by Joanne Hyde, Partner, Head of the Employment Law Unit and Head of Commercial Department, Eversheds Sutherland LLP Ireland
The Protected Disclosures (Amendment) Act 2022 (the “2022 Act”) came into force on 1 January 2023 and has introduced substantial changes to the protected disclosures regime in Ireland. Significant amendments to the original Protected Disclosures Act 2014 (the “2014 Act”) were required in order for Ireland to transpose to the EU Directive on the Protection of Persons who Report Breaches of Union Law (Directive (EU) 2019/1937) (the “Directive”) and following the Supreme Court decision in Baranya v Rosderra Irish Meats (“Baranya”).
The Directive required transposition by 17 December 2021 and although the protections afforded by it were already largely incorporated into Irish law, some further changes were required in order to align the 2014 Act fully with the Directive and the decision of the Supreme Court in Baranya.
Relevant wrongdoing was defined in the 2014 Act as including a failure to comply with a legal obligation, but excluding a failure to comply with a legal obligation arising under a worker’s contract of employment. This was taken to mean that a complaint taken by an employee about their own terms of employment would not amount to a protected disclosure unless it was a complaint about a breach of law, for example a breach of health and safety legislation. In Baranya, the Supreme Court noted that the Oireachtas, when drafting the 2014 Act, had envisaged that most complaints for which whistleblower protection would be sought would concern matters of public interest. However, it held that the actual definition of ‘protected disclosure’ in the 2014 Act could extend further than matters of public interest to cover complaints in the context of employment which are personal to the reporting person. This decision blurred the distinction between a personal grievance and a protected disclosure. It appeared that even if a complaint seemed on its face to be a personal complaint, if it could have wider ramifications for others, it could be regarded as a protected disclosure. For example, previously employers would have dealt with an allegations of bullying under the Safety, Health and Welfare at Work Act, however now this type of allegation could be considered indicative of workplace culture, and as such could also fall under the ambit of protected disclosures legislation.
Changes to the Irish Protected Disclosures Regime under the 2022 Act
What types of disclosure are now protected?
The 2022 Act dealt with this ambiguity by confirming that a matter concerning an interpersonal grievance exclusively affecting the reporting person is not a relevant wrongdoing. The ambit of ‘relevant wrongdoing’ has been further expanded to encompass breaches of EU law in various prescribed areas, including public procurement, financial services, transport safety, food safety, product safety, animal welfare, public health, consumer protection, and privacy and protection of personal data.
Who is now protected?
The definition of ‘workers’ has also been expanded. Under the 2014 Act, workers were defined as employees, consultants, contractors, agency workers, ex-employees and individuals on work experience. The 2022 Act has extended this definition to include shareholders; volunteers; individuals who are members of the administrative, management or supervisory body of an undertaking (including non-executive directors); and prospective employees involved in the recruitment process.
Employers are not obliged to take any action with respect to disclosures made anonymously, however, depending on the content of the disclosure, you may consider it appropriate to do so. Notably, if the identity of the anonymous whistleblower subsequently emerges, this individual will still be entitled to protection under the 2014 Act.
Reporting Channels
The 2022 Act amends both the channels and the procedures for making a disclosure. These changes have placed significant new obligations on employers, particularly with regard to the acknowledgement and follow up of disclosures:
• Employers are required to establish and operate internal reporting channels that maintain the confidentiality of the identity of the reporting person;
• Employers must acknowledge a report, in writing, to the reporting person within 7 days of receipt of the report;
• Employers are required to designate and provide training to a designated, impartial person who is competent to deal with reports made. This designated person is responsible for maintaining communication with the reporting person;
• The designated person must diligently follow up on the report. This includes the provision of feedback within a reasonable period and, in any case, within three months, and if requested by the reporting person in writing, at three-month intervals until such time as the procedure relating to the report is closed. This also includes the carrying out of an initial assessment;
• If, having carried out an initial assessment, the designated person decides that there is no prima facie evidence that a relevant wrongdoing has taken place, the procedure can be closed and the reporting person notified, in writing, as soon as practicable, of the decision and the reasons for it;
• However if, having carried out an initial assessment, the designated person decides that there is prima facie evidence that a relevant wrongdoing may have occurred, appropriate action must be taken to address the relevant wrongdoing, having regard to the nature and seriousness of the matter concerned.
