Blowing the whistle

If you uncover wrongdoing in your firm there is now a law stating what you should do to make others aware. Roisin Woolnough...

If you uncover wrongdoing in your firm there is now a law stating what you should do to make others aware. Roisin Woolnough reports

The football referee has a tough time. He judges that a foul has been committed, blows his whistle, has the guilty side's players shouting denials and the fans baying for his blood. Yet all he has done is identified that something is amiss and needs to be rectified.

This is precisely what everyone fears if they blow the whistle at work: that by exposing any wrongdoing they are actually opening themselves to abuse.

"Employees are very wary of making a disclosure in case their career suffers as a result," says Fiona Muxlow, associate at legal firm, Taylor Wessing. "They fear that there may be some comeback; that they could be ostracised by employers or colleagues; or that their concerns might not be addressed. These are legitimate concerns."

Whistle-blowing hit the headlines a few years ago, after a several serious, high-profile incidents when deaths and financial loss occurred as a result of people keeping quiet about workplace practices.

"There were a lot of disasters in the late 1980s, early 1990s when people had been aware that something was going on and were either too scared to come forward or it didn't get through," says Robin van den Hende, case worker at Public Concern at Work, a group that offers best practice advice to employers and employees.

"For example, there was the North Sea Piper Alpha fire, where 167 people died, and the Herald Free Enterprise disaster, when 189 people died." In both instances, people knew that health and safety were being compromised by bad practice, but did not pass on their concerns to management.

Whistle-blowing returned to the news recently, following the corporate wrongdoings at Enron and WorldCom.

These may seem far removed from the daily work of IT professionals, but there is the potential for equally serious catastrophes to occur as a result of some malpractice or mismanagement in the industry.

Richard Sizer, chairman of the Ethics Committee at the British Computer Society and author of the Whistle-blowing Working Party Report, says there are areas where if a flawed IT project was to continue, the consequences could be severe. For example:

  • If the development of an air traffic control system, with IS at its heart, was considered to be non-viable by a developer and that its implementation would likely result in hazard to the public. This might be discounted by the management of the project, without any further investigation, particularly without external review.

  • A pensions or payroll system that is inadequately tested and may result in loss.

In 1999, the Government introduced the Public Interest Disclosure Act. Public Concern at Work dubbed the Act "the most far-reaching whistle-blower law in the world" because it encourages employees to speak out about wrongdoing in the workplace and protects them from being unfairly victimised as a result of their actions.

"We recommend that companies have a whistle-blowing officer," says van den Hende. "It should be someone who is not a line manager - say a non-executive director or a member of the board - that employees can go to ."

A recent report by the Work Foundation revealed that many employers do not provide adequate internal channels for their employees to raise concerns about bad practice. After surveying 281 organisations, it found that 48% of them had not introduced formal whistle-blowing policies.

Anyone who does have concerns should first establish whether their company has a whistle-blowing policy or officer. "If there is a policy, then obviously you should follow it to the letter," advises Maxlow.

The next step is to speak to your line manager and tell them your concerns. Whatever you do, says van den Hende, don't start hypothesising. "Say that you are worried and state the facts," he says. "Don't try to become a private detective and don't try to investigate the malpractice. There is no need to start photocopying large pieces of documentation or taping conversations. Leave that to other people."

The onus is then on your line manager to address the issue and you should be able to bow out of proceedings. If nothing happens, however, escalate the matter to more senior people and consider contacting Public Concern at Work or a trade union for advice.

Maxlow says the whistle-blower is legally entitled to take another person, such as a friend or partner, to any meetings to act as a witness. However, the information and any conversations should be kept confidential until all internal company channels have been exhausted. Only as a last resort should you make the information public.

The Public Interest Disclosure Act does not favour those who go straight to the press and you will enjoy more protection from the law if you tried to resolve the issues internally before going public.

The worst-case scenario is that you blow the whistle, the company does nothing, but your career suffers as a result. "Some whistle-blowers are victimised," says van den Hende. "Some are shunned by colleagues or receive negative action from employers, such as a reduction in wages, change of shifts or even dismissal." This is when the Public Interest Disclosure Act, Public Concern at Work and the unions are on your side. It may mean that you take the case to an employment tribunal.

Whatever happens, Sizer says it is imperative that all whistle-blowers follow the correct procedures to protect themselves, the company and anyone else concerned. In his report, Sizer outlines the criteria IT professionals need to meet to ensure that they are protected under the Public Interest Disclosure Act. Unfortunately, many employers are not sufficiently aware of the law and how to treat whistle-blowers, so if you are going to do it, make sure you know what is involved.

When you should tell all
Situations when an IT professional may need to blow the whistle, according to Sizer, include:
  • When there is actual or potential damage to the public interest

  • To avert actual or potential disaster

  • Financial malpractice

  • Miscarriage of justice

  • Breach of the civil service code

  • To prevent dangers to health and safety

  • Damage to the environment

  • If misconduct is being covered up or you believe that there will be attempts to cover-up

  • To maintain safety standards.


Read more on IT risk management