is because of a legislative requirement. Sarbanes-Oxley is the most well known legislation.
The main legal issues implicated: privacy, data security (particularly for third party providers), labor law, HR issues, and Third Party contracts. Although the more issues covered in the helpline, then there will be more legal issues involved.
The history of hotlines really starts with SOX, then were impacted by the 2005 privacy cases in France, then the works council issue in Germany and France in 2005.
The CNIL guidelines limits the hotline to “serious” cases. They have a quick prepacked list of items that you can set up a hotline. If you are outside the parameters, then you need approval. He recommends getting local counsel for the French approach.
The EU has formed the Article 29 Committee. CNIL took the lead in drafting so it looks more like France than the US. It discourages anonymous complaints. It discourages advertising that complaints can be made anonymously. It also gives defense rights to the accused. There is a two month retention period which makes it hard to track patterns. There should be a penalty for bad faith complaints. It expects reports to be investigated within the jurisdiction of the problem. It makes it hard to centralize investigators.