The 2022 Act has also confirmed that internal reporting channels and procedures may be operated internally by a person or department designated by an employer, or externally by a third party authorised by the employer.
The 2022 Act is not, however, clear on whether multinational companies may use existing group reporting channels; though it does provide that the internal reporting channels and procedures must be accessible to workers of the entity concerned, and to any of its subsidiaries and affiliates and their agents and suppliers. Therefore provided that existing group reporting channels provide this access they may meet the requirements of the new Act.
Penalisation
Penalisation was defined widely by the 2014 Act to include actions such as suspension, lay-off, dismissal and harassment. The 2022 Act expanded this definition to include actions such as:
• Withholding of training;
• A negative performance review or employment reference;
• Withholding of promotion;
• Harm, including to the worker’s reputation, particularly on social media, or financial loss (including loss of business and/or income);
• Failure to renew or early termination of a temporary employment contract;
• Failure to convert a temporary employment contract into a permanent one, where the employee had a legitimate expectation that he/she would be offered permanent employment;
• Blacklisting within a sector;
• Early termination or cancellation of a contract for goods or services;
• Cancellation of a licence or permit; and
• Psychiatric of medical referrals.
Crucially, the 2022 Act reverses the burden of proof with respect to protected disclosures. This means that if an employee makes a claim of penalisation to the Workplace Relations Commission, any of the above acts will be deemed to have been as a result of the employee having made a protected disclosure, unless the employer can prove that the act or omission was based on duly justified grounds.
Risks of non-compliance
The 2022 Act creates a new range of criminal offences and penalties for non-compliance. The offences include hindering the making of a protected disclosure, and penalising a worker for making a protected disclosure. Depending on the particular offence, there are a range of fines, with maximum levels of up to €75,000, €100,000 and, in some cases, €250,000.
A conviction of a body corporate can also result in potential imprisonment for an offending director, manager, secretary or other officer for up to 12 months upon summary conviction, or up to two years upon indictment.
On the other hand, it is now also an offence for a worker to make a protected disclosure which contains information that they know to be false. If a worker commits such an offence, they may face a 25 per cent reduction of the maximum award of five years’ remuneration.
What you need to do
Private organisations with over 250 employees must have appropriate whistleblowing policies and procedures (in place as of 1 January 2023. Private organisations with between 50 and 249 employees should prepare their policies and procedures in advance of the 17 December 2023 deadline.
All organisations must provide training in the area of whistleblowing to anyone dealing with protected disclosures, particularly those who are appointed to the role of a designated person.
Your protected disclosures policy must also be made available and must contain clear and easily accessible information regarding the following:
• The procedures for making a report using the internal reporting channels and procedures (as listed above);
• Any conditions attaching to your acceptance of anonymous reports (if your organisation will accept anonymous reports); and
• The procedures for making a report to a prescribed person, to the newly established Protected Disclosures Commissioner, and where relevant, to institutions of the EU.
As discussed, the burden of proof has been reversed in unfair dismissals cases relating to protected disclosures and the employer must be able to demonstrate that any alleged penalising acts/omissions were justified in the circumstances. In addition, employers should be mindful of the expanded definition of penalisation and of the ability of workers to apply to the Circuit Court for interim relief to restrain a dismissal. It is likely that this will significantly increase the threat of litigation from employees. In order to ensure your business is prepared, we recommend that an effective internal whistleblowing procedures is in place and detailed in your policy. This will allow your organisation to become aware of concerns at the earliest stage so that they can be dealt with efficiently to minimize any financial or reputational risks to the business.
About the author
Joanne Hyde is a Partner and Head of Employment Law at Eversheds Sutherland Ireland. She is also Head of the Commerical department. Joanne is a pragmatic and business focused employment lawyer. Her experience as in-house employment lawyer for Intel Corporation, one of Ireland’s leading multi-national employers has given her a strong insight into the HR concerns and complexities facing clients. In addition, Joanne has many years’ experience advising both international and indigenous clients on a wide range of employment and industrial relations issues. Her comprehensive experience includes advising on employment law challenges arising from commercial transactions, employment disputes and litigation as well as providing strategic and proactive advice on HR issues.