About this blog

  • Thinking Ethics was a project launched in Geneva to foster the debate about ethics. A few friends, fed up with only reading about abuses in the media, decided to hold a forward-looking seminar on five subjects: ethics and performance, ethics and knowledge, ethics and consciousness, ethics and disobedience and ethics in real time. If moral has to do with right and wrong, then ethics is its application in society. We believe that people need to talk about the subject to determine the level of ethics they want. The book Thinking Ethics, a result of the seminar, is to start the discussion. This blog is a contribution to the conversation.
    :

About

Subscribe to this blog's feed

Authors

  • Andrea Spencer-Cooke
  • Pascal Marmier
  • Kelly Richdale
  • Stephen Whittle
  • Steve Bowbrick
  • Beth Krasna

« Most people find politicians dishonest | Main | Protecting one's privacy »

January 23, 2006

Whistleblowing in France

As mentioned in my Sept. 27th post on whistleblowing in France, a judge from the CNIL (Commission Nationale de l'Informatique et des Libertes) ruled  that the Sarbanes-Oxley regulations for public companies pertaining to whistleblowing were illegal in France for three main reasons: it is illegal to transfer private information across borders, such a practice could incite people to denounce unfairly, and this does not give the incriminated party a possibility of denfense.  Since then, the SEC and the CNIL have entered into negotiations, and the alternative solutions seem to be circling around 1) depersonalizing the whistleblowing (denounce facts and not a person - but anonymously, which could be considered unethical); 2) restriction of the number of people who can whistleblow - people at headquarters, in management or executive positions; and 3) involvement of the representative of the workforce during the drafting of the policy. At this stage I think it fair to assume that the solution will have a distinctively French flavor.

Posted by on January 23, 2006 at 10:33 PM in Whistle-blowing and ethics hotline |

Comments

Björn Rohde-Liebenau

The "distinctly French" solution - I believe an agreement with the SEC which is quite common-sense and outlined here:

http://www.cnil.fr/index.php?id=1915

The basic message is this: there is no discrepancy between the relevant SOX section and the CNIL Guideline document, 10 Nov 2005.

In its session of 31 Jan – 1 Feb, 2006, the careful stance of the CNIL has been adopted by the so-called Article 29 Data Protection Working Party of the EU in a yet unpublished document. The requirements of EU Data Protection Directive 95/46/EC in whistleblower hotlines are summed by the working party as follows:
- The scope of application and the persons against whom a report can be filed must be limited according to the purposes (risk management, crime prevention).
- Those making a disclosure should be assured that their identity will be kept confidential. Anonymous report shall be accepted only under extraordinary circumstances.
- Only data necessary for further investigation of the report may be processed.
- Within two months after closing the investigation the data should be deleted. Only in cases, which require further legal steps, may the data be saved for a longer period.
- The indicted person must be informed of the report (disclosure) as soon as there is no more risk of loss of evidence. The name of the disclosing person should normally be given to the accused only when the disclosure was maliciously wrong.

http://www.datenschutz.de/news/detail/?nid=1750

Posted by: Björn Rohde-Liebenau | February 15, 2006 at 06:04 PM

The comments to this entry are closed.